Overview

URL rouonixon.com/4/4392229/
IP139.45.197.238
ASNRETN Limited
Location United Kingdom
Report completed2022-09-28 04:57:16 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 rouonixon.com/4/4392229/ Malware
2022-09-28 2 eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a- (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-27 2 unphionetor.com Sinkholed
2022-09-28 2 ptauxofi.net Sinkholed
2022-09-27 2 unphionetor.com Sinkholed
2022-09-27 2 unphionetor.com Sinkholed
2022-09-28 2 highperformancegate.com Sinkholed
2022-09-28 2 highperformancegate.com Sinkholed


Files

No files detected



Passive DNS (36)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS eu.convers.link (2) 97064 2021-10-28 18:05:06 UTC 2022-09-27 11:12:15 UTC 38.100.129.67
mnemonic passive DNS celis.no (29) 0 2017-02-02 10:52:14 UTC 2022-09-27 11:49:43 UTC 193.107.30.42 Unknown ranking
mnemonic passive DNS widget.trustpilot.com (5) 6018 2017-09-05 07:45:53 UTC 2022-09-27 15:00:12 UTC 143.204.55.110
mnemonic passive DNS ocsp.pki.goog (13) 175 2017-06-14 07:23:31 UTC 2022-09-27 04:53:14 UTC 142.250.74.3
mnemonic passive DNS sc-static.net (1) 1183 2022-01-24 20:13:30 UTC 2022-09-27 07:02:14 UTC 54.230.82.240
mnemonic passive DNS toapodazoay.com (2) 624090 2017-11-17 09:59:00 UTC 2022-09-27 21:54:40 UTC 139.45.197.154
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-27 05:14:54 UTC 34.214.236.46
mnemonic passive DNS go.deliverymodo.com (2) 672700 2016-07-21 09:52:46 UTC 2022-09-27 21:54:40 UTC 139.45.197.236
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-27 20:10:57 UTC 142.250.74.174
mnemonic passive DNS stats.g.doubleclick.net (2) 96 2013-06-02 22:47:44 UTC 2022-09-27 04:52:22 UTC 64.233.165.156
mnemonic passive DNS www.google.no (3) 25607 2016-04-05 19:50:59 UTC 2022-09-27 05:08:12 UTC 142.250.74.3
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-27 04:52:33 UTC 34.117.237.239
mnemonic passive DNS client.24nettbutikk.chat (1) 0 2022-09-28 01:53:47 UTC 2022-09-28 04:51:28 UTC 143.204.55.112 Unknown ranking
mnemonic passive DNS assets2.24nettbutikk.no (3) 0 2017-01-30 05:36:42 UTC 2022-09-27 12:32:22 UTC 193.107.29.107 Unknown ranking
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-09-28 04:16:22 UTC 142.250.74.164
mnemonic passive DNS region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-09-27 05:12:42 UTC 216.239.34.36 Domain (google-analytics.com) ranked at: 8401
mnemonic passive DNS rouonixon.com (3) 0 2020-11-06 08:20:50 UTC 2022-09-27 05:59:00 UTC 139.45.197.238 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-27 05:14:54 UTC 143.204.55.110
mnemonic passive DNS ptauxofi.net (1) 35628 2021-03-31 05:35:12 UTC 2022-09-27 19:57:50 UTC 139.45.197.250
mnemonic passive DNS media.bigbasketshop.com (1) 644547 2021-05-27 13:11:29 UTC 2022-09-27 21:12:30 UTC 172.67.218.148
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-28 04:36:33 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-09-28 00:01:04 UTC 104.18.32.68
mnemonic passive DNS my.rtmark.net (2) 9054 2017-08-22 14:11:49 UTC 2022-09-27 14:07:47 UTC 139.45.195.8
mnemonic passive DNS tc.tradetracker.net (1) 148392 2020-11-09 11:51:21 UTC 2022-09-27 17:11:02 UTC 52.209.75.236
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-27 22:17:28 UTC 142.250.74.10
mnemonic passive DNS ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2022-09-28 04:19:13 UTC 93.184.220.29
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-27 13:22:33 UTC 34.120.237.76
mnemonic passive DNS www.googletagmanager.com (2) 75 2012-12-25 14:52:06 UTC 2022-09-27 04:52:54 UTC 142.250.74.72
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-09-27 04:52:24 UTC 157.240.200.14
mnemonic passive DNS www.highperformancegate.com (2) 0 2022-07-15 22:36:50 UTC 2022-09-27 23:12:19 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.39
mnemonic passive DNS unphionetor.com (3) 54035 2022-02-11 12:53:49 UTC 2022-09-27 15:05:17 UTC 139.45.197.236
mnemonic passive DNS go.ad2upapp.com (1) 566190 2016-06-11 11:42:08 UTC 2022-09-27 21:54:40 UTC 139.45.197.237
mnemonic passive DNS tr.snapchat.com (4) 978 2017-04-26 06:25:03 UTC 2022-09-28 04:34:58 UTC 35.190.43.134
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-27 23:53:35 UTC 143.204.55.35
mnemonic passive DNS r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:06:48 UTC 23.36.77.32


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 139.45.197.238

Date UQ / IDS / BL URL IP
2022-12-07 15:07:54 +0000
0 - 0 - 4 trenhsasolc.com/link?z=5282850&var=&ymid=wck1 (...) 139.45.197.238
2022-12-07 14:07:04 +0000
0 - 0 - 4 trenhsasolc.com/link?z=5282850&var=&ymid=w8mi (...) 139.45.197.238
2022-12-07 12:01:16 +0000
0 - 0 - 2 inoradde.com/4/4326568/ 139.45.197.238
2022-12-07 09:04:39 +0000
0 - 0 - 2 inoradde.com/4/4292618/ 139.45.197.238
2022-12-07 08:09:58 +0000
0 - 0 - 3 viapawniarda.com/4/5303318/ 139.45.197.238

Last 5 reports on ASN: RETN Limited

Date UQ / IDS / BL URL IP
2022-12-07 16:02:50 +0000
0 - 0 - 3 akaiksots.com/ 139.45.197.153
2022-12-07 16:00:24 +0000
0 - 0 - 2 boahoupi.com/ 139.45.197.152
2022-12-07 15:09:27 +0000
0 - 0 - 5 getsurv2youu.com/link?z=5339054&var=17694&ymi (...) 139.45.197.239
2022-12-07 15:07:54 +0000
0 - 0 - 4 trenhsasolc.com/link?z=5282850&var=&ymid=wck1 (...) 139.45.197.238
2022-12-07 14:07:04 +0000
0 - 0 - 4 trenhsasolc.com/link?z=5282850&var=&ymid=w8mi (...) 139.45.197.238

Last 5 reports on domain: rouonixon.com

Date UQ / IDS / BL URL IP
2022-12-06 11:01:54 +0000
0 - 0 - 1 rouonixon.com/4/4599640/ 139.45.197.238
2022-12-06 06:06:15 +0000
0 - 0 - 1 rouonixon.com/4/3661098/ 139.45.197.238
2022-12-06 06:03:32 +0000
0 - 0 - 1 rouonixon.com/4/3651170/ 139.45.197.238
2022-12-06 05:22:06 +0000
0 - 0 - 1 rouonixon.com/4/3714641/ 139.45.197.238
2022-12-06 04:09:48 +0000
0 - 0 - 1 rouonixon.com/4/5389973/ 139.45.197.238

Last 1 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-28 01:53:53 +0000
0 - 0 - 7 rouonixon.com/4/4571773/ 139.45.197.238


JavaScript

Executed Scripts (45)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (120)


Request Response
                                        
                                            GET /4/4392229/ HTTP/1.1 
Host: rouonixon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.238
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 04:57:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: f8e63f72953dc1c9094cc6c37eaed6c2
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; expires=Thu, 28 Sep 2023 04:57:04 GMT; path=/ oaidts=1664341024; expires=Thu, 28 Sep 2023 04:57:04 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Size:   2931
Md5:    70f129ab8f3485674b721a2ac48aa2d3
Sha1:   4bf7e3b9b154e46a460a676c81b0d104749d4281
Sha256: a89711fee9d19a7c8368bfa112190aa20b344140ab196aed47c99e98473567b3

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 04:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4s7C3PUm05uSrZpkq_1Kq7ZLgLGXsbBhl_DykqDUSImEhbC5QVEYJA==
Age: 2485


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16271
Expires: Wed, 28 Sep 2022 09:28:15 GMT
Date: Wed, 28 Sep 2022 04:57:04 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Xt4vZ3Zv0hKWwb6vXnpt7xMjjxhPdCcSxr1rCoQUpsFZXZFXvHimFQ==
age: 70372
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: rouonixon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rouonixon.com/4/4392229/
Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; oaidts=1664341024

                                         
                                         139.45.197.238
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:05 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=436692,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7519e56fff90b4fd-OSL

                                        
                                            GET /img.gif?f=merge&userId=c857aa51ed0a4827b6c780156e9e1d21 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rouonixon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c857aa51ed0a4827b6c780156e9e1d21; expires=Thu, 28 Sep 2023 04:57:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST /?z=4392229&syncedCookie=true&rhd=false HTTP/1.1 
Host: rouonixon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 426
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/afu.php?zoneid=4392229&var=4392229&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; oaidts=1664341024
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.238
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Wed, 28 Sep 2022 04:57:05 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 5881b86c9e48eccf67937a0b095e9ff9
Link: <https://toapodazoay.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3
Access-Control-Allow-Origin: http://rouonixon.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; expires=Thu, 28 Sep 2023 04:57:05 GMT; path=/ oaidts=1664341024; expires=Thu, 28 Sep 2023 04:57:05 GMT; path=/ syncedCookie=true; expires=Wed, 05 Oct 2022 04:57:05 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 04:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 05:14:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tKaXcGNaRq9dRPtLcukjhLK2aNyHcxvoUe_J5Kaw64zmWh0tcOSHfQ==
Age: 1652


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "79EA5BE7A17D935C382010064E7599A269DBBA9E2C6CF98742BF3D3242C29D42"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17307
Expires: Wed, 28 Sep 2022 09:45:32 GMT
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 513
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:05 GMT
Last-Modified: Wed, 28 Sep 2022 04:48:32 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "CE019CCFF3F1712F16CF21985F926EF3938D55777D03163197DFA4AAC00E3F44"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1056
Expires: Wed, 28 Sep 2022 05:14:41 GMT
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "47DEC190DEDBFB1F7B67F28B22296B678E073115FE0A2BD9D3FB6FC8A6FA44A0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15892
Expires: Wed, 28 Sep 2022 09:21:57 GMT
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive

                                        
                                            GET /fv.js?t=56193&cb=592763381 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.236
HTTP/2 200 OK
content-type: text/javascript; charset=utf8
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:06 GMT
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: adcc049c3fd6c92ddf83ef29c70e0815
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2225
Md5:    2bed1239b1edc8669289a04d6ee17c32
Sha1:   e3db7cdb98af6ce10cff6e3c6ad9fe50c345f941
Sha256: 02c043c2ae806dc17f396e28b80f2de6a5fa63de3d13638501e3326150cae5f5

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1 
Host: ptauxofi.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:06 GMT
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   40057
Md5:    f180b770897d6441bb79cb05ef5655b6
Sha1:   0a1ecab3bd50af2c0930f1ebadeb5ae449b52489
Sha256: 35ca5d4fa63b7895631bbe796dc91e83e0a76ba1a6d6b04c4c2962b7c1fb5a4e

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /vbl?t=56193&bid=79056&aid=598852263662072526 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:06 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 16446f51b42a8e10687dd5ffc20e3b44
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 60UQkxGTM9SpCtcCIl1Lqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.214.236.46
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X5kyu8n21uKF2apl+EzChSVoPyM=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14573
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14573
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14573
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9314
x-amzn-requestid: 0639452b-7f17-4513-aeb1-20b465ed3e93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3HzCIAMF-vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-52afa1da17c4557c5e8c3564;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4mjt2-5F0Chu1G7jShI6rXfTuBMd6JOYxFMtla-EgL7i82SThJnp5w==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:38:41 GMT
age: 26306
etag: "60c873f097c85376797fed366804119f7e9c445e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9314
Md5:    3c58fdf09a7d552be0c8666522a29de7
Sha1:   60c873f097c85376797fed366804119f7e9c445e
Sha256: 24569f084d3fd428526503bde8b3da64152911934cd5e0e9140c06d954e4bcd9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KmVkKXoPqZmnwFtpKhuox1kJNDoSxMEmYE39_zVPyaeoU4sPqq-_wA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:23 GMT
age: 25964
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: yW-bGn5vYTa6Z28ELKYgYpy98wQEbYJIl5yxd1qLxz1YjVYKxMH2Wg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:31:02 GMT
age: 77165
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7455
Md5:    ea3890e460356d6ecc3ba4e405ac2e9e
Sha1:   b383135e2ebc23fe80eb0d594b198cb8c89327a5
Sha256: 8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9710
x-amzn-requestid: 38e078fa-bad5-4593-b4f7-ffab77c1d3cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCF9GWeoAMF-5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633116f2-29b4342e3c7700924d65a273;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:05:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dA8uT96jM1QIn89Jw-8vMlGaNrr8xjUBjhg1usiZqFMf0SO12IA4Kg==
via: 1.1 ce74b5c96395745bcb8206d6c9ee0962.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 03:18:43 GMT
age: 5904
etag: "5dcf4fbd065e0850c2602a5e8791ba7af1999d9f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9710
Md5:    c761355e3b9bdf64113c92591306b959
Sha1:   5dcf4fbd065e0850c2602a5e8791ba7af1999d9f
Sha256: 03464d30ae3a3199bb3b19e1c730385fc8f68444d41eb0099542bd83108e6ed5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9780
x-amzn-requestid: 9938422e-12cd-4aab-9e58-c26b8fee53b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UOH3DoAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-37105d923f19437025abec71;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Halsx09hxT_sMRc2jy-fJA0tE85F6Bgz9P9Trx02Z9aMfIZVLkLW4g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:11:14 GMT
age: 24353
etag: "1a1139cff14aff6755b9e43ff4ef8c9ece1102c1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9780
Md5:    43d7c0db2af42ad4d0095324b2691f6c
Sha1:   1a1139cff14aff6755b9e43ff4ef8c9ece1102c1
Sha256: 42073c84e0c215109b54ab55a53cce9e6cce44f4619f5988fa4e2776ff70b362
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 26178
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11314
Md5:    ee83d08d024d127fad5918e1ffacb78b
Sha1:   8ad289a77705358ab660b6123e9d90de991b6c13
Sha256: aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
                                        
                                            GET /afu.php?id=792658&rt=1 HTTP/1.1 
Host: go.ad2upapp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.237
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 28 Sep 2022 04:57:07 GMT
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   138
Md5:    aff950cab4c0265e21d401db15f1026d
Sha1:   f03e18461817f7a6546c8bf8fa8d686d7e30aca0
Sha256: 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
                                        
                                            GET /afu.php?id=792658&rt=1 HTTP/1.1 
Host: go.deliverymodo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.236
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 04:57:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 4ac4b0d915061b305e5e2689efa1e226
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://www.highperformancegate.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=0f7ef89b543b4672bd1d5d0b6a22a4ff; expires=Thu, 28 Sep 2023 04:57:07 GMT; path=/ oaidts=1664341027; expires=Thu, 28 Sep 2023 04:57:07 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   638
Md5:    849d99c59bd70b3b2688f3bdca2239ca
Sha1:   1315059f159d1cc4bfaa5589a6ed6ab565f9e501
Sha256: 9f613f10f7a9bf6da470872312cbfacb5843a2704f71606c4a0ed1b9b8063089
                                        
                                            POST /vb?t=56193&bid=79056&aid=598852263662072526&tp=2109 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:07 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b796c64e1a36baa02c5ccf6a39111df1
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:07 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=436690,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7519e57eebbcb4fd-OSL

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: go.deliverymodo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=0f7ef89b543b4672bd1d5d0b6a22a4ff; oaidts=1664341027

                                         
                                         139.45.197.236
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate

                                        
                                            POST /img.gif?f=merge&userId=0f7ef89b543b4672bd1d5d0b6a22a4ff HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:07 GMT
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0f7ef89b543b4672bd1d5d0b6a22a4ff; expires=Thu, 28 Sep 2023 04:57:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7EE4F53C058BD2BD6440EA9E80E91DE25DA31E3AC5062AF770DDA34839FCE85D"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5813
Expires: Wed, 28 Sep 2022 06:34:01 GMT
Date: Wed, 28 Sep 2022 04:57:08 GMT
Connection: keep-alive

                                        
                                            GET /cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1 HTTP/1.1 
Host: www.highperformancegate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 04:57:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17381785; expires=Thu, 29 Sep 2022 04:57:08 GMT ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; expires=Wed, 28 Sep 2022 04:58:08 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd962c15211adbc80e58fb7765469c2e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (317)
Size:   2397
Md5:    2a16e280f0463164ea2d3bcdab089c04
Sha1:   fbab0a1e3f8a1f6b0c7c7faa731a82f3b18648d9
Sha256: 4e887d1ada557b5de7dbc8496761fe99f1d87bea19f7e4f0c181f0332660a3ca

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /cam2dwqai?pst=1664341088&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=dfee501e8f7c35009ec340caa9a8474adabe5f5b58116f34e41bc2605dfd22c4cf16a85de45525a188bf94c2152f35804407a6da2d58a32eb3cb00bf6905c18b5a91c65c385a05ffd0438547d2eaf5698fb93e6c&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002 HTTP/1.1 
Host: www.highperformancegate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.highperformancegate.com/cam2dwqai?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=17381785
Cookie: u_pl=17381785; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         192.243.59.20
HTTP/1.1 302 Found
Content-Type: text/html
                                        
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 04:57:08 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537
Set-Cookie: pdhtkv=true; expires=Thu, 29 Sep 2022 04:57:08 GMT uncs=1; expires=Thu, 29 Sep 2022 04:57:08 GMT pdhtkv28=true; expires=Thu, 29 Sep 2022 04:57:08 GMT uncs28=1; expires=Thu, 29 Sep 2022 04:57:08 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 58873318a85fcdcd48ff5bd5ac8d6ba6
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7682F9936475A7884F1C27744D432A540BDC70F21020FA7783F5B1328DFAC999"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3344
Expires: Wed, 28 Sep 2022 05:52:53 GMT
Date: Wed, 28 Sep 2022 04:57:09 GMT
Connection: keep-alive

                                        
                                            GET /postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537 HTTP/1.1 
Host: eu.convers.link
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highperformancegate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         38.100.129.67
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
                                        
server: openresty/1.15.8.3
date: Wed, 28 Sep 2022 04:57:09 GMT
content-length: 2092
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   2092
Md5:    b0752c6b18ee9c55b29fd13e27ebc91f
Sha1:   c8d52c72ee081043f78d65fded97cb79786d7454
Sha256: cb9330dd4d51af63fd68a2ea57d5b256ca7be0c5bc4c5dbe509343d7b7271083

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537&token=059ba7044b82808c12e62ce5a1165f80&timezone=0&iframe_test=false&webdriver_test=false HTTP/1.1 
Host: eu.convers.link
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         38.100.129.67
HTTP/2 302 Found
                                        
server: openresty/1.15.8.3
date: Wed, 28 Sep 2022 04:57:09 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36 platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
location: https://media.bigbasketshop.com/track?q=y9mVqLVe3evR
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3560
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:09 GMT
Last-Modified: Wed, 28 Sep 2022 03:57:49 GMT
Server: ECS (amb/6B7D)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /track?q=y9mVqLVe3evR HTTP/1.1 
Host: media.bigbasketshop.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eu.convers.link/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.67.218.148
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 28 Sep 2022 04:57:09 GMT
referrer-policy: origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2AtSfAGlWhizBjUcnhGVDBn5d2G8CKGkedqnYqI4SdbGhTtTuQFbVIDH6Xq7AdmxZC5acBhFrUIOJS4TXWm11lfvdpXb%2FVTzODJgLxGyZoIu6GjzegbXEXDlR1AlW5FOLMloPR0qnP8rvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7519e5887b940b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   604
Md5:    e1e97afee5a325de9bf96207c3bf51a5
Sha1:   0034519b8ff88591be6e384a5ba6e3d1dea3ceae
Sha256: 14ea67930d925cd3b1d261b6bdb8638f8385fdbc74093597d09aa312a4208bec
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.39
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:09 GMT
Last-Modified: Wed, 28 Sep 2022 03:12:05 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KZtSsFNbITkNV-OKZvjeA_QWk4OA64n1m4WdXvhqlZmh64G6yxeW4Q==
Age: 6304

                                        
                                            GET /?c=31502&m=12&a=416060&r=RA&u= HTTP/1.1 
Host: tc.tradetracker.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.bigbasketshop.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.209.75.236
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
date: Wed, 28 Sep 2022 04:57:09 GMT
location: https://celis.no/
server: nginx
cache-control: no-cache, must-revalidate
set-cookie: uf=z5N4tXEwlNfnqSsKaLelijdJeE5XZkFESG90UnJ3amhyMXRqR2VKRVVtOUN1cDBZWDg2WXhQRE5GYnU3K3FqTk9Send5SUk3dllDbVFKeGhuMERlMk5PcEhqOXdGNHVhaGlKYlNBPT0%3D; expires=Thu, 28-Sep-2023 04:57:09 GMT; Max-Age=31536000; path=/; domain=.tradetracker.net; secure; SameSite=None __tdat31502=MTY2NDM0MTAyOTo6MTI6OjQxNjA2MDo6UkE6OmY6OmFmZjIyNmVlMjQxYWY5YWE3Zjc4YmEwMzc2NTc0YTky; expires=Fri, 28-Oct-2022 04:57:09 GMT; Max-Age=2592000; path=/; domain=.tradetracker.net; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   15906
Md5:    0341d2f0f127fe4aedca331516c999bc
Sha1:   59d516071fee8b6cbae5ccc01fafcc7557abc333
Sha256: f411e32b5b959099689b82f909bdce4daa3874e8b53f394fafb7f0ea555ee55f
                                        
                                            GET /assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:09 GMT
Content-Length: 38985
Connection: keep-alive
Last-Modified: Tue, 10 Dec 2019 12:50:50 GMT
ETag: "42584-59958f63ddd3a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text, with very long lines (65425)
Size:   38985
Md5:    59a2ce90ebfbdad3a756b517c0f88ba8
Sha1:   718d9f2514203722d8aad597f5866ce85663399d
Sha256: 7805eb72e4e6ddc49c65a24f4f3d0882889ac0332ef987ccc990081366f3e0b4
                                        
                                            GET /js/slider-cart.js?v=fc0289e80586a4349098c8051fca73f3 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "67166-5e8b785e3b05a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (54822)
Size:   144267
Md5:    3f64a8faa26079ac39a377afc96c3dba
Sha1:   7aab53622db2e45a661fdf8beb1beb3b8db605a7
Sha256: 683ad5e77f5575a8be14056afb4014d978adc2244fe7fe65a37d01e50731882c
                                        
                                            GET /js/cookie_consent.js HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 6816
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "4de8-5e8b785e3a0ba-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text, with very long lines (1022)
Size:   6816
Md5:    fe0290e5cd3f7b65a629e4207915b7c0
Sha1:   2d3f28169abd3a0faa5fa8a749431a42a33aea83
Sha256: c5bc71256e67080a533aa8e191e9b377b629406ab12f5c786ba1f523bdd59180
                                        
                                            GET /assets/js/theme.js?m=1663245063 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 48163
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "30eeb-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text
Size:   48163
Md5:    f5db4c7ffd2b563ccc08c4ceeda053ce
Sha1:   475aaa0807e0a35ae677957bbf29a0d23a8b1994
Sha256: a85637334c2d38dba928b6fd307407706c3d2ccd839c71b85104837787864542
                                        
                                            GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1 
Host: widget.trustpilot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: application/x-javascript
                                        
content-length: 6124
last-modified: Mon, 30 May 2022 14:38:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 27 Sep 2022 05:35:19 GMT
cache-control: max-age=86400
etag: "5add60196e5f96a414fb4b9586764e5d"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kn3E5_SYxXnC_5WtLRvKA2tu2opFuztN213n1CuFUciMjDAl5COrXQ==
age: 84112
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (19239)
Size:   6124
Md5:    5add60196e5f96a414fb4b9586764e5d
Sha1:   633f471b3c2fcedeef9cad90cb5bf56f5fe55588
Sha256: 5370f4ba91dda790c7cae92817b812fcbd1ab367cbb4862f5669960ae4e2c9e0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /embed.js HTTP/1.1 
Host: client.24nettbutikk.chat
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.112
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 16 Sep 2022 18:39:07 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 28 Sep 2022 04:48:00 GMT
cache-control: public,max-age=600
etag: W/"8bbb378e6ea1fc5ce869b8af9ad3111f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XF-cy4CJ0fymsLZI2i8RztspEAV0q2ghiXXWew1mkyl7JYec2Q0MQg==
age: 551
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; base-uri 'none'; object-src 'none'; img-src * data:; form-action 'none'; block-all-mixed-content; connect-src *; style-src 'self' *.gstatic.com *.googleapis.com; font-src 'self' *.gstatic.com *.googleapis.com; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' *.liveleader.com *.lr-ingest.io *.googletagmanager.com *.google-analytics.com *.gstatic.com; frame-src 'self' *.liveleader.com *.amazonaws.com; frame-ancestors *;
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), autoplay=(), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), idle-detection=(self), serial=()
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   38930
Md5:    def20f81808d80122ffc46c05937f9a7
Sha1:   fb9789de35d7b080c9fdc17d1cbf40f390d88a54
Sha256: 350e46c46b9d0807287da2eb41a085e3d0d9550f54dbf19cee46fb4c48bf05aa
                                        
                                            GET /gtag/js?id=AW-871076749 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 04:57:10 GMT
expires: Wed, 28 Sep 2022 04:57:10 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46794
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2039)
Size:   46794
Md5:    2e33f02acd9f5bccc41eb53fca56420a
Sha1:   d14396e030e672b537b138adc19b6a5057926e44
Sha256: e5a7d4dba93ac92a806891709bd7d67c9d0f52ba2bf7b3ba14a24c6ff92fea2e
                                        
                                            GET /gtag/js?id=G-0VEB93L6P3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 04:57:10 GMT
expires: Wed, 28 Sep 2022 04:57:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75279
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20189)
Size:   75279
Md5:    68c97ca78629641d3c2e07435520a4d3
Sha1:   5fd495fae46aa7b80d9e5e7b6c4dfafa09d2d85f
Sha256: effc938362f18eab0db60597761c342c4be1ba7aab24e3bc7f58f4e35c3f2576
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/js/modernizr.min-dev.js HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 4844
Connection: keep-alive
Expires: Wed, 28 Sep 2022 04:57:10 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (10835)
Size:   4844
Md5:    b1455783dc6934fc9da050919f63e7b2
Sha1:   e1e7a7a08e141c0ddcbb8a50bae5fc845352515b
Sha256: f16bfb5663df5cd6d55463eb801edbf74c2acc5375d199ecc21664e757efe3ab
                                        
                                            GET /images_hovedside/24/icons/rocket.png HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 8240
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "2030-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Size:   8240
Md5:    03a11e047cb1ece27675a53adb4395ee
Sha1:   ed909f72dd2e9c641ccab20abd3f5c2ef8153783
Sha256: 099c4e1894ed1f05056bbe129734e4eab7c050f6438532b8c91ff081616ae580
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1662712825835 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 61821
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:38 GMT
ETag: "f17d-5e83a755a5b61"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   61821
Md5:    f50ad33a09061ef72f7d36fff05585ea
Sha1:   3046d2212e6090b5a07b563daf84cfc3f738dd07
Sha256: 9d6cde05e391150fdd8518ad626d34d5b65bdecadeee8811c4d2b3700dfacb7b
                                        
                                            GET /24960style/images/logo/klarna_konto.png HTTP/1.1 
Host: assets2.24nettbutikk.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         193.107.29.107
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 04:56:19 GMT
Content-Length: 3424
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 15 Dec 2016 17:46:08 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 04:57:11 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 100 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size:   3424
Md5:    73e27a9ea2473b3e22ea7eb69f6abc76
Sha1:   9d9aee22ddd75749035cc78c3e43a7c5aa573ed3
Sha256: a47bbeff0e3361638a73c958087cd2eab0d49bb90abb47680bd8c747e68d51aa
                                        
                                            GET /24960style/images/logo/posten_bring.png HTTP/1.1 
Host: assets2.24nettbutikk.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         193.107.29.107
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 04:56:19 GMT
Content-Length: 7860
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Wed, 24 Apr 2019 12:59:31 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 04:57:11 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 155 x 84, 8-bit/color RGBA, non-interlaced\012- data
Size:   7860
Md5:    39649c575ee9031d6088b5d32fcab958
Sha1:   69afe59a8e08e4fa29841450ae7b3729c60cffd2
Sha256: d0ee72c420fee38cbba66da4b21fa3f8670faa8619e79ee1e48f1f98573ef31d
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/plukkogmiks.jpg?1662712839357 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 104561
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:37 GMT
ETag: "19871-5e83a754aea53"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   104561
Md5:    4881ffb7dd17ad4f21849955522365d4
Sha1:   8c9eb8a92cb00f87a5fc30c4f6f11562c9b00634
Sha256: 5cbf2d0a75ee7cd46c78313b3bc1bb3b716843879b71c30dffd8c789d0c3295e
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/lager.jpg?1662712684231 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 84333
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:37 GMT
ETag: "1496d-5e83a75533749"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   84333
Md5:    9aedb6350c1a3a59e3985adc3390b140
Sha1:   6c2e29c00d8f2b50add76188eae191130f907b8e
Sha256: af7b42dcdf0bdd004c725e77918f6a5ee80078a82888a515ee175498ae7dea54
                                        
                                            GET /images_hovedside/24/vinter2022/99marked.jpg?1662729034088 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 70222
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 13:10:25 GMT
ETag: "1124e-5e83e44f281ec"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   70222
Md5:    e6078db9952600fe44da27c6c2fb9416
Sha1:   9787d0ac984fc0108ec36713b4242fcf2b40ad80
Sha256: c66892e713f6ed18b461fb5ffb8fc022185fdb0512480c83be5c5ac0d3151089
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1662712832550 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 110810
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:35 GMT
ETag: "1b0da-5e83a75335b2e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   110810
Md5:    0768c5094cf972081e403293273a5173
Sha1:   0d0d9f5a1f531bbf6d4dd98b1a7dd1294ac03ee3
Sha256: ca595433ba6af9ed2aa0e8d53e5082abe20841859985717295168cbf62507213
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1662713167558 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 88878
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:49 GMT
ETag: "15b2e-5e83a72717f3d"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   88878
Md5:    438e10193057723055022e854cd97824
Sha1:   1451a20816dd919569c18bef1c0a6a2bbd5e7bea
Sha256: 5ce193ba239f304784b4e50b05b27e7270d74d88c7685c732d5b9f170926f0d9
                                        
                                            GET /images_hovedside/24/icons/shop.png HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 13159
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "3367-59c024d54e1f8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 134 x 113, 8-bit/color RGBA, non-interlaced\012- data
Size:   13159
Md5:    db0af4837acf35603da0d5218581bb3a
Sha1:   63fab402cafc21499e7ba03021a3930e3c0a047c
Sha256: 81b79f832d24e0b319bbf0f9520062b6ad262109f70de7e5406aefc09f308705
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1662713146081 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 115665
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "1c3d1-5e83a726a1ca6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   115665
Md5:    b9e3d215664abbc4b74cb037912a99c2
Sha1:   795d1e77e564ab72679457f21bf34d1806bff723
Sha256: f2ccc9df805331af79a2492e9d798d319d46f4d6cae352c5ee86164d7bd2952f
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1662713119828 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 90017
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "15fa1-5e83a7263082e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   90017
Md5:    1eb5490988b0577a5918e2dcad260ca0
Sha1:   c6dc3555a7723478467c6b9dd598749e12f82dda
Sha256: 22d0ce82b18d9fbcc6b5dd69d6ccdd7cfa05c38b0bb277c68a2a5fe8e1252ed0
                                        
                                            GET /logos/vipps_logo_rgb_trimmed.png HTTP/1.1 
Host: assets2.24nettbutikk.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         193.107.29.107
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 04:56:19 GMT
Content-Length: 3507
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 30 Aug 2018 13:57:05 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 04:57:11 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 126 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   3507
Md5:    08304e6043314b994d728592a20b16f2
Sha1:   898d1c320db91722a7d15f99719716fe5db71715
Sha256: 5ab5c4baf539e790f3e49b4a250599e8854363714f38a7f060b19c7bb845d9e9
                                        
                                            GET /images_hovedside/24/vinter2022/bestselgere.jpg?1662726602538 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 41454
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:02 GMT
ETag: "a1ee-5d71d3e470929"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   41454
Md5:    676e20376c1fd3d74bb5c9f37c8fb0ef
Sha1:   07f992f99c1ad71a563be019dd6c521c79bd9ad3
Sha256: 5d229dfc80ad8fd41bc251a19b152c3d82957377f49da2ba5f87591f9af079ce
                                        
                                            GET /images_hovedside/24/vinter2022/nyheter.jpg?1662726616489 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 34987
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:07 GMT
ETag: "88ab-5d71d3e8e04b8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   34987
Md5:    9b5eb2d0659c52ea1ed7e1325be17bf5
Sha1:   2e1b249ae7fd76a7969a5659f6582313d79d1926
Sha256: f56be72773655d66478ed5b512adb2189bf53f51518e180ea6f938392ab642b2
                                        
                                            GET /images_hovedside/24/icons/truck.png HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 9131
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:05 GMT
ETag: "23ab-59c024d5e38ac"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 134 x 98, 8-bit/color RGBA, non-interlaced\012- data
Size:   9131
Md5:    735b3622549953e0ced0e06f3ac49ef8
Sha1:   ae55158915ef4a74a5de8fa8954c5e146d37caf1
Sha256: 32686c27465c3115e14a079f94efddeca2d6de009bcacd06b6028b37ba758148
                                        
                                            GET /images_hovedside/24/icons/people.png HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 17921
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "4601-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Size:   17921
Md5:    d7cd7d1c2173d39fd896413750b0107c
Sha1:   c17f3ad2cc49fffd6f026f55f67657890547e5f7
Sha256: 29b4446f96a73aa06b88e1dffc78c792555b0a5da786b20e933e01e0ee585069
                                        
                                            GET /images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1662712670102 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 93488
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:36 GMT
ETag: "16d30-5e83a75431a5c"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size:   93488
Md5:    6117904aaf414d4584ce393974a76d5c
Sha1:   ed1b4f3a18201ddd46538a71dd08fda6180566b1
Sha256: 6546732524cfcc8d56b45d1c5052d385bc1c8a89837e524eb40482cd61b08ac2
                                        
                                            GET /bilder_diverse/1540589626.png HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 45051
Connection: keep-alive
Last-Modified: Fri, 26 Oct 2018 21:33:46 GMT
ETag: "affb-57928796a1581"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 450 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size:   45051
Md5:    b64491f7df2b869702a502b225a07e0e
Sha1:   5228403f00878b1ff1a2cb26fb572f7620183c10
Sha256: 5c51f468680f9ce41b25e59cb9602dbc16ad62cdef5468b27f251c8e7bbc6c16
                                        
                                            GET /images_hovedside/24/vinter2022/blogg.jpg?1662728208234 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 93106
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:02 GMT
ETag: "16bb2-5d71d3e4eb9e0"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1250x445, components 3\012- data
Size:   93106
Md5:    92db9c78c6c4e7544dcd092adde6e76f
Sha1:   53c69f5218be574c9599dbd6d906568d99d0987b
Sha256: 9dd39b36524d11f19e1c67c0529af9f4aea0e1ede5056bbb13e1815bf67d8bee
                                        
                                            GET /images_hovedside/Bestillingsfrister%20for%20levering%20f%C3%B8r%20jul%20(449%20x%20308%20px)%20(1400%20%C3%97%20765%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(18).png?1664176590452 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 134793
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 07:16:29 GMT
ETag: "20e89-5e98f4e7d7f1f"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size:   134793
Md5:    004296d07f8832a52de00446e8f6d8c4
Sha1:   d989dbc6f547665449b448b1fbadbc5b2283994c
Sha256: e32d9003dc45d5c36eefdb464a6fc6655b9dc81638b301c92d7a25c601172426
                                        
                                            GET /bilder_diverse/slide_1662713212.jpg HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 196904
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:46:52 GMT
ETag: "30128-5e83a965e99c7"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1550x850, components 3\012- data
Size:   196904
Md5:    e1e1ac019a385cbe231ada2aa5521e81
Sha1:   683cdb3ec3f5f2479383a725eb3cd32f0fb29923
Sha256: 229bdc865798237b8b011c8e7560a7f89390ed03f8b86c6253e44a76c51c3b57
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30896
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 00:02:19 GMT
expires: Sun, 24 Sep 2023 00:02:19 GMT
cache-control: public, max-age=31536000
age: 363292
last-modified: Fri, 24 Jun 2022 18:46:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30896, version 1.0\012- data
Size:   30896
Md5:    a7332c352b59e1d882b5770b68ed9db5
Sha1:   6a4b2b9a2b35ae86769e0c6a0a6decbf67300db6
Sha256: c470360f2548fb327562d8ce35185a96f59ab6daeb56c0d45ab712b63de848da
                                        
                                            GET /assets/js/fbremarketing.js?4b8a936472fbca5bed11 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited; javascript=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 754
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "6a8-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text
Size:   754
Md5:    e76c45545671cece5ad7531d3832c50d
Sha1:   f26e0e3b80d30486b6ffaa5f54a0187da8fd352f
Sha256: 1085896e2ed2470bb080f0824199227b33b5f531ab7472ce1f9c8f742513f118
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets2/fonts/pioneer/pioneer.ttf?tl2cf7 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited; javascript=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 7236
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "1c44-5e8b785e3b05a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, pioneer \012- data
Size:   7236
Md5:    c17564efd9d2cffc62799399f8ce99d8
Sha1:   43fa0947a23e3f276500d27bda03f9e280c550bf
Sha256: 524b61f6b815524da2899a33ed926a242e1df31a9d8ddc0a46482f61d3bc92b7
                                        
                                            GET /s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 21:03:13 GMT
expires: Tue, 26 Sep 2023 21:03:13 GMT
cache-control: public, max-age=31536000
age: 114838
last-modified: Mon, 09 May 2022 18:27:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12860, version 1.0\012- data
Size:   12860
Md5:    ab21c24efd75543e16e34807ebc6cdec
Sha1:   eb2562f9729079333fbcbbe94868695669dd3301
Sha256: 88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
                                        
                                            GET /scevent.min.js HTTP/1.1 
Host: sc-static.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.82.240
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
content-length: 8757
server: CloudFront
date: Wed, 28 Sep 2022 04:57:11 GMT
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Content-Type
cache-control: private, s-maxage=0, max-age=600
set-cookie: X-AB=0d6e407936704bd380072f5891d28b0e;max-age=86400;expires=Thu, 29 Sep 2022 02:34:34 GMT;Path=/scevent.min.js; Secure; SameSite=None
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5QLWUfhhUxMvJCnNsqEwlR6VCEiPcZYY0u_pP5bzGi9xqaGFDthecQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25316), with no line terminators
Size:   8757
Md5:    5d4285ddd0c228077c66505f012548a8
Sha1:   0fe70aec9189f6bc39397cfe6b627cfe1d8b0e97
Sha256: 9360b9744aeecff2d3b3c2b72ff985e8ba92192cc98ebea2b48886619529f23f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited; javascript=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2016 22:32:33 GMT
ETag: "0-539bf39b2f663"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1216
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:36:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 04:41:09 GMT
expires: Wed, 28 Sep 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 962
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.14
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: p/+5adIYAJNEeKAbsJHbnNwpNGUCzJn/AO77/ZeH/0E6Bn8F8sqG3sE9JbC2n/+uDW1ACLlapynokhkhyaGLEw==
content-length: 26840
x-fb-trip-id: 1679558926
date: Wed, 28 Sep 2022 04:57:11 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   26840
Md5:    e1327a02d76346c7e23d114e4e508b30
Sha1:   195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
Sha256: 331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1216
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:36:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0 HTTP/1.1 
Host: widget.trustpilot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 3267
last-modified: Tue, 20 Sep 2022 08:01:13 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 27 Sep 2022 05:35:34 GMT
cache-control: max-age=86400
etag: "2922a85ce6caf46f828c097bf7aa1036"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HOUDno91uWwVoeFXSv7Apeh9G0Z-aIezLOZM_6FNR2wISfq78ho6dA==
age: 84098
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12963)
Size:   3267
Md5:    2922a85ce6caf46f828c097bf7aa1036
Sha1:   afedbac8e6480a8c59cc6ca3359381731f75795b
Sha256: 12d369c3d585d564678ed15f99b53dad29faa1e05475825ccd0e8f4c50cfb779
                                        
                                            GET /trustboxes/53aa8912dec7e10d38f59f36/main.js HTTP/1.1 
Host: widget.trustpilot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: application/x-javascript
                                        
content-length: 27969
last-modified: Tue, 20 Sep 2022 08:01:15 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 28 Sep 2022 04:11:01 GMT
cache-control: max-age=86400
etag: "5d220cf839e981e50c65214dcd96e0fc"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jZIMfBBGSqQSqt7s1sxecdkWoSP_GQ_qmAnniHD2AbrnWEL37AFArA==
age: 2771
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (64281), with no line terminators
Size:   27969
Md5:    5d220cf839e981e50c65214dcd96e0fc
Sha1:   15070f97f761a68548a2a12de1c898c322e1a7b0
Sha256: 463c02075608ea7896ae7bd1b81f207874e744a5bde580ee8df20d911ef354f0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/conversion_async.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 28 Sep 2022 04:57:11 GMT
expires: Wed, 28 Sep 2022 04:57:11 GMT
cache-control: private, max-age=3600
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1654)
Size:   15693
Md5:    890f716858b5f72587e47c5eca121cb5
Sha1:   91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
Sha256: 7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3183
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:04:08 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3183
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:04:08 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15 HTTP/1.1 
Host: widget.trustpilot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 1918
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-fallback-status: BYPASS
x-skip-cache-cookie: 0
x-xss-protection: 1; mode=block
cache-control: public,max-age=1800
date: Wed, 28 Sep 2022 04:37:19 GMT
etag: "f4904820398af9eeb9a9638df47ad137"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: N7s5eUaNV0_KV-lP30x16_2gIIKNEcikZUgI5E4L-QdviUmB1e917g==
age: 1192
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (7367), with no line terminators
Size:   1918
Md5:    495481a7a588665b66809050d28d35ca
Sha1:   244897d6bb43ee0898368a220f3c2d901a6888a1
Sha256: afef8a1636fc2c6744bfd542a0673c4ef4b1cd890adf214d84efc5a51765905b
                                        
                                            GET /cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=00e8f4b0-7dd7-446d-b414-ac04b5768b37&u_sclid=f6d3f2d1-4d08-460b-ad52-6b46e7f31506 HTTP/1.1 
Host: tr.snapchat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         35.190.43.134
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 28 Sep 2022 04:57:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
x-envoy-upstream-service-time: 0
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3183
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:04:08 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /p HTTP/1.1 
Host: tr.snapchat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------253008103622078210402533660831
Content-Length: 2392
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.190.43.134
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 28 Sep 2022 04:57:11 GMT
access-control-allow-origin: https://celis.no
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIQgEsIlIOA6IjgPqT8Hw32KXbjeK9XnixyCrK6UYdzG+sM4ZZDodSoz+7pmEGzIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 68
x-envoy-upstream-service-time: 8
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size:   68
Md5:    c4a2b870062c2bb98c500bc1526c0498
Sha1:   528666ccdb12997358077bc8fcdbfb6b825c7788
Sha256: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
                                        
                                            GET /stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36 HTTP/1.1 
Host: widget.trustpilot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         143.204.55.110
HTTP/2 204 No Content
                                        
cache-control: no-store,no-cache
date: Wed, 28 Sep 2022 04:57:11 GMT
pragma: no-cache
server: Kestrel
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: Miss from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0qkhBQTKaxn00SE5EEQDwkoIuulM7MqGbePPe62klzX-KefIoIZPzw==
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&gjid=339294494&_gid=35750289.1664341029&_u=IEDAAEAAAAAAAC~&z=776186014 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         64.233.165.156
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            GET /init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d HTTP/1.1 
Host: tr.snapchat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.43.134
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 28 Sep 2022 04:57:11 GMT
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (2550), with no line terminators
Size:   1205
Md5:    f38fbbd910a9944a49430860197a05fd
Sha1:   3367a5981689cc18184196e1f834f6ae3e8a7434
Sha256: 5f613e79ac84ed0695449fb7af8d503c981a22799c381f351d74aab5b7ef9401
                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&gjid=1298333100&_gid=35750289.1664341029&_u=IEDAAEABAAAAAC~&z=1362008233 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         64.233.165.156
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/1p-user-list/871076749/?random=1664341029394&cv=9&fst=1664337600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=1022454462&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&_u=IEDAAEAAAAAAAC~&z=1260011383 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&_u=IEDAAEABAAAAAC~&z=1251565095 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /g/collect?v=2&tid=G-0VEB93L6P3&gtm=2oe9q0&_p=1835182867&cid=1440121400.1664341029&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664341029&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://celis.no
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no HTTP/1.1 
Host: tr.snapchat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.43.134
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 28 Sep 2022 04:57:11 GMT
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   100
Md5:    388ca868ad022fdad152292b3f8a7e2c
Sha1:   5eb1850288dab54959329e0f05201713d30ecb00
Sha256: e691dd49e4f03b7ac47c0e3b615de5873ce6ded2a2f31bc13922fdd22f2f07c7
                                        
                                            GET /css/cookie_consent.css HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Length: 4431
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "490a-5e8b785e2e53b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            GET /?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3 HTTP/1.1 
Host: toapodazoay.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.154
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=zIxdtpncFdWwTen8zbPDTDvleLsniXS5MHw7X-8heXU; expires=Wed, 28-Sep-2022 05:57:05 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3&mprtr=1 HTTP/1.1 
Host: toapodazoay.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4392229&rsz=4392229&rid=
Cookie: reverse=zIxdtpncFdWwTen8zbPDTDvleLsniXS5MHw7X-8heXU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

                                         
                                         139.45.197.154
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/js/vendor.js?m=1663245063 HTTP/1.1 
Host: celis.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         193.107.30.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "58774-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            GET /css?family=Noto+Sans:400,700|Bitter:400,700,400italic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 04:57:10 GMT
date: Wed, 28 Sep 2022 04:57:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---