rouonixon.com/4/4392229/
139.45.197.238200 OK 2.9 kB IP 139.45.197.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Hash 70f129ab8f3485674b721a2ac48aa2d3
4bf7e3b9b154e46a460a676c81b0d104749d4281
a89711fee9d19a7c8368bfa112190aa20b344140ab196aed47c99e98473567b3
Analyzer Verdict Alert fortinet Malware
GET /4/4392229/ HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 04:57:04 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: f8e63f72953dc1c9094cc6c37eaed6c2
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; expires=Thu, 28 Sep 2023 04:57:04 GMT; path=/
oaidts=1664341024; expires=Thu, 28 Sep 2023 04:57:04 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 04:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4s7C3PUm05uSrZpkq_1Kq7ZLgLGXsbBhl_DykqDUSImEhbC5QVEYJA==
Age: 2485
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16271
Expires: Wed, 28 Sep 2022 09:28:15 GMT
Date: Wed, 28 Sep 2022 04:57:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Xt4vZ3Zv0hKWwb6vXnpt7xMjjxhPdCcSxr1rCoQUpsFZXZFXvHimFQ==
age: 70372
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
rouonixon.com/favicon.ico
139.45.197.238204 No Content 0 B URL HTTP/1.1 rouonixon.com/favicon.ico
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rouonixon.com/4/4392229/
Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; oaidts=1664341024
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 04:57:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=436692,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7519e56fff90b4fd-OSL
my.rtmark.net/img.gif?f=merge&userId=c857aa51ed0a4827b6c780156e9e1d21
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=c857aa51ed0a4827b6c780156e9e1d21
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=c857aa51ed0a4827b6c780156e9e1d21 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rouonixon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c857aa51ed0a4827b6c780156e9e1d21; expires=Thu, 28 Sep 2023 04:57:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
rouonixon.com/?z=4392229&syncedCookie=true&rhd=false
139.45.197.238302 Found 0 B URL HTTP/1.1 rouonixon.com/?z=4392229&syncedCookie=true&rhd=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=4392229&syncedCookie=true&rhd=false HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 426
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/afu.php?zoneid=4392229&var=4392229&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; oaidts=1664341024
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 28 Sep 2022 04:57:05 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 5881b86c9e48eccf67937a0b095e9ff9
Link: <https://toapodazoay.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3
Access-Control-Allow-Origin: http://rouonixon.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=c857aa51ed0a4827b6c780156e9e1d21; expires=Thu, 28 Sep 2023 04:57:05 GMT; path=/
oaidts=1664341024; expires=Thu, 28 Sep 2023 04:57:05 GMT; path=/
syncedCookie=true; expires=Wed, 05 Oct 2022 04:57:05 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 04:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 05:14:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tKaXcGNaRq9dRPtLcukjhLK2aNyHcxvoUe_J5Kaw64zmWh0tcOSHfQ==
Age: 1652
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c039c47766b962afdfe1ff2136a9c482
7b1bcdd6ec9982acc89ed9e90fceecc3b528023c
79ea5be7a17d935c382010064e7599a269dbba9e2c6cf98742bf3d3242c29d42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79EA5BE7A17D935C382010064E7599A269DBBA9E2C6CF98742BF3D3242C29D42"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17307
Expires: Wed, 28 Sep 2022 09:45:32 GMT
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 513
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:05 GMT
Last-Modified: Wed, 28 Sep 2022 04:48:32 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d7df7311c2ea860ab900e68e899e025f
a511d4e18940a13bd4f29504dabe57ea16cc9fbe
ce019ccff3f1712f16cf21985f926ef3938d55777d03163197dfa4aac00e3f44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE019CCFF3F1712F16CF21985F926EF3938D55777D03163197DFA4AAC00E3F44"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1056
Expires: Wed, 28 Sep 2022 05:14:41 GMT
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d23ee223cbe82cfa39c73fc2b52a85d
7bff361f87d260f3c4f70161a6ed05dbe38d6471
47dec190dedbfb1f7b67f28b22296b678e073115fe0a2bd9d3fb6fc8a6fa44a0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47DEC190DEDBFB1F7B67F28B22296B678E073115FE0A2BD9D3FB6FC8A6FA44A0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15892
Expires: Wed, 28 Sep 2022 09:21:57 GMT
Date: Wed, 28 Sep 2022 04:57:05 GMT
Connection: keep-alive
unphionetor.com/fv.js?t=56193&cb=592763381
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=56193&cb=592763381
IP 139.45.197.236:0
Hash 2bed1239b1edc8669289a04d6ee17c32
e3db7cdb98af6ce10cff6e3c6ad9fe50c345f941
02c043c2ae806dc17f396e28b80f2de6a5fa63de3d13638501e3326150cae5f5
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=56193&cb=592763381 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 04:57:06 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: adcc049c3fd6c92ddf83ef29c70e0815
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
139.45.197.250200 OK 40 kB URL HTTP/2 ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
IP 139.45.197.250:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f180b770897d6441bb79cb05ef5655b6
0a1ecab3bd50af2c0930f1ebadeb5ae449b52489
35ca5d4fa63b7895631bbe796dc91e83e0a76ba1a6d6b04c4c2962b7c1fb5a4e
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 04:57:06 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=56193&bid=79056&aid=598852263662072526
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=56193&bid=79056&aid=598852263662072526
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=56193&bid=79056&aid=598852263662072526 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 28 Sep 2022 04:57:06 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 16446f51b42a8e10687dd5ffc20e3b44
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 60UQkxGTM9SpCtcCIl1Lqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X5kyu8n21uKF2apl+EzChSVoPyM=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14573
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14573
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14573
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c58fdf09a7d552be0c8666522a29de7
60c873f097c85376797fed366804119f7e9c445e
24569f084d3fd428526503bde8b3da64152911934cd5e0e9140c06d954e4bcd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9314
x-amzn-requestid: 0639452b-7f17-4513-aeb1-20b465ed3e93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3HzCIAMF-vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-52afa1da17c4557c5e8c3564;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4mjt2-5F0Chu1G7jShI6rXfTuBMd6JOYxFMtla-EgL7i82SThJnp5w==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:38:41 GMT
age: 26306
etag: "60c873f097c85376797fed366804119f7e9c445e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad84ed0c5b2090df7996007514cf1984
651600f2ef18cecc2e38370069bbb5e1d86f68e0
a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KmVkKXoPqZmnwFtpKhuox1kJNDoSxMEmYE39_zVPyaeoU4sPqq-_wA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:23 GMT
age: 25964
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea3890e460356d6ecc3ba4e405ac2e9e
b383135e2ebc23fe80eb0d594b198cb8c89327a5
8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: yW-bGn5vYTa6Z28ELKYgYpy98wQEbYJIl5yxd1qLxz1YjVYKxMH2Wg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:31:02 GMT
age: 77165
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c761355e3b9bdf64113c92591306b959
5dcf4fbd065e0850c2602a5e8791ba7af1999d9f
03464d30ae3a3199bb3b19e1c730385fc8f68444d41eb0099542bd83108e6ed5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9710
x-amzn-requestid: 38e078fa-bad5-4593-b4f7-ffab77c1d3cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCF9GWeoAMF-5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633116f2-29b4342e3c7700924d65a273;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:05:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dA8uT96jM1QIn89Jw-8vMlGaNrr8xjUBjhg1usiZqFMf0SO12IA4Kg==
via: 1.1 ce74b5c96395745bcb8206d6c9ee0962.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 03:18:43 GMT
age: 5904
etag: "5dcf4fbd065e0850c2602a5e8791ba7af1999d9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43d7c0db2af42ad4d0095324b2691f6c
1a1139cff14aff6755b9e43ff4ef8c9ece1102c1
42073c84e0c215109b54ab55a53cce9e6cce44f4619f5988fa4e2776ff70b362
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9780
x-amzn-requestid: 9938422e-12cd-4aab-9e58-c26b8fee53b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UOH3DoAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-37105d923f19437025abec71;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Halsx09hxT_sMRc2jy-fJA0tE85F6Bgz9P9Trx02Z9aMfIZVLkLW4g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:11:14 GMT
age: 24353
etag: "1a1139cff14aff6755b9e43ff4ef8c9ece1102c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 26178
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
go.ad2upapp.com/afu.php?id=792658&rt=1
139.45.197.237302 Moved Temporarily 138 B URL HTTP/1.1 go.ad2upapp.com/afu.php?id=792658&rt=1
IP 139.45.197.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.ad2upapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 28 Sep 2022 04:57:07 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
go.deliverymodo.com/afu.php?id=792658&rt=1
139.45.197.236200 OK 638 B URL HTTP/1.1 go.deliverymodo.com/afu.php?id=792658&rt=1
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 849d99c59bd70b3b2688f3bdca2239ca
1315059f159d1cc4bfaa5589a6ed6ab565f9e501
9f613f10f7a9bf6da470872312cbfacb5843a2704f71606c4a0ed1b9b8063089
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 04:57:07 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 4ac4b0d915061b305e5e2689efa1e226
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://www.highperformancegate.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=0f7ef89b543b4672bd1d5d0b6a22a4ff; expires=Thu, 28 Sep 2023 04:57:07 GMT; path=/
oaidts=1664341027; expires=Thu, 28 Sep 2023 04:57:07 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
unphionetor.com/vb?t=56193&bid=79056&aid=598852263662072526&tp=2109
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vb?t=56193&bid=79056&aid=598852263662072526&tp=2109
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vb?t=56193&bid=79056&aid=598852263662072526&tp=2109 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 28 Sep 2022 04:57:07 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b796c64e1a36baa02c5ccf6a39111df1
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 04:57:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=436690,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7519e57eebbcb4fd-OSL
go.deliverymodo.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/1.1 go.deliverymodo.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=0f7ef89b543b4672bd1d5d0b6a22a4ff; oaidts=1664341027
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 28 Sep 2022 04:57:07 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
my.rtmark.net/img.gif?f=merge&userId=0f7ef89b543b4672bd1d5d0b6a22a4ff
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=0f7ef89b543b4672bd1d5d0b6a22a4ff
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=0f7ef89b543b4672bd1d5d0b6a22a4ff HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 04:57:07 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0f7ef89b543b4672bd1d5d0b6a22a4ff; expires=Thu, 28 Sep 2023 04:57:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac0f92d2a18e0fa274bb8febf71d2ade
5673c289b0d530d9cd9257589d31f8de67ef5483
7ee4f53c058bd2bd6440ea9e80e91de25da31e3ac5062af770dda34839fce85d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EE4F53C058BD2BD6440EA9E80E91DE25DA31E3AC5062AF770DDA34839FCE85D"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5813
Expires: Wed, 28 Sep 2022 06:34:01 GMT
Date: Wed, 28 Sep 2022 04:57:08 GMT
Connection: keep-alive
www.highperformancegate.com/cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1
192.243.59.20200 OK 2.4 kB URL HTTP/1.1 www.highperformancegate.com/cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (317)
Hash 2a16e280f0463164ea2d3bcdab089c04
fbab0a1e3f8a1f6b0c7c7faa731a82f3b18648d9
4e887d1ada557b5de7dbc8496761fe99f1d87bea19f7e4f0c181f0332660a3ca
Analyzer Verdict Alert quad9 Sinkholed
GET /cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1 HTTP/1.1
Host: www.highperformancegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 04:57:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17381785; expires=Thu, 29 Sep 2022 04:57:08 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; expires=Wed, 28 Sep 2022 04:58:08 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd962c15211adbc80e58fb7765469c2e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.highperformancegate.com/cam2dwqai?pst=1664341088&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=dfee501e8f7c35009ec340caa9a8474adabe5f5b58116f34e41bc2605dfd22c4cf16a85de45525a188bf94c2152f35804407a6da2d58a32eb3cb00bf6905c18b5a91c65c385a05ffd0438547d2eaf5698fb93e6c&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002
192.243.59.20302 Found 0 B URL HTTP/1.1 www.highperformancegate.com/cam2dwqai?pst=1664341088&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=dfee501e8f7c35009ec340caa9a8474adabe5f5b58116f34e41bc2605dfd22c4cf16a85de45525a188bf94c2152f35804407a6da2d58a32eb3cb00bf6905c18b5a91c65c385a05ffd0438547d2eaf5698fb93e6c&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /cam2dwqai?pst=1664341088&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=dfee501e8f7c35009ec340caa9a8474adabe5f5b58116f34e41bc2605dfd22c4cf16a85de45525a188bf94c2152f35804407a6da2d58a32eb3cb00bf6905c18b5a91c65c385a05ffd0438547d2eaf5698fb93e6c&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002 HTTP/1.1
Host: www.highperformancegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.highperformancegate.com/cam2dwqai?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=17381785
Cookie: u_pl=17381785; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 04:57:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537
Set-Cookie: pdhtkv=true; expires=Thu, 29 Sep 2022 04:57:08 GMT
uncs=1; expires=Thu, 29 Sep 2022 04:57:08 GMT
pdhtkv28=true; expires=Thu, 29 Sep 2022 04:57:08 GMT
uncs28=1; expires=Thu, 29 Sep 2022 04:57:08 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 58873318a85fcdcd48ff5bd5ac8d6ba6
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a022f82b68bd0a77ffdcc56fb95e2f9
f146064a22339946eeab59952b05111d9c6a57ec
7682f9936475a7884f1c27744d432a540bdc70f21020fa7783f5b1328dfac999
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7682F9936475A7884F1C27744D432A540BDC70F21020FA7783F5B1328DFAC999"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3344
Expires: Wed, 28 Sep 2022 05:52:53 GMT
Date: Wed, 28 Sep 2022 04:57:09 GMT
Connection: keep-alive
eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537
38.100.129.67200 OK 2.1 kB URL HTTP/2 eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537
IP 38.100.129.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b0752c6b18ee9c55b29fd13e27ebc91f
c8d52c72ee081043f78d65fded97cb79786d7454
cb9330dd4d51af63fd68a2ea57d5b256ca7be0c5bc4c5dbe509343d7b7271083
Analyzer Verdict Alert fortinet Phishing
GET /postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537 HTTP/1.1
Host: eu.convers.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highperformancegate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.3
date: Wed, 28 Sep 2022 04:57:09 GMT
content-type: text/html;charset=UTF-8
content-length: 2092
X-Firefox-Spdy: h2
eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537&token=059ba7044b82808c12e62ce5a1165f80&timezone=0&iframe_test=false&webdriver_test=false
38.100.129.67302 Found 0 B URL HTTP/2 eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537&token=059ba7044b82808c12e62ce5a1165f80&timezone=0&iframe_test=false&webdriver_test=false
IP 38.100.129.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537&token=059ba7044b82808c12e62ce5a1165f80&timezone=0&iframe_test=false&webdriver_test=false HTTP/1.1
Host: eu.convers.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eu.convers.link/postback/click?key=v2-1664341028705-4-8625-999800-3d721d0a-1d6c-81ea-a95d-986b013e2537
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Wed, 28 Sep 2022 04:57:09 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36
platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
location: https://media.bigbasketshop.com/track?q=y9mVqLVe3evR
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 42e93eb987cce04ae3888ca440816b01
b07162b969126113f0c26bde5c992cd503bc05c1
2b4e49e81a88575a275542b7b396defe07dd9a67d787d668f42d2f2a75d85e8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3560
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:09 GMT
Last-Modified: Wed, 28 Sep 2022 03:57:49 GMT
Server: ECS (amb/6B7D)
X-Cache: HIT
Content-Length: 280
media.bigbasketshop.com/track?q=y9mVqLVe3evR
172.67.218.148200 OK 604 B URL HTTP/2 media.bigbasketshop.com/track?q=y9mVqLVe3evR
IP 172.67.218.148:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e1e97afee5a325de9bf96207c3bf51a5
0034519b8ff88591be6e384a5ba6e3d1dea3ceae
14ea67930d925cd3b1d261b6bdb8638f8385fdbc74093597d09aa312a4208bec
GET /track?q=y9mVqLVe3evR HTTP/1.1
Host: media.bigbasketshop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eu.convers.link/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 04:57:09 GMT
content-type: text/html
referrer-policy: origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2AtSfAGlWhizBjUcnhGVDBn5d2G8CKGkedqnYqI4SdbGhTtTuQFbVIDH6Xq7AdmxZC5acBhFrUIOJS4TXWm11lfvdpXb%2FVTzODJgLxGyZoIu6GjzegbXEXDlR1AlW5FOLMloPR0qnP8rvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7519e5887b940b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash a354aaf7dfc139c6eb5a638d62b71d93
a838cafd5ab35f46c8d7e4eed000e8e9e2536a3b
f3733d8e024e92a784e6dfdf0139ba345eed22a11e865b97952126878f4c59dc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 04:57:09 GMT
Last-Modified: Wed, 28 Sep 2022 03:12:05 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KZtSsFNbITkNV-OKZvjeA_QWk4OA64n1m4WdXvhqlZmh64G6yxeW4Q==
Age: 6304
tc.tradetracker.net/?c=31502&m=12&a=416060&r=RA&u=
52.209.75.236301 Moved Permanently 16 kB URL HTTP/2 tc.tradetracker.net/?c=31502&m=12&a=416060&r=RA&u=
IP 52.209.75.236:0
File type gzip compressed data, from Unix\012- data
Hash 0341d2f0f127fe4aedca331516c999bc
59d516071fee8b6cbae5ccc01fafcc7557abc333
f411e32b5b959099689b82f909bdce4daa3874e8b53f394fafb7f0ea555ee55f
GET /?c=31502&m=12&a=416060&r=RA&u= HTTP/1.1
Host: tc.tradetracker.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.bigbasketshop.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 28 Sep 2022 04:57:09 GMT
content-type: text/html; charset=UTF-8
location: https://celis.no/
server: nginx
cache-control: no-cache, must-revalidate
set-cookie: uf=z5N4tXEwlNfnqSsKaLelijdJeE5XZkFESG90UnJ3amhyMXRqR2VKRVVtOUN1cDBZWDg2WXhQRE5GYnU3K3FqTk9Send5SUk3dllDbVFKeGhuMERlMk5PcEhqOXdGNHVhaGlKYlNBPT0%3D; expires=Thu, 28-Sep-2023 04:57:09 GMT; Max-Age=31536000; path=/; domain=.tradetracker.net; secure; SameSite=None
__tdat31502=MTY2NDM0MTAyOTo6MTI6OjQxNjA2MDo6UkE6OmY6OmFmZjIyNmVlMjQxYWY5YWE3Zjc4YmEwMzc2NTc0YTky; expires=Fri, 28-Oct-2022 04:57:09 GMT; Max-Age=2592000; path=/; domain=.tradetracker.net; secure; SameSite=None
X-Firefox-Spdy: h2
celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
193.107.30.42200 OK 39 kB URL HTTP/1.1 celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
IP 193.107.30.42:0
File type ASCII text, with very long lines (65425)
Hash 59a2ce90ebfbdad3a756b517c0f88ba8
718d9f2514203722d8aad597f5866ce85663399d
7805eb72e4e6ddc49c65a24f4f3d0882889ac0332ef987ccc990081366f3e0b4
GET /assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:09 GMT
Content-Type: text/css
Content-Length: 38985
Connection: keep-alive
Last-Modified: Tue, 10 Dec 2019 12:50:50 GMT
ETag: "42584-59958f63ddd3a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/js/slider-cart.js?v=fc0289e80586a4349098c8051fca73f3
193.107.30.42200 OK 144 kB URL HTTP/1.1 celis.no/js/slider-cart.js?v=fc0289e80586a4349098c8051fca73f3
IP 193.107.30.42:0
File type Unicode text, UTF-8 text, with very long lines (54822)
Size 144 kB (144267 bytes)
Hash 3f64a8faa26079ac39a377afc96c3dba
7aab53622db2e45a661fdf8beb1beb3b8db605a7
683ad5e77f5575a8be14056afb4014d978adc2244fe7fe65a37d01e50731882c
GET /js/slider-cart.js?v=fc0289e80586a4349098c8051fca73f3 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "67166-5e8b785e3b05a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/js/cookie_consent.js
193.107.30.42200 OK 6.8 kB URL HTTP/1.1 celis.no/js/cookie_consent.js
IP 193.107.30.42:0
File type ASCII text, with very long lines (1022)
Hash fe0290e5cd3f7b65a629e4207915b7c0
2d3f28169abd3a0faa5fa8a749431a42a33aea83
c5bc71256e67080a533aa8e191e9b377b629406ab12f5c786ba1f523bdd59180
GET /js/cookie_consent.js HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: application/javascript
Content-Length: 6816
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "4de8-5e8b785e3a0ba-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/assets/js/theme.js?m=1663245063
193.107.30.42200 OK 48 kB URL HTTP/1.1 celis.no/assets/js/theme.js?m=1663245063
IP 193.107.30.42:0
Hash f5db4c7ffd2b563ccc08c4ceeda053ce
475aaa0807e0a35ae677957bbf29a0d23a8b1994
a85637334c2d38dba928b6fd307407706c3d2ccd839c71b85104837787864542
GET /assets/js/theme.js?m=1663245063 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: application/javascript
Content-Length: 48163
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "30eeb-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
143.204.55.110200 OK 6.1 kB URL HTTP/2 widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP 143.204.55.110:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (19239)
Hash 5add60196e5f96a414fb4b9586764e5d
633f471b3c2fcedeef9cad90cb5bf56f5fe55588
5370f4ba91dda790c7cae92817b812fcbd1ab367cbb4862f5669960ae4e2c9e0
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6124
last-modified: Mon, 30 May 2022 14:38:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 27 Sep 2022 05:35:19 GMT
cache-control: max-age=86400
etag: "5add60196e5f96a414fb4b9586764e5d"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kn3E5_SYxXnC_5WtLRvKA2tu2opFuztN213n1CuFUciMjDAl5COrXQ==
age: 84112
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
client.24nettbutikk.chat/embed.js
143.204.55.112200 OK 39 kB URL HTTP/2 client.24nettbutikk.chat/embed.js
IP 143.204.55.112:0
Hash def20f81808d80122ffc46c05937f9a7
fb9789de35d7b080c9fdc17d1cbf40f390d88a54
350e46c46b9d0807287da2eb41a085e3d0d9550f54dbf19cee46fb4c48bf05aa
GET /embed.js HTTP/1.1
Host: client.24nettbutikk.chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 16 Sep 2022 18:39:07 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 28 Sep 2022 04:48:00 GMT
cache-control: public,max-age=600
etag: W/"8bbb378e6ea1fc5ce869b8af9ad3111f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XF-cy4CJ0fymsLZI2i8RztspEAV0q2ghiXXWew1mkyl7JYec2Q0MQg==
age: 551
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; base-uri 'none'; object-src 'none'; img-src * data:; form-action 'none'; block-all-mixed-content; connect-src *; style-src 'self' *.gstatic.com *.googleapis.com; font-src 'self' *.gstatic.com *.googleapis.com; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' *.liveleader.com *.lr-ingest.io *.googletagmanager.com *.google-analytics.com *.gstatic.com; frame-src 'self' *.liveleader.com *.amazonaws.com; frame-ancestors *;
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), autoplay=(), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), idle-detection=(self), serial=()
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-871076749
142.250.74.72200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-871076749
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash 2e33f02acd9f5bccc41eb53fca56420a
d14396e030e672b537b138adc19b6a5057926e44
e5a7d4dba93ac92a806891709bd7d67c9d0f52ba2bf7b3ba14a24c6ff92fea2e
GET /gtag/js?id=AW-871076749 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 04:57:10 GMT
expires: Wed, 28 Sep 2022 04:57:10 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46794
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-0VEB93L6P3
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0VEB93L6P3
IP 142.250.74.72:0
File type ASCII text, with very long lines (20189)
Hash 68c97ca78629641d3c2e07435520a4d3
5fd495fae46aa7b80d9e5e7b6c4dfafa09d2d85f
effc938362f18eab0db60597761c342c4be1ba7aab24e3bc7f58f4e35c3f2576
GET /gtag/js?id=G-0VEB93L6P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 04:57:10 GMT
expires: Wed, 28 Sep 2022 04:57:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75279
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
celis.no/assets/js/modernizr.min-dev.js
193.107.30.42200 OK 4.8 kB URL HTTP/1.1 celis.no/assets/js/modernizr.min-dev.js
IP 193.107.30.42:0
File type HTML document, ASCII text, with very long lines (10835)
Hash b1455783dc6934fc9da050919f63e7b2
e1e7a7a08e141c0ddcbb8a50bae5fc845352515b
f16bfb5663df5cd6d55463eb801edbf74c2acc5375d199ecc21664e757efe3ab
GET /assets/js/modernizr.min-dev.js HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: application/javascript
Content-Length: 4844
Connection: keep-alive
Expires: Wed, 28 Sep 2022 04:57:10 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/rocket.png
193.107.30.42200 OK 8.2 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/rocket.png
IP 193.107.30.42:0
File type PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Hash 03a11e047cb1ece27675a53adb4395ee
ed909f72dd2e9c641ccab20abd3f5c2ef8153783
099c4e1894ed1f05056bbe129734e4eab7c050f6438532b8c91ff081616ae580
GET /images_hovedside/24/icons/rocket.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: image/png
Content-Length: 8240
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "2030-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1662712825835
193.107.30.42200 OK 62 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1662712825835
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash f50ad33a09061ef72f7d36fff05585ea
3046d2212e6090b5a07b563daf84cfc3f738dd07
9d6cde05e391150fdd8518ad626d34d5b65bdecadeee8811c4d2b3700dfacb7b
GET /images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1662712825835 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: image/jpeg
Content-Length: 61821
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:38 GMT
ETag: "f17d-5e83a755a5b61"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/24960style/images/logo/klarna_konto.png
193.107.29.107200 OK 3.4 kB URL HTTP/1.1 assets2.24nettbutikk.no/24960style/images/logo/klarna_konto.png
IP 193.107.29.107:0
File type PNG image data, 100 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 73e27a9ea2473b3e22ea7eb69f6abc76
9d9aee22ddd75749035cc78c3e43a7c5aa573ed3
a47bbeff0e3361638a73c958087cd2eab0d49bb90abb47680bd8c747e68d51aa
GET /24960style/images/logo/klarna_konto.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 04:56:19 GMT
Content-Type: image/png
Content-Length: 3424
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 15 Dec 2016 17:46:08 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 04:57:11 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/24960style/images/logo/posten_bring.png
193.107.29.107200 OK 7.9 kB URL HTTP/1.1 assets2.24nettbutikk.no/24960style/images/logo/posten_bring.png
IP 193.107.29.107:0
File type PNG image data, 155 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 39649c575ee9031d6088b5d32fcab958
69afe59a8e08e4fa29841450ae7b3729c60cffd2
d0ee72c420fee38cbba66da4b21fa3f8670faa8619e79ee1e48f1f98573ef31d
GET /24960style/images/logo/posten_bring.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 04:56:19 GMT
Content-Type: image/png
Content-Length: 7860
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Wed, 24 Apr 2019 12:59:31 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 04:57:11 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/plukkogmiks.jpg?1662712839357
193.107.30.42200 OK 105 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/plukkogmiks.jpg?1662712839357
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 105 kB (104561 bytes)
Hash 4881ffb7dd17ad4f21849955522365d4
8c9eb8a92cb00f87a5fc30c4f6f11562c9b00634
5cbf2d0a75ee7cd46c78313b3bc1bb3b716843879b71c30dffd8c789d0c3295e
GET /images_hovedside/24/h%C3%B8stogvinter2022/plukkogmiks.jpg?1662712839357 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: image/jpeg
Content-Length: 104561
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:37 GMT
ETag: "19871-5e83a754aea53"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/lager.jpg?1662712684231
193.107.30.42200 OK 84 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/lager.jpg?1662712684231
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 9aedb6350c1a3a59e3985adc3390b140
6c2e29c00d8f2b50add76188eae191130f907b8e
af7b42dcdf0bdd004c725e77918f6a5ee80078a82888a515ee175498ae7dea54
GET /images_hovedside/24/h%C3%B8stogvinter2022/lager.jpg?1662712684231 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: image/jpeg
Content-Length: 84333
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:37 GMT
ETag: "1496d-5e83a75533749"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/99marked.jpg?1662729034088
193.107.30.42200 OK 70 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/99marked.jpg?1662729034088
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash e6078db9952600fe44da27c6c2fb9416
9787d0ac984fc0108ec36713b4242fcf2b40ad80
c66892e713f6ed18b461fb5ffb8fc022185fdb0512480c83be5c5ac0d3151089
GET /images_hovedside/24/vinter2022/99marked.jpg?1662729034088 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: image/jpeg
Content-Length: 70222
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 13:10:25 GMT
ETag: "1124e-5e83e44f281ec"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1662712832550
193.107.30.42200 OK 111 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1662712832550
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 111 kB (110810 bytes)
Hash 0768c5094cf972081e403293273a5173
0d0d9f5a1f531bbf6d4dd98b1a7dd1294ac03ee3
ca595433ba6af9ed2aa0e8d53e5082abe20841859985717295168cbf62507213
GET /images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1662712832550 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 110810
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:35 GMT
ETag: "1b0da-5e83a75335b2e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1662713167558
193.107.30.42200 OK 89 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1662713167558
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 438e10193057723055022e854cd97824
1451a20816dd919569c18bef1c0a6a2bbd5e7bea
5ce193ba239f304784b4e50b05b27e7270d74d88c7685c732d5b9f170926f0d9
GET /images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1662713167558 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: image/jpeg
Content-Length: 88878
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:49 GMT
ETag: "15b2e-5e83a72717f3d"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/shop.png
193.107.30.42200 OK 13 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/shop.png
IP 193.107.30.42:0
File type PNG image data, 134 x 113, 8-bit/color RGBA, non-interlaced\012- data
Hash db0af4837acf35603da0d5218581bb3a
63fab402cafc21499e7ba03021a3930e3c0a047c
81b79f832d24e0b319bbf0f9520062b6ad262109f70de7e5406aefc09f308705
GET /images_hovedside/24/icons/shop.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/png
Content-Length: 13159
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "3367-59c024d54e1f8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1662713146081
193.107.30.42200 OK 116 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1662713146081
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 116 kB (115665 bytes)
Hash b9e3d215664abbc4b74cb037912a99c2
795d1e77e564ab72679457f21bf34d1806bff723
f2ccc9df805331af79a2492e9d798d319d46f4d6cae352c5ee86164d7bd2952f
GET /images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1662713146081 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 115665
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "1c3d1-5e83a726a1ca6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1662713119828
193.107.30.42200 OK 90 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1662713119828
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 1eb5490988b0577a5918e2dcad260ca0
c6dc3555a7723478467c6b9dd598749e12f82dda
22d0ce82b18d9fbcc6b5dd69d6ccdd7cfa05c38b0bb277c68a2a5fe8e1252ed0
GET /images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1662713119828 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 90017
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "15fa1-5e83a7263082e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/logos/vipps_logo_rgb_trimmed.png
193.107.29.107200 OK 3.5 kB URL HTTP/1.1 assets2.24nettbutikk.no/logos/vipps_logo_rgb_trimmed.png
IP 193.107.29.107:0
File type PNG image data, 126 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 08304e6043314b994d728592a20b16f2
898d1c320db91722a7d15f99719716fe5db71715
5ab5c4baf539e790f3e49b4a250599e8854363714f38a7f060b19c7bb845d9e9
GET /logos/vipps_logo_rgb_trimmed.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 04:56:19 GMT
Content-Type: image/png
Content-Length: 3507
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 30 Aug 2018 13:57:05 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 04:57:11 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/bestselgere.jpg?1662726602538
193.107.30.42200 OK 42 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/bestselgere.jpg?1662726602538
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 676e20376c1fd3d74bb5c9f37c8fb0ef
07f992f99c1ad71a563be019dd6c521c79bd9ad3
5d229dfc80ad8fd41bc251a19b152c3d82957377f49da2ba5f87591f9af079ce
GET /images_hovedside/24/vinter2022/bestselgere.jpg?1662726602538 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 41454
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:02 GMT
ETag: "a1ee-5d71d3e470929"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/nyheter.jpg?1662726616489
193.107.30.42200 OK 35 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/nyheter.jpg?1662726616489
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 9b5eb2d0659c52ea1ed7e1325be17bf5
2e1b249ae7fd76a7969a5659f6582313d79d1926
f56be72773655d66478ed5b512adb2189bf53f51518e180ea6f938392ab642b2
GET /images_hovedside/24/vinter2022/nyheter.jpg?1662726616489 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 34987
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:07 GMT
ETag: "88ab-5d71d3e8e04b8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/truck.png
193.107.30.42200 OK 9.1 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/truck.png
IP 193.107.30.42:0
File type PNG image data, 134 x 98, 8-bit/color RGBA, non-interlaced\012- data
Hash 735b3622549953e0ced0e06f3ac49ef8
ae55158915ef4a74a5de8fa8954c5e146d37caf1
32686c27465c3115e14a079f94efddeca2d6de009bcacd06b6028b37ba758148
GET /images_hovedside/24/icons/truck.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/png
Content-Length: 9131
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:05 GMT
ETag: "23ab-59c024d5e38ac"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/people.png
193.107.30.42200 OK 18 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/people.png
IP 193.107.30.42:0
File type PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Hash d7cd7d1c2173d39fd896413750b0107c
c17f3ad2cc49fffd6f026f55f67657890547e5f7
29b4446f96a73aa06b88e1dffc78c792555b0a5da786b20e933e01e0ee585069
GET /images_hovedside/24/icons/people.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/png
Content-Length: 17921
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "4601-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1662712670102
193.107.30.42200 OK 94 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1662712670102
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 6117904aaf414d4584ce393974a76d5c
ed1b4f3a18201ddd46538a71dd08fda6180566b1
6546732524cfcc8d56b45d1c5052d385bc1c8a89837e524eb40482cd61b08ac2
GET /images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1662712670102 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 93488
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:36 GMT
ETag: "16d30-5e83a75431a5c"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/1540589626.png
193.107.30.42200 OK 45 kB URL HTTP/1.1 celis.no/bilder_diverse/1540589626.png
IP 193.107.30.42:0
File type PNG image data, 450 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash b64491f7df2b869702a502b225a07e0e
5228403f00878b1ff1a2cb26fb572f7620183c10
5c51f468680f9ce41b25e59cb9602dbc16ad62cdef5468b27f251c8e7bbc6c16
GET /bilder_diverse/1540589626.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/png
Content-Length: 45051
Connection: keep-alive
Last-Modified: Fri, 26 Oct 2018 21:33:46 GMT
ETag: "affb-57928796a1581"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/blogg.jpg?1662728208234
193.107.30.42200 OK 93 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/blogg.jpg?1662728208234
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1250x445, components 3\012- data
Hash 92db9c78c6c4e7544dcd092adde6e76f
53c69f5218be574c9599dbd6d906568d99d0987b
9dd39b36524d11f19e1c67c0529af9f4aea0e1ede5056bbb13e1815bf67d8bee
GET /images_hovedside/24/vinter2022/blogg.jpg?1662728208234 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 93106
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:02 GMT
ETag: "16bb2-5d71d3e4eb9e0"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/Bestillingsfrister%20for%20levering%20f%C3%B8r%20jul%20(449%20x%20308%20px)%20(1400%20%C3%97%20765%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(18).png?1664176590452
193.107.30.42200 OK 135 kB URL HTTP/1.1 celis.no/images_hovedside/Bestillingsfrister%20for%20levering%20f%C3%B8r%20jul%20(449%20x%20308%20px)%20(1400%20%C3%97%20765%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(18).png?1664176590452
IP 193.107.30.42:0
File type PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 135 kB (134793 bytes)
Hash 004296d07f8832a52de00446e8f6d8c4
d989dbc6f547665449b448b1fbadbc5b2283994c
e32d9003dc45d5c36eefdb464a6fc6655b9dc81638b301c92d7a25c601172426
GET /images_hovedside/Bestillingsfrister%20for%20levering%20f%C3%B8r%20jul%20(449%20x%20308%20px)%20(1400%20%C3%97%20765%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(18).png?1664176590452 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/png
Content-Length: 134793
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 07:16:29 GMT
ETag: "20e89-5e98f4e7d7f1f"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/slide_1662713212.jpg
193.107.30.42200 OK 197 kB URL HTTP/1.1 celis.no/bilder_diverse/slide_1662713212.jpg
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1550x850, components 3\012- data
Size 197 kB (196904 bytes)
Hash e1e1ac019a385cbe231ada2aa5521e81
683cdb3ec3f5f2479383a725eb3cd32f0fb29923
229bdc865798237b8b011c8e7560a7f89390ed03f8b86c6253e44a76c51c3b57
GET /bilder_diverse/slide_1662713212.jpg HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/jpeg
Content-Length: 196904
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:46:52 GMT
ETag: "30128-5e83a965e99c7"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2
142.250.74.163200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 30896, version 1.0\012- data
Hash a7332c352b59e1d882b5770b68ed9db5
6a4b2b9a2b35ae86769e0c6a0a6decbf67300db6
c470360f2548fb327562d8ce35185a96f59ab6daeb56c0d45ab712b63de848da
GET /s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30896
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 00:02:19 GMT
expires: Sun, 24 Sep 2023 00:02:19 GMT
cache-control: public, max-age=31536000
age: 363292
last-modified: Fri, 24 Jun 2022 18:46:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
celis.no/assets/js/fbremarketing.js?4b8a936472fbca5bed11
193.107.30.42200 OK 754 B URL HTTP/1.1 celis.no/assets/js/fbremarketing.js?4b8a936472fbca5bed11
IP 193.107.30.42:0
Hash e76c45545671cece5ad7531d3832c50d
f26e0e3b80d30486b6ffaa5f54a0187da8fd352f
1085896e2ed2470bb080f0824199227b33b5f531ab7472ce1f9c8f742513f118
GET /assets/js/fbremarketing.js?4b8a936472fbca5bed11 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited; javascript=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: application/javascript
Content-Length: 754
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "6a8-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
celis.no/assets2/fonts/pioneer/pioneer.ttf?tl2cf7
193.107.30.42200 OK 7.2 kB URL HTTP/1.1 celis.no/assets2/fonts/pioneer/pioneer.ttf?tl2cf7
IP 193.107.30.42:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, pioneer \012- data
Hash c17564efd9d2cffc62799399f8ce99d8
43fa0947a23e3f276500d27bda03f9e280c550bf
524b61f6b815524da2899a33ed926a242e1df31a9d8ddc0a46482f61d3bc92b7
GET /assets2/fonts/pioneer/pioneer.ttf?tl2cf7 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited; javascript=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Length: 7236
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "1c44-5e8b785e3b05a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 12860, version 1.0\012- data
Hash ab21c24efd75543e16e34807ebc6cdec
eb2562f9729079333fbcbbe94868695669dd3301
88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
GET /s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 21:03:13 GMT
expires: Tue, 26 Sep 2023 21:03:13 GMT
cache-control: public, max-age=31536000
age: 114838
last-modified: Mon, 09 May 2022 18:27:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sc-static.net/scevent.min.js
54.230.82.240200 OK 8.8 kB URL HTTP/2 sc-static.net/scevent.min.js
IP 54.230.82.240:0
File type ASCII text, with very long lines (25316), with no line terminators
Hash 5d4285ddd0c228077c66505f012548a8
0fe70aec9189f6bc39397cfe6b627cfe1d8b0e97
9360b9744aeecff2d3b3c2b72ff985e8ba92192cc98ebea2b48886619529f23f
GET /scevent.min.js HTTP/1.1
Host: sc-static.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 8757
server: CloudFront
date: Wed, 28 Sep 2022 04:57:11 GMT
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Content-Type
cache-control: private, s-maxage=0, max-age=600
set-cookie: X-AB=0d6e407936704bd380072f5891d28b0e;max-age=86400;expires=Thu, 29 Sep 2022 02:34:34 GMT;Path=/scevent.min.js; Secure; SameSite=None
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5QLWUfhhUxMvJCnNsqEwlR6VCEiPcZYY0u_pP5bzGi9xqaGFDthecQ==
X-Firefox-Spdy: h2
celis.no/favicon.ico
193.107.30.42200 OK 0 B IP 193.107.30.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited; javascript=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:11 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2016 22:32:33 GMT
ETag: "0-539bf39b2f663"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1216
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:36:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 04:41:09 GMT
expires: Wed, 28 Sep 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 962
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: p/+5adIYAJNEeKAbsJHbnNwpNGUCzJn/AO77/ZeH/0E6Bn8F8sqG3sE9JbC2n/+uDW1ACLlapynokhkhyaGLEw==
content-length: 26840
x-fb-trip-id: 1679558926
date: Wed, 28 Sep 2022 04:57:11 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1216
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:36:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
143.204.55.110200 OK 3.3 kB URL HTTP/2 widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
IP 143.204.55.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12963)
Hash 2922a85ce6caf46f828c097bf7aa1036
afedbac8e6480a8c59cc6ca3359381731f75795b
12d369c3d585d564678ed15f99b53dad29faa1e05475825ccd0e8f4c50cfb779
GET /trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 3267
last-modified: Tue, 20 Sep 2022 08:01:13 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 27 Sep 2022 05:35:34 GMT
cache-control: max-age=86400
etag: "2922a85ce6caf46f828c097bf7aa1036"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HOUDno91uWwVoeFXSv7Apeh9G0Z-aIezLOZM_6FNR2wISfq78ho6dA==
age: 84098
X-Firefox-Spdy: h2
widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/main.js
143.204.55.110200 OK 28 kB URL HTTP/2 widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/main.js
IP 143.204.55.110:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (64281), with no line terminators
Hash 5d220cf839e981e50c65214dcd96e0fc
15070f97f761a68548a2a12de1c898c322e1a7b0
463c02075608ea7896ae7bd1b81f207874e744a5bde580ee8df20d911ef354f0
GET /trustboxes/53aa8912dec7e10d38f59f36/main.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 27969
last-modified: Tue, 20 Sep 2022 08:01:15 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 28 Sep 2022 04:11:01 GMT
cache-control: max-age=86400
etag: "5d220cf839e981e50c65214dcd96e0fc"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jZIMfBBGSqQSqt7s1sxecdkWoSP_GQ_qmAnniHD2AbrnWEL37AFArA==
age: 2771
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5e01e4cfb215a3f052b4c716bc77c1a6
6e63b3e883051319571310c44b87591f0312d83f
aebb544e0762c6c3eb289d85c20299baa3f742dc46cfa5bcc33ac6df411285ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 28 Sep 2022 04:57:11 GMT
expires: Wed, 28 Sep 2022 04:57:11 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2aa56ff5aa61caf25c2d918818cfe79
c01e85507dc8de353a460444b3255c7fa5b4fcf8
f0ac9297f334934924d873304380a10e3f3f8a1e617c72b3250181a1f3ad4f0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3183
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:04:08 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2aa56ff5aa61caf25c2d918818cfe79
c01e85507dc8de353a460444b3255c7fa5b4fcf8
f0ac9297f334934924d873304380a10e3f3f8a1e617c72b3250181a1f3ad4f0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3183
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:04:08 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
widget.trustpilot.com/trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15
143.204.55.110200 OK 1.9 kB URL HTTP/2 widget.trustpilot.com/trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15
IP 143.204.55.110:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7367), with no line terminators
Hash 495481a7a588665b66809050d28d35ca
244897d6bb43ee0898368a220f3c2d901a6888a1
afef8a1636fc2c6744bfd542a0673c4ef4b1cd890adf214d84efc5a51765905b
GET /trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1918
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-fallback-status: BYPASS
x-skip-cache-cookie: 0
x-xss-protection: 1; mode=block
cache-control: public,max-age=1800
date: Wed, 28 Sep 2022 04:37:19 GMT
etag: "f4904820398af9eeb9a9638df47ad137"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: N7s5eUaNV0_KV-lP30x16_2gIIKNEcikZUgI5E4L-QdviUmB1e917g==
age: 1192
X-Firefox-Spdy: h2
tr.snapchat.com/cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=00e8f4b0-7dd7-446d-b414-ac04b5768b37&u_sclid=f6d3f2d1-4d08-460b-ad52-6b46e7f31506
35.190.43.134200 OK 0 B URL HTTP/2 tr.snapchat.com/cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=00e8f4b0-7dd7-446d-b414-ac04b5768b37&u_sclid=f6d3f2d1-4d08-460b-ad52-6b46e7f31506
IP 35.190.43.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=00e8f4b0-7dd7-446d-b414-ac04b5768b37&u_sclid=f6d3f2d1-4d08-460b-ad52-6b46e7f31506 HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 04:57:11 GMT
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
x-envoy-upstream-service-time: 0
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2aa56ff5aa61caf25c2d918818cfe79
c01e85507dc8de353a460444b3255c7fa5b4fcf8
f0ac9297f334934924d873304380a10e3f3f8a1e617c72b3250181a1f3ad4f0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3183
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Last-Modified: Wed, 28 Sep 2022 04:04:08 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
tr.snapchat.com/p
35.190.43.134200 OK 68 B IP 35.190.43.134:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
POST /p HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------253008103622078210402533660831
Content-Length: 2392
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 04:57:11 GMT
access-control-allow-origin: https://celis.no
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIQgEsIlIOA6IjgPqT8Hw32KXbjeK9XnixyCrK6UYdzG+sM4ZZDodSoz+7pmEGzIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 68
x-envoy-upstream-service-time: 8
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36
143.204.55.110204 No Content 0 B URL HTTP/2 widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36
IP 143.204.55.110:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
cache-control: no-store,no-cache
date: Wed, 28 Sep 2022 04:57:11 GMT
pragma: no-cache
server: Kestrel
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: Miss from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0qkhBQTKaxn00SE5EEQDwkoIuulM7MqGbePPe62klzX-KefIoIZPzw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&gjid=339294494&_gid=35750289.1664341029&_u=IEDAAEAAAAAAAC~&z=776186014
64.233.165.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&gjid=339294494&_gid=35750289.1664341029&_u=IEDAAEAAAAAAAC~&z=776186014
IP 64.233.165.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&gjid=339294494&_gid=35750289.1664341029&_u=IEDAAEAAAAAAAC~&z=776186014 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.snapchat.com/init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d
35.190.43.134200 OK 1.2 kB URL HTTP/2 tr.snapchat.com/init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d
IP 35.190.43.134:0
File type JSON data\012- , ASCII text, with very long lines (2550), with no line terminators
Hash f38fbbd910a9944a49430860197a05fd
3367a5981689cc18184196e1f834f6ae3e8a7434
5f613e79ac84ed0695449fb7af8d503c981a22799c381f351d74aab5b7ef9401
GET /init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 04:57:11 GMT
access-control-allow-origin: https://celis.no
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&gjid=1298333100&_gid=35750289.1664341029&_u=IEDAAEABAAAAAC~&z=1362008233
64.233.165.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&gjid=1298333100&_gid=35750289.1664341029&_u=IEDAAEABAAAAAC~&z=1362008233
IP 64.233.165.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&gjid=1298333100&_gid=35750289.1664341029&_u=IEDAAEABAAAAAC~&z=1362008233 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ef12641bb4d59312b43f4f06ae2cee73
5450eaf271bf466e6aa58b63d52b49b66c5f4a6f
894fd5dabf39c09179591f3305d88ef71eb467ddeb1fc5c568dc377c3a1317d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/871076749/?random=1664341029394&cv=9&fst=1664337600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=1022454462&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/871076749/?random=1664341029394&cv=9&fst=1664337600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=1022454462&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/871076749/?random=1664341029394&cv=9&fst=1664337600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=1022454462&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&_u=IEDAAEAAAAAAAC~&z=1260011383
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&_u=IEDAAEAAAAAAAC~&z=1260011383
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-24343184-8&cid=1440121400.1664341029&jid=67120787&_u=IEDAAEAAAAAAAC~&z=1260011383 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&_u=IEDAAEABAAAAAC~&z=1251565095
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&_u=IEDAAEABAAAAAC~&z=1251565095
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-85161377-1&cid=1440121400.1664341029&jid=1293747359&_u=IEDAAEABAAAAAC~&z=1251565095 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ef12641bb4d59312b43f4f06ae2cee73
5450eaf271bf466e6aa58b63d52b49b66c5f4a6f
894fd5dabf39c09179591f3305d88ef71eb467ddeb1fc5c568dc377c3a1317d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 04:57:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-0VEB93L6P3>m=2oe9q0&_p=1835182867&cid=1440121400.1664341029&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664341029&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-0VEB93L6P3>m=2oe9q0&_p=1835182867&cid=1440121400.1664341029&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664341029&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-0VEB93L6P3>m=2oe9q0&_p=1835182867&cid=1440121400.1664341029&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664341029&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://celis.no
date: Wed, 28 Sep 2022 04:57:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.snapchat.com/collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no
35.190.43.134200 OK 100 B URL HTTP/2 tr.snapchat.com/collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no
IP 35.190.43.134:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 388ca868ad022fdad152292b3f8a7e2c
5eb1850288dab54959329e0f05201713d30ecb00
e691dd49e4f03b7ac47c0e3b615de5873ce6ded2a2f31bc13922fdd22f2f07c7
GET /collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 04:57:11 GMT
access-control-allow-origin: https://celis.no
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
celis.no/css/cookie_consent.css
193.107.30.42200 OK 0 B URL HTTP/1.1 celis.no/css/cookie_consent.css
IP 193.107.30.42:0
GET /css/cookie_consent.css HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: text/css
Content-Length: 4431
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "490a-5e8b785e2e53b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3
139.45.197.154200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3
IP 139.45.197.154:0
GET /?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=zIxdtpncFdWwTen8zbPDTDvleLsniXS5MHw7X-8heXU; expires=Wed, 28-Sep-2022 05:57:05 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3&mprtr=1
139.45.197.154200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3&mprtr=1
IP 139.45.197.154:0
POST /?l=qCqekRDLtEBTXwP&s=598852263662072526&z=4392229&g=NO&svar=1664341025&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664341025&ssk=758a0eab7bff0aa808838e2b4ba8dd96&svarok=1&b=79056&oaid=c857aa51ed0a4827b6c780156e9e1d21&rdk=rk3&mprtr=1 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4392229&rsz=4392229&rid=
Cookie: reverse=zIxdtpncFdWwTen8zbPDTDvleLsniXS5MHw7X-8heXU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 04:57:05 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
celis.no/assets/js/vendor.js?m=1663245063
193.107.30.42200 OK 0 B URL HTTP/1.1 celis.no/assets/js/vendor.js?m=1663245063
IP 193.107.30.42:0
GET /assets/js/vendor.js?m=1663245063 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImJZZGEraWw1Tld2Qnd3cWlwMmcyU0E9PSIsInZhbHVlIjoiQlZyNDlxTmZ1MURlanZWN0NEazVtdkgwZ1pROENzWXdnOEc3ZlV1YVdUZERHUHBMRnVyWE5wdDFlWFJGTmluZlZsOE10dWh6V2t6NW1zZ3J6SzMwU0E9PSIsIm1hYyI6IjNjYWI3YmE5OGNlZTU3ZDMzZDUzY2ExMjg3OTEwZGIyOWQyZDYxZjFkMTk0ZjE0OThiMWQwMzQ3Y2YwOTY5YWUifQ%3D%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22674bd829cfd05c90944b9de1bdc087fe%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664341029%3B%7D7a61bb37baddba9e6eec9f830543652b; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 04:57:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "58774-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Noto+Sans:400,700|Bitter:400,700,400italic
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Noto+Sans:400,700|Bitter:400,700,400italic
IP 142.250.74.10:0
GET /css?family=Noto+Sans:400,700|Bitter:400,700,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 04:57:10 GMT
date: Wed, 28 Sep 2022 04:57:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2