r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3276
Expires: Sat, 28 Jan 2023 11:11:52 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7382
Expires: Sat, 28 Jan 2023 12:20:18 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 09:35:29 GMT
content-type: application/json
age: 2507
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20902
Expires: Sat, 28 Jan 2023 16:05:38 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive
andicomedicalsuppliers.com/chromestre/113on892it.exe
23.82.12.36200 OK 512 B URL HTTP/1.1 andicomedicalsuppliers.com/chromestre/113on892it.exe
IP 23.82.12.36:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (512), with no line terminators
Hash 7dcd8de9f20dbf7c1d5f24d71f778374
b4b9145fe89fbb3c81f9ebcc56e188dcca53dfd5
ae8d43947cc66a6e41b473583f630c710d9b8d191715d86e7234816b37d5856a
Analyzer Verdict Alert fortinet Malware
GET /chromestre/113on892it.exe HTTP/1.1
Host: andicomedicalsuppliers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 512
content-type: text/html; charset=utf-8
date: Sat, 28 Jan 2023 10:17:15 GMT
server: nginx
set-cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36; path=/; domain=.andicomedicalsuppliers.com; expires=Thu, 15 Feb 2091 13:31:23 GMT; max-age=2147483647; HttpOnly
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SsXIMbITMwfL9uozhIKQh9sBta645YTzsJRZEfCQVPRNPCjTnhyheT+ygFdtXMlQTm9DUzAGp/Rytxm8NYO0sw==
x-amz-request-id: EW63DR3ERGKS8AXR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 09:20:55 GMT
age: 3381
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 10:17:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
andicomedicalsuppliers.com/favicon.ico
23.82.12.36404 Not Found 9 B URL HTTP/1.1 andicomedicalsuppliers.com/favicon.ico
IP 23.82.12.36:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: andicomedicalsuppliers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://andicomedicalsuppliers.com/chromestre/113on892it.exe
Cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sat, 28 Jan 2023 10:17:15 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 09:49:03 GMT
age: 1693
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Sat, 28 Jan 2023 11:44:43 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive
andicomedicalsuppliers.com/chromestre/113on892it.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDkwODIzNiwiaWF0IjoxNjc0OTAxMDM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Y3MzdpNG43YnEzdnZhZDA0ZGNwczciLCJuYmYiOjE2NzQ5MDEwMzYsInRzIjoxNjc0OTAxMDM2MDAwMDc0fQ.TGBUzpiW5mwixkEQZh00kQKHV6Ktwf21XvcLU7aHMac&sid=f0592c20-9ef4-11ed-959e-8b932897ae36
23.82.12.36302 Found 11 B URL HTTP/1.1 andicomedicalsuppliers.com/chromestre/113on892it.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDkwODIzNiwiaWF0IjoxNjc0OTAxMDM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Y3MzdpNG43YnEzdnZhZDA0ZGNwczciLCJuYmYiOjE2NzQ5MDEwMzYsInRzIjoxNjc0OTAxMDM2MDAwMDc0fQ.TGBUzpiW5mwixkEQZh00kQKHV6Ktwf21XvcLU7aHMac&sid=f0592c20-9ef4-11ed-959e-8b932897ae36
IP 23.82.12.36:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /chromestre/113on892it.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDkwODIzNiwiaWF0IjoxNjc0OTAxMDM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Y3MzdpNG43YnEzdnZhZDA0ZGNwczciLCJuYmYiOjE2NzQ5MDEwMzYsInRzIjoxNjc0OTAxMDM2MDAwMDc0fQ.TGBUzpiW5mwixkEQZh00kQKHV6Ktwf21XvcLU7aHMac&sid=f0592c20-9ef4-11ed-959e-8b932897ae36 HTTP/1.1
Host: andicomedicalsuppliers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://andicomedicalsuppliers.com/chromestre/113on892it.exe
Cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 28 Jan 2023 10:17:16 GMT
location: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
server: nginx
set-cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36; path=/; domain=.andicomedicalsuppliers.com; expires=Thu, 15 Feb 2091 13:31:24 GMT; max-age=2147483647; HttpOnly
push.services.mozilla.com/
35.155.48.47101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.48.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YjY023561J0ehjKn8bVrfQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 47wXoZqZssF5KswfWffSGbE3EH8=
r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
66.165.243.160200 OK 808 B URL HTTP/1.1 r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
IP 66.165.243.160:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (303)
Hash 0922b0318271ddb0634deb4c2bbb5c51
bd2be2c2bf257ec06a1a5b9e54b58e1a1a6a7d9d
d17a9222c232b125406bd5e7904ea53ff990c558b6682f138502fcd3fa42bdc9
GET /redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://andicomedicalsuppliers.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.13
r.redirekted.com/css/adren.css?n=2222431398
66.165.243.160200 OK 243 B URL HTTP/1.1 r.redirekted.com/css/adren.css?n=2222431398
IP 66.165.243.160:0
Hash f72acd3fece9f7cf58643616c745b2ea
92bc529a83c5466fbf6b9e702eef1e59644687a1
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777
GET /css/adren.css?n=2222431398 HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:17 GMT
Content-Type: text/css
Content-Length: 243
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Connection: keep-alive
ETag: "60dff9aa-f3"
Accept-Ranges: bytes
r.redirekted.com/js/adren.min.js?n=2222431398
66.165.243.160200 OK 7.5 kB URL HTTP/1.1 r.redirekted.com/js/adren.min.js?n=2222431398
IP 66.165.243.160:0
File type ASCII text, with very long lines (7528), with no line terminators
Hash 9a9ec61d7e275f25fe83f0aa93bd2e41
8a3a23c432b601e9f8f8fe2b61f0fedbc341c9ac
55afe8ae4db5b6ca9ec5a3aca1f3a7b482ca51d0914acd250093f1a9ecbfccec
GET /js/adren.min.js?n=2222431398 HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:17 GMT
Content-Type: application/javascript
Content-Length: 7528
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Connection: keep-alive
ETag: "60dff9aa-1d68"
Accept-Ranges: bytes
r.redirekted.com/favicon.ico
66.165.243.160200 OK 0 B URL HTTP/1.1 r.redirekted.com/favicon.ico
IP 66.165.243.160:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Connection: keep-alive
ETag: "60dff9aa-0"
Accept-Ranges: bytes
r.redirekted.com/go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV
66.165.243.160200 OK 1.8 kB URL HTTP/1.1 r.redirekted.com/go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV
IP 66.165.243.160:0
File type HTML document, ASCII text, with very long lines (484)
Hash e188643eede3fead40c1c69a8bb89f3b
b43e7547a5848311d3903062941cf4988b1afd68
e873965349d231e0bacc40ada69897069b7ff0b73bf8f078b6086bcbc5665255
GET /go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.13
Set-Cookie: uuid=1541225467358433024; expires=Sun, 29-Jan-2023 10:17:18 GMT; Max-Age=86400
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20085
Date: Sat, 28 Jan 2023 08:18:19 GMT
Expires: Sat, 28 Jan 2023 10:18:19 GMT
Cache-Control: public, max-age=7200
Age: 7139
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript
www.google-analytics.com/collect?v=1&_v=j99&a=1811668771&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DNA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2117048619.1674901040&tid=UA-32454353-1&_gid=1532368935.1674901040&cd1=oz9lo258n2kesUk8sT5ipz9hsTgfn3k8sUj%3D&z=1700451042
142.250.74.46200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j99&a=1811668771&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DNA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2117048619.1674901040&tid=UA-32454353-1&_gid=1532368935.1674901040&cd1=oz9lo258n2kesUk8sT5ipz9hsTgfn3k8sUj%3D&z=1700451042
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j99&a=1811668771&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DNA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2117048619.1674901040&tid=UA-32454353-1&_gid=1532368935.1674901040&cd1=oz9lo258n2kesUk8sT5ipz9hsTgfn3k8sUj%3D&z=1700451042 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Sat, 28 Jan 2023 00:43:43 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
Age: 34415
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Sat, 28 Jan 2023 13:04:24 GMT
Date: Sat, 28 Jan 2023 10:17:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Sat, 28 Jan 2023 13:04:24 GMT
Date: Sat, 28 Jan 2023 10:17:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 40417
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 940946e65210c717266c3a64751f1b72
f0e66aeef0c72865d565f48b563f66a184b758a9
1d031b8a530a1e6d84d79fae891f023e1ab7646596c00c57d83cfffce1f6fdf5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5742
x-amzn-requestid: b22fd8a5-eefc-494e-a304-75b69eef069d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFr2GsdoAMFpqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8318-69b5e7c726fa92134d08c775;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xBpEdVPmvtXlsyGTvZCkIahK7_Ivhq4yswhw23ixIOH1zlgWPyLH9Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 04:39:18 GMT
age: 20280
etag: "f0e66aeef0c72865d565f48b563f66a184b758a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 44432
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 44900
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 41465
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856916fa7de25bdb308c04d0ae58180
72abe5101dc03c35399e6e5aab02328c206f480a
9b8c3380c842aa6de358def0d56263bafec61e37bc951a06c06e6953419e2804
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6733
x-amzn-requestid: cd0cc842-d109-42b4-9104-0cb48a964794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkGupoAMF3Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-14b754495bb33b0f5f0cd805;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uljLkKCpEyZIyKev_CU76OjxNnvivx2qeLVkR48liHIJx1GwCqPP_A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:12:59 GMT
age: 43459
etag: "72abe5101dc03c35399e6e5aab02328c206f480a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e0344c44b03467980735c529ec222084
5a02acb712776b4c0bba6346ec3ea99d4d13226b
fb50323f02dd9e830af11038626f7415845f97dd40e409f3bfc1e6e02f77f921
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4697
Cache-Control: max-age=117102
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:18 GMT
Etag: "63d40a43-1d7"
Expires: Sun, 29 Jan 2023 18:49:00 GMT
Last-Modified: Fri, 27 Jan 2023 17:30:43 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
95.211.116.26200 OK 32 kB URL HTTP/1.1 no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12878)
Hash e35f9d0398da6834affba4603ec5175d
0bc9eb77546e8696ef50fff9bbec0e49fe4235e2
31be413a052d09cea96d7460c51666f582890aa6962b3ceac034b42d0fb36dd8
GET /offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://r.redirekted.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; Max-Age=31536000; Expires=Sun, 28 Jan 2024 10:17:18 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
kelkooID=a4c6294-185f7e1a513-83198; Max-Age=31536000; Expires=Sun, 28 Jan 2024 10:17:18 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
X-DataDome: protected
Request-Time: PT0.015213S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 31462
no-go.kelkoogroup.net/assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b
95.211.116.26200 OK 68 B URL HTTP/1.1 no-go.kelkoogroup.net/assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Request-Time: PT0.0016S
X-Robots-Tag: noindex,nofollow
Cache-Control: private, must-revalidate
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: image/png
Content-Length: 68
no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b
95.211.116.26200 OK 0 B URL HTTP/1.1 no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
Content-Type: text/plain;charset=utf-8
Content-Length: 536
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198; _ga=GA1.2.1532827018.1674901040; _gid=GA1.2.1865613896.1674901040
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Request-Time: PT0.005522S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
dd.kelkoogroup.net/tags.js
54.230.111.93200 OK 30 kB URL HTTP/2 dd.kelkoogroup.net/tags.js
IP 54.230.111.93:0
File type ASCII text, with very long lines (65432)
Hash 0add9cf2baf251589bdb6d0f505f525c
3cf7faea1ce7930df15c69e8290c94f40ba0b781
420a86f368eb2275df2fdc42bc545c7cc28a8e5caba3aa792fd4df75ea03776b
GET /tags.js HTTP/1.1
Host: dd.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 30111
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains; preload
last-modified: Fri, 27 Jan 2023 08:15:06 GMT
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
via: 1.1 f49c99d2326b14738507e1c2ddcae1dc.cloudfront.net (CloudFront), 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
date: Sat, 28 Jan 2023 10:15:21 GMT
cache-control: max-age=3600, public
expires: Sat, 28 Jan 2023 11:15:21 GMT
etag: "231a0-5f33a7691305c-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P2, OSL50-P1
x-amz-cf-id: 2LodvLeVYh48u3HvoY6qar56DRlKPq_Ekqt3VmRxDmaK0yw3He_Y9A==
age: 117
X-Firefox-Spdy: h2
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b&url=https%3A%2F%2Furtesenteret.no%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529&initiator=timeout
95.211.116.26303 See Other 0 B URL HTTP/1.1 no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b&url=https%3A%2F%2Furtesenteret.no%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529&initiator=timeout
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b&url=https%3A%2F%2Furtesenteret.no%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529&initiator=timeout HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198; _ga=GA1.2.1532827018.1674901040; _gid=GA1.2.1865613896.1674901040
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 303 See Other
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Location: https://urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=7w8S-18Xook3aVfMKkgT6UWLDhllg8meH62D0NB9DIUua_tAyxI4zDQLFGG7LnwXE7ab8SKnex1Kb96aBHkQTjeaBQFQRxMNzt3HCCbJ45ZQbRuBL0x2mSU78mpthn0V; Max-Age=31536000; Expires=Sun, 28 Jan 2024 10:17:18 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
X-DataDome: protected
Request-Time: PT0.012159S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Length: 0
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ff795c28e4447eec6b2c7983ba548c0d
f01e8e24e5bd9c35a0c11b2b7c7d9336c43a97d7
92044962246faacf3c78c682916f438476d11eb65adbefff757177667ff93217
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 01:51:18 GMT
Expires: Sat, 04 Feb 2023 01:51:17 GMT
Etag: "f01e8e24e5bd9c35a0c11b2b7c7d9336c43a97d7"
Cache-Control: max-age=603675,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1365
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7908fa446a04b512-OSL
api-js.datadome.co/js/
13.51.192.216200 OK 236 B IP 13.51.192.216:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b347ae010b44510423aab0d5003dafea
5664b56cacd1758cfa4417bf1414c8d01bf7e211
4011ac081bf854997c53d9f56880fadd3f6c1e912f3a102456c2b07234b8b0ef
POST /js/ HTTP/1.1
Host: api-js.datadome.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 4569
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:18 GMT
content-type: application/json;charset=utf-8
content-length: 236
server: DataDome
access-control-allow-origin: *
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2FoffersearchGo%3F.ts%3D1674835113129%26.sig%3DG0Z4ruEmRNtIUI7yHpBhgS389lE-%26affiliationId%3D96965866%26comId%3D100542275%26country%3Dno%26offerId%3D6e11aeff4f2e19ce092e2b8ba86dca81%26service%3D37%26tokenId%3D35e025c3-2943-4e2d-874f-eaee491f9fab%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3DNs7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL%26custom2%3DjKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB&dr=http%3A%2F%2Fr.redirekted.com%2F&dp=%2F96965866%7C100542275%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20Urtesenteret.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1532827018.1674901040&tid=UA-168544891-6&_gid=1865613896.1674901040&_r=1&cd1=96965866&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082&cd3=100542275&cd4=a4c6294-185f7e1a513-83198&cd5=&cd6=96965866%7C100542275%7C&z=1292265364
142.250.74.46200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2FoffersearchGo%3F.ts%3D1674835113129%26.sig%3DG0Z4ruEmRNtIUI7yHpBhgS389lE-%26affiliationId%3D96965866%26comId%3D100542275%26country%3Dno%26offerId%3D6e11aeff4f2e19ce092e2b8ba86dca81%26service%3D37%26tokenId%3D35e025c3-2943-4e2d-874f-eaee491f9fab%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3DNs7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL%26custom2%3DjKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB&dr=http%3A%2F%2Fr.redirekted.com%2F&dp=%2F96965866%7C100542275%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20Urtesenteret.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1532827018.1674901040&tid=UA-168544891-6&_gid=1865613896.1674901040&_r=1&cd1=96965866&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082&cd3=100542275&cd4=a4c6294-185f7e1a513-83198&cd5=&cd6=96965866%7C100542275%7C&z=1292265364
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
POST /collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2FoffersearchGo%3F.ts%3D1674835113129%26.sig%3DG0Z4ruEmRNtIUI7yHpBhgS389lE-%26affiliationId%3D96965866%26comId%3D100542275%26country%3Dno%26offerId%3D6e11aeff4f2e19ce092e2b8ba86dca81%26service%3D37%26tokenId%3D35e025c3-2943-4e2d-874f-eaee491f9fab%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3DNs7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL%26custom2%3DjKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB&dr=http%3A%2F%2Fr.redirekted.com%2F&dp=%2F96965866%7C100542275%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20Urtesenteret.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1532827018.1674901040&tid=UA-168544891-6&_gid=1865613896.1674901040&_r=1&cd1=96965866&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082&cd3=100542275&cd4=a4c6294-185f7e1a513-83198&cd5=&cd6=96965866%7C100542275%7C&z=1292265364 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
access-control-allow-origin: https://no-go.kelkoogroup.net
date: Sat, 28 Jan 2023 10:17:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
x-content-type-options: nosniff
access-control-allow-credentials: true
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 1.2 kB IP 142.250.74.131:0
Hash 650ee3adf55a5052b414652caf8a1d42
5d84f416f0fea3b9f43e52a5f4725f5ea08fbf51
bf0544cf467b7fae0a6766d34c6657354103ad79aa0a19cde916f13f2307ba3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.46200 OK 215 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
Size 215 kB (214633 bytes)
Hash cb412805462b298f7b5ff4eae7cf9d7e
6228ff21d8aecdd12ff8dc5bf5ea5e0b2b110f09
a9073d5a211705faa78722acdcecf44c38a958e77766ed160a93e2a0ec1c0044
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 09:45:20 GMT
expires: Sat, 28 Jan 2023 11:45:20 GMT
cache-control: public, max-age=7200
age: 1923
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a89188d5a8605005d57f5bd7b7981413
a5949f3a51b1e357bf8dbd9e3dbbee0311ac45ce
460552ba4e9040f3ace71b03092d011435c23c4241246c82ffde2a051cc8eaa4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1657
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Last-Modified: Sat, 28 Jan 2023 09:49:46 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
ssl.google-analytics.com/ga.js
142.250.74.40200 OK 18 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP 142.250.74.40:0
Hash ac56fb3fefa48e21bd63125266fa338f
f5a17034b54510408d7b60a1c476266db30d2950
c3abea3db80ce077ab76a9b3a5606976d6640691242a2725305d14853e7d35ac
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Sat, 28 Jan 2023 08:41:14 GMT
expires: Sat, 28 Jan 2023 10:41:14 GMT
cache-control: public, max-age=7200
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
age: 5769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a89188d5a8605005d57f5bd7b7981413
a5949f3a51b1e357bf8dbd9e3dbbee0311ac45ce
460552ba4e9040f3ace71b03092d011435c23c4241246c82ffde2a051cc8eaa4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1657
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Last-Modified: Sat, 28 Jan 2023 09:49:46 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 169 kB IP 142.250.74.131:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (47898)
Size 169 kB (168613 bytes)
Hash f7416a3b6d95171116714af44c21911c
e8bc1a7666a2a6d60c355d315065280b7c4790f3
2d25550eaa2f6587985f87d4e9634da55da42155adb125e41dd6670842b22a8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 18 kB IP 142.250.74.131:0
Hash f14e717891957d1fad73050b7feec1cc
128639d284885dc8f10705173cfdd5a6190f5baf
7a72065418dbe00eb29f8ed915aeea8dcb02214f0499d9bda65069c1c9e3b6b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
call.chatra.io/chatra.js
104.22.2.142200 OK 131 kB IP 104.22.2.142:0
File type Unicode text, UTF-8 text, with very long lines (38492), with no line terminators
Size 131 kB (130823 bytes)
Hash a79b6c2aaf61f075e9f1679b4b9e8d01
a53c2de549cb8f678bd41a673da7a6c37fa30162
df640cd9a14d245a8a59d6b569e55d73819362e9d801fe30628655a53e1f4def
GET /chatra.js HTTP/1.1
Host: call.chatra.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:23 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=300, stale-if-error=1800
last-modified: Mon, 16 Jan 2023 16:18:10 GMT
etag: W/"b6f7-185bb5fb5d0"
cf-cache-status: HIT
age: 1524
vary: Accept-Encoding
server: cloudflare
cf-ray: 7908fa604d49b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29
104.21.37.61200 OK 60 kB URL HTTP/2 urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29
IP 104.21.37.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (46791)
Hash caff8d7e2b7d84a0adf8469800fe9d49
5210ad358862ac1e368a13bd1fdf15f75f35837e
bcfc0cffaf92e19825ce694c7d6e1e5ee909740c3aaaaf14321e73c53985173f
GET /remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 HTTP/1.1
Host: urtesenteret.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:22 GMT
content-type: text/html; charset=utf-8
set-cookie: utm=%7B%22source%22%3A%22kelkoono%22%2C%22medium%22%3A%22cpc%22%2C%22campaign%22%3A%22kelkooclick%22%2C%22term%22%3A%22Remasan%20%28%5Cu00d8sters-sopp%29%22%7D; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
referer=https%3A%2F%2Fno-go.kelkoogroup.net%2F; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
landing=%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529; path=/; secure; HttpOnly; SameSite=None
utm=%7B%22source%22%3A%22kelkoono%22%2C%22medium%22%3A%22cpc%22%2C%22campaign%22%3A%22kelkooclick%22%2C%22term%22%3A%22Remasan%20%28%5Cu00d8sters-sopp%29%22%7D; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
referer=https%3A%2F%2Fno-go.kelkoogroup.net%2F; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
viewed_products_ids=2516; expires=Mon, 27-Feb-2023 10:17:18 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
shop_cart=b6b416e0aca1727cb25a93637f900c2d; expires=Mon, 27-Feb-2023 10:17:18 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
PHPSESSID=2d9328cfda2bd9fe87c76920ff65187f; path=/; HttpOnly; secure
supercache-version=1; expires=Mon, 27-Feb-2023 10:17:22 GMT; Max-Age=2592000; path=/; secure; SameSite=None
p3p: CP="NOI ADM DEV COM NAV OUR STP"
link: <https://urtesenteret.no/remasan-/>; rel='canonical'
last-modified: Sat, 28 Jan 2023 10:17:22 GMT
cache-control: max-age=0
vary: Accept-Encoding,User-Agent
strict-transport-security: max-age=15768000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1XnW1Ib9hQyZs0Y2%2Fr5GGBCALRXKW57bHeb8NyL4%2Bd8RFLd2697%2FKUSlcAOalDbZ4RkZXPweEb4jdL4CjE9qr8jASjDpNE3xrG6TJAAQ0Z14pFzMn6ooYAPhYOl5QMdylc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7908fa439bdbb518-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 10:26:49 GMT
expires: Sun, 21 Jan 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 604234
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Hash abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 07:01:24 GMT
expires: Wed, 24 Jan 2024 07:01:24 GMT
cache-control: public, max-age=31536000
age: 357359
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17032, version 1.0\012- data
Hash 05a47f9e469d408c629f931cd33ff8b2
823f21f7b1d456db889c3afea393f0d2b9581c38
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
GET /s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 00:13:35 GMT
expires: Fri, 26 Jan 2024 00:13:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:52 GMT
content-type: font/woff2
age: 209028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 07:51:59 GMT
expires: Thu, 25 Jan 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 267924
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17336, version 1.0\012- data
Hash eec8dbfc49267c4d33cf31b49661bf37
0f49d4563cf9e22e3af6907d0785b9a6facadbf0
661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547
GET /s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17336
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 21:41:49 GMT
expires: Wed, 24 Jan 2024 21:41:49 GMT
cache-control: public, max-age=31536000
age: 304534
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 335297
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
chat.chatra.io/sockjs/774/tmofrk1a/websocket
172.67.13.227101 Switching Protocols 1.8 kB URL HTTP/1.1 chat.chatra.io/sockjs/774/tmofrk1a/websocket
IP 172.67.13.227:0
Hash a43cb7016099f22cdf76798cf040118e
c0b1e155e8dcacdb02a40b50199d12c2d896a48d
385fb9fe2d7c027ad5dd2adf4d6b452fe03ee5547b441776ec548040194b8384
GET /sockjs/774/tmofrk1a/websocket HTTP/1.1
Host: chat.chatra.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://chat.chatra.io
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8ebTO8mXVkgD6ZmF+QILKw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 28 Jan 2023 10:17:24 GMT
Connection: upgrade
Set-Cookie: AWSALB=Yuz+tLVFxlePAJZ/0/S5tbzR2iIfj6xaNM61yzNxnwd5grwLrHfyX8kQ4/9AMgCk/fFqEJMG8cOlONH3FCtj9nQWnLLC2q/dADB61+M7yxOKyzm4IpJRso9knvoD; Expires=Sat, 04 Feb 2023 10:17:24 GMT; Path=/
AWSALBCORS=Yuz+tLVFxlePAJZ/0/S5tbzR2iIfj6xaNM61yzNxnwd5grwLrHfyX8kQ4/9AMgCk/fFqEJMG8cOlONH3FCtj9nQWnLLC2q/dADB61+M7yxOKyzm4IpJRso9knvoD; Expires=Sat, 04 Feb 2023 10:17:24 GMT; Path=/; SameSite=None
Upgrade: websocket
Sec-WebSocket-Accept: lWvY2NElEXy+PVyRMt/fo1EWJfs=
Sec-WebSocket-Extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7908fa67bdd7b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.digicert.com/
93.184.220.29200 OK 15 kB IP 93.184.220.29:0
Hash 01fbab43251c84b017109acd98ee985e
02e9cae27f1e0c43dd25c747c258c87cf13b6629
31cb8221b9e6aea26d6a048e635c5145239769681161064fb03448896536f507
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3969
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:24 GMT
Last-Modified: Sat, 28 Jan 2023 09:11:15 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
uc.chatra-usercontent.com/826262bb-0747-4589-97ba-fc3e5be28afd/-/resize/200x200/
104.21.74.23200 OK 5.1 kB URL HTTP/2 uc.chatra-usercontent.com/826262bb-0747-4589-97ba-fc3e5be28afd/-/resize/200x200/
IP 104.21.74.23:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash d71dd85aeb53c7902d2a34754601040b
082c8a632743252f82c5ed2aed40ae498a24dc4b
eef2acc4be5cf8def41a9011bfcbee044d72da63ba602a2ad06ac51ef6d77d8a
GET /826262bb-0747-4589-97ba-fc3e5be28afd/-/resize/200x200/ HTTP/1.1
Host: uc.chatra-usercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chat.chatra.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:24 GMT
content-type: image/jpeg
content-length: 5096
access-control-allow-methods: HEAD, GET, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Etag, X-Image-Width, X-Image-Height, X-Image-Acceptable-Original, X-Image-Acceptable-Improved
content-disposition: inline
etag: "506dc58910e0990e1783cf85490c5ebd"
x-image-height: 200
x-image-width: 200
x-robots-tag: noindex, nofollow, nosnippet, noarchive
cache-control: public, max-age=29542215
cf-cache-status: HIT
age: 20340412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xe%2BiBzkkbGU%2BYz5PW3RTnGuC4xrHfqyJmuIvMeMSaHZ6a3MpwXh%2BHhc%2BC25P4cuqnsCNjGkYqz1W0%2FR3sXNMU8gDDu8WUR5WFDYvbTaNGs5QjMfTBjorfmVW19P%2FaIt7GV50BTnwCigTG6EO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7908fa6a584a0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d74ef2f1aded46439331cb8725ad60df
f64ebefa3d6f08a25e5341c9450f0e2a999688bb
d79171f80f75d0e022d891aa0b416019e37324ec759ec90b40cddc8ac25b6094
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3969
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:24 GMT
Last-Modified: Sat, 28 Jan 2023 09:11:15 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,700italic,300,300italic&subset=cyrillic-ext,latin,cyrillic
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,700italic,300,300italic&subset=cyrillic-ext,latin,cyrillic
IP 142.250.74.106:0
GET /css?family=Roboto:400,400italic,500,500italic,700,700italic,300,300italic&subset=cyrillic-ext,latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 10:17:23 GMT
date: Sat, 28 Jan 2023 10:17:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2