rouonixon.com/4/4571773/
139.45.197.238200 OK 2.9 kB IP 139.45.197.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Hash 12d49631502ae1e54f24163f8fb2c0a1
918eb741ff00588b1b658934fb61fe34f22e67e7
e6fb1602eb4d17118a79595fb82cb57b8353bfbb2db1aa64955796f1463bd784
Analyzer Verdict Alert fortinet Malware
GET /4/4571773/ HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 01:53:42 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: e0e9b60ff19c6ca6e377670706de44c9
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=770cb49739584aaab9c3b51c3770312e; expires=Thu, 28 Sep 2023 01:53:42 GMT; path=/
oaidts=1664330022; expires=Thu, 28 Sep 2023 01:53:42 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 01:15:37 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Iu6a8uIObiUZZnUQ5Hi0AlSBR-jlXxo_MtYWV1alTIy_Huk2z8dfLg==
Age: 2285
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7772
Expires: Wed, 28 Sep 2022 04:03:14 GMT
Date: Wed, 28 Sep 2022 01:53:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1017811d25642601e984edc1676d118d
c177c4f7a897584bf91347fa4990c83d6bfd0321
f35bb3a8c877dd8d3c5920f3c917722f12b157aff398e2ec30fab51fa6caa2ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F35BB3A8C877DD8D3C5920F3C917722F12B157AFF398E2EC30FAB51FA6CAA2EF"
Last-Modified: Mon, 26 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6043
Expires: Wed, 28 Sep 2022 03:34:25 GMT
Date: Wed, 28 Sep 2022 01:53:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Md5fDcr7C1E8qT/BtgsjpoQNmWafpYJ2NR6MuL0m+x6DQT6K1VMZsHud9ca9wFsEoJOPfyxNnwA=
x-amz-request-id: HF74NRJBT15S2KEJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 28 Sep 2022 01:47:10 GMT
age: 392
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:53:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
rouonixon.com/favicon.ico
139.45.197.238204 No Content 0 B URL HTTP/1.1 rouonixon.com/favicon.ico
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rouonixon.com/4/4571773/
Cookie: OAID=770cb49739584aaab9c3b51c3770312e; oaidts=1664330022
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 28 Sep 2022 01:53:42 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 01:53:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=447695,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7518d8d168e3b51b-OSL
my.rtmark.net/img.gif?f=merge&userId=770cb49739584aaab9c3b51c3770312e
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=770cb49739584aaab9c3b51c3770312e
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=770cb49739584aaab9c3b51c3770312e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rouonixon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:53:42 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=770cb49739584aaab9c3b51c3770312e; expires=Thu, 28 Sep 2023 01:53:42 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
rouonixon.com/?z=4571773&syncedCookie=true&rhd=false
139.45.197.238302 Found 0 B URL HTTP/1.1 rouonixon.com/?z=4571773&syncedCookie=true&rhd=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=4571773&syncedCookie=true&rhd=false HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 426
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/afu.php?zoneid=4571773&var=4571773&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=770cb49739584aaab9c3b51c3770312e; oaidts=1664330022
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 28 Sep 2022 01:53:42 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 95c707beaab32ca365138434f93b3048
Link: <https://toapodazoay.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598806115215750011&z=4571773&g=NO&svar=1664330022&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664330022&ssk=0e523ae367a6a97bda24ccc4c8ac55de&svarok=1&b=79056&oaid=770cb49739584aaab9c3b51c3770312e&rdk=rk3
Access-Control-Allow-Origin: http://rouonixon.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=770cb49739584aaab9c3b51c3770312e; expires=Thu, 28 Sep 2023 01:53:42 GMT; path=/
oaidts=1664330022; expires=Thu, 28 Sep 2023 01:53:42 GMT; path=/
syncedCookie=true; expires=Wed, 05 Oct 2022 01:53:42 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 01:10:47 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 01:12:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NsPGnjWql3NVRvcZDKUPZQgnpj-6IJGgvbB0i4gqDZyazvt7rffz4Q==
Age: 2576
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2709
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:43 GMT
Last-Modified: Wed, 28 Sep 2022 01:08:34 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c039c47766b962afdfe1ff2136a9c482
7b1bcdd6ec9982acc89ed9e90fceecc3b528023c
79ea5be7a17d935c382010064e7599a269dbba9e2c6cf98742bf3d3242c29d42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79EA5BE7A17D935C382010064E7599A269DBBA9E2C6CF98742BF3D3242C29D42"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2179
Expires: Wed, 28 Sep 2022 02:30:02 GMT
Date: Wed, 28 Sep 2022 01:53:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d23ee223cbe82cfa39c73fc2b52a85d
7bff361f87d260f3c4f70161a6ed05dbe38d6471
47dec190dedbfb1f7b67f28b22296b678e073115fe0a2bd9d3fb6fc8a6fa44a0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47DEC190DEDBFB1F7B67F28B22296B678E073115FE0A2BD9D3FB6FC8A6FA44A0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6963
Expires: Wed, 28 Sep 2022 03:49:46 GMT
Date: Wed, 28 Sep 2022 01:53:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d7df7311c2ea860ab900e68e899e025f
a511d4e18940a13bd4f29504dabe57ea16cc9fbe
ce019ccff3f1712f16cf21985f926ef3938d55777d03163197dfa4aac00e3f44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE019CCFF3F1712F16CF21985F926EF3938D55777D03163197DFA4AAC00E3F44"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Wed, 28 Sep 2022 02:58:09 GMT
Date: Wed, 28 Sep 2022 01:53:43 GMT
Connection: keep-alive
push.services.mozilla.com/
54.191.251.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.251.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kVrhJe0S0QbIPSMalG+i2Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aaKJQDPrQBfQAvNN65rq4MFddMo=
unphionetor.com/fv.js?t=56193&cb=1141242808
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=56193&cb=1141242808
IP 139.45.197.236:0
Hash 51441c8f2fa089686dabecd4e157d01a
932a49237e684ff66033a615f831ff0757d0b9b9
9843749dc9cc9c2ce61e2bc4cb1fae663efd0e01afd7d9e0ec0c2af3125da334
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=56193&cb=1141242808 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:53:43 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 1d3dc6f794fbc6f528c9f1bb55dd8a71
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
139.45.197.250200 OK 40 kB URL HTTP/2 ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
IP 139.45.197.250:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f180b770897d6441bb79cb05ef5655b6
0a1ecab3bd50af2c0930f1ebadeb5ae449b52489
35ca5d4fa63b7895631bbe796dc91e83e0a76ba1a6d6b04c4c2962b7c1fb5a4e
GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:53:43 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=56193&bid=79056&aid=598806115215750011
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=56193&bid=79056&aid=598806115215750011
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=56193&bid=79056&aid=598806115215750011 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 28 Sep 2022 01:53:43 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: c0d0d46705bdf24a37797e0ab122d0b8
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6059
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Wed, 28 Sep 2022 01:53:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6059
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Wed, 28 Sep 2022 01:53:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6059
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Wed, 28 Sep 2022 01:53:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6059
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Wed, 28 Sep 2022 01:53:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6059
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Wed, 28 Sep 2022 01:53:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae0951d3-44e9-49d3-9232-f4151ef59735.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae0951d3-44e9-49d3-9232-f4151ef59735.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b255b252ceed088d6f505e7e9acfcb55
a6b1c3e0d506ac1c66405e061e9910fafb176a7d
b796a98834c7ecf220d13bfba61e81a9b90d472d2aa725ff66888cbddad731e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae0951d3-44e9-49d3-9232-f4151ef59735.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6157
x-amzn-requestid: a51846e4-4e25-455f-885b-acf2567f2e1c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDlObH7XIAMFw6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314f28-4e6a68a74edb1ad850e17dac;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 07:05:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2g98EnyiFhkZTsqis2_ASfjM-YTJmcUJ-Mwcl1dWlruzrWDuojPA0w==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:16:33 GMT
age: 67031
etag: "a6b1c3e0d506ac1c66405e061e9910fafb176a7d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e49757d877a437a57f39d458862e8369
7d8b30445dadc44a17e5a26301212fced3aaa2af
e8b481bd5fe7ce92aa614cb77c9318ef8b763e71a178126805a4c363e6f91a9b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13058
x-amzn-requestid: 2ce70ac3-0451-41f4-bd82-596a92582a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EiiIAMFQLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-25deabef6235856b6d9bb19f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: oGmQtgwLy_unp2_L3WP10HsyeCSgao4_37Kf6K8JeeVgz8YXbDvDWQ==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:57:53 GMT
age: 14151
etag: "7d8b30445dadc44a17e5a26301212fced3aaa2af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 0ceafc65-764c-4367-b031-257061eb65d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF00oAMFUpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-0d46481b7394081b14a81131;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ve8l6PxpMuBLt5BxwywNpqM2ISt0zy2r_gweYnVw4X65PBEhpMbckg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:00 GMT
age: 14864
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c761355e3b9bdf64113c92591306b959
5dcf4fbd065e0850c2602a5e8791ba7af1999d9f
03464d30ae3a3199bb3b19e1c730385fc8f68444d41eb0099542bd83108e6ed5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9710
x-amzn-requestid: 34553ef5-773c-4c06-835f-0382202b706d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCWDE74IAMF0xA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63311759-3a8cc99a4d529adc23d1dfc1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:07:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6WtNGTt-HH__-2fhF-DwduAIhqNW2D0nB24FIIwmSuNVLsQuLDQy1g==
via: 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 05:04:56 GMT
age: 74928
etag: "5dcf4fbd065e0850c2602a5e8791ba7af1999d9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b794c6812cb546de0295e087ebe66a7
a54803cca7d3c509c195f65961e1110c8ec56f55
6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 14706
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa5cad224dbddd71881bd07255beb4da
bc214d60be395d4cf753216ff8f9691c33d25e75
82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 14861
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
go.ad2upapp.com/afu.php?id=792658&rt=1
139.45.197.237302 Moved Temporarily 138 B URL HTTP/1.1 go.ad2upapp.com/afu.php?id=792658&rt=1
IP 139.45.197.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.ad2upapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 28 Sep 2022 01:53:44 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
go.deliverymodo.com/afu.php?id=792658&rt=1
139.45.197.236200 OK 638 B URL HTTP/1.1 go.deliverymodo.com/afu.php?id=792658&rt=1
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0219b8de6e06b3d4b279ff1360f7b2f9
271542c96f0ad3c5c4fbd8125f5e8964304ffbc3
994428eb25b9d6b34836014453f0d963e51591e16ffda7026e01b40ced698f29
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 01:53:44 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 496f808c547998e2cff66660cb3213f9
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://www.highperformancegate.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=137d00bd09014f649269ffce0b456ebc; expires=Thu, 28 Sep 2023 01:53:44 GMT; path=/
oaidts=1664330024; expires=Thu, 28 Sep 2023 01:53:44 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
unphionetor.com/vb?t=56193&bid=79056&aid=598806115215750011&tp=2095
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vb?t=56193&bid=79056&aid=598806115215750011&tp=2095
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vb?t=56193&bid=79056&aid=598806115215750011&tp=2095 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 28 Sep 2022 01:53:45 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 1e52f4235a9716b3b2e06a72c4c8856d
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
go.deliverymodo.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/1.1 go.deliverymodo.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=137d00bd09014f649269ffce0b456ebc; oaidts=1664330024
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 28 Sep 2022 01:53:45 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 01:53:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=447692,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7518d8e0f888b51b-OSL
my.rtmark.net/img.gif?f=merge&userId=137d00bd09014f649269ffce0b456ebc
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=137d00bd09014f649269ffce0b456ebc
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=137d00bd09014f649269ffce0b456ebc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:53:45 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=137d00bd09014f649269ffce0b456ebc; expires=Thu, 28 Sep 2023 01:53:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac0f92d2a18e0fa274bb8febf71d2ade
5673c289b0d530d9cd9257589d31f8de67ef5483
7ee4f53c058bd2bd6440ea9e80e91de25da31e3ac5062af770dda34839fce85d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EE4F53C058BD2BD6440EA9E80E91DE25DA31E3AC5062AF770DDA34839FCE85D"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16816
Expires: Wed, 28 Sep 2022 06:34:01 GMT
Date: Wed, 28 Sep 2022 01:53:45 GMT
Connection: keep-alive
www.highperformancegate.com/cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1
192.243.59.20200 OK 2.4 kB URL HTTP/1.1 www.highperformancegate.com/cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (339)
Hash 557b2d55e7c028c035001e9a213f0c1a
65cdd74e298a5b13e515ddba82ec07a0fe094868
1b0f6f891569d94178433e3b7e57047996bbac2e3c02a64c8cdf7fd0e2c1f160
Analyzer Verdict Alert quad9 Sinkholed
GET /cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1 HTTP/1.1
Host: www.highperformancegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 01:53:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17381785; expires=Thu, 29 Sep 2022 01:53:45 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; expires=Wed, 28 Sep 2022 01:54:45 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 570e98683347aee985a34e0a74433b4d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.highperformancegate.com/cam2dwqai?pst=1664330085&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=672d4fef197252826f1f581bcebb5f211dc8a5af4b6e25fb8d4ea6fc3290403fd5fd2c39c50c25884c9a8be94ee4054019ceb18e5bbf600f81b8ed8c81bed4844c5904d39e7b9c6009739f867c1929c32b4a588e5b6799ac47fb44812e7dea&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002
192.243.59.20302 Found 0 B URL HTTP/1.1 www.highperformancegate.com/cam2dwqai?pst=1664330085&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=672d4fef197252826f1f581bcebb5f211dc8a5af4b6e25fb8d4ea6fc3290403fd5fd2c39c50c25884c9a8be94ee4054019ceb18e5bbf600f81b8ed8c81bed4844c5904d39e7b9c6009739f867c1929c32b4a588e5b6799ac47fb44812e7dea&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /cam2dwqai?pst=1664330085&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=672d4fef197252826f1f581bcebb5f211dc8a5af4b6e25fb8d4ea6fc3290403fd5fd2c39c50c25884c9a8be94ee4054019ceb18e5bbf600f81b8ed8c81bed4844c5904d39e7b9c6009739f867c1929c32b4a588e5b6799ac47fb44812e7dea&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002 HTTP/1.1
Host: www.highperformancegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.highperformancegate.com/cam2dwqai?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=17381785
Cookie: u_pl=17381785; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 01:53:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://eu.convers.link/postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e
Set-Cookie: pdhtkv=true; expires=Thu, 29 Sep 2022 01:53:46 GMT
uncs=1; expires=Thu, 29 Sep 2022 01:53:46 GMT
pdhtkv28=true; expires=Thu, 29 Sep 2022 01:53:46 GMT
uncs28=1; expires=Thu, 29 Sep 2022 01:53:46 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 04242852e091a6df89defe21c0ff6805
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6bb3cff1d00ced305265b0bf1d74b8f6
d43412d4ac3e1243e05f0f3855129bf9c542c578
87b16c1aa240a5e8ede1c58df2fde6d57b98dfbcda0d86b06d665e2cd1a65889
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87B16C1AA240A5E8EDE1C58DF2FDE6D57B98DFBCDA0D86B06D665E2CD1A65889"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4716
Expires: Wed, 28 Sep 2022 03:12:22 GMT
Date: Wed, 28 Sep 2022 01:53:46 GMT
Connection: keep-alive
eu.convers.link/postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e
38.100.129.196200 OK 2.1 kB URL HTTP/2 eu.convers.link/postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e
IP 38.100.129.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dd32f180c81720b87c88fffdf18bdb92
c612e2d9873758d1c20a6f2ae4c29cb59daca0a5
e55d35b81ad546f14962b4f25ec2ede6dcdf880bd6667572724317f33d995759
Analyzer Verdict Alert fortinet Phishing
GET /postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e HTTP/1.1
Host: eu.convers.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highperformancegate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.3
date: Wed, 28 Sep 2022 01:53:46 GMT
content-type: text/html;charset=UTF-8
content-length: 2092
X-Firefox-Spdy: h2
eu.convers.link/postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e&token=2970ba9828f9aecd7138c7471dd22f69&timezone=0&iframe_test=false&webdriver_test=false
38.100.129.196302 Found 0 B URL HTTP/2 eu.convers.link/postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e&token=2970ba9828f9aecd7138c7471dd22f69&timezone=0&iframe_test=false&webdriver_test=false
IP 38.100.129.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e&token=2970ba9828f9aecd7138c7471dd22f69&timezone=0&iframe_test=false&webdriver_test=false HTTP/1.1
Host: eu.convers.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eu.convers.link/postback/click?key=v2-1664330026127-4-8625-999800-5fee47d9-89bf-4b0d-34f9-7fb0d9c19a6e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Wed, 28 Sep 2022 01:53:46 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36
platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
location: https://media.bigbasketshop.com/track?q=y9mVqLVe3evR
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 42e93eb987cce04ae3888ca440816b01
b07162b969126113f0c26bde5c992cd503bc05c1
2b4e49e81a88575a275542b7b396defe07dd9a67d787d668f42d2f2a75d85e8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5256
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:46 GMT
Last-Modified: Wed, 28 Sep 2022 00:26:10 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 42e93eb987cce04ae3888ca440816b01
b07162b969126113f0c26bde5c992cd503bc05c1
2b4e49e81a88575a275542b7b396defe07dd9a67d787d668f42d2f2a75d85e8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5256
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:46 GMT
Last-Modified: Wed, 28 Sep 2022 00:26:10 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 065be90921ee1c9c7a6dfe8c2ae2d48d
1d5dd6caf5d03ef91250d5b520a7e59d6251a7af
622b733968ada6c9fde01c69a798356ada751857c7545151639ac05a27162479
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 01:53:47 GMT
Last-Modified: Wed, 28 Sep 2022 00:45:40 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VcRWby7HhKgqk_iN7BTUe-8rapG0mvE95CqySYm_MnYV58QhBsizJQ==
Age: 4087
tc.tradetracker.net/?c=31502&m=12&a=416060&r=RA&u=
63.34.68.170301 Moved Permanently 16 kB URL HTTP/2 tc.tradetracker.net/?c=31502&m=12&a=416060&r=RA&u=
IP 63.34.68.170:0
File type gzip compressed data, from Unix\012- data
Hash 84a5ef3bd674c6043a669d9b3c9652ca
8c8e313dff1897784a9d10c3bd8a7e30588cea5d
fe655349f79d5fe7203e52300dde7cc8cfb0c68f43ac114886222361273d0ea3
GET /?c=31502&m=12&a=416060&r=RA&u= HTTP/1.1
Host: tc.tradetracker.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.bigbasketshop.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 28 Sep 2022 01:53:47 GMT
content-type: text/html; charset=UTF-8
location: https://celis.no/
server: nginx
cache-control: no-cache, must-revalidate
set-cookie: uf=XaQKTiHS1Qf0WjnAziRKHHgwdkNVYmh5Mi8wYjlxVkY4Zk9kMllLekd3TE5aZnpXWnNYVnRiYlFUdHdrVzlaeHBWTzdvNkpZclY0Mjg1SG96aEJodXBGMmdIRUNRM2Fwd0w5VTVnPT0%3D; expires=Thu, 28-Sep-2023 01:53:47 GMT; Max-Age=31536000; path=/; domain=.tradetracker.net; secure; SameSite=None
__tdat31502=MTY2NDMzMDAyNzo6MTI6OjQxNjA2MDo6UkE6OmY6OmFmZjIyNmVlMjQxYWY5YWE3Zjc4YmEwMzc2NTc0YTky; expires=Fri, 28-Oct-2022 01:53:47 GMT; Max-Age=2592000; path=/; domain=.tradetracker.net; secure; SameSite=None
X-Firefox-Spdy: h2
celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
193.107.30.42200 OK 39 kB URL HTTP/1.1 celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
IP 193.107.30.42:0
File type ASCII text, with very long lines (65425)
Hash 59a2ce90ebfbdad3a756b517c0f88ba8
718d9f2514203722d8aad597f5866ce85663399d
7805eb72e4e6ddc49c65a24f4f3d0882889ac0332ef987ccc990081366f3e0b4
GET /assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: text/css
Content-Length: 38985
Connection: keep-alive
Last-Modified: Tue, 10 Dec 2019 12:50:50 GMT
ETag: "42584-59958f63ddd3a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/assets/js/modernizr.min-dev.js
193.107.30.42200 OK 4.8 kB URL HTTP/1.1 celis.no/assets/js/modernizr.min-dev.js
IP 193.107.30.42:0
File type HTML document, ASCII text, with very long lines (10835)
Hash b1455783dc6934fc9da050919f63e7b2
e1e7a7a08e141c0ddcbb8a50bae5fc845352515b
f16bfb5663df5cd6d55463eb801edbf74c2acc5375d199ecc21664e757efe3ab
GET /assets/js/modernizr.min-dev.js HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: application/javascript
Content-Length: 4844
Connection: keep-alive
Expires: Wed, 28 Sep 2022 01:53:47 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/bestselgere.jpg?1662726602538
193.107.30.42200 OK 42 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/bestselgere.jpg?1662726602538
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 676e20376c1fd3d74bb5c9f37c8fb0ef
07f992f99c1ad71a563be019dd6c521c79bd9ad3
5d229dfc80ad8fd41bc251a19b152c3d82957377f49da2ba5f87591f9af079ce
GET /images_hovedside/24/vinter2022/bestselgere.jpg?1662726602538 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 41454
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:02 GMT
ETag: "a1ee-5d71d3e470929"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1662712670102
193.107.30.42200 OK 94 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1662712670102
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 6117904aaf414d4584ce393974a76d5c
ed1b4f3a18201ddd46538a71dd08fda6180566b1
6546732524cfcc8d56b45d1c5052d385bc1c8a89837e524eb40482cd61b08ac2
GET /images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1662712670102 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 93488
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:36 GMT
ETag: "16d30-5e83a75431a5c"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/css/cookie_consent.css
193.107.30.42200 OK 4.4 kB URL HTTP/1.1 celis.no/css/cookie_consent.css
IP 193.107.30.42:0
File type ASCII text, with very long lines (18698), with no line terminators
Hash 166166356a197dc79d7abf95aef97e66
dae0b9bc69625ccf4469b8bcfd45088c712f6cb7
217049ace8de69b61ff92d668ab19c1354716d3c10e7519f415bbd6f694c0900
GET /css/cookie_consent.css HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: text/css
Content-Length: 4431
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "490a-5e8b785e2e53b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/js/cookie_consent.js
193.107.30.42200 OK 6.8 kB URL HTTP/1.1 celis.no/js/cookie_consent.js
IP 193.107.30.42:0
File type ASCII text, with very long lines (1022)
Hash fe0290e5cd3f7b65a629e4207915b7c0
2d3f28169abd3a0faa5fa8a749431a42a33aea83
c5bc71256e67080a533aa8e191e9b377b629406ab12f5c786ba1f523bdd59180
GET /js/cookie_consent.js HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: application/javascript
Content-Length: 6816
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "4de8-5e8b785e3a0ba-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/js/slider-cart.js?v=fc0289e80586a4349098c8051fca73f3
193.107.30.42200 OK 144 kB URL HTTP/1.1 celis.no/js/slider-cart.js?v=fc0289e80586a4349098c8051fca73f3
IP 193.107.30.42:0
File type Unicode text, UTF-8 text, with very long lines (54822)
Size 144 kB (144267 bytes)
Hash 3f64a8faa26079ac39a377afc96c3dba
7aab53622db2e45a661fdf8beb1beb3b8db605a7
683ad5e77f5575a8be14056afb4014d978adc2244fe7fe65a37d01e50731882c
GET /js/slider-cart.js?v=fc0289e80586a4349098c8051fca73f3 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "67166-5e8b785e3b05a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/assets/js/theme.js?m=1663245063
193.107.30.42200 OK 48 kB URL HTTP/1.1 celis.no/assets/js/theme.js?m=1663245063
IP 193.107.30.42:0
Hash f5db4c7ffd2b563ccc08c4ceeda053ce
475aaa0807e0a35ae677957bbf29a0d23a8b1994
a85637334c2d38dba928b6fd307407706c3d2ccd839c71b85104837787864542
GET /assets/js/theme.js?m=1663245063 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: application/javascript
Content-Length: 48163
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "30eeb-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
143.204.55.78200 OK 6.1 kB URL HTTP/2 widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP 143.204.55.78:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (19239)
Hash 5add60196e5f96a414fb4b9586764e5d
633f471b3c2fcedeef9cad90cb5bf56f5fe55588
5370f4ba91dda790c7cae92817b812fcbd1ab367cbb4862f5669960ae4e2c9e0
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6124
last-modified: Mon, 30 May 2022 14:38:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 27 Sep 2022 05:35:19 GMT
cache-control: max-age=86400
etag: "5add60196e5f96a414fb4b9586764e5d"
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K0ELRJPglyx_aE49AADhztPdne3Pqc46fbjJAH5vOMUEqri-zzo3xg==
age: 73109
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-871076749
142.250.74.72200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-871076749
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash 0f1dc3f3e2b498370993f0bf46a9d9aa
53af3f436194007d77b665fdccf8b9ad0a8609a1
ddbf6ae2005559f17cc16986aa3f421825ed2c8f6adc0bb5524dcd99ff390b08
GET /gtag/js?id=AW-871076749 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 01:53:47 GMT
expires: Wed, 28 Sep 2022 01:53:47 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46672
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-0VEB93L6P3
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0VEB93L6P3
IP 142.250.74.72:0
File type ASCII text, with very long lines (20189)
Hash 914e0c8ec30e18ea26381792104f536e
6342d56c5fc8aabfe9b1288c082051b61a3ada74
4538c3f7c51c4679b068f628bc43065dc2b7cfbaf11601f52ff2e6ebeed732ad
GET /gtag/js?id=G-0VEB93L6P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 01:53:47 GMT
expires: Wed, 28 Sep 2022 01:53:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
celis.no/images_hovedside/24/icons/rocket.png
193.107.30.42200 OK 8.2 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/rocket.png
IP 193.107.30.42:0
File type PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Hash 03a11e047cb1ece27675a53adb4395ee
ed909f72dd2e9c641ccab20abd3f5c2ef8153783
099c4e1894ed1f05056bbe129734e4eab7c050f6438532b8c91ff081616ae580
GET /images_hovedside/24/icons/rocket.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/png
Content-Length: 8240
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "2030-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/24960style/images/logo/klarna_konto.png
193.107.29.107200 OK 3.4 kB URL HTTP/1.1 assets2.24nettbutikk.no/24960style/images/logo/klarna_konto.png
IP 193.107.29.107:0
File type PNG image data, 100 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 73e27a9ea2473b3e22ea7eb69f6abc76
9d9aee22ddd75749035cc78c3e43a7c5aa573ed3
a47bbeff0e3361638a73c958087cd2eab0d49bb90abb47680bd8c747e68d51aa
GET /24960style/images/logo/klarna_konto.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 01:52:55 GMT
Content-Type: image/png
Content-Length: 3424
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 15 Dec 2016 17:46:08 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 01:53:47 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/24960style/images/logo/posten_bring.png
193.107.29.107200 OK 7.9 kB URL HTTP/1.1 assets2.24nettbutikk.no/24960style/images/logo/posten_bring.png
IP 193.107.29.107:0
File type PNG image data, 155 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 39649c575ee9031d6088b5d32fcab958
69afe59a8e08e4fa29841450ae7b3729c60cffd2
d0ee72c420fee38cbba66da4b21fa3f8670faa8619e79ee1e48f1f98573ef31d
GET /24960style/images/logo/posten_bring.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 01:52:55 GMT
Content-Type: image/png
Content-Length: 7860
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Wed, 24 Apr 2019 12:59:31 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 01:53:47 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/logos/vipps_logo_rgb_trimmed.png
193.107.29.107200 OK 3.5 kB URL HTTP/1.1 assets2.24nettbutikk.no/logos/vipps_logo_rgb_trimmed.png
IP 193.107.29.107:0
File type PNG image data, 126 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 08304e6043314b994d728592a20b16f2
898d1c320db91722a7d15f99719716fe5db71715
5ab5c4baf539e790f3e49b4a250599e8854363714f38a7f060b19c7bb845d9e9
GET /logos/vipps_logo_rgb_trimmed.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 28 Sep 2022 01:52:55 GMT
Content-Type: image/png
Content-Length: 3507
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 30 Aug 2018 13:57:05 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Thu, 28 Sep 2023 01:53:47 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/99marked.jpg?1662729034088
193.107.30.42200 OK 70 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/99marked.jpg?1662729034088
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash e6078db9952600fe44da27c6c2fb9416
9787d0ac984fc0108ec36713b4242fcf2b40ad80
c66892e713f6ed18b461fb5ffb8fc022185fdb0512480c83be5c5ac0d3151089
GET /images_hovedside/24/vinter2022/99marked.jpg?1662729034088 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 70222
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 13:10:25 GMT
ETag: "1124e-5e83e44f281ec"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/plukkogmiks.jpg?1662712839357
193.107.30.42200 OK 105 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/plukkogmiks.jpg?1662712839357
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 105 kB (104561 bytes)
Hash 4881ffb7dd17ad4f21849955522365d4
8c9eb8a92cb00f87a5fc30c4f6f11562c9b00634
5cbf2d0a75ee7cd46c78313b3bc1bb3b716843879b71c30dffd8c789d0c3295e
GET /images_hovedside/24/h%C3%B8stogvinter2022/plukkogmiks.jpg?1662712839357 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 104561
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:37 GMT
ETag: "19871-5e83a754aea53"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1662712825835
193.107.30.42200 OK 62 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1662712825835
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash f50ad33a09061ef72f7d36fff05585ea
3046d2212e6090b5a07b563daf84cfc3f738dd07
9d6cde05e391150fdd8518ad626d34d5b65bdecadeee8811c4d2b3700dfacb7b
GET /images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1662712825835 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 61821
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:38 GMT
ETag: "f17d-5e83a755a5b61"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1662713119828
193.107.30.42200 OK 90 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1662713119828
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 1eb5490988b0577a5918e2dcad260ca0
c6dc3555a7723478467c6b9dd598749e12f82dda
22d0ce82b18d9fbcc6b5dd69d6ccdd7cfa05c38b0bb277c68a2a5fe8e1252ed0
GET /images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1662713119828 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 90017
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "15fa1-5e83a7263082e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1662713146081
193.107.30.42200 OK 116 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1662713146081
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 116 kB (115665 bytes)
Hash b9e3d215664abbc4b74cb037912a99c2
795d1e77e564ab72679457f21bf34d1806bff723
f2ccc9df805331af79a2492e9d798d319d46f4d6cae352c5ee86164d7bd2952f
GET /images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1662713146081 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 115665
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "1c3d1-5e83a726a1ca6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1662713167558
193.107.30.42200 OK 89 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1662713167558
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 438e10193057723055022e854cd97824
1451a20816dd919569c18bef1c0a6a2bbd5e7bea
5ce193ba239f304784b4e50b05b27e7270d74d88c7685c732d5b9f170926f0d9
GET /images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1662713167558 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 88878
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:49 GMT
ETag: "15b2e-5e83a72717f3d"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/1540589626.png
193.107.30.42200 OK 45 kB URL HTTP/1.1 celis.no/bilder_diverse/1540589626.png
IP 193.107.30.42:0
File type PNG image data, 450 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash b64491f7df2b869702a502b225a07e0e
5228403f00878b1ff1a2cb26fb572f7620183c10
5c51f468680f9ce41b25e59cb9602dbc16ad62cdef5468b27f251c8e7bbc6c16
GET /bilder_diverse/1540589626.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/png
Content-Length: 45051
Connection: keep-alive
Last-Modified: Fri, 26 Oct 2018 21:33:46 GMT
ETag: "affb-57928796a1581"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/Bestillingsfrister%20for%20levering%20f%C3%B8r%20jul%20(449%20x%20308%20px)%20(1400%20%C3%97%20765%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(18).png?1664176590452
193.107.30.42200 OK 135 kB URL HTTP/1.1 celis.no/images_hovedside/Bestillingsfrister%20for%20levering%20f%C3%B8r%20jul%20(449%20x%20308%20px)%20(1400%20%C3%97%20765%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(18).png?1664176590452
IP 193.107.30.42:0
File type PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 135 kB (134793 bytes)
Hash 004296d07f8832a52de00446e8f6d8c4
d989dbc6f547665449b448b1fbadbc5b2283994c
e32d9003dc45d5c36eefdb464a6fc6655b9dc81638b301c92d7a25c601172426
GET /images_hovedside/Bestillingsfrister%20for%20levering%20f%C3%B8r%20jul%20(449%20x%20308%20px)%20(1400%20%C3%97%20765%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(18).png?1664176590452 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/png
Content-Length: 134793
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 07:16:29 GMT
ETag: "20e89-5e98f4e7d7f1f"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/nyheter.jpg?1662726616489
193.107.30.42200 OK 35 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/nyheter.jpg?1662726616489
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 9b5eb2d0659c52ea1ed7e1325be17bf5
2e1b249ae7fd76a7969a5659f6582313d79d1926
f56be72773655d66478ed5b512adb2189bf53f51518e180ea6f938392ab642b2
GET /images_hovedside/24/vinter2022/nyheter.jpg?1662726616489 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 34987
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:07 GMT
ETag: "88ab-5d71d3e8e04b8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/slide_1662713212.jpg
193.107.30.42200 OK 197 kB URL HTTP/1.1 celis.no/bilder_diverse/slide_1662713212.jpg
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1550x850, components 3\012- data
Size 197 kB (196904 bytes)
Hash e1e1ac019a385cbe231ada2aa5521e81
683cdb3ec3f5f2479383a725eb3cd32f0fb29923
229bdc865798237b8b011c8e7560a7f89390ed03f8b86c6253e44a76c51c3b57
GET /bilder_diverse/slide_1662713212.jpg HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 196904
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:46:52 GMT
ETag: "30128-5e83a965e99c7"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1662712832550
193.107.30.42200 OK 111 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1662712832550
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 111 kB (110810 bytes)
Hash 0768c5094cf972081e403293273a5173
0d0d9f5a1f531bbf6d4dd98b1a7dd1294ac03ee3
ca595433ba6af9ed2aa0e8d53e5082abe20841859985717295168cbf62507213
GET /images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1662712832550 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 110810
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:35 GMT
ETag: "1b0da-5e83a75335b2e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/truck.png
193.107.30.42200 OK 9.1 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/truck.png
IP 193.107.30.42:0
File type PNG image data, 134 x 98, 8-bit/color RGBA, non-interlaced\012- data
Hash 735b3622549953e0ced0e06f3ac49ef8
ae55158915ef4a74a5de8fa8954c5e146d37caf1
32686c27465c3115e14a079f94efddeca2d6de009bcacd06b6028b37ba758148
GET /images_hovedside/24/icons/truck.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/png
Content-Length: 9131
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:05 GMT
ETag: "23ab-59c024d5e38ac"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/blogg.jpg?1662728208234
193.107.30.42200 OK 93 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/blogg.jpg?1662728208234
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1250x445, components 3\012- data
Hash 92db9c78c6c4e7544dcd092adde6e76f
53c69f5218be574c9599dbd6d906568d99d0987b
9dd39b36524d11f19e1c67c0529af9f4aea0e1ede5056bbb13e1815bf67d8bee
GET /images_hovedside/24/vinter2022/blogg.jpg?1662728208234 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 93106
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:02 GMT
ETag: "16bb2-5d71d3e4eb9e0"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/people.png
193.107.30.42200 OK 18 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/people.png
IP 193.107.30.42:0
File type PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Hash d7cd7d1c2173d39fd896413750b0107c
c17f3ad2cc49fffd6f026f55f67657890547e5f7
29b4446f96a73aa06b88e1dffc78c792555b0a5da786b20e933e01e0ee585069
GET /images_hovedside/24/icons/people.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/png
Content-Length: 17921
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "4601-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/shop.png
193.107.30.42200 OK 13 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/shop.png
IP 193.107.30.42:0
File type PNG image data, 134 x 113, 8-bit/color RGBA, non-interlaced\012- data
Hash db0af4837acf35603da0d5218581bb3a
63fab402cafc21499e7ba03021a3930e3c0a047c
81b79f832d24e0b319bbf0f9520062b6ad262109f70de7e5406aefc09f308705
GET /images_hovedside/24/icons/shop.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/png
Content-Length: 13159
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "3367-59c024d54e1f8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/lager.jpg?1662712684231
193.107.30.42200 OK 84 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/lager.jpg?1662712684231
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 9aedb6350c1a3a59e3985adc3390b140
6c2e29c00d8f2b50add76188eae191130f907b8e
af7b42dcdf0bdd004c725e77918f6a5ee80078a82888a515ee175498ae7dea54
GET /images_hovedside/24/h%C3%B8stogvinter2022/lager.jpg?1662712684231 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: image/jpeg
Content-Length: 84333
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:37 GMT
ETag: "1496d-5e83a75533749"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2
142.250.74.163200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 30896, version 1.0\012- data
Hash a7332c352b59e1d882b5770b68ed9db5
6a4b2b9a2b35ae86769e0c6a0a6decbf67300db6
c470360f2548fb327562d8ce35185a96f59ab6daeb56c0d45ab712b63de848da
GET /s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30896
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 00:02:19 GMT
expires: Sun, 24 Sep 2023 00:02:19 GMT
cache-control: public, max-age=31536000
age: 352288
last-modified: Fri, 24 Jun 2022 18:46:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
celis.no/assets/js/fbremarketing.js?4b8a936472fbca5bed11
193.107.30.42200 OK 754 B URL HTTP/1.1 celis.no/assets/js/fbremarketing.js?4b8a936472fbca5bed11
IP 193.107.30.42:0
Hash e76c45545671cece5ad7531d3832c50d
f26e0e3b80d30486b6ffaa5f54a0187da8fd352f
1085896e2ed2470bb080f0824199227b33b5f531ab7472ce1f9c8f742513f118
GET /assets/js/fbremarketing.js?4b8a936472fbca5bed11 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited; javascript=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Type: application/javascript
Content-Length: 754
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 12:31:03 GMT
ETag: "6a8-5e8b66b278fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
celis.no/assets2/fonts/pioneer/pioneer.ttf?tl2cf7
193.107.30.42200 OK 7.2 kB URL HTTP/1.1 celis.no/assets2/fonts/pioneer/pioneer.ttf?tl2cf7
IP 193.107.30.42:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, pioneer \012- data
Hash c17564efd9d2cffc62799399f8ce99d8
43fa0947a23e3f276500d27bda03f9e280c550bf
524b61f6b815524da2899a33ed926a242e1df31a9d8ddc0a46482f61d3bc92b7
GET /assets2/fonts/pioneer/pioneer.ttf?tl2cf7 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
Cookie: 24nb=eyJpdiI6ImlMdFlpdFFpbnNhY2NDblRpcGJ4eHc9PSIsInZhbHVlIjoiM0JYOWpmekJwNHhEekdWVjBCRTQrK2dZTnZWbGRpK1lpRERhOG1tSGh1MURuWXVVMHNnZ1p6d244TDh0bGkwSEhyV2hrdFA4WmZ0ZXlmSjVrTVwvNkVRPT0iLCJtYWMiOiIxZTI5N2UyMzMwOGJhNTE5NDliMWYyY2NkMDY0Mzg2MThjNzE1ZmNiZDVhZWVlYTcxODk4YjA0NGQzNDFiYTFjIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22142e2da19759f1a07e81852f6a73e246%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1664330027%3B%7D008d1de2a5dfca015fd936f3fdc17b10; popup_module=visited; javascript=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 28 Sep 2022 01:53:47 GMT
Content-Length: 7236
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 13:50:06 GMT
ETag: "1c44-5e8b785e3b05a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 12860, version 1.0\012- data
Hash ab21c24efd75543e16e34807ebc6cdec
eb2562f9729079333fbcbbe94868695669dd3301
88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
GET /s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 21:03:13 GMT
expires: Tue, 26 Sep 2023 21:03:13 GMT
cache-control: public, max-age=31536000
age: 103834
last-modified: Mon, 09 May 2022 18:27:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sc-static.net/scevent.min.js
54.230.82.240200 OK 8.8 kB URL HTTP/2 sc-static.net/scevent.min.js
IP 54.230.82.240:0
File type ASCII text, with very long lines (25316), with no line terminators
Hash 5d4285ddd0c228077c66505f012548a8
0fe70aec9189f6bc39397cfe6b627cfe1d8b0e97
9360b9744aeecff2d3b3c2b72ff985e8ba92192cc98ebea2b48886619529f23f
GET /scevent.min.js HTTP/1.1
Host: sc-static.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 8757
server: CloudFront
date: Wed, 28 Sep 2022 01:53:47 GMT
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Content-Type
cache-control: private, s-maxage=0, max-age=600
set-cookie: X-AB=0d6e407936704bd380072f5891d28b0e;max-age=86400;expires=Thu, 29 Sep 2022 00:48:05 GMT;Path=/scevent.min.js; Secure; SameSite=None
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NjIDJaZYR8mcz_m7wwedwjnr1FhJDCCg1gjnlsMi-AqlpqxlqwXokQ==
X-Firefox-Spdy: h2
client.24nettbutikk.chat/embed.js
143.204.55.105200 OK 38 kB URL HTTP/2 client.24nettbutikk.chat/embed.js
IP 143.204.55.105:0
File type Unicode text, UTF-8 text, with very long lines (5371)
Hash b88c143be691b104c3644ea39e4586b2
a57aeefd421f54ea832a583fb7973568346a29c1
abdb7a42d6c3bf402ee37145398e6a2a397db71079273625567b86360db88069
GET /embed.js HTTP/1.1
Host: client.24nettbutikk.chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 16 Sep 2022 18:39:07 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 28 Sep 2022 01:47:33 GMT
cache-control: public,max-age=600
etag: W/"8bbb378e6ea1fc5ce869b8af9ad3111f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nV7LeiLLbrAN-HAw4NLS_n2W4RvgoMuTMyMBQBiVswXRVlsgswwjxA==
age: 375
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; base-uri 'none'; object-src 'none'; img-src * data:; form-action 'none'; block-all-mixed-content; connect-src *; style-src 'self' *.gstatic.com *.googleapis.com; font-src 'self' *.gstatic.com *.googleapis.com; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' *.liveleader.com *.lr-ingest.io *.googletagmanager.com *.google-analytics.com *.gstatic.com; frame-src 'self' *.liveleader.com *.amazonaws.com; frame-ancestors *;
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), autoplay=(), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), idle-detection=(self), serial=()
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2744
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Last-Modified: Wed, 28 Sep 2022 01:08:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 00:41:09 GMT
expires: Wed, 28 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 4358
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 37ix/C2YMCSyq3xuB3ueXy69WF9SQTl+FBx/3RDYy/RMhK5DhS9M72nxvo0uuVQX28CHixBM4k0Z/LUuvUcfGQ==
priority: u=3,i
content-length: 26840
x-fb-trip-id: 1679558926
date: Wed, 28 Sep 2022 01:53:47 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2744
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:47 GMT
Last-Modified: Wed, 28 Sep 2022 01:08:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
143.204.55.78200 OK 3.3 kB URL HTTP/2 widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
IP 143.204.55.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12963)
Hash 2922a85ce6caf46f828c097bf7aa1036
afedbac8e6480a8c59cc6ca3359381731f75795b
12d369c3d585d564678ed15f99b53dad29faa1e05475825ccd0e8f4c50cfb779
GET /trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 3267
last-modified: Tue, 20 Sep 2022 08:01:13 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 27 Sep 2022 05:35:34 GMT
cache-control: max-age=86400
etag: "2922a85ce6caf46f828c097bf7aa1036"
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: h9JPY3c-6f6Uuiatqc5cOb69E86OOt4J6abslQDvUXMbmayUjI5mfg==
age: 73095
X-Firefox-Spdy: h2
widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/main.js
143.204.55.78200 OK 28 kB URL HTTP/2 widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/main.js
IP 143.204.55.78:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (64281), with no line terminators
Hash 5d220cf839e981e50c65214dcd96e0fc
15070f97f761a68548a2a12de1c898c322e1a7b0
463c02075608ea7896ae7bd1b81f207874e744a5bde580ee8df20d911ef354f0
GET /trustboxes/53aa8912dec7e10d38f59f36/main.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 27969
last-modified: Tue, 20 Sep 2022 08:01:15 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Tue, 27 Sep 2022 04:11:01 GMT
cache-control: max-age=86400
etag: "5d220cf839e981e50c65214dcd96e0fc"
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: e9t29bnEp--ZQflsIlPhioZ5EuT1s3aUzANzPQzYfG4VquBm_oPv5A==
age: 78168
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 86 kB IP 142.250.74.35:0
File type gzip compressed data, from Unix\012- data
Hash a61f0a84346a79f7ff54e5f152dbd3d3
da32983582667f02aeaaf81efef4ecb12e03101d
15325e158fe91ea7c74061633d04f2c92ff7be62465e9d42ff3619c9885c8fbf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 28 Sep 2022 01:53:48 GMT
expires: Wed, 28 Sep 2022 01:53:48 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2aa56ff5aa61caf25c2d918818cfe79
c01e85507dc8de353a460444b3255c7fa5b4fcf8
f0ac9297f334934924d873304380a10e3f3f8a1e617c72b3250181a1f3ad4f0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4035
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Last-Modified: Wed, 28 Sep 2022 00:46:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2aa56ff5aa61caf25c2d918818cfe79
c01e85507dc8de353a460444b3255c7fa5b4fcf8
f0ac9297f334934924d873304380a10e3f3f8a1e617c72b3250181a1f3ad4f0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4035
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Last-Modified: Wed, 28 Sep 2022 00:46:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
widget.trustpilot.com/trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15
143.204.55.78200 OK 1.9 kB URL HTTP/2 widget.trustpilot.com/trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15
IP 143.204.55.78:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7367), with no line terminators
Hash 495481a7a588665b66809050d28d35ca
244897d6bb43ee0898368a220f3c2d901a6888a1
afef8a1636fc2c6744bfd542a0673c4ef4b1cd890adf214d84efc5a51765905b
GET /trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1918
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-fallback-status: BYPASS
x-skip-cache-cookie: 0
x-xss-protection: 1; mode=block
cache-control: public,max-age=1800
date: Wed, 28 Sep 2022 01:40:09 GMT
etag: "f4904820398af9eeb9a9638df47ad137"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MFFcbRgsxdELl_GlAcf5Cs2FEP200rXBdGsWpn-D5fAqPGI2kAIIIQ==
age: 819
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2aa56ff5aa61caf25c2d918818cfe79
c01e85507dc8de353a460444b3255c7fa5b4fcf8
f0ac9297f334934924d873304380a10e3f3f8a1e617c72b3250181a1f3ad4f0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4370
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Last-Modified: Wed, 28 Sep 2022 00:40:58 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash be52dbe2d47697a7f007d69c486b77b4
fe445ea87749e97423e7865bc559ad78f672a62d
65d16df2b3095c658d2bdf39b06d57486967bba7b43c43108e5025d7af5b7ab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tr.snapchat.com/cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=c694410c-09a4-446a-bc81-9668a67604bf&u_sclid=e2b1246e-7bc6-4050-9844-6f9683d79152
35.190.43.134200 OK 0 B URL HTTP/2 tr.snapchat.com/cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=c694410c-09a4-446a-bc81-9668a67604bf&u_sclid=e2b1246e-7bc6-4050-9844-6f9683d79152
IP 35.190.43.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=c694410c-09a4-446a-bc81-9668a67604bf&u_sclid=e2b1246e-7bc6-4050-9844-6f9683d79152 HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 01:53:48 GMT
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
x-envoy-upstream-service-time: 0
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.snapchat.com/p
35.190.43.134200 OK 68 B IP 35.190.43.134:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
POST /p HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------327167399439917993813032416864
Content-Length: 2390
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 01:53:48 GMT
access-control-allow-origin: https://celis.no
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBgQ0AMAQEwIkkj48wTkNMYfjeYdtKc6SDLeSMJFTl+dbCbYm40wi6A5aHD7pOEmIyAAAA;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 68
x-envoy-upstream-service-time: 7
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2aa56ff5aa61caf25c2d918818cfe79
c01e85507dc8de353a460444b3255c7fa5b4fcf8
f0ac9297f334934924d873304380a10e3f3f8a1e617c72b3250181a1f3ad4f0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4035
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Last-Modified: Wed, 28 Sep 2022 00:46:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
tr.snapchat.com/collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no
35.190.43.134200 OK 100 B URL HTTP/2 tr.snapchat.com/collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no
IP 35.190.43.134:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 388ca868ad022fdad152292b3f8a7e2c
5eb1850288dab54959329e0f05201713d30ecb00
e691dd49e4f03b7ac47c0e3b615de5873ce6ded2a2f31bc13922fdd22f2f07c7
GET /collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 01:53:48 GMT
access-control-allow-origin: https://celis.no
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36
143.204.55.78204 No Content 0 B URL HTTP/2 widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36
IP 143.204.55.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
cache-control: no-store,no-cache
date: Wed, 28 Sep 2022 01:53:47 GMT
pragma: no-cache
server: Kestrel
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SFHgSoP3RK5CndOAvPbp_BOLc00GtLJhJjo63xLXKMHzwmUxxg2v_A==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-85161377-1&cid=2072517822.1664330026&jid=1552889590&gjid=966714168&_gid=2036842741.1664330026&_u=IEDAAEABAAAAAC~&z=1524346969
64.233.165.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-85161377-1&cid=2072517822.1664330026&jid=1552889590&gjid=966714168&_gid=2036842741.1664330026&_u=IEDAAEABAAAAAC~&z=1524346969
IP 64.233.165.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-85161377-1&cid=2072517822.1664330026&jid=1552889590&gjid=966714168&_gid=2036842741.1664330026&_u=IEDAAEABAAAAAC~&z=1524346969 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Sep 2022 01:53:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/871076749/?random=1664330026003&cv=9&fst=1664330026003&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&auid=1604510599.1664330026&hn=www.google.com&async=1&rfmt=3&fmt=4
172.217.21.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/871076749/?random=1664330026003&cv=9&fst=1664330026003&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&auid=1604510599.1664330026&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 172.217.21.162:0
File type ASCII text, with very long lines (2424), with no line terminators
Hash 8e92f94971f7a0a2124b2fb15cec4acb
bbae0270f23db9518eae26b9e5dc0c4ea3954dfa
197c41fbc569397b002b36447931b3dc3e035911d38b92444eb1831d6593e9b6
GET /pagead/viewthroughconversion/871076749/?random=1664330026003&cv=9&fst=1664330026003&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&auid=1604510599.1664330026&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 01:53:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1078
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 28-Sep-2022 02:08:48 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-24343184-8&cid=2072517822.1664330026&jid=63457505&gjid=1578496453&_gid=2036842741.1664330026&_u=IEDAAEAAAAAAAC~&z=702564721
64.233.165.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-24343184-8&cid=2072517822.1664330026&jid=63457505&gjid=1578496453&_gid=2036842741.1664330026&_u=IEDAAEAAAAAAAC~&z=702564721
IP 64.233.165.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-24343184-8&cid=2072517822.1664330026&jid=63457505&gjid=1578496453&_gid=2036842741.1664330026&_u=IEDAAEAAAAAAAC~&z=702564721 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Sep 2022 01:53:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash ef12641bb4d59312b43f4f06ae2cee73
5450eaf271bf466e6aa58b63d52b49b66c5f4a6f
894fd5dabf39c09179591f3305d88ef71eb467ddeb1fc5c568dc377c3a1317d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/871076749/?random=1664330026003&cv=9&fst=1664326800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=4017372050&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/871076749/?random=1664330026003&cv=9&fst=1664326800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=4017372050&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/871076749/?random=1664330026003&cv=9&fst=1664326800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=4017372050&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 01:53:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-85161377-1&cid=2072517822.1664330026&jid=1552889590&_u=IEDAAEABAAAAAC~&z=1019114267
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-85161377-1&cid=2072517822.1664330026&jid=1552889590&_u=IEDAAEABAAAAAC~&z=1019114267
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-85161377-1&cid=2072517822.1664330026&jid=1552889590&_u=IEDAAEABAAAAAC~&z=1019114267 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 01:53:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-24343184-8&cid=2072517822.1664330026&jid=63457505&_u=IEDAAEAAAAAAAC~&z=793145112
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-24343184-8&cid=2072517822.1664330026&jid=63457505&_u=IEDAAEAAAAAAAC~&z=793145112
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-24343184-8&cid=2072517822.1664330026&jid=63457505&_u=IEDAAEAAAAAAAC~&z=793145112 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 01:53:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash ef12641bb4d59312b43f4f06ae2cee73
5450eaf271bf466e6aa58b63d52b49b66c5f4a6f
894fd5dabf39c09179591f3305d88ef71eb467ddeb1fc5c568dc377c3a1317d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 01:53:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-0VEB93L6P3>m=2oe9q0&_p=1277658692&cid=2072517822.1664330026&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664330025&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-0VEB93L6P3>m=2oe9q0&_p=1277658692&cid=2072517822.1664330026&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664330025&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-0VEB93L6P3>m=2oe9q0&_p=1277658692&cid=2072517822.1664330026&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664330025&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://celis.no
date: Wed, 28 Sep 2022 01:53:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
media.bigbasketshop.com/track?q=y9mVqLVe3evR
172.67.218.148200 OK 0 B URL HTTP/2 media.bigbasketshop.com/track?q=y9mVqLVe3evR
IP 172.67.218.148:0
GET /track?q=y9mVqLVe3evR HTTP/1.1
Host: media.bigbasketshop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eu.convers.link/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 01:53:46 GMT
content-type: text/html
referrer-policy: origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E0X6pwBNlVAZ48sg56yEKT%2FZPXURQPdwuPYTXQsLzIXjNE6ot8mFsF8ei672yiQcAHtoodgNiMPAJ3FNh8RDPzTgJ%2B4f%2B2x%2FfBRTsbizB0gaodZeR3%2BCT9bVcNRMnu3Uplo%2Bud49JQ3DdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7518d8ea48d7b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Noto+Sans:400,700|Bitter:400,700,400italic
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Noto+Sans:400,700|Bitter:400,700,400italic
IP 142.250.74.10:0
GET /css?family=Noto+Sans:400,700|Bitter:400,700,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 01:53:47 GMT
date: Wed, 28 Sep 2022 01:53:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
142.250.74.163200 OK 0 B URL HTTP/2 fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
IP 142.250.74.163:0
GET /s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 21:03:15 GMT
expires: Tue, 26 Sep 2023 21:03:15 GMT
cache-control: public, max-age=31536000
age: 103832
last-modified: Mon, 09 May 2022 18:28:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.snapchat.com/init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d
35.190.43.134200 OK 0 B URL HTTP/2 tr.snapchat.com/init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d
IP 35.190.43.134:0
GET /init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 01:53:48 GMT
access-control-allow-origin: https://celis.no
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598806115215750011&z=4571773&g=NO&svar=1664330022&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664330022&ssk=0e523ae367a6a97bda24ccc4c8ac55de&svarok=1&b=79056&oaid=770cb49739584aaab9c3b51c3770312e&rdk=rk3
139.45.197.151200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598806115215750011&z=4571773&g=NO&svar=1664330022&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664330022&ssk=0e523ae367a6a97bda24ccc4c8ac55de&svarok=1&b=79056&oaid=770cb49739584aaab9c3b51c3770312e&rdk=rk3
IP 139.45.197.151:0
GET /?l=qCqekRDLtEBTXwP&s=598806115215750011&z=4571773&g=NO&svar=1664330022&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664330022&ssk=0e523ae367a6a97bda24ccc4c8ac55de&svarok=1&b=79056&oaid=770cb49739584aaab9c3b51c3770312e&rdk=rk3 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:53:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=OgJri2VuJJdr8hxSSLkCJp7OeGzlgrw5kN2usgCQ-6A; expires=Wed, 28-Sep-2022 02:53:43 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598806115215750011&z=4571773&g=NO&svar=1664330022&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664330022&ssk=0e523ae367a6a97bda24ccc4c8ac55de&svarok=1&b=79056&oaid=770cb49739584aaab9c3b51c3770312e&rdk=rk3&mprtr=1
139.45.197.151200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=598806115215750011&z=4571773&g=NO&svar=1664330022&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664330022&ssk=0e523ae367a6a97bda24ccc4c8ac55de&svarok=1&b=79056&oaid=770cb49739584aaab9c3b51c3770312e&rdk=rk3&mprtr=1
IP 139.45.197.151:0
POST /?l=qCqekRDLtEBTXwP&s=598806115215750011&z=4571773&g=NO&svar=1664330022&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664330022&ssk=0e523ae367a6a97bda24ccc4c8ac55de&svarok=1&b=79056&oaid=770cb49739584aaab9c3b51c3770312e&rdk=rk3&mprtr=1 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4571773&rsz=4571773&rid=
Cookie: reverse=OgJri2VuJJdr8hxSSLkCJp7OeGzlgrw5kN2usgCQ-6A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 01:53:43 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2