r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 698e7914bce829103467184723ba90af
d893e1796a889eac97608c2d0914d9e35a022250
6d3f61c3503884e04f24c83d591c2f043c5618b1d84d92a4488d8bb3131b9a75
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D3F61C3503884E04F24C83D591C2F043C5618B1D84D92A4488D8BB3131B9A75"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4115
Expires: Fri, 17 Feb 2023 15:07:03 GMT
Date: Fri, 17 Feb 2023 13:58:28 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e2774fdb28d9f6ef0658eb7286166e3f
9240e40dcd6422d6b92b9f9b54c79e7629f28828
e59f037bbb477951b8d775acb4d62c243d19d6b0022787348bae224092690d53
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E59F037BBB477951B8D775ACB4D62C243D19D6B0022787348BAE224092690D53"
Last-Modified: Thu, 16 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10815
Expires: Fri, 17 Feb 2023 16:58:43 GMT
Date: Fri, 17 Feb 2023 13:58:28 GMT
Connection: keep-alive
www.demaflexsnc.it/public/posten/
31.11.33.147200 OK 92 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (12059), with CRLF line terminators
Hash bb243bde46c0d3cd2d909aa3f842f094
6640f5c86e59ffced81d15f1f1516d6df83fba86
f79c0762174af9f297c3d1292bb24d57fcb71997ac3647ffc39f070c2d15c29c
Analyzer Verdict Alert fortinet Phishing
GET /public/posten/ HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "05dc251df9d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 92231
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 17 Feb 2023 13:37:38 GMT
content-type: application/json
age: 1250
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ab826368e69a2ca160ec61aa596a7a27
52d3afd0d0a2bc2e65c09df55bfc58bf84034afd
48b80951de12295fa262aca8aa9b26e24725ea47d205f60737f37643ce43aa1a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B80951DE12295FA262ACA8AA9B26E24725EA47D205F60737F37643CE43AA1A"
Last-Modified: Thu, 16 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4532
Expires: Fri, 17 Feb 2023 15:14:00 GMT
Date: Fri, 17 Feb 2023 13:58:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YmQV4gZXfJc6aHblnx5nYpu6kuYgdDM/Am6FRGRaJ8tAWZhI6skEhb87nd532Ei3gX1XChi13mA=
x-amz-request-id: RNK0YV1JK00G17PH
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 17 Feb 2023 13:21:06 GMT
age: 2242
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.demaflexsnc.it/public/posten/file/new-style.css
31.11.33.147200 OK 9.0 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/new-style.css
IP 31.11.33.147:0
File type ASCII text, with very long lines (306), with CRLF line terminators
Hash fa5d7200cac26a31ca7ad45365d58dfb
9166ed9368fe8da134289378e2bc2a9c7da96772
3e71175a939fd2ec67df0ac36071a84f20fd086560b45a33752b0a6a26c41064
GET /public/posten/file/new-style.css HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "05dc251df9d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 9044
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=13657
date: Fri, 17 Feb 2023 13:58:28 GMT
X-Firefox-Spdy: h2
cdn.mycomandia.com/static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17
176.31.232.62200 OK 1.2 kB URL HTTP/2 cdn.mycomandia.com/static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17
IP 176.31.232.62:0
Hash e8b5e4d5eb0df11eb339ba959520b978
24777a5efa576aec4026ff30bcf4fd6ecd81b003
2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
content-length: 1210
last-modified: Tue, 27 Aug 2019 11:07:48 GMT
etag: "5d650f04-4ba"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 06e06b8a5a6fd7eb0580e616478b58b8
c1e3a37c3c6b831fad95fb469ddbcd7154e5a3e8
5b8ac8bdb71711d0ac3c2cff8d21d1fee72f17042acbb70d59dde449b3745429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.mycomandia.com/static/shop/common/css/validationEngine.jquery.css?v=2019.12.17
176.31.232.62200 OK 3.3 kB URL HTTP/2 cdn.mycomandia.com/static/shop/common/css/validationEngine.jquery.css?v=2019.12.17
IP 176.31.232.62:0
File type ASCII text, with CRLF line terminators
Hash a8935f51f8ca663bf3a18d4b1da31bf7
6f2e6f9c21ced7020e6d8c73c2e8ad71d797aa9d
cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /static/shop/common/css/validationEngine.jquery.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
content-length: 3334
last-modified: Thu, 18 Oct 2018 11:43:12 GMT
etag: "5bc871d0-d06"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tienda.correos.es/css/common-dynamic.css
94.23.87.92200 OK 717 B URL HTTP/1.1 tienda.correos.es/css/common-dynamic.css
IP 94.23.87.92:0
File type ASCII text, with CRLF line terminators
Hash 45bca144e962bb998d9d807e54e521c3
63beb9c869ed56068010f501fde069d8e02164d7
31dda737e3779db2e9efd81ab860e724f61738acce5b10558cb6c56c76daf544
GET /css/common-dynamic.css HTTP/1.1
Host: tienda.correos.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: server
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Backend: 1
Content-Encoding: gzip
X-IPLB-Request-ID: 5B5A2A9A:5BC1_5E17575C:01BB_63EF8804_5B8C4:1B82A
X-IPLB-Instance: 35327
Set-Cookie: SERVERID139651=c80001a3|Y++IB|Y++IB; path=/; HttpOnly
Cache-control: private
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2479adc544d5ddacfa7ef52d41903025
b682994b05d0c55bcac304b23af0e91972ea107b
1cecaeec65d53f424a9a558110e7fa4dc8fc7fd17d76b5a5d41d48324d510a6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.demaflexsnc.it/public/posten/file/f.txt
31.11.33.147200 OK 11 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/f.txt
IP 31.11.33.147:0
File type ASCII text, with very long lines (1994), with CRLF line terminators
Hash c5150435d031a56ff2b24b5fc4526d10
fc2f710907b649d90f2c07b3ff1a660556763f14
d321dc9ce0b7e29828011e6f7aca55947210f048b8a64353b43a3f72ec51abc2
Analyzer Verdict Alert fortinet Phishing
GET /public/posten/file/f.txt HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "05dc251df9d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 11134
tienda.correos.es/css/common-dynamic.css
94.23.87.92200 OK 717 B URL HTTP/1.1 tienda.correos.es/css/common-dynamic.css
IP 94.23.87.92:0
File type ASCII text, with CRLF line terminators
Hash 45bca144e962bb998d9d807e54e521c3
63beb9c869ed56068010f501fde069d8e02164d7
31dda737e3779db2e9efd81ab860e724f61738acce5b10558cb6c56c76daf544
GET /css/common-dynamic.css HTTP/1.1
Host: tienda.correos.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: server
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Backend: 3
Content-Encoding: gzip
X-IPLB-Request-ID: 5B5A2A9A:5BC1_5E17575C:01BB_63EF8804_5B8C5:1B82A
X-IPLB-Instance: 35327
Set-Cookie: SERVERID139651=8b65149d|Y++IC|Y++IC; path=/; HttpOnly
Cache-control: private
cdn.mycomandia.com/static/logos/correos-paq-72-mini.png
176.31.232.62200 OK 2.4 kB URL HTTP/2 cdn.mycomandia.com/static/logos/correos-paq-72-mini.png
IP 176.31.232.62:0
File type PNG image data, 175 x 30, 8-bit/color RGBA, interlaced\012- data
Hash ad8f5552abb3d774a9c23cf3b0c9272b
4fc71ddac34c0b7438effc6883956ba2149a6a0c
984461e2d55896f29bb79d75b8ab42c1f8c4111bd2fb0c5f03dbc50d1b24b894
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /static/logos/correos-paq-72-mini.png HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: image/png
content-length: 2373
last-modified: Mon, 10 May 2021 14:53:58 GMT
etag: "60994906-945"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:29 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.mycomandia.com/static/logos/correos-paq72.png
176.31.232.62200 OK 2.0 kB URL HTTP/2 cdn.mycomandia.com/static/logos/correos-paq72.png
IP 176.31.232.62:0
File type PNG image data, 128 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 567c7f32c85fe6ca5625f95403eb05e9
ef5da723f8b205d4f75bcb2b63b6e948fa25f330
5d2fb215dbbcbfd1bd663a0cdeaf31c63abde8c6f20aa63551733ebc498bf605
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /static/logos/correos-paq72.png HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: image/png
content-length: 1976
last-modified: Mon, 28 Dec 2020 12:06:56 GMT
etag: "5fe9ca60-7b8"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:29 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
translate.googleapis.com/translate_static/css/translateelement.css
142.250.74.170200 OK 3.6 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 142.250.74.170:0
File type ASCII text, with very long lines (22967)
Hash f7bf2121608909b56672e6398ac2335c
864ef3bac46b08ab6609fad23f00d5f09815647d
b9d3a8600d9b6edf9c71b793c42782282ecfb01e2026e0128608b949e91e152c
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3632
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 12:58:41 GMT
expires: Fri, 17 Feb 2023 13:58:41 GMT
cache-control: public, max-age=3600
age: 3588
last-modified: Mon, 09 Jan 2023 20:58:00 GMT
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/posten.css
151.101.129.229200 OK 29 kB URL HTTP/2 cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/posten.css
IP 151.101.129.229:0
File type Unicode text, UTF-8 text, with very long lines (54670)
Hash cab4a25d88a7f23bbe46846ffc169ace
d470188177492d7ce663c298301c852a9cfbde59
6971be30d85421291f18493ae6d84494f4fc9cd42d194aefd7197031f730cbe7
GET /npm/@posten/hedwig@11/dist/posten.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"35ae7-VIUJ2giFc9+RlRgcbyfbUh4mbO8"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:58:29 GMT
age: 31936
x-served-by: cache-fra-eddf8230074-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 29077
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b9763adf5a3803ebbbd946989691ebad
79cc60d6949fa803a03f11396f7edc967e6aa8d4
5870c9bdf050b42605bd48728cb5f36ae4628e89e4727bb553c1218ddbfb6846
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.mycomandia.com/static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17
176.31.232.62200 OK 9.8 kB URL HTTP/2 cdn.mycomandia.com/static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17
IP 176.31.232.62:0
File type ASCII text, with very long lines (36420)
Hash 551a9f8172e4e450bc402d18df5fb62d
591c7e2662e1054443e052d73a21978c2fd5c339
94b36d1fabef67fb8cccf740ad04e05ceb7c625abacc26866f94b06244ed45fa
GET /static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
last-modified: Thu, 18 Oct 2018 11:43:16 GMT
vary: Accept-Encoding
etag: W/"5bc871d4-8ef7"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
www.demaflexsnc.it/public/posten/file/1.txt
31.11.33.147200 OK 263 B URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/1.txt
IP 31.11.33.147:0
File type ASCII text, with no line terminators
Hash 628aab205fc5a86c455467f9ebcf5e9c
90d8bf119e9c1c3b36d12b96669093bf31575625
c941476875f1024e95df21890a7eb5eddc4acd304a54a8c3b0b033f3356bdaf1
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
fortinet Phishing
GET /public/posten/file/1.txt HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "b31e951df9d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 263
siteimproveanalytics.com/js/siteanalyze_6015663.js
172.64.197.24200 OK 26 kB URL HTTP/1.1 siteimproveanalytics.com/js/siteanalyze_6015663.js
IP 172.64.197.24:0
File type Unicode text, UTF-8 text, with very long lines (65492), with no line terminators
Hash efed05da78b6a02254508bcda8d175ec
693b43c0ea204919ec9fe5a9b1c19057a894c19b
a4c7ca0fceb7f40af4f6862474c688b81f912b488626e8e461170b63831cb527
GET /js/siteanalyze_6015663.js HTTP/1.1
Host: siteimproveanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 200 OK
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 25663
Connection: keep-alive
x-amz-id-2: FUfm5THqacbXr0paDYu667At2Y1QMxM6e8DWzLxHwMxsyyXo0tCmFYQGL/4RyDLdGcwE+jr8gsI=
x-amz-request-id: 1ED0XQ99C6FXBZXF
Cache-Control: max-age=86400, no-transform
Content-Encoding: gzip
Last-Modified: Fri, 17 Feb 2023 09:36:57 GMT
ETag: "efed05da78b6a02254508bcda8d175ec"
CF-Cache-Status: HIT
Age: 1176
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TGoE%2Big1qIwN4VtfcHavs72ZebRqPawILe4LAt7GxFFIgrUsxc40%2BXaagw7%2BNnvcAwmp7MT8DonatgX5v5G9gwqYVRgq%2FG9wjo0ywaIpI3LAu%2B35WtVYySKFDaTl46cHaw6DkGP1JRiryQE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79af09bfabe1776d-LHR
alt-svc: h2=":443"; ma=60
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js
151.101.129.229200 OK 55 kB URL HTTP/2 cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js
IP 151.101.129.229:0
File type Unicode text, UTF-8 text, with very long lines (33341), with NEL line terminators
Hash aceb930ded7386fd3874e88db9a79c1d
8ac16d7b8129e0bec4093cfb9d651c034f0745d9
8244dcb68ca3f57c94b683848d4d0f93d0ff560834ee6426f400cadc2477e4e1
GET /npm/@posten/hedwig@11/dist/main.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"281a4-/N1Jx7Y0IzQHyIjw7iTyyO0L1PY"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:58:29 GMT
age: 26167
x-served-by: cache-fra-eddf8230133-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 55053
X-Firefox-Spdy: h2
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js
31.11.33.147404 Not Found 5.0 kB URL HTTP/1.1 www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Hash 996d3793b539211cafb79d47ff4c53c7
a6236aa92cbe74c607f60cb5d5f3e09f8adc2f0e
7615edebccc304e02a44be9454df922f7b5de610ad3b57dc1ee28bb0db3bb6b8
Analyzer Verdict Alert fortinet Phishing
GET /_/asset/no.posten.website:1594301215/js/chatbot.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5048
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/css/postenstyle.css
31.11.33.147404 Not Found 5.1 kB URL HTTP/1.1 www.demaflexsnc.it/_/asset/no.posten.website:1594301215/css/postenstyle.css
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Hash 6decb17f08eb9584bd3976dc0ea95306
5e7978dd4fc4ee56b8d2aeb89c09efcdf31518aa
59e3ed172f3689c968a10f44b5cc88a5264af6f02f852eff3706f1c33ae1f960
GET /_/asset/no.posten.website:1594301215/css/postenstyle.css HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5060
www.demaflexsnc.it/public/posten/file/1(1).txt
31.11.33.147200 OK 1.5 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/1(1).txt
IP 31.11.33.147:0
File type ASCII text, with very long lines (1529), with no line terminators
Hash f63ac3d276b7077a987675d6006a39dd
a226c5e9acbafd79dab86c1018c274a879cdb5a1
ea0ff8a36f44af31d5379e7c0a28551018e697d4d424f9f31cdd37ed8891616d
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
fortinet Phishing
GET /public/posten/file/1(1).txt HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "bb2fe751df9d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 1529
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js
151.101.129.229200 OK 325 B URL HTTP/2 cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js
IP 151.101.129.229:0
File type ASCII text, with very long lines (484)
Hash 3cf89faabd93e7347ff136ce46273e50
11e620a5bdd6f53f699c1117f6abfd368275df67
162897c7f4536145c8f704320004aa5b68d7d08c9e080065657fd1dcee4979f8
GET /npm/@posten/hedwig@11/dist/icons.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"1e5-WAbOTOVCBaDeieReJgLvn/XKjp4"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:58:29 GMT
age: 3035
x-served-by: cache-fra-eddf8230027-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 325
X-Firefox-Spdy: h2
in.taskanalytics.com/00012/tm.js?r=&1595299259698
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595299259698
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595299259698 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
in.taskanalytics.com/00012/tm.js?r=&1595299259862
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595299259862
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595299259862 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
fonts.googleapis.com/css?family=PT+Sans:400,700
142.250.74.138200 OK 488 B URL HTTP/2 fonts.googleapis.com/css?family=PT+Sans:400,700
IP 142.250.74.138:0
Hash 6d1e091d3c90eeb9ee1fe8db93c8d5a3
19c480fe399035da5608cf08290e22cf5a592cf4
ca0dadfe6325a8d6610bf5dd5c5a2e17f7f10eee1a6e3f37840e2c784c898755
GET /css?family=PT+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 17 Feb 2023 13:58:28 GMT
date: Fri, 17 Feb 2023 13:58:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.mycomandia.com/static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17
176.31.232.62200 OK 28 kB URL HTTP/2 cdn.mycomandia.com/static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17
IP 176.31.232.62:0
Hash a2bc347b69d7b237cce7a105b7db1dab
afeb04a7547ceca59dc386fc1aa6a847c951aabe
163779b58018ea27b0a57fe68432c446e138edd5a8d2cecf1836f031798e4888
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
last-modified: Thu, 18 Oct 2018 11:43:18 GMT
vary: Accept-Encoding
etag: W/"5bc871d6-22485"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
in.taskanalytics.com/00012/tm.js?r=&1595299259690
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595299259690
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595299259690 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js
31.11.33.147404 Not Found 5.0 kB URL HTTP/1.1 www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Hash 252df4ca942b6304456b714c52fecf2a
3c4785f3039284c72876a22675e2388df9c9936a
9a055139cbe7d843c55a7febdee36cf1e943a110363a689b3d4688de96500913
Analyzer Verdict Alert fortinet Phishing
GET /_/asset/no.posten.website:1594301215/js/bundle.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5046
www.demaflexsnc.it/public/posten/file/js
31.11.33.147404 Not Found 7.1 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/js
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1892)
Hash 9c19cc13d6f13855bf50f842bcf2ff3a
d90622850a5081db2de1eba59bcfe3d351e26d24
5e459a546ee37828fd3f339daa8f71b90d3e9e461b7a532490fd551bd35b9b76
Analyzer Verdict Alert fortinet Phishing
GET /public/posten/file/js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 7072
in.taskanalytics.com/00012/tm.js?r=&1595293061723
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595293061723
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595293061723 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e
GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash 80bafb50039175fef776333e16b5294d
5fbeb1106fa363638176894b6e541eaa91196e8d
cf2d467afda5048859dcdf84ca9ebbff35959def6754ae5dcbd6495038f2ec78
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "C0867CEF0EE31AA349D2BC43AB5629DB97BAAEB0"
Expires: Sat, 18 Feb 2023 01:00:00 GMT
Last-Modified: Fri, 17 Feb 2023 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2839
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79af09c07df1fab4-OSL
www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash 2a2874237c95293bab1dea93e0691a65
927da3ae4568e0dc2d8f3f614e1b53ca95c3ac0b
21d58ebad86958fc7dc4c4940c8cbd700a33fb41d84de69cdbcf9974876001bf
GET /gtag/js?id=DC-9852050&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:58:29 GMT
expires: Fri, 17 Feb 2023 13:58:29 GMT
cache-control: private, max-age=900
last-modified: Fri, 17 Feb 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44400
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
31.11.33.147404 Not Found 5.0 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (365)
Hash 7f74d09e5f50b4315b83aa23cac72e73
7c5ca57e391e2d6fb586282483853d4632a42fc2
75a8d9a3db0c439c98ef1c37d812c009893df4b00ad6a8e588d6be199fcc9f59
Analyzer Verdict Alert fortinet Phishing
GET /public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5044
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
142.250.74.168200 OK 74 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (22818)
Hash aef4d93e3349d0264b0d59a78987385a
f3e245b634a1e9369833c07fb699e8504a3f325d
ef64b9013d863bcdb954cc56ba56e1ec029c1b2797fc4e8222480f6f42769d3f
GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.demaflexsnc.it/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:58:29 GMT
expires: Fri, 17 Feb 2023 13:58:29 GMT
cache-control: private, max-age=900
last-modified: Fri, 17 Feb 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74109
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b9763adf5a3803ebbbd946989691ebad
79cc60d6949fa803a03f11396f7edc967e6aa8d4
5870c9bdf050b42605bd48728cb5f36ae4628e89e4727bb553c1218ddbfb6846
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 51193703c31973e958c4e7845fde953b
05639ee0175bee76db2b8a1995933491420f04bb
50829dec1e1e26f4415931eb8bec0193dd3df3d3639618ffa175f39f9d6cff2f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 17 Feb 2023 13:58:29 GMT
Last-Modified: Fri, 17 Feb 2023 13:14:42 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PNeAQJgV5bGIaTfT0Wb270YNlq8NOu5e37K6kVxKYyO9w-r4ROd-5w==
Age: 2627
in.taskanalytics.com/00012/tm.js?r=&1595299259690
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595299259690
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595299259690 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
in.taskanalytics.com/00012/tm.js?r=&1595299259862
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595299259862
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595299259862 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
in.taskanalytics.com/00012/tm.js?r=&1595299259698
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595299259698
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595299259698 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, Alert, Content-Length, Backoff, ETag, Cache-Control, Retry-After, Last-Modified, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 17 Feb 2023 13:20:33 GMT
age: 2276
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.demaflexsnc.it/public/posten/file/js
31.11.33.147404 Not Found 7.1 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/js
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1892)
Hash 9c19cc13d6f13855bf50f842bcf2ff3a
d90622850a5081db2de1eba59bcfe3d351e26d24
5e459a546ee37828fd3f339daa8f71b90d3e9e461b7a532490fd551bd35b9b76
Analyzer Verdict Alert fortinet Phishing
GET /public/posten/file/js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 7072
www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
31.11.33.147404 Not Found 5.0 kB URL HTTP/1.1 www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (365)
Hash 7f74d09e5f50b4315b83aa23cac72e73
7c5ca57e391e2d6fb586282483853d4632a42fc2
75a8d9a3db0c439c98ef1c37d812c009893df4b00ad6a8e588d6be199fcc9f59
Analyzer Verdict Alert fortinet Phishing
GET /public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5044
in.taskanalytics.com/00012/tm.js?r=&1595293061872
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595293061872
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595293061872 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e
GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
in.taskanalytics.com/00012/tm.js?r=&1595293061723
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595293061723
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595293061723 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 994f9c0eff12561e85b404a8778fbab9
c1c1b7f546cace7c578012cc4c3398497f913d31
85013590974c889416a33112a9b7c5dc82b74c628714f30fc7b2266b8ffbde4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85013590974C889416A33112A9B7C5DC82B74C628714F30FC7B2266B8FFBDE4F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3664
Expires: Fri, 17 Feb 2023 14:59:33 GMT
Date: Fri, 17 Feb 2023 13:58:29 GMT
Connection: keep-alive
posten.boost.ai/chatPanel/chatPanel.js
54.229.45.73200 OK 226 kB URL HTTP/2 posten.boost.ai/chatPanel/chatPanel.js
IP 54.229.45.73:0
Size 226 kB (225525 bytes)
Hash 94e0fb1eb19d11a396438321be36acfe
9f0c872e20f4da5cf1c576e61cec6d83c8978335
35fb3b77f8f05058a3004ef0537ed2a43f3354e51f24328497a014d4491f94cc
GET /chatPanel/chatPanel.js HTTP/1.1
Host: posten.boost.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: application/javascript
server: Apache
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=94608000; includeSubDomains
access-control-max-age: 600
access-control-allow-headers: origin, content-type, accept, x-csrf-token, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, X-CSRF-TOKEN, X-XSRF-TOKEN, X-XHR-Logon, x-ms-client-application-name, x-ms-client-request-id, x-ms-client-session-id, x-ms-effective-locale
x-robots-tag: noindex
last-modified: Fri, 17 Feb 2023 13:15:53 GMT
etag: "ba81d-5f4e51ce96afd-gzip"
accept-ranges: bytes
cache-control: max-age=600
expires: Fri, 17 Feb 2023 14:08:29 GMT
vary: Accept-Encoding,Origin
content-encoding: gzip
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e
GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
in.taskanalytics.com/00012/tm.js?r=&1595285185398
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1595285185398
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1595285185398 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e
GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cb1f5e62b141c5096e8c7d26a07dc226
126ad2b6b2b64a77e8a41c7d13aa350301462272
f63f12b64a341369e32d441bd666ff6e3aa49e3d2464dab168d97dc3ac6d2230
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js
31.11.33.147404 Not Found 5.0 kB URL HTTP/1.1 www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Hash 252df4ca942b6304456b714c52fecf2a
3c4785f3039284c72876a22675e2388df9c9936a
9a055139cbe7d843c55a7febdee36cf1e943a110363a689b3d4688de96500913
Analyzer Verdict Alert fortinet Phishing
GET /_/asset/no.posten.website:1594301215/js/bundle.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5046
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F?
142.250.74.70200 OK 259 B URL HTTP/2 8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (563), with no line terminators
Hash 953e7d111814e4dc8a05b51c1d2b5b4d
3631917c634f4c9eb70aed44349ede0d5df9c714
39ca520566356baa571f0be1615016ac30d5e332272a35931f64534ba989d097
GET /activityi;src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 259
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 17-Feb-2023 14:13:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.mycomandia.com/static/shop/common/fonts/flaticon/Flaticon.woff2
176.31.232.62200 OK 2.0 kB URL HTTP/2 cdn.mycomandia.com/static/shop/common/fonts/flaticon/Flaticon.woff2
IP 176.31.232.62:0
File type Web Open Font Format (Version 2), TrueType, length 2024, version 1.0\012- data
Hash c1b7ca92614b5e76d59b8b467f1d8dd9
6ada3f43e5b4ec1a77383f2af00dd2b3c990af5c
a92c73eb3e53032a9846ca27c2c579b424b45a893ac814288954762e878b5e1b
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /static/shop/common/fonts/flaticon/Flaticon.woff2 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.demaflexsnc.it
Connection: keep-alive
Referer: https://cdn.mycomandia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: application/octet-stream
content-length: 2024
last-modified: Tue, 27 Aug 2019 11:07:46 GMT
etag: "5d650f02-7e8"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:29 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 167cff66da2ad389f3881da21eaf9c4a
d41bde1198e497ded95069effafcba927c07be5c
2f7f1a258056ae5b8cbe7caf0c10e693bb4f67906090a298ca4d0a092d173e95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.228.217.71101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.228.217.71:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lItYeZ6ZIFIWg6lrtfE8pA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: v6UwJyJmri2L0N1NhIZXFg78pEQ=
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js
31.11.33.147404 Not Found 5.0 kB URL HTTP/1.1 www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Hash 996d3793b539211cafb79d47ff4c53c7
a6236aa92cbe74c607f60cb5d5f3e09f8adc2f0e
7615edebccc304e02a44be9454df922f7b5de610ad3b57dc1ee28bb0db3bb6b8
Analyzer Verdict Alert fortinet Phishing
GET /_/asset/no.posten.website:1594301215/js/chatbot.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5048
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F?
142.250.74.70200 OK 379 B URL HTTP/1.1 8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators
Hash b0d6eab9eab3a20438b0bd13da342a70
134028116c2bead7b536a69aff5cdffbe7cef66c
a10b560c3b8f69897480622085a0ab5675665bff0b3e3f8ead749b3f2535c7dc
GET /activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:30 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 379
X-XSS-Protection: 0
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
142.250.74.70200 OK 427 B URL HTTP/1.1 8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (636), with no line terminators
Hash 78b225543f9ea122bf259d94fd379b4b
cbe260dd69e0791c6479bf8c214f28aa09a41286
e2e8bdcba10a07de068f0c41f8f0c7dd6bfed0b8b0f4aaedae5b263cd70e0362
GET /activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:30 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 427
X-XSS-Protection: 0
in.taskanalytics.com/00012/tm.js?r=&1676642309217
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1676642309217
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1676642309217 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:30 GMT
Via: 1.1 vegur
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
142.250.74.70200 OK 427 B URL HTTP/1.1 8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (636), with no line terminators
Hash 7894f56de7efa41c42aab98bd8cd19ba
4a3a8110cc5a2e6deccedda3ac6d00bed188ff10
34c3b01b8c469b58e9933b67e4a12c9dd98ec4daefd4324f0aceb92cf8dd6d44
GET /activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:30 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 427
X-XSS-Protection: 0
in.taskanalytics.com/00012/tm.js?r=&1676642309222
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1676642309222
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1676642309222 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:30 GMT
Via: 1.1 vegur
in.taskanalytics.com/00012/tm.js?r=&1676642309226
54.216.252.255403 Forbidden 7 B URL HTTP/1.1 in.taskanalytics.com/00012/tm.js?r=&1676642309226
IP 54.216.252.255:0
File type ASCII text, with no line terminators
Hash 9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /00012/tm.js?r=&1676642309226 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:30 GMT
Via: 1.1 vegur
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash aca8b73a066e2f30e966c25d0ff80224
c465ff174891c76ba6899a50c81fcdf700887de8
f5a07ec450cba204cf6c38a5ac3d16f0a63811f83816aa874d08148fb6c23e29
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
b.scorecardresearch.com/beacon.js
54.230.111.73200 OK 1.9 kB URL HTTP/1.1 b.scorecardresearch.com/beacon.js
IP 54.230.111.73:0
File type ASCII text, with very long lines (3936)
Hash b67d2bfd2ffc510f6344e0dee7f05de3
db5a2e6076fbed3d01ddd5a5150a761cb6bc1886
1e6b30c3e6f7ac17aab743639939cc408ba4f6bde7176eb4438c6ead54c80e07
GET /beacon.js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 28 Jun 2022 13:19:23 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Fri, 17 Feb 2023 03:09:49 GMT
Cache-Control: max-age=86400
ETag: W/"eaf85c1c6758e84acfe134efd70e9373"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lVT_dqL2qCc6afX797rblLc7KAnsUI7pdNlrmv0ec4Hd2-21Dz80zw==
Age: 38922
vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important;
54.230.111.85403 Forbidden 243 B URL HTTP/2 vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important;
IP 54.230.111.85:0
Hash 7d30a5fef1cd3bd2a3cb91b5400b87ea
78eeec260cc4261a81135bbc1b9e480e5b7b3491
be865efbef59bf161c4d0b7962d46ff82e5f750a6699b1e7c054aab080e84957
GET /box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important; HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
content-type: application/xml
content-length: 243
date: Fri, 17 Feb 2023 13:58:30 GMT
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: F6cUYJmTN6mRZNq5xBWBP4c47M6aIq9a4BJfjaaCulbQO5VtUBlXAw==
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
142.250.74.34200 OK 261 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (562), with no line terminators
Hash 737c1bcb08c03b190ff3781327e09cfa
5f201156d8709fc5b86ac364d943f1798ad30bf7
ea6c82d0715f1e448b809259033d384971a427ef3c7e356984746f79e76305f5
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 261
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.ads-twitter.com/uwt.js
151.101.244.157200 OK 15 kB URL HTTP/1.1 static.ads-twitter.com/uwt.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (57596), with no line terminators
Hash 573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 15375
Last-Modified: Thu, 27 Oct 2022 18:55:37 GMT
Cache-Control: no-cache
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
Accept-Ranges: bytes
Date: Fri, 17 Feb 2023 13:58:30 GMT
X-Served-By: cache-iad-kjyo7100147-IAD, cache-hel1410022-HEL
X-Cache: HIT, HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
connect.facebook.net/en_US/fbevents.js
31.13.72.12301 Moved Permanently 0 B URL HTTP/1.1 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 301 Moved Permanently
Location: https://connect.facebook.net/en_US/fbevents.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Fri, 17 Feb 2023 13:58:30 GMT
Connection: keep-alive
Content-Length: 0
static.hotjar.com/c/hotjar-507531.js?sv=7
54.230.111.39200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-507531.js?sv=7
IP 54.230.111.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/hotjar-507531.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: max-age=60
etag: W/d41d8cd98f00b204e9800998ecf8427e
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TfKVR7ypIPtIX1oU-3z8cxoWMU8E9w_tJuK0x9Cys3zodLYKFzNfbw==
age: 59
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F
142.250.74.34200 OK 251 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (513), with no line terminators
Hash 66bab8b407292b70d4f0f305ec9acacd
4acdd7d1e3e07355322ca7aaf74899a6e67a64a8
fffcc1ee1d9daaab2e3396862ae8e5913226f7da9049f41dad4a15604fc939c9
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 251
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
142.250.74.34200 OK 299 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (635), with no line terminators
Hash 73fbf7971c5c280fa659ce0ac803c7ab
15baa8bc86051abe9c8da4d47720b403004d4ec0
5171ae2d45af40b0aa0c09c444ff33f7322ca5d258a1be8e2f00f795d32ef652
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 299
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.min.js
95.101.11.48200 OK 4.8 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 95.101.11.48:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (13351)
Hash 74f72658f6efd10c4c286ab07cd5e452
9fa4dfc644b6e818914f2f2c4fe4bdf791fd6d39
6681619d5962f95b3fccfa34a7f035664edb66522d237ea0c28a05851f9d295c
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=48216
date: Fri, 17 Feb 2023 13:58:30 GMT
content-length: 4777
x-content-type-options: nosniff
x-cdn: AKAM
X-Firefox-Spdy: h2
static.ads-twitter.com/uwt.js
151.101.244.157304 Not Modified 0 B URL HTTP/1.1 static.ads-twitter.com/uwt.js
IP 151.101.244.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
If-Modified-Since: Thu, 27 Oct 2022 18:55:37 GMT
If-None-Match: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
HTTP/1.1 304 Not Modified
Connection: keep-alive
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: no-cache
ETag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
X-Served-By: cache-hel1410022-HEL
X-Cache: HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
script.hotjar.com/modules.a1fbf755044ca8f629ba.js
54.230.111.73200 OK 89 kB URL HTTP/2 script.hotjar.com/modules.a1fbf755044ca8f629ba.js
IP 54.230.111.73:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash db69fc2480d3485a988c1628d311d0c0
82abdfda4d399e9e8032a71f1f962e91ad80860f
7517e0f2be2260c0cd09514fb51ac73f72751caa5e58e4fa5267732f3862b318
GET /modules.a1fbf755044ca8f629ba.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 88758
date: Thu, 05 Jan 2023 12:22:43 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "db69fc2480d3485a988c1628d311d0c0"
last-modified: Wed, 22 Jul 2020 09:42:49 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ECRScANUKzxwe1n3XUxj-T1jMlEsGwiSJpPfDIKsNuyyCbgcmjKAFQ==
age: 3720947
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
142.250.74.34200 OK 297 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (635), with no line terminators
Hash bc6d6c3a1c420799472640b0a824691d
a5386ff8c52d713dc16ee1630746b76ee6a0c37a
c077749c0272ef956823be09fc24bb8b28c91397ece025c16b8ddfddce8b8806
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 297
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6cfaa4d7152a5617a55e9bcc0372ba0c
58b079d9f8fb3181dd88a9f7de88fbd8c0d10b02
5a21bd1aee52814fb4ab4efa7dab375778743f85d28978af9c09eacf16fd6b58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png
31.11.33.147404 Not Found 5.2 kB URL HTTP/1.1 www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png
IP 31.11.33.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Hash e0ea91d84dffe13a12e06f6c271281ec
ab81b64f8e67e1f886451076e2c0e64c937d129d
4dd3291fead32e13d2d6845409cef6032492f6852df75d834ced69711c7e4a25
GET /_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5170
static.ads-twitter.com/uwt.js
151.101.244.157304 Not Modified 0 B URL HTTP/1.1 static.ads-twitter.com/uwt.js
IP 151.101.244.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
If-Modified-Since: Thu, 27 Oct 2022 18:55:37 GMT
If-None-Match: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
HTTP/1.1 304 Not Modified
Connection: keep-alive
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: no-cache
ETag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
X-Served-By: cache-hel1410022-HEL
X-Cache: HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 17 Feb 2023 13:53:25 GMT
expires: Fri, 17 Feb 2023 15:53:25 GMT
cache-control: public, max-age=7200
age: 305
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/plugins/ua/linkid.js
142.250.74.110200 OK 859 B URL HTTP/2 www.google-analytics.com/plugins/ua/linkid.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1335)
Hash 904463ce35aee800847ab85ec948aaf6
904e4d2647466c7f7e0f7412019984e3b2ccfb24
057b4d29359dfe2536a2ec40243bdfa7b151222efcc1eb358608994a14c34237
GET /plugins/ua/linkid.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 859
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:47:14 GMT
expires: Fri, 17 Feb 2023 14:47:14 GMT
cache-control: public, max-age=3600
age: 676
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1bf3278c2046b4fdb1f775dca9bc8b16
54fa26cf0329818b9878e437a59ddccc8d72d35f
f794ad5a7249fe547829bc49ec42f96270f9de8ce9b17c1581e06c0ff3e9785d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4559
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Last-Modified: Fri, 17 Feb 2023 12:42:32 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1d265a8dd327a623f78bca3983a79e02
61e62434256bfbb2a88b27f50b059c03580300ca
cada3b43d2add1edbac39f050ec315498f12b2ec3c8ea1061322054ec5c56549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion_async.js
142.250.74.162200 OK 15 kB URL HTTP/2 www.googleadservices.com/pagead/conversion_async.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (1654)
Hash 74ace29e686ae4445710506fba552bd5
f09b4d13010f36b8f3efb0442b3d6e616e26a643
f655be0a03ae5bb0d71fae713a55c95462e40c688c2154221ba8c95d94917ff1
GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 10376002428160754156
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15164
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash be5a1814429d0a129322abda3791987f
9e0eeee65e17a9c6df149ed1f01d3d7194833fd8
75afa897dd6f4b97b0697589569c7c4f87e32b79addf981febc78a4ff741210e
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: l4mezuTX2daMM4ARayR4CGp613OdXqjIJDL6Z5PzHcr2oRfyTkARIFdY/iTHYS5K/I0cFpZh/Q66mhpXVOD5GQ==
content-length: 27843
x-fb-trip-id: 1904183273
date: Fri, 17 Feb 2023 13:58:30 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0fa96c0ed89bf54a1fb36555f527fcde
00366fa4ab2dbf17dbc987fb055cd9f573ccd30a
6f182e3b430c1e94329d84d1ee10dc550fe1b79f251a8467118cf6102e403a9d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
acdn.adnxs.com/dmp/up/pixie.js
151.101.65.108200 OK 3.3 kB URL HTTP/1.1 acdn.adnxs.com/dmp/up/pixie.js
IP 151.101.65.108:0
File type ASCII text, with very long lines (9139), with no line terminators
Hash 75b9af81e30e45403e6856566e888545
d013e9a47331447f32c2bdf6f35b286e711788f0
dd26e2e55783f6174ceea7c7a3b10e5af1c7fca56fc2543956a38b848f32a151
GET /dmp/up/pixie.js HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 3340
Server: nginx/1.18.0 (Ubuntu)
Content-Type: application/javascript
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
ETag: W/"60b79de0-23b3"
Expires: Fri, 27 Jan 2023 02:11:02 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 17 Feb 2023 13:58:30 GMT
Age: 42406
X-Served-By: cache-lga21930-LGA, cache-bma1663-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 101, 6862
X-Timer: S1676642310.294885,VS0,VE0
Vary: Accept-Encoding
www.google.com/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
142.250.74.164302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 142.250.74.164:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9
142.250.74.78200 OK 6.2 kB URL HTTP/2 encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9
IP 142.250.74.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x168, components 3\012- data
Hash 2063951383d22405d0663550e2ed3762
6a256b7cdec8d0e0aaf2c86c17e7cc34693a609e
0fb41ab8877699782e17566fafad17e01b8d04b840db658583cb0d3b9508fff4
GET /images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9 HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 6238
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 06:24:19 GMT
expires: Sat, 17 Feb 2024 06:24:19 GMT
cache-control: public, max-age=31536000
age: 27251
last-modified: Thu, 28 Dec 2017 03:23:06 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash fc63911e4661aa872ac148ba0e622495
8c71e1a1ca7a84edaeda049a242868a603685883
f9801dcdaab6db35dde3127add82844087ebdba6bf3149e4b54946e5e8e234d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/images/branding/product/1x/translate_24dp.png
142.250.74.99200 OK 846 B URL HTTP/2 www.gstatic.com/images/branding/product/1x/translate_24dp.png
IP 142.250.74.99:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e9cd262114358f26b7608b56905185dc
6dbde0a96deaab2b529723ce26c62043cf9180ab
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
GET /images/branding/product/1x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:01:44 GMT
expires: Sat, 17 Feb 2024 13:01:44 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 3406
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1bf3278c2046b4fdb1f775dca9bc8b16
54fa26cf0329818b9878e437a59ddccc8d72d35f
f794ad5a7249fe547829bc49ec42f96270f9de8ce9b17c1581e06c0ff3e9785d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4559
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Last-Modified: Fri, 17 Feb 2023 12:42:32 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d56fcc1e441a5a55e8e534be7b4f0e78
534216c89feed8f38c5b289ba5134f2b74b714ce
32b19f3ef1a5d882a0b243a836adc26bf4c854cc40aa2ae9fac271e6f32b5241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/images/branding/product/2x/translate_24dp.png
142.250.74.99200 OK 1.8 kB URL HTTP/2 www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP 142.250.74.99:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://translate.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:56:49 GMT
expires: Sat, 17 Feb 2024 13:56:49 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 101
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9e6e005454b8541d1c2b06348e59b91
8f7f5ae9386edf53c6dc1cffed0a1d89ebb413cd
92e1518234ecff2b0656e1714f63ff8501eb727addcdcfc5c293a42eef177765
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b617ba367e1ea63751230f57dea54575
e8e5b334030322c32596b4b8ca13688ae94426f5
7a9f17f10e76770dfd7ec9d725225699cf1364ec83f5d0ec077774f388605245
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4e2047d0030ab6ef9ef1aa93bc0e225b
6d370262f2ba2ad80b2bc2ce29ca47a4ad0a7134
77d6af824538cdbd9dcd7e62429c5c5f1fa0970c4a8ddc358d0e95d2049b0140
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&fmt=3&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&ct_cookie_present=1
142.250.74.66200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&fmt=3&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&ct_cookie_present=1
IP 142.250.74.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&fmt=3&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 17-Feb-2023 14:13:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
216.58.207.194200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
IP 216.58.207.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
216.58.207.194200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP 216.58.207.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F
216.58.207.194200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F
IP 216.58.207.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
216.58.207.194200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP 216.58.207.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c8e9eeefa5d57aae7902f22001cacc91
30a9795bf30ff5c1056f506d866b00535defaeac
22d15f22115215143d2e173bf51e1b694de15e43d86ae46107fed2af7c15eca7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9e6e005454b8541d1c2b06348e59b91
8f7f5ae9386edf53c6dc1cffed0a1d89ebb413cd
92e1518234ecff2b0656e1714f63ff8501eb727addcdcfc5c293a42eef177765
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 4311193f1701ae091d50ba2eeabf36be
5c857e688f238adde8e19e470568a05f97a3d93e
021728417b1d75143bbf5bc1e926a50c17bd3ecd910c3090cc9efd03e43ee561
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 17 Feb 2023 13:58:30 GMT
Last-Modified: Fri, 17 Feb 2023 12:37:33 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -h94I8aa0pbGGiiVvEz5DLaeup6KaqBG2JFVJ9hzSHEQi9kNMlCNpg==
Age: 4857
6015663.global.siteimproveanalytics.io/image.aspx?url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1179&prev=1c7c27f8-a1c0-dbe0-1b0f-aeb91c18c13f&luid=7fbc8064-fbb7-58b6-40cd-f5e3bbe5b1e0&rnd=40451
3.122.28.13200 OK 34 B URL HTTP/2 6015663.global.siteimproveanalytics.io/image.aspx?url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1179&prev=1c7c27f8-a1c0-dbe0-1b0f-aeb91c18c13f&luid=7fbc8064-fbb7-58b6-40cd-f5e3bbe5b1e0&rnd=40451
IP 3.122.28.13:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
Analyzer Verdict Alert urlquery phishing Phishing - Posten Norge
GET /image.aspx?url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1179&prev=1c7c27f8-a1c0-dbe0-1b0f-aeb91c18c13f&luid=7fbc8064-fbb7-58b6-40cd-f5e3bbe5b1e0&rnd=40451 HTTP/1.1
Host: 6015663.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:30 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=pbqw6+M/FdBklUxTpyp+CKDyvPJh97VJs2sWbd6pd2Qw6xKtWGdR9NIPXmxFOS1AQ2fKrepwc0krr8GLG1HFGgJKG99vE2g9TPZz4rDHuZqRtXr+xLr2npBaJYUW; Expires=Fri, 24 Feb 2023 13:58:30 GMT; Path=/
AWSALBCORS=pbqw6+M/FdBklUxTpyp+CKDyvPJh97VJs2sWbd6pd2Qw6xKtWGdR9NIPXmxFOS1AQ2fKrepwc0krr8GLG1HFGgJKG99vE2g9TPZz4rDHuZqRtXr+xLr2npBaJYUW; Expires=Fri, 24 Feb 2023 13:58:30 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Fri, 17 Feb 2023 13:58:30 UTC
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.163200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.163:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1>m=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.demaflexsnc.it/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309595&if=0
37.252.171.53200 OK 42 B URL HTTP/1.1 ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309595&if=0
IP 37.252.171.53:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309595&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:58:30 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642309598&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309599&if=0
37.252.171.53200 OK 42 B URL HTTP/1.1 ib.adnxs.com/pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642309598&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309599&if=0
IP 37.252.171.53:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642309598&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309599&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:58:30 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309598&if=0
37.252.171.53200 OK 42 B URL HTTP/1.1 ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309598&if=0
IP 37.252.171.53:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309598&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:58:30 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1676642309457&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1676642309457&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=&time=1676642309457&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
set-cookie: bcookie="v=2&d780addd-527d-4b81-8b7e-c25407798410"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 17-Feb-2024 13:58:30 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2434:u=1:x=1:i=1676642310:t=1676728710:v=2:sig=AQEJWTfEQre3YaSrwN6ldAqLWfAik9rY"; Expires=Sat, 18 Feb 2023 13:58:30 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAX05bVVoZw7VOcZpJvHQw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 604368A4E0E34D2FA942910D10BD4106 Ref B: OSL30EDGE0207 Ref C: 2023-02-17T13:58:30Z
date: Fri, 17 Feb 2023 13:58:30 GMT
content-length: 0
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&rl=&if=false&ts=1676642309877&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642309876.1174613635&it=1676642309580&coo=false&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&rl=&if=false&ts=1676642309877&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642309876.1174613635&it=1676642309580&coo=false&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&rl=&if=false&ts=1676642309877&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642309876.1174613635&it=1676642309580&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 17 Feb 2023 13:58:30 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13860
Expires: Fri, 17 Feb 2023 17:49:31 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6a689195f741507797cbfee1088b6096
7114ea3a2073e2a9356a82611300afb43a44af02
8e304f2e413644bd97225abaf443121aea7a8b1ae5237cfffd8acd0bc9ece258
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8683
x-amzn-requestid: 52627a4c-8764-4aa7-9d95-5a364a5c48a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AKaBSGKgoAMFesw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e73d3b-40df63f72db14cab7d4f2e7b;Sampled=0
x-amzn-remapped-date: Sat, 11 Feb 2023 07:01:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: knG5uaFviCGKFtYeHBxEV6VPTGJwElhQuruCBPn0mN-iKtITf06_ag==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 00:15:13 GMT
age: 49398
etag: "7114ea3a2073e2a9356a82611300afb43a44af02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2eae6226e2383cf7a14956fb5e00973
207870779f0bc576f842c3444c8a36cfb83827e7
1339bb05cf778cda51646dff372080356ec3d215ebe59fe8a8c3478422fe16ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6975
x-amzn-requestid: a51f7d5f-b9f5-45ad-a864-fcf92ee45a09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AHHalERAoAMFZRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e5ec43-2aa1297878995458524758f3;Sampled=0
x-amzn-remapped-date: Fri, 10 Feb 2023 07:03:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JbtPJs7uVnoMc8WtfcO85KEK8e8c439tQuWcGzILuYVC0-LCOS84DA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 22:18:33 GMT
age: 56398
etag: "207870779f0bc576f842c3444c8a36cfb83827e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 043c29f528f5414d1e280640e7bd6d79
5006aea566216e56530d02f3133b5eb0d15fd1a5
01c099af56ff9d26301d66f1bca427d41c7096ec687551b656edac95b0520e4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8813
x-amzn-requestid: 510cb459-2870-46eb-9c53-da577d62f83c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AdPCKEggoAMF3vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eec540-23f553c202ad097f53c58dc4;Sampled=0
x-amzn-remapped-date: Fri, 17 Feb 2023 00:07:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F-Wi5siD9pPdWz8E84A8TeiWrgMnHr-3IiQuPjp2zz6RpCHSxUX09A==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 00:45:51 GMT
age: 47560
etag: "5006aea566216e56530d02f3133b5eb0d15fd1a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4748156e-3671-4964-bccd-dcff5a4dcabd.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4748156e-3671-4964-bccd-dcff5a4dcabd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0f696a6d6b899ea990863fd3f6cef50b
15ed196a642a4e767c5527ec92e346109632fbbb
afd3a83fffd1b1d3df4c95632b78508e6509e369fea66b3e78cca1db1dd97d92
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4748156e-3671-4964-bccd-dcff5a4dcabd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6486
x-amzn-requestid: 9cd0762a-003f-45fd-ad59-2cb9d1c9a1e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ac4-lESQIAMFlhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eea1f6-22c2261c4bdfab1d44a07164;Sampled=0
x-amzn-remapped-date: Thu, 16 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3a6crVzn1im5K9oMA5RqaEIjX2vluZ5yCcIkAfTUTB0cluzbzJbTGA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 21:53:13 GMT
age: 57918
etag: "15ed196a642a4e767c5527ec92e346109632fbbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c942f8-27c2-4bf4-8e35-92d403d00f29.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c942f8-27c2-4bf4-8e35-92d403d00f29.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a34f09bb10a93df46b8b23e4cf0d4c0
c08103bfbfd0e097ae94773476143fcc02b126f4
4890fd0de8eb6ba08a5188eb24c4f7efad037a70f491329db7597df9ba2224fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c942f8-27c2-4bf4-8e35-92d403d00f29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7575
x-amzn-requestid: d8da5085-979c-4c8d-8883-94359384b9e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AKaBQE-cIAMFpHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e73d3a-5c65ae966ca81da764446a6e;Sampled=0
x-amzn-remapped-date: Sat, 11 Feb 2023 07:01:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0hOEJH96jaVZWiJ9UsLYQ4hj5DVyJGv_Etn1-rLalah7WDXP9Y787A==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 15:34:36 GMT
age: 80635
etag: "c08103bfbfd0e097ae94773476143fcc02b126f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9c5a0bab7d34e51ee6476be179b356ba
87917d3cf520d73b7b1029f44505e7700413d51d
136e727a99409218318247b645558fad485ed84bcd90bd43a5895492cb317d89
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6879
x-amzn-requestid: 18c46562-f8d9-4f7f-8ea0-1bb46e206f80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ANnahEWgIAMFwYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e885dc-50a7cfe4693b4efb038ce1a7;Sampled=0
x-amzn-remapped-date: Sun, 12 Feb 2023 06:23:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qwK1XWOYMXy8qna9sVCV7q__QKMko9KXa8towbYhIj1EolPbqEuIHQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 15:50:12 GMT
age: 79699
etag: "87917d3cf520d73b7b1029f44505e7700413d51d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png
31.11.33.147404 Not Found 0 B URL HTTP/1.1 www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png
IP 31.11.33.147:0
GET /_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5172