u0372.enginecodes.net/
176.9.111.7200 OK 6.4 kB IP 176.9.111.7:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (372), with CRLF line terminators
Hash e2791c0124d7474d1178e3885dc8a715
b9b6af5e32d7d2215f39c640a4900e1aa1b2c4c6
5963368328414452ef90ef1cc99b529bd2f84635ecf691b706c45f73cc7140b0
GET / HTTP/1.1
Host: u0372.enginecodes.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:43:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.33, PleskLin
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5195
Expires: Wed, 07 Dec 2022 13:09:36 GMT
Date: Wed, 07 Dec 2022 11:43:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4259
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:01 GMT
Etag: "638f19f6-1d7"
Last-Modified: Wed, 07 Dec 2022 10:32:02 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 11:20:28 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1353
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5119
Expires: Wed, 07 Dec 2022 13:08:21 GMT
Date: Wed, 07 Dec 2022 11:43:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lZD1jiKYIGPXwfxhs5O5hDR1qOCJO+rKESVXvH+qbhbbXXcYsekJz0tm4RkyBQMDnyKxNePpInE=
x-amz-request-id: NDFVH8NPE2CA1QKA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 10:47:28 GMT
age: 3334
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
enginecodes.net/css/style.css
176.9.111.7200 OK 1.5 kB URL HTTP/1.1 enginecodes.net/css/style.css
IP 176.9.111.7:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 29da8d88da0af878abe44f19abfc479d
18661196261650671b1279d9d46557a333096cf0
ef411c10a80c12d0020583d2f65a800b5202917aab7f4190be81c7c84949ce99
GET /css/style.css HTTP/1.1
Host: enginecodes.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:43:02 GMT
Content-Type: text/css
Content-Length: 1471
Last-Modified: Sun, 04 Dec 2022 19:47:28 GMT
Connection: keep-alive
ETag: "638cf950-5bf"
X-Powered-By: PleskLin
Accept-Ranges: bytes
jigsaw.w3.org/css-validator/images/vcss
104.18.23.19301 Moved Permanently 0 B URL HTTP/1.1 jigsaw.w3.org/css-validator/images/vcss
IP 104.18.23.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css-validator/images/vcss HTTP/1.1
Host: jigsaw.w3.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Dec 2022 11:43:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 12:43:02 GMT
Location: https://jigsaw.w3.org/css-validator/images/vcss
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775d0057088db4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
u0372.enginecodes.net/images/logo.png
176.9.111.7200 OK 20 kB URL HTTP/1.1 u0372.enginecodes.net/images/logo.png
IP 176.9.111.7:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 446 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 7939962940fc23a8d07447f4bc745a7f
9de1527c7c3a96769c4a473fde7c8d2c3111ca5d
734983842380a836740ed9433d6fc7ad3dbcd7253038815db564a16526c6c913
GET /images/logo.png HTTP/1.1
Host: u0372.enginecodes.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:43:02 GMT
Content-Type: image/png
Content-Length: 19575
Last-Modified: Sun, 04 Dec 2022 19:47:29 GMT
Connection: keep-alive
ETag: "638cf951-4c77"
X-Powered-By: PleskLin
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 6925ac1ba862664524f8ef22e07645ac
b03bf8fe370e2a196301d9d805a02d5315a5c5b3
40ca3d39e35a82feeb6e997314ccf406ad918038a51060a61c2c5975eceea710
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6321
Cache-Control: max-age=166183
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:02 GMT
Etag: "639049bc-118"
Expires: Fri, 09 Dec 2022 09:52:45 GMT
Last-Modified: Wed, 07 Dec 2022 08:07:24 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 2044
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4253
Cache-Control: max-age=167681
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:02 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:17:43 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
jigsaw.w3.org/css-validator/images/vcss
104.18.23.19200 OK 1.5 kB URL HTTP/2 jigsaw.w3.org/css-validator/images/vcss
IP 104.18.23.19:0
File type GIF image data, version 89a, 88 x 31\012- data
Hash 64c15fdbab0ccaa5f79875381ffccf86
318a742e77171dc8190e727391b73b6f73d3aa9e
a5e988ededb2aa6ac2fbada686f36a5185bcfa983e316729a4540fb87ec54a0b
GET /css-validator/images/vcss HTTP/1.1
Host: jigsaw.w3.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://u0372.enginecodes.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:43:02 GMT
content-type: image/gif
content-length: 1547
cache-control: max-age=518400
content-location: https://jigsaw.w3.org/css-validator/images/vcss.gif
content-md5: ZMFf26sMyqX3mHU4H/zPhg==
etag: "178shp7:1a2k1jdo8"
expires: Sun, 11 Dec 2022 11:07:53 GMT
last-modified: Mon, 08 Feb 2016 20:34:17 GMT
vary: Accept
accept-ranges: bytes
strict-transport-security: max-age=15552015; includeSubDomains; preload
public-key-pins: pin-sha256="cN0QSpPIkuwpT6iP2YjEo1bEwGpH/yiUn6yhdy+HNto="; pin-sha256="WGJkyYjx1QMdMe0UqlyOKXtydPDVrk7sl2fV+nNm1r4="; pin-sha256="LrKdTxZLRTvyHM4/atX2nquX9BeHRZMCxg3cf4rhc2I="; max-age=864000
x-frame-options: deny
x-xss-protection: 1; mode=block
x-request-id: 775d0057ad0ab506
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 775d0057ad0ab506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 6925ac1ba862664524f8ef22e07645ac
b03bf8fe370e2a196301d9d805a02d5315a5c5b3
40ca3d39e35a82feeb6e997314ccf406ad918038a51060a61c2c5975eceea710
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6321
Cache-Control: max-age=166183
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:02 GMT
Etag: "639049bc-118"
Expires: Fri, 09 Dec 2022 09:52:45 GMT
Last-Modified: Wed, 07 Dec 2022 08:07:24 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
indexesinsist.com/9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js
192.243.59.12200 OK 9.8 kB URL HTTP/1.1 indexesinsist.com/9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26996), with no line terminators
Hash 7474e01acba67843dd70468ec7ee9c64
01a7d35367320f61db0e68c3d7fdfa30d0ef6e41
98fa479d1bfbd01bba7493b0b08e8c2bef61efa4c5b830ce4f18870fe952a433
Analyzer Verdict Alert quad9 Sinkholed
GET /9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js HTTP/1.1
Host: indexesinsist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 11:43:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 73f407d83298e9c281f2c7965e59c9cc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
push.services.mozilla.com/
34.212.166.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.166.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: addD2b36weXGEqu9qkHyBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Xs+xW5Obg6/n1IRhcUdTGKwt+x8=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9751
Expires: Wed, 07 Dec 2022 14:25:34 GMT
Date: Wed, 07 Dec 2022 11:43:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9751
Expires: Wed, 07 Dec 2022 14:25:34 GMT
Date: Wed, 07 Dec 2022 11:43:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9751
Expires: Wed, 07 Dec 2022 14:25:34 GMT
Date: Wed, 07 Dec 2022 11:43:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2409529ecac5140de749d864da85af0d
99f431b4ca446996dbacb969440e2ecfb11fd9e0
81b379b16874d6644b0cf63e02c5174e44a40ab7cb4f4727bb96ad44bfcaa72f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6422
x-amzn-requestid: 6d0cc220-31bc-4815-ade5-7e3e5403f39f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cniYTGgRoAMF5lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c7dce-64fbea8330a62e4f741c0c4e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 11:00:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IWfRJ5GaowWTJhSqFpvEhGKVi9DTp-h6tmrMXRtUlmXCMmolLPpaIA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 07:59:34 GMT
age: 13409
etag: "99f431b4ca446996dbacb969440e2ecfb11fd9e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cmRvAOLmk_xZC4RKdin-lozUNeK9-icqkzsQmSjP9scXnnCLxkvJ5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:53 GMT
age: 49270
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 11412
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9257f2e3b9bd1b3aa262b0f4bf57968
4bcdd6ecd63834aa1010faf19457a97f37ae99fa
9afd592279c51b533b3bf72a860cf4a8f2bc6cf01b07d1ab6f11f0ff302e0ef6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7392
x-amzn-requestid: f4b6890a-7a8f-48f8-b2af-365cb5f681e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpwREFiXoAMFSMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d60d3-009e524f30c72d0629c877bb;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 03:09:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C0-H0LUbxaxMEXoDf6PXEFAvVTj2D9K2M7eshRo39QzAAWSk2ubepA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 03:15:41 GMT
age: 30442
etag: "4bcdd6ecd63834aa1010faf19457a97f37ae99fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9fda84db003d0cfc70d73dcb6a3763dd
5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4
f00aa6b88dd85164d8f6ee685937a3ca8039b98b442a2e6aede1c4c421b4fc4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8997
x-amzn-requestid: 54d7ed8c-119c-4583-929c-fd053524814c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csT_8F78IAMFY6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66cc-3d9816725e7e0b1b3404bc4a;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:46:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FjScmvs74slr4Mr8vhQLRNh-88KqMx4L1FwNKdBwbUUPDuu1ivOuoQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:47:20 GMT
age: 50143
etag: "5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:49:34 GMT
age: 53609
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
indexesinsist.com/9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js
192.243.59.12200 OK 9.8 kB URL HTTP/1.1 indexesinsist.com/9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26996), with no line terminators
Hash 7474e01acba67843dd70468ec7ee9c64
01a7d35367320f61db0e68c3d7fdfa30d0ef6e41
98fa479d1bfbd01bba7493b0b08e8c2bef61efa4c5b830ce4f18870fe952a433
Analyzer Verdict Alert quad9 Sinkholed
GET /9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js HTTP/1.1
Host: indexesinsist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 453a33dcfec51f418097ddd15bb8db2e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 975d829b6c1182baa9059ef46ba71c89
4cad25f5dc5997779e9bde153551bf7fa3481938
5a23467d164713da6a0ba9cff3d114780c255f12696ad50c3efc214c8895ee64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96120
Date: Wed, 07 Dec 2022 11:43:03 GMT
Etag: "638f4418-1d7"
Expires: Thu, 08 Dec 2022 14:25:03 GMT
Last-Modified: Tue, 06 Dec 2022 13:31:04 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -N-ITCiuRDfZt5j18hwfDT4A4uouT02r2iABM8RATkf5pk2UBF175Q==
Age: 3240
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash ace3e0f65d77c569af1bbbe88610643c
d3d6fd7cbc23c54a3a1ec0cb56153b3c12de49b3
d3a7a55d5233e563418557d4aa3226bc9ae0359c894fb6bd8c8bf6f386483a47
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:43:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://u0372.enginecodes.net
access-control-allow-credentials: true
set-cookie: uid_id2=a9f376b3-8257-4adf-8621-65948ff96218:3:1; expires=Sat, 04 Dec 2032 11:43:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
fairfaxgeorgianayourself.com/58/aa/68/58aa6835f4aa61a96bddf82811985077.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/58/aa/68/58aa6835f4aa61a96bddf82811985077.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash b9091ec4f19b264961f80052c5be98f1
7696a27177ae8ea5f516e5efee1f42545eb20432
fffce9e29ed969e0e72c0ecc4cecf9419cb044dc273500c2613cd960103dca4f
Analyzer Verdict Alert quad9 Sinkholed
GET /58/aa/68/58aa6835f4aa61a96bddf82811985077.js HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2d0e2c2f09d1d58e08deea7740a0f2f3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 975d829b6c1182baa9059ef46ba71c89
4cad25f5dc5997779e9bde153551bf7fa3481938
5a23467d164713da6a0ba9cff3d114780c255f12696ad50c3efc214c8895ee64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96232
Date: Wed, 07 Dec 2022 11:43:03 GMT
Etag: "638f4418-1d7"
Expires: Thu, 08 Dec 2022 14:26:55 GMT
Last-Modified: Tue, 06 Dec 2022 13:31:04 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wDN1YodAlGaTXGW_XdqMI5RiH_38Mlt8UID25wKY17gAF107UvoX4A==
Age: 3351
indexesinsist.com/9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js
192.243.59.12200 OK 9.8 kB URL HTTP/1.1 indexesinsist.com/9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26984), with no line terminators
Hash 2bb0c3a0d94328efa5edcc022dfe092f
be6b8572de8907ba64792f7765949ad18c1cec88
1cca7bfc2cf4e4a6c30b9fcb60a180cb215b9d545f0b38cc1faf949f0fbe3fca
Analyzer Verdict Alert quad9 Sinkholed
GET /9ad1d496a1453e46e8bf2b3cb39e449e/invoke.js HTTP/1.1
Host: indexesinsist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 418dbcf9d42f86aa6e57ccbb7eab7c33
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 4d7eb720d1f505d80da115cd47968d98
0a21742860d4f8862afb99ac58840a4fe7d19501
31d079a24bfcc9ef418a6289c92c0b95b911d978a49fd8fa2ff75324bcb61eaf
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:43:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://u0372.enginecodes.net
access-control-allow-credentials: true
set-cookie: uid_id2=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c:2:1; expires=Sat, 04 Dec 2032 11:43:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
www.statcounter.com/counter/counter.js
104.20.219.77200 OK 14 kB URL HTTP/1.1 www.statcounter.com/counter/counter.js
IP 104.20.219.77:0
File type ASCII text, with very long lines (43632), with no line terminators
Hash ec70672a2f4620ce69dbd93d41715fb2
68d559ba806e8aa338221616ba9a85ae582e03a3
f6cd20fa5ef3de2a6bd894efa434c1650f12cf6b3c9df03d45489aff18c44b7e
GET /counter/counter.js HTTP/1.1
Host: www.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 01 Dec 2022 18:49:39 GMT
ETag: W/"aa70-5eec8aeed8035"
Cache-Control: max-age=43200
Expires: Wed, 07 Dec 2022 23:27:50 GMT
Access-Control-Allow-Origin: *
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
User-Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 913
Server: cloudflare
CF-RAY: 775d005e185c1c12-OSL
fairfaxgeorgianayourself.com/58/aa/68/58aa6835f4aa61a96bddf82811985077.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/58/aa/68/58aa6835f4aa61a96bddf82811985077.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 585bf1bc3e765d259468f750e0ee514b
2de730df6092e8cd2d8bb56985fc4b9fca5afa80
c743e97de8cb5e2ede5d8564311cf90e5183603d0997973fad6eba12e3379313
Analyzer Verdict Alert quad9 Sinkholed
GET /58/aa/68/58aa6835f4aa61a96bddf82811985077.js HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 635dcdc26afc75f0b0bcfba722a21d65
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
addresseepaper.com/sfp.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:36 GMT
ETag: "638fbf08-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 78cbec8d8f3cb9d7274878548eda6908
32c383b1b78ffa9f2b8e8ee741f0bc2de0c1d8ea
b96208c37439bf95706ca13b40114f76d6d06cb20a4cc1fdd91f8ddb11c48f73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B96208C37439BF95706CA13B40114F76D6D06CB20A4CC1FDD91F8DDB11C48F73"
Last-Modified: Tue, 06 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7606
Expires: Wed, 07 Dec 2022 13:49:49 GMT
Date: Wed, 07 Dec 2022 11:43:03 GMT
Connection: keep-alive
addresseepaper.com/sfp.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
entitledbalcony.com/pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 entitledbalcony.com/pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: entitledbalcony.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fairfaxgeorgianayourself.com/watch.311921883937.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c%3A2%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/watch.311921883937.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c%3A2%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.311921883937.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c%3A2%3A1 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://u0372.enginecodes.net
Access-Control-Allow-Origin: http://u0372.enginecodes.net
Access-Control-Allow-Credentials: true
Location: https://fairfaxgeorgianayourself.com/watch.311921883937.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c%3A2%3A1&shu=f479c1fbee700919e79497f40007f22926c0b660f346bf0cc9c028c5ca661668175eeb937e598a1dcea50a803bfb1230d9fc4a49334e04fb87a8065ce346ff7aee5ff061019d9090f811dcb280ac9415437be686457361c8c198de89c06af50b&pst=1670413443&rmtc=t
Set-Cookie: u_pl=17746884; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0Njg4NCwiayI6IjlhZDFkNDk2YTE0NTNlNDZlOGJmMmIzY2IzOWU0NDllIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDA2MzEwLCJwaWQiOjExODY4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6ImdnNWoxeXN6IiwiY3BrcyI6eyAiMjgiOiI1OGFhNjgzNWY0YWE2MWE5NmJkZGY4MjgxMTk4NTA3NyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.5rNKpfyFLJe_vFZoHlNVRK4IUXRbP4SXw6INywhLQOI; expires=Wed, 07 Dec 2022 11:44:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7733afbc8f8bc3a794acaa1c8f1c8f3c
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 091409746aa7135b281ed1cc81acffd4
b08da33cdfe0b31662443d2b04740c063aba0aa1
bdaeaa7fba598bf5bb567dd0aac8d7eb5d647a6c210cbba67e37b3c5202aa888
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDAEAA7FBA598BF5BB567DD0AAC8D7EB5D647A6C210CBBA67E37B3C5202AA888"
Last-Modified: Mon, 05 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14028
Expires: Wed, 07 Dec 2022 15:36:51 GMT
Date: Wed, 07 Dec 2022 11:43:03 GMT
Connection: keep-alive
banquetunarmedgrater.com/advertisers.js
173.233.137.52200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9222381988b30e51e329090b8acf252
Strict-Transport-Security: max-age=0; includeSubdomains
fairfaxgeorgianayourself.com/watch.1045586828861.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/watch.1045586828861.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1045586828861.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://u0372.enginecodes.net
Access-Control-Allow-Origin: http://u0372.enginecodes.net
Access-Control-Allow-Credentials: true
Location: https://fairfaxgeorgianayourself.com/watch.1045586828861.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=0fb4585ca85ff33912a6941b565e75e3d5faa083e1dad95e24a222aceb8b5748d1d8a171e257eb06e138bad0bc5934880297dfdb8462965db4df44f2fd9f1a9699de027eec29269148af16ad59f46e1d53b1fcd78cc7017da2a63536cae2ce2170&pst=1670413443&rmtc=t
Set-Cookie: u_pl=17746884; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0Njg4NCwiayI6IjlhZDFkNDk2YTE0NTNlNDZlOGJmMmIzY2IzOWU0NDllIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDA2MzEwLCJwaWQiOjExODY4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6ImdnNWoxeXN6IiwiY3BrcyI6eyAiMjgiOiI1OGFhNjgzNWY0YWE2MWE5NmJkZGY4MjgxMTk4NTA3NyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.5rNKpfyFLJe_vFZoHlNVRK4IUXRbP4SXw6INywhLQOI; expires=Wed, 07 Dec 2022 11:44:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2832314d0a173cea4d031886593f0d7e
Strict-Transport-Security: max-age=0; includeSubdomains
stealcalmgenus.com/pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 stealcalmgenus.com/pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
swelltomatoesguess.com/58/aa/68/58aa6835f4aa61a96bddf82811985077.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 swelltomatoesguess.com/58/aa/68/58aa6835f4aa61a96bddf82811985077.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 585bf1bc3e765d259468f750e0ee514b
2de730df6092e8cd2d8bb56985fc4b9fca5afa80
c743e97de8cb5e2ede5d8564311cf90e5183603d0997973fad6eba12e3379313
Analyzer Verdict Alert quad9 Sinkholed
GET /58/aa/68/58aa6835f4aa61a96bddf82811985077.js HTTP/1.1
Host: swelltomatoesguess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab8efc4edb71f4440b2c6d3a0d42d5f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fairfaxgeorgianayourself.com/watch.311921883937.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c%3A2%3A1&shu=f479c1fbee700919e79497f40007f22926c0b660f346bf0cc9c028c5ca661668175eeb937e598a1dcea50a803bfb1230d9fc4a49334e04fb87a8065ce346ff7aee5ff061019d9090f811dcb280ac9415437be686457361c8c198de89c06af50b&pst=1670413443&rmtc=t
173.233.137.36200 OK 2.1 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/watch.311921883937.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c%3A2%3A1&shu=f479c1fbee700919e79497f40007f22926c0b660f346bf0cc9c028c5ca661668175eeb937e598a1dcea50a803bfb1230d9fc4a49334e04fb87a8065ce346ff7aee5ff061019d9090f811dcb280ac9415437be686457361c8c198de89c06af50b&pst=1670413443&rmtc=t
IP 173.233.137.36:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2656)
Hash e8e64c3355e00e33b049fae6c0d1065c
02c123088251f0a5b6bb1f514868e58d52751ad0
cc0c647b38f6ba52dde7043080b9f9008ef8dadc37b6cdc90d711b03a49ada4b
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.311921883937.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c%3A2%3A1&shu=f479c1fbee700919e79497f40007f22926c0b660f346bf0cc9c028c5ca661668175eeb937e598a1dcea50a803bfb1230d9fc4a49334e04fb87a8065ce346ff7aee5ff061019d9090f811dcb280ac9415437be686457361c8c198de89c06af50b&pst=1670413443&rmtc=t HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Referer: http://u0372.enginecodes.net/
Connection: keep-alive
Cookie: u_pl=17746884; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0Njg4NCwiayI6IjlhZDFkNDk2YTE0NTNlNDZlOGJmMmIzY2IzOWU0NDllIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDA2MzEwLCJwaWQiOjExODY4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6ImdnNWoxeXN6IiwiY3BrcyI6eyAiMjgiOiI1OGFhNjgzNWY0YWE2MWE5NmJkZGY4MjgxMTk4NTA3NyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.5rNKpfyFLJe_vFZoHlNVRK4IUXRbP4SXw6INywhLQOI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://u0372.enginecodes.net
Access-Control-Allow-Origin: http://u0372.enginecodes.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=1039ed90-66c6-4ccb-aff1-f9a2b0747f8c:2:1; expires=Wed, 14 Dec 2022 11:43:03 GMT; secure; SameSite=None
iprc2e859ea7ca19882f010dd0db5eb0673f=3569808; expires=Wed, 07 Dec 2022 15:43:03 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c02866d30740e0f0723ab236016d1b3d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fairfaxgeorgianayourself.com/watch.1045586828861.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=0fb4585ca85ff33912a6941b565e75e3d5faa083e1dad95e24a222aceb8b5748d1d8a171e257eb06e138bad0bc5934880297dfdb8462965db4df44f2fd9f1a9699de027eec29269148af16ad59f46e1d53b1fcd78cc7017da2a63536cae2ce2170&pst=1670413443&rmtc=t
173.233.137.36200 OK 2.1 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/watch.1045586828861.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=0fb4585ca85ff33912a6941b565e75e3d5faa083e1dad95e24a222aceb8b5748d1d8a171e257eb06e138bad0bc5934880297dfdb8462965db4df44f2fd9f1a9699de027eec29269148af16ad59f46e1d53b1fcd78cc7017da2a63536cae2ce2170&pst=1670413443&rmtc=t
IP 173.233.137.36:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2650)
Hash a86ab1dfefe86bcb1c05a21c9504af93
21f8b13f1c97f1b1a1335314a14a2fc8e42ec668
9f36a6a9ef25f98497fca90217c2cc3407177ec24fc98f0f2b650b2af3d0a292
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1045586828861.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=0fb4585ca85ff33912a6941b565e75e3d5faa083e1dad95e24a222aceb8b5748d1d8a171e257eb06e138bad0bc5934880297dfdb8462965db4df44f2fd9f1a9699de027eec29269148af16ad59f46e1d53b1fcd78cc7017da2a63536cae2ce2170&pst=1670413443&rmtc=t HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Referer: http://u0372.enginecodes.net/
Connection: keep-alive
Cookie: u_pl=17746884; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0Njg4NCwiayI6IjlhZDFkNDk2YTE0NTNlNDZlOGJmMmIzY2IzOWU0NDllIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDA2MzEwLCJwaWQiOjExODY4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6ImdnNWoxeXN6IiwiY3BrcyI6eyAiMjgiOiI1OGFhNjgzNWY0YWE2MWE5NmJkZGY4MjgxMTk4NTA3NyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.5rNKpfyFLJe_vFZoHlNVRK4IUXRbP4SXw6INywhLQOI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://u0372.enginecodes.net
Access-Control-Allow-Origin: http://u0372.enginecodes.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a9f376b3-8257-4adf-8621-65948ff96218:3:1; expires=Wed, 14 Dec 2022 11:43:03 GMT; secure; SameSite=None
iprc2e859ea7ca19882f010dd0db5eb0673f=3569808; expires=Wed, 07 Dec 2022 15:43:03 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 081847ecc3883e469b6c52a54d5a94ac
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
stealcalmgenus.com/pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 stealcalmgenus.com/pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1780&rd=1780&fd=334&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
swelltomatoesguess.com/watch.548381908200.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1
192.243.61.227307 Temporary Redirect 0 B URL HTTP/1.1 swelltomatoesguess.com/watch.548381908200.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.548381908200.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1 HTTP/1.1
Host: swelltomatoesguess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://u0372.enginecodes.net
Access-Control-Allow-Origin: http://u0372.enginecodes.net
Access-Control-Allow-Credentials: true
Location: https://swelltomatoesguess.com/watch.548381908200.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=ae0e7a428d3129cc1bcd1d083b190594a602c4172cf0240a4f51790d0801b83464eefe6cd38e34aa419b641f39bcdf80c026eba8d222a9ca558fbe59df6ba216cffec307e3b33ae6f1a0eaf701e3b6ac22c43f44530743d9e9595f38ca891d&pst=1670413443&rmtc=t
Set-Cookie: u_pl=17746884; expires=Thu, 08 Dec 2022 11:43:03 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0Njg4NCwiayI6IjlhZDFkNDk2YTE0NTNlNDZlOGJmMmIzY2IzOWU0NDllIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDA2MzEwLCJwaWQiOjExODY4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6ImdnNWoxeXN6IiwiY3BrcyI6eyAiMjgiOiI1OGFhNjgzNWY0YWE2MWE5NmJkZGY4MjgxMTk4NTA3NyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.5rNKpfyFLJe_vFZoHlNVRK4IUXRbP4SXw6INywhLQOI; expires=Wed, 07 Dec 2022 11:44:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc190b1bdfe997bd5569c37764e7cac1
Strict-Transport-Security: max-age=0; includeSubdomains
addresseepaper.com/sfp.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 07 Dec 2022 11:43:03 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f371fd6cbe04abe5f0d8679af1f2a998
ac95c5a39304a338b963d591a374bd667c836143
bb563352d50a6732df1045dcf54d5242f7609753538c26735456fef24a4692e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB563352D50A6732DF1045DCF54D5242F7609753538C26735456FEF24A4692E9"
Last-Modified: Tue, 06 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8148
Expires: Wed, 07 Dec 2022 13:58:52 GMT
Date: Wed, 07 Dec 2022 11:43:04 GMT
Connection: keep-alive
enginecodes.net/favicon.ico
176.9.111.7200 OK 1.2 kB URL HTTP/1.1 enginecodes.net/favicon.ico
IP 176.9.111.7:0
ASN #24940 Hetzner Online GmbH
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 1931b82d707a41007a353af1ef84553b
eb8c8340bece8bd1ad9a6308a30a2f01f026632f
c0ebe96d171ef5428a313c42cf0d117e38075171bfd4070f1f18d4830a36d8d5
GET /favicon.ico HTTP/1.1
Host: enginecodes.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:43:04 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 1150
Last-Modified: Sun, 04 Dec 2022 19:47:28 GMT
Connection: keep-alive
ETag: "638cf950-47e"
X-Powered-By: PleskLin
Accept-Ranges: bytes
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
45.133.44.9200 OK 106 kB URL HTTP/2 cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size 106 kB (105910 bytes)
Hash a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:43:04 GMT
content-type: image/png
content-length: 105910
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Fri, 09 Dec 2022 11:43:04 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
swelltomatoesguess.com/watch.548381908200.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=ae0e7a428d3129cc1bcd1d083b190594a602c4172cf0240a4f51790d0801b83464eefe6cd38e34aa419b641f39bcdf80c026eba8d222a9ca558fbe59df6ba216cffec307e3b33ae6f1a0eaf701e3b6ac22c43f44530743d9e9595f38ca891d&pst=1670413443&rmtc=t
192.243.61.227200 OK 642 B URL HTTP/1.1 swelltomatoesguess.com/watch.548381908200.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=ae0e7a428d3129cc1bcd1d083b190594a602c4172cf0240a4f51790d0801b83464eefe6cd38e34aa419b641f39bcdf80c026eba8d222a9ca558fbe59df6ba216cffec307e3b33ae6f1a0eaf701e3b6ac22c43f44530743d9e9595f38ca891d&pst=1670413443&rmtc=t
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (601)
Hash 99fe4738d84be3a23dcc8cf3404ee883
92b13a4715b5c2388de0d6b657679bcf9e38971b
449ee9dd3b64d4f75875237ea09262e375358df6434ac05e3d6d37803a435d04
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.548381908200.js?key=9ad1d496a1453e46e8bf2b3cb39e449e&kw=%5B%22u0372%22%2C%22engine%22%2C%22code%22%2C%22meaning%22%2C%22-%22%2C%22u0372%22%2C%22engine%22%2C%22trouble%22%2C%22code%22%2C%22-%22%2C%22how%22%2C%22to%22%2C%22fix%22%2C%22u0372%22%2C%22enginecodes%22%2C%22net%22%5D&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&tz=0&dev=e&res=12.1053&uuid=a9f376b3-8257-4adf-8621-65948ff96218%3A3%3A1&shu=ae0e7a428d3129cc1bcd1d083b190594a602c4172cf0240a4f51790d0801b83464eefe6cd38e34aa419b641f39bcdf80c026eba8d222a9ca558fbe59df6ba216cffec307e3b33ae6f1a0eaf701e3b6ac22c43f44530743d9e9595f38ca891d&pst=1670413443&rmtc=t HTTP/1.1
Host: swelltomatoesguess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://u0372.enginecodes.net
Referer: http://u0372.enginecodes.net/
Connection: keep-alive
Cookie: u_pl=17746884; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0Njg4NCwiayI6IjlhZDFkNDk2YTE0NTNlNDZlOGJmMmIzY2IzOWU0NDllIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDA2MzEwLCJwaWQiOjExODY4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6ImdnNWoxeXN6IiwiY3BrcyI6eyAiMjgiOiI1OGFhNjgzNWY0YWE2MWE5NmJkZGY4MjgxMTk4NTA3NyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.5rNKpfyFLJe_vFZoHlNVRK4IUXRbP4SXw6INywhLQOI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://u0372.enginecodes.net
Access-Control-Allow-Origin: http://u0372.enginecodes.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a9f376b3-8257-4adf-8621-65948ff96218:3:1; expires=Wed, 14 Dec 2022 11:43:04 GMT; secure; SameSite=None
iprce6b9e7aff3840bfc39435283efae44b2=2717343; expires=Thu, 08 Dec 2022 13:43:04 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 11:43:04 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 11:43:04 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 08 Dec 2022 11:43:04 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 08 Dec 2022 11:43:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1eea4f371708e3a348f2abc0ed1029bb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 0be73f837e6aeb740e5c608fb17237b5
4dfd1104c0558f35d83b35ca08e4874052be4bc7
9f57778d4b2af1df4ee9000e3be98a38927c78d4d61b8a70f7a6499c2842fa89
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 06:34:05 GMT
Expires: Tue, 13 Dec 2022 06:34:04 GMT
Etag: "4dfd1104c0558f35d83b35ca08e4874052be4bc7"
Cache-Control: max-age=499259,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775d0062dc390b69-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3f15712225b216539aebfa2f1467c228
9f879596dddaf6360ac32a1ff58bfa04e43a8aa1
88e0df473f45cd5fff9ffca2669da6542e0cf7d1ab2db36333d7641c5bdaff3c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88E0DF473F45CD5FFF9FFCA2669DA6542E0CF7D1AB2DB36333D7641C5BDAFF3C"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3835
Expires: Wed, 07 Dec 2022 12:46:59 GMT
Date: Wed, 07 Dec 2022 11:43:04 GMT
Connection: keep-alive
www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17746884
192.243.61.225200 OK 1.3 kB URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17746884
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 30f8fd14fa4f0cb147d726ffb9c98549
351b9c5a5cdf334b979463435bf2d598935cf3d7
80d8d1d6961fb139b409cb0a79aede6744ae375f90d0b1a01ddd6eabd8f85bc3
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17746884 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://u0372.enginecodes.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Thu, 08 Dec 2022 11:43:04 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTc3NDY4ODQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.mpFv8aEiDjoVqPjw0oMbvMvjRStfzTEaSySw-bcaoKI; expires=Wed, 07 Dec 2022 11:44:04 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a2f601bbc98e71088befe6d57a20eccb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.spikereekvelocity.com/dyfc1k09?shu=afe759c4aeea2167d5e72e87eb4c7fb2495a6456d395d7597827f4a3c6ba7adbe65b82f3864108285528969d65b3caf9b16554d4fbd5de6ec6c43ce7df5b23cda77575334404dd65e00b92a56909fa3f55bfb6fd4a03f1fd2501c3967900b856&pst=1670413444&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&psid=17746884
192.243.61.225302 Found 0 B URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?shu=afe759c4aeea2167d5e72e87eb4c7fb2495a6456d395d7597827f4a3c6ba7adbe65b82f3864108285528969d65b3caf9b16554d4fbd5de6ec6c43ce7df5b23cda77575334404dd65e00b92a56909fa3f55bfb6fd4a03f1fd2501c3967900b856&pst=1670413444&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&psid=17746884
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=afe759c4aeea2167d5e72e87eb4c7fb2495a6456d395d7597827f4a3c6ba7adbe65b82f3864108285528969d65b3caf9b16554d4fbd5de6ec6c43ce7df5b23cda77575334404dd65e00b92a56909fa3f55bfb6fd4a03f1fd2501c3967900b856&pst=1670413444&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fu0372.enginecodes.net%2F&psid=17746884 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTc3NDY4ODQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3UwMzcyLmVuZ2luZWNvZGVzLm5ldC8ifX0.mpFv8aEiDjoVqPjw0oMbvMvjRStfzTEaSySw-bcaoKI; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:43:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://clarus-che.com/zcvisitor/4fe45e24-7624-11ed-82a7-0a9b1090cb5f/014d4f70-c126-11e5-9ddc-0afe289da1cd?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
Set-Cookie: pdhtkv=true; expires=Thu, 08 Dec 2022 11:43:05 GMT
uncs=1; expires=Thu, 08 Dec 2022 11:43:05 GMT
pdhtkv28=true; expires=Thu, 08 Dec 2022 11:43:05 GMT
uncs28=1; expires=Thu, 08 Dec 2022 11:43:05 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8a51b61c66c26d955fd0a6ab08705b4f
Strict-Transport-Security: max-age=0; includeSubdomains
clarus-che.com/zcvisitor/4fe45e24-7624-11ed-82a7-0a9b1090cb5f/014d4f70-c126-11e5-9ddc-0afe289da1cd?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
3.208.247.235302 0 B URL HTTP/1.1 clarus-che.com/zcvisitor/4fe45e24-7624-11ed-82a7-0a9b1090cb5f/014d4f70-c126-11e5-9ddc-0afe289da1cd?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
IP 3.208.247.235:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/4fe45e24-7624-11ed-82a7-0a9b1090cb5f/014d4f70-c126-11e5-9ddc-0afe289da1cd?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51 HTTP/1.1
Host: clarus-che.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Wed, 07 Dec 2022 11:43:05 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://shopde.pricedeals.shop/go.php?market=no&zr4fe45e24762411ed82a70a9b1090cb5fbed99e5770c444dda399ad24784d9767069539da0256bd1a3e
Server: RdNhZCWM
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bcd3c13e6aec58d8f5a22c6814fb70e2
983098361de1d782ae0d6351b1051107ac079859
1cacd718d681fabb47d90033449cd68723d916aa727fd1c8c07e4cdedf941649
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CACD718D681FABB47D90033449CD68723D916AA727FD1C8C07E4CDEDF941649"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3039
Expires: Wed, 07 Dec 2022 12:33:44 GMT
Date: Wed, 07 Dec 2022 11:43:05 GMT
Connection: keep-alive
shopde.pricedeals.shop/go.php?market=no&zr4fe45e24762411ed82a70a9b1090cb5fbed99e5770c444dda399ad24784d9767069539da0256bd1a3e
135.181.6.240200 OK 570 B URL HTTP/1.1 shopde.pricedeals.shop/go.php?market=no&zr4fe45e24762411ed82a70a9b1090cb5fbed99e5770c444dda399ad24784d9767069539da0256bd1a3e
IP 135.181.6.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (450)
Hash 0958fc8e53df7c5a9de0442040704ad4
9d1cb1bce9b785e31764be157e952a4851e19d6e
2cf2a96bd99579531cf53ee4ea031315e3166abf11d3f50e645f6d759aa0d6d1
GET /go.php?market=no&zr4fe45e24762411ed82a70a9b1090cb5fbed99e5770c444dda399ad24784d9767069539da0256bd1a3e HTTP/1.1
Host: shopde.pricedeals.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:05 GMT
Server: Apache/2.4.54 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 570
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shopde.pricedeals.shop/favicon.ico
135.181.6.240404 Not Found 285 B URL HTTP/1.1 shopde.pricedeals.shop/favicon.ico
IP 135.181.6.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7cd85cf7b8f9a014ae145681b1f5e73d
a574403ec64b443a802d0980e3bd368bafebe2d9
cb5d0086c43932c164cc6892b9f762fb4128c182d3dbdbf476036a2783f0023b
GET /favicon.ico HTTP/1.1
Host: shopde.pricedeals.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shopde.pricedeals.shop/go.php?market=no&zr4fe45e24762411ed82a70a9b1090cb5fbed99e5770c444dda399ad24784d9767069539da0256bd1a3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Wed, 07 Dec 2022 11:43:05 GMT
Server: Apache/2.4.54 (Debian)
Content-Length: 285
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
shopde.pricedeals.shop/redirect.php?u=aHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvY3RsL2dvL29mZmVyc2VhcmNoR28_LnRzPTE2NzAzODYwNjA5MjImLnNpZz1BcVA2emdaVEdlbVdyRGxTc0sucXk2VE5Mb3ctJmFmZmlsaWF0aW9uSWQ9OTY5Nzk3MTQmY29tSWQ9MTAwNTQyMzU5JmNvdW50cnk9bm8mb2ZmZXJJZD1hZDY1ZjViODY1ZjhiNzdmMTI5ODQ4NDZmYjdlM2QwMCZzZXJ2aWNlPTM3JnRva2VuSWQ9MzJmMzQzMTItZjIwMy00MDcwLTg2ODUtNTQyZmIxMjdiMTEwJndhaXQ9dHJ1ZSZhZGRlZFBhcmFtcz10cnVlJmN1c3RvbTE9NTEm
135.181.6.240200 OK 467 B URL HTTP/1.1 shopde.pricedeals.shop/redirect.php?u=aHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvY3RsL2dvL29mZmVyc2VhcmNoR28_LnRzPTE2NzAzODYwNjA5MjImLnNpZz1BcVA2emdaVEdlbVdyRGxTc0sucXk2VE5Mb3ctJmFmZmlsaWF0aW9uSWQ9OTY5Nzk3MTQmY29tSWQ9MTAwNTQyMzU5JmNvdW50cnk9bm8mb2ZmZXJJZD1hZDY1ZjViODY1ZjhiNzdmMTI5ODQ4NDZmYjdlM2QwMCZzZXJ2aWNlPTM3JnRva2VuSWQ9MzJmMzQzMTItZjIwMy00MDcwLTg2ODUtNTQyZmIxMjdiMTEwJndhaXQ9dHJ1ZSZhZGRlZFBhcmFtcz10cnVlJmN1c3RvbTE9NTEm
IP 135.181.6.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (363)
Hash f4d1a0fb218978e7ab069d478a99d36a
f956d287a6728738862b5e423128347703e5be6e
ca734f81797bbbe6bf129bd8c17947976782cf0bc17a431e79671ab4c7a49be5
GET /redirect.php?u=aHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvY3RsL2dvL29mZmVyc2VhcmNoR28_LnRzPTE2NzAzODYwNjA5MjImLnNpZz1BcVA2emdaVEdlbVdyRGxTc0sucXk2VE5Mb3ctJmFmZmlsaWF0aW9uSWQ9OTY5Nzk3MTQmY29tSWQ9MTAwNTQyMzU5JmNvdW50cnk9bm8mb2ZmZXJJZD1hZDY1ZjViODY1ZjhiNzdmMTI5ODQ4NDZmYjdlM2QwMCZzZXJ2aWNlPTM3JnRva2VuSWQ9MzJmMzQzMTItZjIwMy00MDcwLTg2ODUtNTQyZmIxMjdiMTEwJndhaXQ9dHJ1ZSZhZGRlZFBhcmFtcz10cnVlJmN1c3RvbTE9NTEm HTTP/1.1
Host: shopde.pricedeals.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shopde.pricedeals.shop/go.php?market=no&zr4fe45e24762411ed82a70a9b1090cb5fbed99e5770c444dda399ad24784d9767069539da0256bd1a3e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:06 GMT
Server: Apache/2.4.54 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 467
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20f6192e4535e9cd0534fde901f8accf
6925717fe60389306d0f6b75465fd915b7df3c16
73b29633a00c3685251d2fb2741fa364e050320867040502f876187c8fe36b39
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3742
Cache-Control: max-age=110998
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:07 GMT
Etag: "638f7c43-1d7"
Expires: Thu, 08 Dec 2022 18:33:05 GMT
Last-Modified: Tue, 06 Dec 2022 17:30:43 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
no-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1670386060922&.sig=AqP6zgZTGemWrDlSsK.qy6TNLow-&affiliationId=96979714&comId=100542359&country=no&offerId=ad65f5b865f8b77f12984846fb7e3d00&service=37&tokenId=32f34312-f203-4070-8685-542fb127b110&wait=true&addedParams=true&custom1=51&
95.211.116.27200 OK 28 kB URL HTTP/1.1 no-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1670386060922&.sig=AqP6zgZTGemWrDlSsK.qy6TNLow-&affiliationId=96979714&comId=100542359&country=no&offerId=ad65f5b865f8b77f12984846fb7e3d00&service=37&tokenId=32f34312-f203-4070-8685-542fb127b110&wait=true&addedParams=true&custom1=51&
IP 95.211.116.27:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13002)
Hash 8b623599d9762c6f04604c1508e844c1
c105abc635d041cb4c331efde44c6055689b167b
ed3d44914926e06cc019afd563eed5eec714b7966b56a06c8e29c8de6ad3f8f9
GET /ctl/go/offersearchGo?.ts=1670386060922&.sig=AqP6zgZTGemWrDlSsK.qy6TNLow-&affiliationId=96979714&comId=100542359&country=no&offerId=ad65f5b865f8b77f12984846fb7e3d00&service=37&tokenId=32f34312-f203-4070-8685-542fb127b110&wait=true&addedParams=true&custom1=51& HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shopde.pricedeals.shop/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:07 GMT
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617
clickId: 107698111_1670413387735_566846
country: no
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
X-DataDome: protected
Request-Time: PT0.020603S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Type: text/html; charset=UTF-8
Content-Length: 27717
Set-Cookie: datadome=6YrseHY3GPs0GostgrbTavsjx0Go-jgJZLd6oxl3ding4NzivcEuAMV_gqLZcBJSKDskUxcBum7nlLyzPrwBzu0uK~qVcevzy0TEAFK-xJJXE29pBWf3tEHkIZzXAVfV; Max-Age=31536000; Expires=Thu, 07 Dec 2023 11:43:07 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
kelkooID=a4c626f-184ec6587d7-2e416; Max-Age=31536000; Expires=Thu, 07 Dec 2023 11:43:07 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=68
Connection: Keep-Alive
no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846
95.211.116.27200 OK 0 B URL HTTP/1.1 no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846
IP 95.211.116.27:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846 HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1670386060922&.sig=AqP6zgZTGemWrDlSsK.qy6TNLow-&affiliationId=96979714&comId=100542359&country=no&offerId=ad65f5b865f8b77f12984846fb7e3d00&service=37&tokenId=32f34312-f203-4070-8685-542fb127b110&wait=true&addedParams=true&custom1=51&
Content-Type: text/plain;charset=utf-8
Content-Length: 544
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Cookie: datadome=6YrseHY3GPs0GostgrbTavsjx0Go-jgJZLd6oxl3ding4NzivcEuAMV_gqLZcBJSKDskUxcBum7nlLyzPrwBzu0uK~qVcevzy0TEAFK-xJJXE29pBWf3tEHkIZzXAVfV; kelkooID=a4c626f-184ec6587d7-2e416; _ga=GA1.2.1844106631.1670413387; _gid=GA1.2.1763313848.1670413387
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:07 GMT
Request-Time: PT0.00497S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=74
Connection: Keep-Alive
no-go.kelkoogroup.net/assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846
95.211.116.27200 OK 68 B URL HTTP/1.1 no-go.kelkoogroup.net/assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846
IP 95.211.116.27:0
ASN #60781 LeaseWeb Netherlands B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846 HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1670386060922&.sig=AqP6zgZTGemWrDlSsK.qy6TNLow-&affiliationId=96979714&comId=100542359&country=no&offerId=ad65f5b865f8b77f12984846fb7e3d00&service=37&tokenId=32f34312-f203-4070-8685-542fb127b110&wait=true&addedParams=true&custom1=51&
Connection: keep-alive
Cookie: datadome=6YrseHY3GPs0GostgrbTavsjx0Go-jgJZLd6oxl3ding4NzivcEuAMV_gqLZcBJSKDskUxcBum7nlLyzPrwBzu0uK~qVcevzy0TEAFK-xJJXE29pBWf3tEHkIZzXAVfV; kelkooID=a4c626f-184ec6587d7-2e416
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:07 GMT
Request-Time: PT0.001571S
X-Robots-Tag: noindex,nofollow
Cache-Control: private, must-revalidate
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Type: image/png
Content-Length: 68
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=93
Connection: Keep-Alive
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&initiator=timeout
95.211.116.27303 See Other 0 B URL HTTP/1.1 no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&initiator=timeout
IP 95.211.116.27:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff4376051d4e1eb650ae26bb9b98096017ca84e2abd1749d891a32ab12b85499f9678fda117eb0591f09ff920822675e5ab96e6fad47727d19c9b19b7dcce349dfa9aa3e27e713636c07e7b85a22437cd6cf5a5aa1893006b86ac4f02a57128016ca9a915c0c41e9ebc757537185b31390b17e950f5df37dc007b20959e65fa43175cc1ad551cda7d482092034127168ef5147761bd9cc24e8d517bead952f87e854a0f4e38c33927f774&leadId=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&clickId=107698111_1670413387735_566846&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&initiator=timeout HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1670386060922&.sig=AqP6zgZTGemWrDlSsK.qy6TNLow-&affiliationId=96979714&comId=100542359&country=no&offerId=ad65f5b865f8b77f12984846fb7e3d00&service=37&tokenId=32f34312-f203-4070-8685-542fb127b110&wait=true&addedParams=true&custom1=51&
Connection: keep-alive
Cookie: datadome=6YrseHY3GPs0GostgrbTavsjx0Go-jgJZLd6oxl3ding4NzivcEuAMV_gqLZcBJSKDskUxcBum7nlLyzPrwBzu0uK~qVcevzy0TEAFK-xJJXE29pBWf3tEHkIZzXAVfV; kelkooID=a4c626f-184ec6587d7-2e416; _ga=GA1.2.1844106631.1670413387; _gid=GA1.2.1763313848.1670413387
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 303 See Other
Date: Wed, 07 Dec 2022 11:43:08 GMT
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617
clickId: 107698111_1670413387735_566846
country: no
Location: https://nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
X-DataDome: protected
Request-Time: PT0.021031S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Length: 0
Set-Cookie: datadome=2Xbss06u9Talo0VkTnoL8TXqkDKD9yLfDaThKvTRIQ6futrUt~rg4-~59YCMitAQKgFN79MG125yPM8mqOIZZbObiL5zc5apZI_l66CyuZjvk7tNB-k4BDVLIQrQYYHb; Max-Age=31536000; Expires=Thu, 07 Dec 2023 11:43:08 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=52
Connection: Keep-Alive
Content-Type: text/plain
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2Fctl%2Fgo%2FoffersearchGo%3F.ts%3D1670386060922%26.sig%3DAqP6zgZTGemWrDlSsK.qy6TNLow-%26affiliationId%3D96979714%26comId%3D100542359%26country%3Dno%26offerId%3Dad65f5b865f8b77f12984846fb7e3d00%26service%3D37%26tokenId%3D32f34312-f203-4070-8685-542fb127b110%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3D51%26&dr=https%3A%2F%2Fshopde.pricedeals.shop%2F&dp=%2F96979714%7C100542359%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20nemdag.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1844106631.1670413387&tid=UA-168544891-6&_gid=1763313848.1670413387&_r=1&cd1=96979714&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&cd3=100542359&cd4=a4c626f-184ec6587d7-2e416&cd5=&cd6=96979714%7C100542359%7C&z=910212685
142.250.74.46200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2Fctl%2Fgo%2FoffersearchGo%3F.ts%3D1670386060922%26.sig%3DAqP6zgZTGemWrDlSsK.qy6TNLow-%26affiliationId%3D96979714%26comId%3D100542359%26country%3Dno%26offerId%3Dad65f5b865f8b77f12984846fb7e3d00%26service%3D37%26tokenId%3D32f34312-f203-4070-8685-542fb127b110%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3D51%26&dr=https%3A%2F%2Fshopde.pricedeals.shop%2F&dp=%2F96979714%7C100542359%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20nemdag.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1844106631.1670413387&tid=UA-168544891-6&_gid=1763313848.1670413387&_r=1&cd1=96979714&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&cd3=100542359&cd4=a4c626f-184ec6587d7-2e416&cd5=&cd6=96979714%7C100542359%7C&z=910212685
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
POST /collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2Fctl%2Fgo%2FoffersearchGo%3F.ts%3D1670386060922%26.sig%3DAqP6zgZTGemWrDlSsK.qy6TNLow-%26affiliationId%3D96979714%26comId%3D100542359%26country%3Dno%26offerId%3Dad65f5b865f8b77f12984846fb7e3d00%26service%3D37%26tokenId%3D32f34312-f203-4070-8685-542fb127b110%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3D51%26&dr=https%3A%2F%2Fshopde.pricedeals.shop%2F&dp=%2F96979714%7C100542359%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20nemdag.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1844106631.1670413387&tid=UA-168544891-6&_gid=1763313848.1670413387&_r=1&cd1=96979714&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1670413387742_2930617&cd3=100542359&cd4=a4c626f-184ec6587d7-2e416&cd5=&cd6=96979714%7C100542359%7C&z=910212685 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
access-control-allow-origin: https://no-go.kelkoogroup.net
date: Wed, 07 Dec 2022 11:43:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
x-content-type-options: nosniff
access-control-allow-credentials: true
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
94.143.8.150200 OK 48 kB URL HTTP/2 nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (49101), with CRLF line terminators
Hash 6a768866d1dd0f610ed8b483a20dc09d
931eeae70001f0b491c95545b2c2b3cd19e29b6e
a38cecdb655ba08afa7aa430f6f2ea9b51ccab31e9d134c93a2d89fc96ecd1b6
GET /shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo HTTP/1.1
Host: nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:08 GMT
content-type: text/html; Charset=UTF-8
content-length: 48243
cache-control: no-store, must-revalidate,no-cache
pragma: no-cache,no-cache,no-cache,no-cache,no-cache
content-encoding: gzip
expires: Wed, 07 Dec 2022 11:42:08 GMT
vary: Accept-Encoding
p3p: CP='OUR PSA PSD BUS UNI NID DSP NOI COR'
set-cookie: SharedSessionId=E24BB405%2D60C4%2D4F2D%2DB51E%2D075EF051FFD3; path=/shop; HttpOnly; SameSite=Lax; Secure
ASPSESSIONIDQSCADSAS=HOAGNCBAGPHLEHCJHLFGANGG; path=/; HttpOnly; SameSite=Lax; Secure
x-frame-options: SAMEORIGIN
x-backendserver: c104web5_live_ws8_dandomain_dk
age: 0
via: 1.1 varnish (Varnish/6.0)
x-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
nemdag.no/shop/frontend/public/js/webshop.all.min.js?v=8.90.1306
94.143.8.150200 OK 178 kB URL HTTP/2 nemdag.no/shop/frontend/public/js/webshop.all.min.js?v=8.90.1306
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size 178 kB (178527 bytes)
Hash e676a5d060e4e493ad11d742b75308bb
4ab83e9bd6db9657ed7f5bad40959421b91aa9ce
4b7e6bda516a9eebe9a57f5306b8e6ad148ae2eed005946ab9da609838cfb3a3
GET /shop/frontend/public/js/webshop.all.min.js?v=8.90.1306 HTTP/1.1
Host: nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
Cookie: SharedSessionId=E24BB405%2D60C4%2D4F2D%2DB51E%2D075EF051FFD3; ASPSESSIONIDQSCADSAS=HOAGNCBAGPHLEHCJHLFGANGG
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:08 GMT
content-type: application/javascript
content-length: 178527
cache-control: max-age=0
etag: "05619a531e9d81:0"
x-frame-options: SAMEORIGIN
content-encoding: gzip
last-modified: Wed, 26 Oct 2022 11:54:04 GMT
vary: Accept-Encoding
x-backendserver: c104web3_live_ws8_dandomain_dk
age: 532
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
nemdag.no/images/skins/Bewise/images/nemdag_no_logo.svg
94.143.8.150200 OK 1.5 kB URL HTTP/2 nemdag.no/images/skins/Bewise/images/nemdag_no_logo.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3362), with no line terminators
Hash 9828a4db0c604c379c36fdf846d111a2
77dea6ba4905f89cd6fdf76755599f2657f67c9a
775a39571cc4a13b421d45b9bd47be8bfc7367c851d26512fcb9a71a1e4c3c48
GET /images/skins/Bewise/images/nemdag_no_logo.svg HTTP/1.1
Host: nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
Cookie: ASPSESSIONIDQSCADSAS=HOAGNCBAGPHLEHCJHLFGANGG
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:08 GMT
content-type: image/svg+xml
content-length: 1494
cache-control: max-age=0
etag: W/"986bda469a36d71:0"
last-modified: Wed, 21 Apr 2021 10:37:07 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web2_live_ws8_dandomain_dk
age: 371
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.klaviyo.com/onsite/js/klaviyo.js?company_id=WWR45N
151.101.2.133200 OK 1.0 kB URL HTTP/2 static.klaviyo.com/onsite/js/klaviyo.js?company_id=WWR45N
IP 151.101.2.133:0
File type ASCII text, with very long lines (2904)
Hash ad7b2191b2180961abfead1a1af92048
b7728b03fc42c2b4f892d3989b08a9a97b610e51
378a2bb254ae8b219aa68c843409e27136344e00b575b368412001e360fc10bf
GET /onsite/js/klaviyo.js?company_id=WWR45N HTTP/1.1
Host: static.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers:
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
allow: GET, OPTIONS
cache-control: max-age=1, stale-while-revalidate=10800
content-encoding: gzip
content-type: application/javascript
etag: W/"11625a875851d6efa6283cf9d6e09424"
server: nginx
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:08 GMT
age: 46953
x-served-by: cache-lga21922-LGA, cache-bma1672-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 44
x-timer: S1670413389.987167,VS0,VE0
vary: Accept-Encoding
content-length: 1037
X-Firefox-Spdy: h2
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css
151.101.65.229200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css
IP 151.101.65.229:0
File type ASCII text, with very long lines (12795), with no line terminators
Hash 18b46dae08e98971b16123ea48913d23
e0a1aa82445a38538413b488924613c44861c59d
62c06f2ea24cfdf0003164fca05560cc8b5333f6ef312016458e05ecbb7c8f62
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:08 GMT
age: 19398894
x-served-by: cache-fra19160-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3096
X-Firefox-Spdy: h2
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js
151.101.65.229200 OK 22 kB URL HTTP/2 cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js
IP 151.101.65.229:0
File type HTML document, ASCII text, with very long lines (31972)
Hash 4d34dbd8ea98c872e60866111a4cfca8
67bc498c32e10d3b3ed85ffb6bb564250d16e04f
c786e39636aac1979c7bad96cdb0de715c961b3f7ca650d05f8b07a50df69141
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:08 GMT
age: 11106028
x-served-by: cache-fra19161-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 22012
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-196343429-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-196343429-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 795dc07444a7c2baa09d56d1d0d693c2
1ff71f8371e0eb4eeff4a9b17dc13be3c587ba3d
8f28e32039dfc3cf35bbb4ce72d0194f264e7dcef9cacabcf4b010a0cd5ec33c
GET /gtag/js?id=UA-196343429-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Dec 2022 11:43:09 GMT
expires: Wed, 07 Dec 2022 11:43:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44742
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googleoptimize.com/optimize.js?id=OPT-MGQ934N
142.250.74.174200 OK 46 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=OPT-MGQ934N
IP 142.250.74.174:0
File type ASCII text, with very long lines (1921)
Hash 0dd591d431122ffa251eb6ff8df01e7f
1f586a6bd0cc6591021748d237f8b4e9397fc0e4
41a5f6add3b2dc2bc19a6d3f0caafdabe686d9ef361d8ef319271b238c4f83d8
GET /optimize.js?id=OPT-MGQ934N HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Dec 2022 11:43:09 GMT
expires: Wed, 07 Dec 2022 11:43:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45548
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/css/hverdag.css
94.143.8.150200 OK 2.1 kB URL HTTP/2 pluus.se/images/skins/Main/css/hverdag.css
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type ASCII text, with CRLF line terminators
Hash 611cd9c6ab0d47f81e7c2da5ef3dbbb2
6c48261bf4195f60d23198aafe45733f9c9ec046
0a6f6821f8958f036447c93bd16f19eb1ee211e2a03794bff0767a2aaf2bab57
GET /images/skins/Main/css/hverdag.css HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: text/css
content-length: 2069
cache-control: max-age=31536000
etag: "3bc47d6b4b7d81:0"
content-encoding: gzip
last-modified: Wed, 24 Aug 2022 12:27:12 GMT
vary: Accept-Encoding
x-backendserver: c104web7_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-NB8JV45
142.250.74.168200 OK 68 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-NB8JV45
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (19311)
Hash 62fbc3d922528a97eca18c07a7c81cf5
24a8d491524d53e636d24b1378b32e22409a63ec
ca293e001dfde44478146d2dd7973ce74a37f0b6d409df5aab8361b48608d379
GET /gtm.js?id=GTM-NB8JV45 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Dec 2022 11:43:09 GMT
expires: Wed, 07 Dec 2022 11:43:09 GMT
cache-control: private, max-age=900
last-modified: Wed, 07 Dec 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68423
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-cart.svg
94.143.8.150200 OK 575 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-cart.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 0fc238dd6b25f6e8c77a0320e73cbb6c
e238033e2175f1d90bbbe62be4ce8aeb1adf323f
ffec0a96aa5488a9f62aa11a25a8bed53100884cf6415ed9e0959e8fa25fa495
GET /images/skins/Main/images/icon-cart.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 575
cache-control: max-age=31536000
etag: W/"3c7b86196064d81:0"
last-modified: Tue, 10 May 2022 11:21:31 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web7_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/4052136046663-t.jpg
94.143.8.150200 OK 30 kB URL HTTP/2 pluus.se/images/4052136046663-t.jpg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 340x514, components 3\012- data
Hash 3b5c858b5e79730f4cf1b728092fac2b
3e2c343b57b02cff1896e870f1512674c8208901
ecff9ba07803a8a8d5ae47092917f65c8499aca86c90ab72b65c03eff79915d1
GET /images/4052136046663-t.jpg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/jpeg
content-length: 29801
cache-control: max-age=31536000
etag: "8b95cfd5454d61:0"
last-modified: Tue, 07 Jul 2020 11:51:45 GMT
x-backendserver: c104web2_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-user-black.svg
94.143.8.150200 OK 701 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-user-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321)
Hash 24729894e2d11693b073ba364de3c76a
78f48c09b5a6e042f634c507f3e067d6a281e069
b85e0a5b8064c98afe2e90be8d02759a0e62a6893a22532f3020264ff4a89ec0
GET /images/skins/Main/images/icon-user-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 701
cache-control: max-age=31536000
etag: W/"b021232f5164d81:0"
last-modified: Tue, 10 May 2022 09:34:45 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web5_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-menu-black.svg
94.143.8.150200 OK 392 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-menu-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash cc27996bf2cc57877ef07f77d1278562
e4d1b49f5ab3ad51b52db06b84a796beba9ccfbf
6cef144bbe8cc614a1840cc7f94f63d73bbb713b815920cf90bec602589648a9
GET /images/skins/Main/images/icon-menu-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 392
cache-control: max-age=31536000
etag: W/"f1fc7d305164d81:0"
last-modified: Tue, 10 May 2022 09:34:47 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web4_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-favorites-black.svg
94.143.8.150200 OK 626 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-favorites-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 24343d7b59810228434d13307daba25a
6ac5114f3b69ee6982ce33b72ef4d81211e5473f
a548dc49845c90efbc4c37af6cabedcd87159a3bd8f4dd5f877f1bfb4d062661
GET /images/skins/Main/images/icon-favorites-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 626
cache-control: max-age=31536000
etag: W/"5be06f315164d81:0"
last-modified: Tue, 10 May 2022 09:34:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web6_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/85805533069-t.jpg
94.143.8.150200 OK 29 kB URL HTTP/2 pluus.se/images/85805533069-t.jpg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 296x763, components 3\012- data
Hash 58a9fa96e827b1533c5ae27765bb182e
352ad16e9803f4ab6c31c3f31016e30b11dcb278
52dfaedeef144dd9144475e2fbf71bbcc24ba9b99f7a6a05bb3870ab9c9d82e2
GET /images/85805533069-t.jpg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/jpeg
content-length: 29005
cache-control: max-age=31536000
etag: "93ce883315fd61:0"
last-modified: Tue, 21 Jul 2020 07:35:32 GMT
x-backendserver: c104web3_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-check-green.svg
94.143.8.150200 OK 394 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-check-green.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fef2003ad1baf7266b3e8408228028c9
8063e8b2ccc006ff04803aab9ca5cfcecef6dee2
43a328b0d8946fc7afe09783afb38e0a600d9f47c53bf418fc3985a616f7069c
GET /images/skins/Main/images/icon-check-green.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 394
cache-control: max-age=31536000
etag: W/"e69cf9305164d81:0"
last-modified: Tue, 10 May 2022 09:34:48 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web4_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-truck-black.svg
94.143.8.150200 OK 582 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-truck-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6b402816c6f5d0635a4494ff5103a7e5
029e449c0dc8aa3c0a445a43d9deee638000a3b7
7d886970d845467ac14ff3d68521f1951127b28c17f9ac6b85d2bc68f35c9194
GET /images/skins/Main/images/icon-truck-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 582
cache-control: max-age=31536000
etag: W/"c87b387a064d81:0"
last-modified: Tue, 10 May 2022 19:02:44 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web7_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-phone-black.svg
94.143.8.150200 OK 552 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-phone-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8174d5151e9da7e7d414d01a57d4fc1e
5be37ceb69bf4bc77f4362f1c6446fa50a89a1ec
f517fd7d8dfd4a083c48e1706eaf8b4978d2dbaed9e038540ee88204d867115e
GET /images/skins/Main/images/icon-phone-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 552
cache-control: max-age=31536000
etag: W/"a97c9f2f5164d81:0"
last-modified: Tue, 10 May 2022 09:34:46 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web2_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
policy.app.cookieinformation.com/uc.js
152.199.21.175200 OK 11 kB URL HTTP/2 policy.app.cookieinformation.com/uc.js
IP 152.199.21.175:0
File type Unicode text, UTF-8 text, with very long lines (33315), with no line terminators
Hash 1daa6fac288f313bd8259a15620e93a2
6cc7b1244182d7d00d1464006aa5eb1817fd91df
3d214ddc2ebd7cd44d079361f3662697ead14836c05ae59afc3f51df5922b36f
GET /uc.js HTTP/1.1
Host: policy.app.cookieinformation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 213
cache-control: max-age=300
content-md5: MYYKq2p56pWUQuWDOioz6A==
content-type: application/javascript
date: Wed, 07 Dec 2022 11:43:09 GMT
etag: 0x8DAC63B0E0D8AF8
expires: Wed, 07 Dec 2022 11:48:09 GMT
last-modified: Mon, 14 Nov 2022 12:23:36 GMT
server: ECAcc (ska/F75E)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: dc2b2eee-801e-0041-2c30-0a60a9000000
x-ms-version: 2009-09-19
x-robots-tag: noindex, noarchive, nosnippet, noindex, noarchive, nosnippet
content-length: 10635
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 67bc74f9bb42605b1d65578edb1b3a46
9588bdf2d3f06745da5933f58a4abc4b180574f4
fb652670a6b105a04a3bb2d29a79ef8380507e1b1905400b0357a647a081e04d
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "406D179333EFFAEBA275D4B73ED495EE4B6C41A9"
Expires: Wed, 07 Dec 2022 22:00:00 GMT
Last-Modified: Wed, 07 Dec 2022 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2471
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775d0081ff451c0e-OSL
pluus.se/images/skins/Main/js/scripts.js
94.143.8.150200 OK 9.9 kB URL HTTP/2 pluus.se/images/skins/Main/js/scripts.js
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type ASCII text, with very long lines (5360), with CRLF line terminators
Hash e1d060ca2509f3d9f20d4cc299b764fb
49a90fbbc0d038e73de063e58447b6bd693e844b
787ae070ce239a041d4b5a3ba95cdc662e7f0e09c8d9800fc6733543bbabbdfc
GET /images/skins/Main/js/scripts.js HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: application/javascript
content-length: 9885
cache-control: max-age=31536000
etag: "ff4a638b44fed81:0"
content-encoding: gzip
last-modified: Tue, 22 Nov 2022 07:32:15 GMT
vary: Accept-Encoding
x-backendserver: c104web5_live_ws8_dandomain_dk
age: 4873
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/css/main.css?v=4
94.143.8.150200 OK 17 kB URL HTTP/2 pluus.se/images/skins/Main/css/main.css?v=4
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type ASCII text, with very long lines (5898), with CRLF line terminators
Hash 9e39c431ec55bf2a8571ca71f66d73e7
a19703231dc62c64556f6f80989f94aee124e2c0
b3cea0fc06e732bdd5ee762c234b97565ba1d8978a8feab03c27319f6af7d56f
GET /images/skins/Main/css/main.css?v=4 HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: text/css
content-length: 16965
cache-control: max-age=31536000
etag: "359a9e2c4ad91:0"
content-encoding: gzip
last-modified: Wed, 07 Dec 2022 06:21:42 GMT
vary: Accept-Encoding
x-backendserver: c104web7_live_ws8_dandomain_dk
age: 4332
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 0ee97cbb249c96e473fc31f16d94c30d
9cb96dcc9db6c37cb7db638bb3bbe441c2cb2740
a288978b4d37133844be262f2cc1503606076a48e149044af028ccfef9ade8a9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 08:43:57 GMT
Expires: Wed, 14 Dec 2022 08:43:56 GMT
Etag: "9cb96dcc9db6c37cb7db638bb3bbe441c2cb2740"
Cache-Control: max-age=593446,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775d00820dee0b69-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 0ee97cbb249c96e473fc31f16d94c30d
9cb96dcc9db6c37cb7db638bb3bbe441c2cb2740
a288978b4d37133844be262f2cc1503606076a48e149044af028ccfef9ade8a9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 08:43:57 GMT
Expires: Wed, 14 Dec 2022 08:43:56 GMT
Etag: "9cb96dcc9db6c37cb7db638bb3bbe441c2cb2740"
Cache-Control: max-age=593446,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775d008209790b45-OSL
checkout.nemdag.no/gb_cart/nemdag_no_v2.css
104.248.31.146200 OK 14 kB URL HTTP/1.1 checkout.nemdag.no/gb_cart/nemdag_no_v2.css
IP 104.248.31.146:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (14431)
Hash 0e861c6561b55c32bf239cbd3a4a140d
1a36e29cfa805016d099e5b20c7860c94e46ffb4
2e19c6bbd493ba737abf06a232e85014b60db28a4118ef5d315e6cd12c0103f2
GET /gb_cart/nemdag_no_v2.css HTTP/1.1
Host: checkout.nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: text/css
Content-Length: 14432
Last-Modified: Thu, 20 Oct 2022 08:55:08 GMT
Connection: keep-alive
ETag: "63510cec-3860"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
checkout.nemdag.no/gb_cart/nemdag_no_v2.js
104.248.31.146200 OK 109 kB URL HTTP/1.1 checkout.nemdag.no/gb_cart/nemdag_no_v2.js
IP 104.248.31.146:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 text, with very long lines (10805)
Size 109 kB (108645 bytes)
Hash d383b55c26a7e987a9a0573aecea2bfc
c5f309055d31868f539e3f259b994adb4eb56b7c
54360da0d7e5c40e3d2625186dd670814dc6caa4120f9e58e59d412c4947c152
GET /gb_cart/nemdag_no_v2.js HTTP/1.1
Host: checkout.nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: application/javascript
Content-Length: 108645
Last-Modified: Fri, 02 Dec 2022 20:41:05 GMT
Connection: keep-alive
ETag: "638a62e1-1a865"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
policy.app.cookieinformation.com/cookiesharingiframe.html
152.199.21.175200 OK 2.8 kB URL HTTP/2 policy.app.cookieinformation.com/cookiesharingiframe.html
IP 152.199.21.175:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8796), with no line terminators
Hash 464df94556dbd1a2739263fcab4816f1
97697bd4140c79cca4db296ec880986a93c850db
0a9398fe42c23368200c4a6b0daa74d62666f507b3792ea43e333cf117d22e53
GET /cookiesharingiframe.html HTTP/1.1
Host: policy.app.cookieinformation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 181
cache-control: max-age=300
content-md5: xqkKVmywb8mz//pJblCHTA==
content-type: text/html
date: Wed, 07 Dec 2022 11:43:09 GMT
etag: 0x8DAC63B0D415222
expires: Wed, 07 Dec 2022 11:48:09 GMT
last-modified: Mon, 14 Nov 2022 12:23:35 GMT
server: ECAcc (ska/F754)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 979c9504-301e-006b-0b30-0abfb9000000
x-ms-version: 2009-09-19
x-robots-tag: noindex, noarchive, nosnippet
content-length: 2809
X-Firefox-Spdy: h2
policy.app.cookieinformation.com/cookie-data/nemdag.no/cabl.json
152.199.21.175200 OK 495 B URL HTTP/2 policy.app.cookieinformation.com/cookie-data/nemdag.no/cabl.json
IP 152.199.21.175:0
File type JSON data\012- , ASCII text, with very long lines (2282), with no line terminators
Hash 4c82a591e7a2de398588cad6af429e15
86f5c4a47b9bc09cd964febb6e3172c08048b3b8
806d79b288674acc48612939c70aacbc80cefc620a7d1cd33d8c53f61deb419d
GET /cookie-data/nemdag.no/cabl.json HTTP/1.1
Host: policy.app.cookieinformation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 50
cache-control: max-age=300
content-md5: uX4s8TmIejycwcC9l3TN/A==
content-type: application/json
date: Wed, 07 Dec 2022 11:43:09 GMT
etag: 0x8DAC6371BD93015
expires: Wed, 07 Dec 2022 11:48:09 GMT
last-modified: Mon, 14 Nov 2022 11:55:21 GMT
server: ECAcc (ska/F733)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: b83bc087-a01e-0034-5130-0a0b85000000
x-ms-version: 2009-09-19
x-robots-tag: noindex, noarchive, nosnippet
content-length: 495
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.pluus.se/images/skins/Main/images/icon-merry-xmas.png
94.143.8.150200 OK 654 kB URL HTTP/2 www.pluus.se/images/skins/Main/images/icon-merry-xmas.png
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced\012- data
Size 654 kB (653480 bytes)
Hash 406b4539008a082c36a304700fcd6ffc
32d58b4cef4034d79b8c3fcb681bb8ba74098405
52037c2e98e25d600fb5b62a022132538e034f11fad1f45d6a1bdffc17fbcfcb
GET /images/skins/Main/images/icon-merry-xmas.png HTTP/1.1
Host: www.pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/png
content-length: 653480
cache-control: max-age=31536000
etag: "bf161d455a5d91:0"
last-modified: Thu, 01 Dec 2022 07:55:24 GMT
x-backendserver: c104web5_live_ws8_dandomain_dk
age: 633
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-search-black.svg
94.143.8.150200 OK 211 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-search-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (305), with no line terminators
Hash 694b969d98c0b5acd6c8899fae318b8b
346669271384e6d7e48099b911c66e1d84de07cc
39814f6c362772dea406aa4b0571b4638599a71c8ef4fff2c15e9f8679ef86ef
GET /images/skins/Main/images/icon-search-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pluus.se/images/skins/Main/css/main.css?v=4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 211
cache-control: max-age=31536000
etag: W/"ac89c0305164d81:0"
last-modified: Tue, 10 May 2022 09:34:48 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web6_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-arrow-down-black.svg
94.143.8.150200 OK 373 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-arrow-down-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd4f09a289d92f0ec2ca1015a86f58d6
a21a45f2a2f4efcb01ffe70457265389da481be0
7f6f211c49d4c053be2c94bb0e5f4397c4a9b59e67d9af453f4ac3e4007faa8e
GET /images/skins/Main/images/icon-arrow-down-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pluus.se/images/skins/Main/css/main.css?v=4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 373
cache-control: max-age=31536000
etag: W/"1bc95ec87b64d81:0"
last-modified: Tue, 10 May 2022 14:39:41 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web7_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-arrow-right-black.svg
94.143.8.150200 OK 461 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-arrow-right-black.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash e201aaf91b6a08c5958f27df6a646f5e
4de5adb877250075500d5be46f6d6fe04a0fa045
2c06a65f2853f41ac2a9933cef50158ce1a3f50fbb8e4e7521011e7f36bee0db
GET /images/skins/Main/images/icon-arrow-right-black.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pluus.se/images/skins/Main/css/main.css?v=4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 461
cache-control: max-age=31536000
etag: W/"5c7582f5164d81:0"
last-modified: Tue, 10 May 2022 09:34:45 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web3_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-check-white.svg
94.143.8.150200 OK 386 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-check-white.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ccaef204296f41df7c5aaca55154c7e0
ee2859258a5b6736faf2e97d85e2e9621b5ae9a3
f353bac80bf8e46d4f6cc07b6e725e0ecf02507c03770b06ed8e64f48eef335e
GET /images/skins/Main/images/icon-check-white.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pluus.se/images/skins/Main/css/main.css?v=4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 386
cache-control: max-age=31536000
etag: W/"cfb7b5305164d81:0"
last-modified: Tue, 10 May 2022 09:34:47 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web4_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.klaviyo.com/onsite/js/vendors~signup_forms.00b04f3c478766c4bc48.js?cb=1
151.101.2.133200 OK 12 kB URL HTTP/2 static.klaviyo.com/onsite/js/vendors~signup_forms.00b04f3c478766c4bc48.js?cb=1
IP 151.101.2.133:0
File type ASCII text, with very long lines (36947)
Hash c1a35bfad6391bac94503262ab897048
a12b2c0d2804b380a3e2715a5bf82f3a63b6aa09
d3678802f64260cf335b6ee33f98012a740ca9fa6c2184c77baf73b6d0768b4f
GET /onsite/js/vendors~signup_forms.00b04f3c478766c4bc48.js?cb=1 HTTP/1.1
Host: static.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Uo2F8wtaQa8IU+tseW7McR0beMAnzx9hMUGY8dL2o3bpj2mmkuhvyutyXz1hT/Npd6RbUHBo+aY=
x-amz-request-id: AD8F17TVQ3WDCPDA
last-modified: Tue, 25 Oct 2022 15:47:54 GMT
etag: "c1f477932c21f86d37733e422c41d864"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: .u._MKX7WAALs7vW9_tgaPqDl1x5LQP7
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
age: 46960
x-served-by: cache-lga21942-LGA, cache-bma1639-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 9705
vary: Accept-Encoding
content-length: 12430
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/creditcard-visa.svg
94.143.8.150200 OK 726 B URL HTTP/2 pluus.se/images/skins/Main/images/creditcard-visa.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5a40f226e8447083b25ad4c4e40c1ba2
646ad904c7274be054e2df5dcb5930886933e27b
42ef1c19087b36552ca87ee98b784e1e861eb5a2f1768e6b12ec7c9768a0a3b3
GET /images/skins/Main/images/creditcard-visa.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 726
cache-control: max-age=31536000
etag: W/"1f3b5b305164d81:0"
last-modified: Tue, 10 May 2022 09:34:47 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web6_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/creditcard-mastercard.svg
94.143.8.150200 OK 1.8 kB URL HTTP/2 pluus.se/images/skins/Main/images/creditcard-mastercard.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 666eab20b43f4790ad49b66c01e52288
dbcc550cfc8424abde0d592c6249346931df1319
7b635927e25c49589635823dfbf39f1e2cec6df68f2e5e10c7f6bf5f5c585d7c
GET /images/skins/Main/images/creditcard-mastercard.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 1772
cache-control: max-age=31536000
etag: W/"3c44682f5164d81:0"
last-modified: Tue, 10 May 2022 09:34:45 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web7_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.klaviyo.com/onsite/js/sharedUtils.69761640c42621bb9f6b.js?cb=1
151.101.2.133200 OK 14 kB URL HTTP/2 static.klaviyo.com/onsite/js/sharedUtils.69761640c42621bb9f6b.js?cb=1
IP 151.101.2.133:0
File type Unicode text, UTF-8 text, with very long lines (35812), with no line terminators
Hash a1baf3fbaf1ba28fc6ddc4296595bd3d
afc0f9637d33b3313e220c7e32cc42273fb30465
67e2726711105e5a20e9126ee6b2379dff231e1bc096d4ba6c86c77fa8813e44
GET /onsite/js/sharedUtils.69761640c42621bb9f6b.js?cb=1 HTTP/1.1
Host: static.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7J3VyhDFplokel5YfqQqud+okidrpXZlC2UqJb7aCqvhHHsauXHZoIRNrYsFmWoEnCBSt2qkf9STMSk2lwCMrA==
x-amz-request-id: 4EXN3VPS6WS5CP9W
last-modified: Thu, 01 Dec 2022 18:10:46 GMT
etag: "8af98f75a73a06a7c1ab0477149844e6"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: 9ZRH3LX.bRfyWhIOBy6TesVm_.DhK5k8
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
age: 46959
x-served-by: cache-lga21968-LGA, cache-bma1639-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 15082
vary: Accept-Encoding
content-length: 13866
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/creditcard-meistro.svg
94.143.8.150200 OK 1.6 kB URL HTTP/2 pluus.se/images/skins/Main/images/creditcard-meistro.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 96b20b20b12236d122e68c651bd376d4
6ec036f8402ce7226776401b3f479698ba2e230f
bd4357c08ca36c7eaf0b0da50705a1363c6448a47fac220e7cd4cb5533e7db82
GET /images/skins/Main/images/creditcard-meistro.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 1642
cache-control: max-age=31536000
etag: W/"9cc9a2f5164d81:0"
last-modified: Tue, 10 May 2022 09:34:46 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web2_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.klaviyo.com/onsite/js/signup_forms.d612f536549ef65da525.js?cb=1
151.101.2.133200 OK 12 kB URL HTTP/2 static.klaviyo.com/onsite/js/signup_forms.d612f536549ef65da525.js?cb=1
IP 151.101.2.133:0
File type Unicode text, UTF-8 text, with very long lines (35268), with no line terminators
Hash ac5ca63d2e0df780515fd4a6d4262a3c
95d6cccf7bb100954b6caec5882976c459a8c707
6cff14eec02f38f1d3a7a3b333895da805bfa6e9ce0e7fa89a0e43b33b705cee
GET /onsite/js/signup_forms.d612f536549ef65da525.js?cb=1 HTTP/1.1
Host: static.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JLlJahMb93rOAV7xwMQEMf76k7upS3BO13ojtrM6TK98xImuJ6XgpIU4eiTbkDwguXDWAcLu9I4=
x-amz-request-id: R1ZVK7HJQNM2KBM0
last-modified: Mon, 31 Oct 2022 14:55:05 GMT
etag: "d5714319f99b25e20a02cfb3f47dd218"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: 3QWJW.wDL4PGEpgdSSYg2_NLTv5Z1ohs
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
age: 46960
x-served-by: cache-lga13621-LGA, cache-bma1639-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 9695
vary: Accept-Encoding
content-length: 11685
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Work+Sans:400,500,600,700,900&display=swap
142.250.74.106200 OK 8.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Work+Sans:400,500,600,700,900&display=swap
IP 142.250.74.106:0
File type ASCII text, with very long lines (19473)
Hash 27aaf2571b99d2ccddc22775f0e7ff35
e54739b8e35dffd0bee5032c37277160d2858645
4346ad3e58b9f9fcac0a7067a78bc575731979af8eac27d8d1df6e7938aabc3a
GET /css?family=Work+Sans:400,500,600,700,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://checkout.nemdag.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 11:43:09 GMT
date: Wed, 07 Dec 2022 11:43:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-tracking.klaviyo.com/onsite/js/fender_analytics.42a910303762129b987c.js?cb=1
151.101.130.133200 OK 11 kB URL HTTP/2 static-tracking.klaviyo.com/onsite/js/fender_analytics.42a910303762129b987c.js?cb=1
IP 151.101.130.133:0
File type ASCII text, with very long lines (27749), with no line terminators
Hash 0cfada57d478d97560b453019c523816
4503f32aa052c4ab0be24d9e3d383ce0ca568b0b
9a6fb085ebc0985e24aad977f126412a763fb7920f819e592e9baa1ff6362708
GET /onsite/js/fender_analytics.42a910303762129b987c.js?cb=1 HTTP/1.1
Host: static-tracking.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TVj4JadKocCV4h3NElq7oufjh6VUPmKs/RmMK3GsmHVEIEljMrEcW06e1Di1LhQKmT1Dja0y3h4=
x-amz-request-id: GVJMDN3QM916A9S6
last-modified: Tue, 25 Oct 2022 15:47:53 GMT
etag: "141ae207735ed4c2a3fb9ba628dca228"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: 3uoP2mttpPOUARdp4efml6Pc5m5_bVca
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
age: 46960
x-served-by: cache-lga21944-LGA, cache-bma1657-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 13964
vary: Accept-Encoding
content-length: 10696
X-Firefox-Spdy: h2
static-tracking.klaviyo.com/onsite/js/static.afc80bee31dc9e622dc1.js?cb=1
151.101.130.133200 OK 5.3 kB URL HTTP/2 static-tracking.klaviyo.com/onsite/js/static.afc80bee31dc9e622dc1.js?cb=1
IP 151.101.130.133:0
File type ASCII text, with very long lines (12659), with no line terminators
Hash 11ebf21f15c50424dd6beb159a12b25e
bdd433be7297384f5660dfe49154d266dda64432
c13b107bff92bbb4ed98886fa87d14faba7f3010b9f9d502eaf133e2321c51cb
GET /onsite/js/static.afc80bee31dc9e622dc1.js?cb=1 HTTP/1.1
Host: static-tracking.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZFZ8THkCuT87hlNdYT/1gE0cGMwUOTZwHkpxdf7ULnVqWD+3NU8uwHPgGM4vlbagxFgSA7mLY3o=
x-amz-request-id: 8QKB1CHS4E49FXPS
last-modified: Mon, 05 Dec 2022 14:41:22 GMT
etag: "9aa89eda5d828bf8fce2ee83e11483a0"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: jO5CINofch2U3rpuRhEwzIKTUk198WIK
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
age: 46959
x-served-by: cache-lga21925-LGA, cache-bma1657-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 15735
vary: Accept-Encoding
content-length: 5321
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/logo-trustpilot.svg
94.143.8.150200 OK 2.6 kB URL HTTP/2 pluus.se/images/skins/Main/images/logo-trustpilot.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 633abbc6ca09630239ba9a3ac9fcd5f4
dcf313ef473cb45ff9a76a03afef9d5943a07ca1
fb82b9daca0bbd0a0c7a95b738b14f666943266d02160955bfd65050a7a8a807
GET /images/skins/Main/images/logo-trustpilot.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 2555
cache-control: max-age=31536000
etag: W/"d680257b79dd81:0"
last-modified: Thu, 21 Jul 2022 13:40:46 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web3_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
nemdag.no/shop/StatInit.asp
94.143.8.150200 OK 0 B URL HTTP/2 nemdag.no/shop/StatInit.asp
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /shop/StatInit.asp HTTP/1.1
Host: nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 52
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
Cookie: SharedSessionId=E24BB405%2D60C4%2D4F2D%2DB51E%2D075EF051FFD3; ASPSESSIONIDQSCADSAS=HOAGNCBAGPHLEHCJHLFGANGG; _ga_92LD9QEY15=GS1.1.1670413389.1.0.1670413389.0.0.0; _ga=GA1.1.1432934797.1670413389
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: text/html; Charset=UTF-8
content-length: 0
cache-control: no-cache
pragma: no-cache
expires: Wed, 07 Dec 2022 11:42:09 GMT
set-cookie: SharedSessionId=E24BB405%2D60C4%2D4F2D%2DB51E%2D075EF051FFD3; path=/shop; HttpOnly; SameSite=Lax; Secure
x-frame-options: SAMEORIGIN
x-backendserver: c104web5_live_ws8_dandomain_dk
age: 0
via: 1.1 varnish (Varnish/6.0)
x-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8343209552f1ab781e76cf5d17f62ffa
23c522334d3804e764b7c2503a98b9945c452b2b
e497a1602bf07f7ed337c333361dd258f7812340162532f71c838218763de54f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E497A1602BF07F7ED337C333361DD258F7812340162532F71C838218763DE54F"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=843
Expires: Wed, 07 Dec 2022 11:57:12 GMT
Date: Wed, 07 Dec 2022 11:43:09 GMT
Connection: keep-alive
nemdag.no/shop/favorites.html?Cookiesync=1&rawjson=1
94.143.8.150200 OK 307 B URL HTTP/2 nemdag.no/shop/favorites.html?Cookiesync=1&rawjson=1
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type JSON data\012- , ASCII text, with CRLF line terminators
Hash def54c85508406dc853e4c220fb04e8c
393c078c742165ad0521a1c8b24fbc5f0f978d71
89c6dd9d4691e31a55f72b6c2e222df36a6505674c03049b5b3974e9c7c9ddad
GET /shop/favorites.html?Cookiesync=1&rawjson=1 HTTP/1.1
Host: nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
Cookie: SharedSessionId=E24BB405%2D60C4%2D4F2D%2DB51E%2D075EF051FFD3; ASPSESSIONIDQSCADSAS=HOAGNCBAGPHLEHCJHLFGANGG; _ga_92LD9QEY15=GS1.1.1670413389.1.0.1670413389.0.0.0; _ga=GA1.1.1432934797.1670413389
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: application/json; Charset=UTF-8
content-length: 307
cache-control: no-store, must-revalidate,no-cache
pragma: no-cache,no-cache,no-cache
expires: Wed, 07 Dec 2022 11:42:09 GMT
p3p: CP='OUR PSA PSD BUS UNI NID DSP NOI COR'
set-cookie: ASPSESSIONIDQSCADSAS=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; HttpOnly; SameSite=Lax; Secure
SharedSessionId=E24BB405%2D60C4%2D4F2D%2DB51E%2D075EF051FFD3; path=/shop; HttpOnly; SameSite=Lax; Secure
ASPSESSIONIDACSCDTBQ=LNPBNCBACEANNFMMEIGIPGDB; path=/; HttpOnly; SameSite=Lax; Secure
x-frame-options: SAMEORIGIN
x-backendserver: c104web7_live_ws8_dandomain_dk
content-encoding: gzip
vary: Accept-Encoding
age: 0
via: 1.1 varnish (Varnish/6.0)
x-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
wms.group-buy.dk/api/v2/external/images/product_image/32751927/base.webp
188.166.192.210302 Found 128 B URL HTTP/1.1 wms.group-buy.dk/api/v2/external/images/product_image/32751927/base.webp
IP 188.166.192.210:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 2c6dc89a212250f4ca3f89be87b5b2cf
f0ff82d899c81ba9f0e2a02fcd43cb85ee4f15b3
b5c5e6c52b740f5bfbe96894238023da84f80aefb233876f8a72a419fcb9d605
GET /api/v2/external/images/product_image/32751927/base.webp HTTP/1.1
Host: wms.group-buy.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Location: https://imagedelivery.net/Zzk03ekrhVcCLA2TZCP3WQ/32751927/base
Cache-Control: no-cache
X-Request-Id: b60c9f40-a708-4373-aba5-a9535e64027e
X-Runtime: 0.005935
Strict-Transport-Security: max-age=31536000
policy.app.cookieinformation.com/9e5f1e/nemdag.no/nb.js
152.199.21.175200 OK 13 kB URL HTTP/2 policy.app.cookieinformation.com/9e5f1e/nemdag.no/nb.js
IP 152.199.21.175:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (65335)
Hash 3fa97fb3afd8e0b2f2df3638b261e7b8
f55b9d9222736e420d6af2af3b9c88302ee78080
66ee707664a0c1f99372fb4a5faac27184dd0e899f9295ca47171bf7416ab7ba
GET /9e5f1e/nemdag.no/nb.js HTTP/1.1
Host: policy.app.cookieinformation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 208
cache-control: max-age=300
content-md5: Y1GHpinnDKhlOT8ZcYB8Uw==
content-type: application/javascript
date: Wed, 07 Dec 2022 11:43:09 GMT
etag: 0x8DAC6371B94DC0A
expires: Wed, 07 Dec 2022 11:48:09 GMT
last-modified: Mon, 14 Nov 2022 11:55:21 GMT
server: ECAcc (ska/F6CC)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d108e847-201e-0048-3d30-0a257a000000
x-ms-version: 2009-09-19
x-robots-tag: noindex, noarchive, nosnippet
content-length: 13418
X-Firefox-Spdy: h2
static.klaviyo.com/onsite/js/sentry.7cb637d727d84366f2b1.js
151.101.2.133200 OK 14 kB URL HTTP/2 static.klaviyo.com/onsite/js/sentry.7cb637d727d84366f2b1.js
IP 151.101.2.133:0
File type Unicode text, UTF-8 text, with very long lines (39984), with no line terminators
Hash 2759dea35890ea765569bb029b70f566
b853ad1d51c2de9aab7f75cfc8235ac3f58d329f
272f20e6309fc49a326a55b4e7a5704456af52e6ab76ee492e39693ac97b3e10
GET /onsite/js/sentry.7cb637d727d84366f2b1.js HTTP/1.1
Host: static.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: ZYF8nNCZ98iAX1I9YVABHPh4hXQFF6UYjxe8xiihnC39fPDE1pds7lW6eSG/wpOf3nhYpbJWy4E=
x-amz-request-id: G1339RR1WVFHHHTS
last-modified: Mon, 27 Jun 2022 21:34:52 GMT
etag: "46c646cae5b80823d9695afc6ccfed75"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: 5RLCs8HEr6hVMb6T_V77Y81r85sp95MR
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
age: 46960
x-served-by: cache-lga13621-LGA, cache-bma1639-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 8638
vary: Accept-Encoding
content-length: 13747
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-facebook-white.svg
94.143.8.150200 OK 443 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-facebook-white.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 88a49fec5d93505ec8974047f29664f3
204867d263d249c3faa9c520b723d6373dd1edd0
69eaa84b18db1c575779ea5fa75de741dea0459e735b578ece7b74d8a06f937b
GET /images/skins/Main/images/icon-facebook-white.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 443
cache-control: max-age=31536000
etag: W/"5ffa16315164d81:0"
last-modified: Tue, 10 May 2022 09:34:48 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web6_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pluus.se/images/skins/Main/images/icon-instagram-white.svg
94.143.8.150200 OK 767 B URL HTTP/2 pluus.se/images/skins/Main/images/icon-instagram-white.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8653bcc75167d5d7e9029c33e17bb475
bdf3c6b55c63cde8e0c202ea8d059ac7148e9c64
f38fb249461758b6b8e9ca198876ed76373a767b3cc67a5249c06c1935766531
GET /images/skins/Main/images/icon-instagram-white.svg HTTP/1.1
Host: pluus.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/svg+xml
content-length: 767
cache-control: max-age=31536000
etag: W/"a598ad2f5164d81:0"
last-modified: Tue, 10 May 2022 09:34:46 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web7_live_ws8_dandomain_dk
age: 4874
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/onsite?company_id=WWR45N
151.101.130.133200 OK 711 B URL HTTP/2 fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/onsite?company_id=WWR45N
IP 151.101.130.133:0
File type JSON data\012- , ASCII text, with very long lines (711), with no line terminators
Hash e6307fcb3f314804b9a398c65554216c
74ccaf098b750e4cf3660951482c6ac5ea70957f
d34cee1b179fba302f606b2c9d51af9b0d8b35ee844702ccd3699c42f1315e9d
GET /custom-fonts/api/v1/company-fonts/onsite?company_id=WWR45N HTTP/1.1
Host: fast.a.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers:
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
allow: GET, HEAD, OPTIONS
cache-control: max-age=10
content-type: application/json; charset=utf-8
server: nginx
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
age: 3633761
x-served-by: cache-bos4642-BOS, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 63, 42
vary: Cookie
strict-transport-security: max-age=900
content-length: 711
X-Firefox-Spdy: h2
checkout.nemdag.no/api/templates/mini_cart.html
104.248.31.146200 OK 2.2 kB URL HTTP/1.1 checkout.nemdag.no/api/templates/mini_cart.html
IP 104.248.31.146:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (318)
Hash bfa31ef29b919606665d3caa7a165985
db8002796980c19f800a8f1f5e6e738bd016f050
05d22b5ae1aff0ac671a371aa725b206f194d00abb687b5486a725329d1285d3
GET /api/templates/mini_cart.html HTTP/1.1
Host: checkout.nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nemdag.no/
Origin: https://nemdag.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, UPDATE, OPTIONS, DELETE, PATCH
Access-Control-Expose-Headers:
Access-Control-Max-Age: 7200
ETag: W/"94ff6e5aa420e7e6ac48145bf04090ef"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 4ef242bb-5a43-4a57-bcad-c5fb1e1f45a7
X-Runtime: 0.004519
Vary: Origin
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4c53830cbcc46df1e3c3062f7ff855ec
392dd9fcf58d336dde2a0f644e178abdc2b9609b
3df7a62483d39fcf88b1b262f8fcaf21c5269e8de86c85d7f7f69997a21ed9a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4646
Cache-Control: max-age=136395
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:09 GMT
Etag: "638fdbf2-117"
Expires: Fri, 09 Dec 2022 01:36:24 GMT
Last-Modified: Wed, 07 Dec 2022 00:18:58 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
checkout.nemdag.no/api/sep/GP_013901
104.248.31.146200 OK 27 B URL HTTP/1.1 checkout.nemdag.no/api/sep/GP_013901
IP 104.248.31.146:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash 42b184b18926fc65a2a427a0288b6c14
4d51522b0976d25447ae4db6be420e788e6119c6
645da81cab3472d3baf70b01e595c1308697729020adf99f985809cbb29d2a52
GET /api/sep/GP_013901 HTTP/1.1
Host: checkout.nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nemdag.no/
Origin: https://nemdag.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 07 Dec 2022 11:43:09 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, UPDATE, OPTIONS, DELETE, PATCH
Access-Control-Expose-Headers:
Access-Control-Max-Age: 7200
ETag: W/"645da81cab3472d3baf70b01e595c130"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 7c6b3fc7-ee3d-4ac0-a1f0-9be9e4aa5890
X-Runtime: 0.017567
Vary: Origin
Strict-Transport-Security: max-age=31536000
static-forms.klaviyo.com/forms/api/v6/WWR45N/full-forms
151.101.66.133200 OK 7.2 kB URL HTTP/2 static-forms.klaviyo.com/forms/api/v6/WWR45N/full-forms
IP 151.101.66.133:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e97363f83aea2279a05bc7c6cb62e152
e854ee64d80def21cfd054433abd5c48a320dca1
63779a5a516d18bda7cb4bef1b23f2f843ab8a7920dd563128a30dec5456ea6e
GET /forms/api/v6/WWR45N/full-forms HTTP/1.1
Host: static-forms.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fdUA8tSx56P8TVj4UFhm4NXYtXb14v7JE5mKHzolLJpOhKUbyI3BiIQs/mETv66s4ZD3/Tyk9W0=
x-amz-request-id: A43AC2WJE2HF8K13
last-modified: Mon, 07 Nov 2022 07:49:05 GMT
etag: "25ed36cf46b0d3a40643605885c17b3e"
cache-control: max-age=5
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: full-forms/shared full-forms/WWR45N custom-fonts/WWR45N
x-amz-version-id: 09stxswUMrOLxMPdRQjQANJdSO2Rg2KN
content-type: application/json
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:09 GMT
via: 1.1 varnish
age: 560865
x-served-by: cache-bma1650-BMA
x-cache: HIT
x-cache-hits: 40
x-timer: S1670413390.898939,VS0,VE0
vary: Accept-Encoding
client-geo-continent: EU
client-geo-country: NO
access-control-expose-headers: client-geo-continent, client-geo-country
access-control-allow-origin: *
content-length: 7200
X-Firefox-Spdy: h2
imagedelivery.net/Zzk03ekrhVcCLA2TZCP3WQ/32751927/base
104.18.2.36200 OK 6.3 kB URL HTTP/2 imagedelivery.net/Zzk03ekrhVcCLA2TZCP3WQ/32751927/base
IP 104.18.2.36:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x321, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8c81a01b7f332917e373bda1822969c2
4a70aad8675b86422367509f586eb0c6f2ee755c
eb88c8b9ef0047cbeaa2d32c14e3c6fffb0cfa8ec545a68950b9ed2492d2880a
GET /Zzk03ekrhVcCLA2TZCP3WQ/32751927/base HTTP/1.1
Host: imagedelivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nemdag.no/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/webp
content-length: 6258
cf-ray: 775d00870a5cb4eb-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=172800
etag: "cfPBnjXok7k4YPMjUQgm4m3xijgqacC2MR7dahRg5HBQ"
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:86,h2pri
cf-images: internal=ok/- q=0 n=25 c=1+12 v=2022.11.7 l=6258
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nemdag.no/images/hv.ico
94.143.8.150200 OK 1.2 kB IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash b80bf84f157982884dd5dc47bb43e688
cd20c18068e386e3427d61ba886c47d94dc7faca
1227882d663559e3c4596cb8cd25fe90e271823fdf09d5573bbe6dff55f01b39
GET /images/hv.ico HTTP/1.1
Host: nemdag.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/shop/elizabeth-arden-superstart-355182p.html?kk=a4c626f-184ec6587d7-2e416&gmsp=1&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Elizabeth+Arden+Superstart+Probiotic+Boo
Cookie: _ga_92LD9QEY15=GS1.1.1670413389.1.0.1670413389.0.0.0; _ga=GA1.1.1432934797.1670413389; ASPSESSIONIDACSCDTBQ=LNPBNCBACEANNFMMEIGIPGDB; __kla_id=eyIkcmVmZXJyZXIiOnsidHMiOjE2NzA0MTMzODksInZhbHVlIjoiaHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vbmVtZGFnLm5vL3Nob3AvZWxpemFiZXRoLWFyZGVuLXN1cGVyc3RhcnQtMzU1MTgycC5odG1sP2trPWE0YzYyNmYtMTg0ZWM2NTg3ZDctMmU0MTYmZ21zcD0xJnV0bV9zb3VyY2U9a2Vsa29vbm8mdXRtX21lZGl1bT1jcGMmdXRtX2NhbXBhaWduPWtlbGtvb2NsaWNrJnV0bV90ZXJtPUVsaXphYmV0aCtBcmRlbitTdXBlcnN0YXJ0K1Byb2Jpb3RpYytCb28ifSwiJGxhc3RfcmVmZXJyZXIiOnsidHMiOjE2NzA0MTMzODksInZhbHVlIjoiaHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vbmVtZGFnLm5vL3Nob3AvZWxpemFiZXRoLWFyZGVuLXN1cGVyc3RhcnQtMzU1MTgycC5odG1sP2trPWE0YzYyNmYtMTg0ZWM2NTg3ZDctMmU0MTYmZ21zcD0xJnV0bV9zb3VyY2U9a2Vsa29vbm8mdXRtX21lZGl1bT1jcGMmdXRtX2NhbXBhaWduPWtlbGtvb2NsaWNrJnV0bV90ZXJtPUVsaXphYmV0aCtBcmRlbitTdXBlcnN0YXJ0K1Byb2Jpb3RpYytCb28ifX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:09 GMT
content-type: image/x-icon
content-length: 1150
cache-control: max-age=0
etag: "4e30d82b27ad61:0"
last-modified: Tue, 25 Aug 2020 07:36:55 GMT
x-backendserver: c104web2_live_ws8_dandomain_dk
age: 6567
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4c53830cbcc46df1e3c3062f7ff855ec
392dd9fcf58d336dde2a0f644e178abdc2b9609b
3df7a62483d39fcf88b1b262f8fcaf21c5269e8de86c85d7f7f69997a21ed9a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4646
Cache-Control: max-age=136395
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:09 GMT
Etag: "638fdbf2-117"
Expires: Fri, 09 Dec 2022 01:36:24 GMT
Last-Modified: Wed, 07 Dec 2022 00:18:58 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b6f4dd03deb6114fec01808b034a711c
c74d29bba44dbb09158da4b9e1b490112c7db915
ddc6721d8a42821c458cf6d5c64ebd10ca0002c95a275be1732cd9ade7bf1b6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10567
x-amzn-requestid: b9b16cdf-bfa2-4e3c-b00f-1704dd3473d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgIC6EgLoAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638986df-3945eea57676d3f91f8f2b3c;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 05:02:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Jq1EHQBqVeb9KBozcSUpieXUDHhouxr6YkJrhiqqZ4VP1ZwPV6LHEA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:36:00 GMT
age: 47230
etag: "c74d29bba44dbb09158da4b9e1b490112c7db915"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d44205a852cedc47da2373b3542f2ca0
884e5d2d7ef372a86e7edc3f8c1dc63a3b4fbe82
f2adb5b3e4b05ad953d43f483497243ae66c148f2af8f39473ddc6fcf2623bb9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5727
Cache-Control: max-age=96091
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Etag: "638f3a4a-1d7"
Expires: Thu, 08 Dec 2022 14:24:41 GMT
Last-Modified: Tue, 06 Dec 2022 12:49:14 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 07 Dec 2022 10:46:55 GMT
expires: Wed, 07 Dec 2022 12:46:55 GMT
cache-control: public, max-age=7200
age: 3375
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: s4OsqsZiluRLAYtkcLfJhYPQDyLco5tJXsgLDEJ9IqhYFr3KtCuepRoKGmscmmzMbcPzunVRJfXo9qmkgg2DEA==
content-length: 27340
x-fb-trip-id: 2050670934
date: Wed, 07 Dec 2022 11:43:10 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
bat.bing.com/bat.js
13.107.21.200200 OK 12 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39124), with no line terminators
Hash d925a898de26295fdebfc90203ef46fa
77dd3f5893b76530e08058d50e8f9aef017e80c7
8f4a413fec7e48f5ac290f4596fef33b6396e7fb31080ec0203a5ec817d140c8
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11460
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ranges: bytes
etag: "027e538cd8d91:0"
vary: Accept-Encoding
set-cookie: MUID=26802520C54465473C6E3753C4B16463; domain=.bing.com; expires=Mon, 01-Jan-2024 11:43:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CA3C8E70C0364333B4C9D2D0FAF17CD0 Ref B: OSL30EDGE0509 Ref C: 2022-12-07T11:43:10Z
date: Wed, 07 Dec 2022 11:43:09 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr?id=1234&noscript=1
157.240.247.35200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1234&noscript=1
IP 157.240.247.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1234&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 07 Dec 2022 11:43:10 GMT
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-92LD9QEY15>m=2oebu0&_p=1579416138&cid=1432934797.1670413389&ul=en-us&sr=1280x1024&_s=1&sid=1670413389&sct=1&seg=0&dl=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&dr=https%3A%2F%2Fno-go.kelkoogroup.net%2F&dt=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-92LD9QEY15>m=2oebu0&_p=1579416138&cid=1432934797.1670413389&ul=en-us&sr=1280x1024&_s=1&sid=1670413389&sct=1&seg=0&dl=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&dr=https%3A%2F%2Fno-go.kelkoogroup.net%2F&dt=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-92LD9QEY15>m=2oebu0&_p=1579416138&cid=1432934797.1670413389&ul=en-us&sr=1280x1024&_s=1&sid=1670413389&sct=1&seg=0&dl=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&dr=https%3A%2F%2Fno-go.kelkoogroup.net%2F&dt=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://nemdag.no
date: Wed, 07 Dec 2022 11:43:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d44205a852cedc47da2373b3542f2ca0
884e5d2d7ef372a86e7edc3f8c1dc63a3b4fbe82
f2adb5b3e4b05ad953d43f483497243ae66c148f2af8f39473ddc6fcf2623bb9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5727
Cache-Control: max-age=96091
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Etag: "638f3a4a-1d7"
Expires: Thu, 08 Dec 2022 14:24:41 GMT
Last-Modified: Tue, 06 Dec 2022 12:49:14 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
s.kk-resources.com/leadtag.js
143.204.55.7200 OK 2.6 kB URL HTTP/1.1 s.kk-resources.com/leadtag.js
IP 143.204.55.7:0
File type C source, ASCII text, with very long lines (6910)
Hash b9c7aa9898d0e7b5d8dfa27c81eda1ac
3e22a4f4ac1fd469128de60e1a80433513242071
980531f0a81016e3a7a4c3fa56f75e7b791f1f4c09296992221bd766b91a53a0
GET /leadtag.js HTTP/1.1
Host: s.kk-resources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Length: 2595
Connection: keep-alive
X-Gravitee-Transaction-Id: 5965d84f-baeb-407a-a5d8-4fbaeb807a8a
X-Gravitee-Request-Id: 5965d84f-baeb-407a-a5d8-4fbaeb807a8a
Request-Time: 7
Accept-Ranges: bytes
Last-Modified: Tue, 12 Jul 2022 13:51:05 GMT
Content-Encoding: gzip
Date: Wed, 07 Dec 2022 11:01:38 GMT
Cache-Control: public, max-age=3600
ETag: "05e089e0c08fd98ee6b4f6497ec87752b123fc2f"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: K0vuvdBBXDat0s9SFPoE_NnY8XxOU1CLIxKjwB6ezpOuWjAvmU9W-Q==
Age: 2492
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20f6192e4535e9cd0534fde901f8accf
6925717fe60389306d0f6b75465fd915b7df3c16
73b29633a00c3685251d2fb2741fa364e050320867040502f876187c8fe36b39
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4205
Cache-Control: max-age=111458
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Etag: "638f7c43-1d7"
Expires: Thu, 08 Dec 2022 18:40:48 GMT
Last-Modified: Tue, 06 Dec 2022 17:30:43 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20f6192e4535e9cd0534fde901f8accf
6925717fe60389306d0f6b75465fd915b7df3c16
73b29633a00c3685251d2fb2741fa364e050320867040502f876187c8fe36b39
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5690
Cache-Control: max-age=112943
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Etag: "638f7c43-1d7"
Expires: Thu, 08 Dec 2022 19:05:33 GMT
Last-Modified: Tue, 06 Dec 2022 17:30:43 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 8c49ff0da91ed6f2cfe064501215d2a6
9e225505ee94b043a01b346f40d20477e27141e1
257575fc800a9fa1cdc735bf940a48dd1f65717e520ab54e53c345b3433d59fc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=114696
Date: Wed, 07 Dec 2022 11:43:10 GMT
Etag: "638f84c2-1d7"
Expires: Thu, 08 Dec 2022 19:34:46 GMT
Last-Modified: Tue, 06 Dec 2022 18:06:58 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ryxpqDlStIkds1-RRq6p-971oazWqEzFTJqZq614t-z3nh1lN2wLBw==
Age: 5268
s.kelkoogroup.net/k.gif
185.60.164.26200 OK 0 B IP 185.60.164.26:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /k.gif HTTP/1.1
Host: s.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: etag
Referer: https://nemdag.no/
Origin: https://nemdag.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Gravitee-Transaction-Id: 08c469cb-ca62-4184-8469-cbca62b18456
X-Gravitee-Request-Id: 08c469cb-ca62-4184-8469-cbca62b18456
Vary: Origin
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: https://nemdag.no
Access-Control-Allow-Headers: etag
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Date: Wed, 07 Dec 2022 11:43:10 GMT
content-length: 0
s.kelkoogroup.net/k.gif
185.60.164.26200 OK 43 B IP 185.60.164.26:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /k.gif HTTP/1.1
Host: s.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ETag: a2Vsa29vSWQ9YTRjNjI2Zi0xODRlYzY1ODdkNy0yZTQxNg==
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Gravitee-Transaction-Id: 7226f734-2aaa-4fa2-a6f7-342aaa6fa203
X-Gravitee-Request-Id: 7226f734-2aaa-4fa2-a6f7-342aaa6fa203
ETag: a2Vsa29vSWQ9YTRjNjI2Zi0xODRlYzY1ODdkNy0yZTQxNg==
Vary: *,Origin
Pragma: no-cache
Expires: 0
Request-Time: 1
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Last-Modified: Fri, 01 Jan 2010 00:00:00 GMT
Access-Control-Allow-Origin: https://nemdag.no
Access-Control-Expose-Headers: ETag
Access-Control-Allow-Credentials: true
Date: Wed, 07 Dec 2022 11:43:10 GMT
Content-Type: image/gif
content-length: 43
static-tracking.klaviyo.com/onsite/js/vendors~ClientStore.4d27e9e3526fbf162a18.js
151.101.130.133200 OK 22 kB URL HTTP/2 static-tracking.klaviyo.com/onsite/js/vendors~ClientStore.4d27e9e3526fbf162a18.js
IP 151.101.130.133:0
File type ASCII text, with very long lines (63727)
Hash eb0da27d42f14e2dbc383518bde76a13
c4e44e293093dfd9e021ac8736681b541163c612
7e1922ef05cce2fb680b6d8160a649b350f9300dc66096347f82e879f1931488
GET /onsite/js/vendors~ClientStore.4d27e9e3526fbf162a18.js HTTP/1.1
Host: static-tracking.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: owaR0ZEp1Ik6cXeN/mA+kiI1XGWQlbwGTCwuCYpOJ7FLn6cfSXdP66OYPQPu6IvEVSceY7gASRY=
x-amz-request-id: Q3XNXX2VKXJSSNDM
last-modified: Tue, 25 Oct 2022 15:47:54 GMT
etag: "da050f15595967e36dac7cc1e6035bc8"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: 2Ztwlgx.cmiD3Q4fWBnr6.himRJ3MY7S
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:10 GMT
age: 46961
x-served-by: cache-lga21934-LGA, cache-bma1657-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1955
vary: Accept-Encoding
content-length: 21964
X-Firefox-Spdy: h2
core.helloretail.com/api/helloretailids/
18.203.128.48200 OK 24 kB URL HTTP/2 core.helloretail.com/api/helloretailids/
IP 18.203.128.48:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 1072a74a98f16ceb79b96e99f8ff37ba
b4feba39cd502c22fd44d9d6754ea3bbd44f5081
c2d8d01547067ab0b31069a227c386fb8c9a6693d8154469144ee98dacf203f9
GET /api/helloretailids/ HTTP/1.1
Host: core.helloretail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:43:10 GMT
content-type: application/json
access-control-allow-origin: https://nemdag.no
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
pluus.dk/images/cart/delivery-truck.svg
94.143.8.150200 OK 525 B URL HTTP/2 pluus.dk/images/cart/delivery-truck.svg
IP 94.143.8.150:0
ASN #48854 team.blue Denmark A/S
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (988), with no line terminators
Hash 6e41fe96428ef61950defabd7a501b6b
4e7354bb8a5f0829df9293a7e6c4a0447afa21f5
020940ce3bbc05ca035ee2092675e76233b175866515f67152ce672e3cc692ae
GET /images/cart/delivery-truck.svg HTTP/1.1
Host: pluus.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:43:10 GMT
content-type: image/svg+xml
content-length: 525
cache-control: max-age=31536000
etag: W/"901bdfcd36f2d51:0"
last-modified: Wed, 04 Mar 2020 15:08:47 GMT
content-encoding: gzip
vary: Accept-Encoding
x-backendserver: c104web4_live_ws8_dandomain_dk
age: 658
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=134605483&tm=gtm002&Ver=2&mid=61afa423-fd77-4e6a-a784-cd9b7edb2d6b&sid=52d8b900762411ed9009fb7418cea104&vid=52d8dad0762411eda4211783b736b3b4&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&p=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&r=https%3A%2F%2Fno-go.kelkoogroup.net%2F<=1781&evt=pageLoad&sv=1&rn=119857
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=134605483&tm=gtm002&Ver=2&mid=61afa423-fd77-4e6a-a784-cd9b7edb2d6b&sid=52d8b900762411ed9009fb7418cea104&vid=52d8dad0762411eda4211783b736b3b4&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&p=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&r=https%3A%2F%2Fno-go.kelkoogroup.net%2F<=1781&evt=pageLoad&sv=1&rn=119857
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=134605483&tm=gtm002&Ver=2&mid=61afa423-fd77-4e6a-a784-cd9b7edb2d6b&sid=52d8b900762411ed9009fb7418cea104&vid=52d8dad0762411eda4211783b736b3b4&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&p=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&r=https%3A%2F%2Fno-go.kelkoogroup.net%2F<=1781&evt=pageLoad&sv=1&rn=119857 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3087AC1D93596E42016DBE6E92AC6FF1; domain=.bing.com; expires=Mon, 01-Jan-2024 11:43:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 40D777ED3146480CA58BBA1422391854 Ref B: OSL30EDGE0509 Ref C: 2022-12-07T11:43:10Z
date: Wed, 07 Dec 2022 11:43:09 GMT
X-Firefox-Spdy: h2
static-tracking.klaviyo.com/onsite/js/532.dd9a1df84d96cf83ca19.css
151.101.130.133200 OK 1.7 kB URL HTTP/2 static-tracking.klaviyo.com/onsite/js/532.dd9a1df84d96cf83ca19.css
IP 151.101.130.133:0
File type ASCII text, with very long lines (6145)
Hash 0dc1c7a389b78ca81cb988e822f60b27
46b51d1f25d7fd5801faf6fade531a522ebcf959
173dfa0bd0f19b6527e56113ebe3e9b56602cdde00eb79c8b589a64e128be82a
GET /onsite/js/532.dd9a1df84d96cf83ca19.css HTTP/1.1
Host: static-tracking.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: jtucqzmrYtlgWrpq9clIFvB2PaRjWdWN5dy5Nscxi2Ya+HgwhgANvQwoIbBV5nmO8yGFIjL/8Wk=
x-amz-request-id: WFP87PVA506CZAPP
last-modified: Wed, 17 Aug 2022 17:44:03 GMT
etag: "a178d611a5a0600884426f0e16e9f9e4"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: RkiQqM98M60WhQqw5YfZS.AnEeHh.cVG
content-type: text/css
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:10 GMT
age: 46961
x-served-by: cache-lga21982-LGA, cache-bma1657-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 35697
vary: Accept-Encoding
content-length: 1654
X-Firefox-Spdy: h2
static-tracking.klaviyo.com/onsite/js/styles.d7b395d2f5dbaa22d3f4.js
151.101.130.133200 OK 118 B URL HTTP/2 static-tracking.klaviyo.com/onsite/js/styles.d7b395d2f5dbaa22d3f4.js
IP 151.101.130.133:0
File type ASCII text, with no line terminators
Hash aed4a1e86839f6eeb25e3b78728a5337
62901eb059a346acbc5720e098d646aafe17785b
bb09fcb60f1ade6836c860d4621b6b60173fb739d4368e3a614049541d901314
GET /onsite/js/styles.d7b395d2f5dbaa22d3f4.js HTTP/1.1
Host: static-tracking.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: evy6MR8i/t8+myYHukLGJAsLg0jKF8qwDaPq6PeaXH4XKvc8s87/nq9dyCDR/b3Nnisq7FB0aQY=
x-amz-request-id: 90D6J8ST8TEHZKRG
last-modified: Tue, 25 Oct 2022 15:47:53 GMT
etag: "d1cd41990e04b6f014ab4f09d2e7abba"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: IoLTxoYxePImRAQ1caSeFQestkDqEHVU
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:10 GMT
age: 46960
x-served-by: cache-lga13622-LGA, cache-bma1657-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1984
vary: Accept-Encoding
content-length: 118
X-Firefox-Spdy: h2
static-tracking.klaviyo.com/onsite/js/vendors~Render.edd12197fd2a4acc2da2.js
151.101.130.133200 OK 3.8 kB URL HTTP/2 static-tracking.klaviyo.com/onsite/js/vendors~Render.edd12197fd2a4acc2da2.js
IP 151.101.130.133:0
File type Unicode text, UTF-8 text, with very long lines (11537), with no line terminators
Hash 048fa7eaca4449e36aa4f35455e76608
80bf59c695b29e42e0c6cfdc7823ba28d189c3e9
202ec6e3e74869ddff576574731ae31a7311fc719fb5fb837f6ab215ca4745b5
GET /onsite/js/vendors~Render.edd12197fd2a4acc2da2.js HTTP/1.1
Host: static-tracking.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: jeysumK1A4ndSQaLHuA2V3ZcP1ojvNKJimD8+x8tE4DCVxt3EZ1BZLjXVtIjC4D5/aIGl9ntgIo=
x-amz-request-id: 90D0YG0GGMJ2CK92
last-modified: Tue, 25 Oct 2022 15:47:54 GMT
etag: "d7634bbe2c617d1f61290acae8c9e18d"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: FEN1DEYrHq4osAULiyc3_GtEpJqI.xgl
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:10 GMT
age: 46960
x-served-by: cache-lga21929-LGA, cache-bma1657-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 1985
vary: Accept-Encoding
content-length: 3824
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-tracking.klaviyo.com/onsite/js/Render.c8d93e1c7f4761f6add3.js
151.101.130.133200 OK 27 kB URL HTTP/2 static-tracking.klaviyo.com/onsite/js/Render.c8d93e1c7f4761f6add3.js
IP 151.101.130.133:0
File type ASCII text, with very long lines (18565)
Hash 6481239c36e5e9c97369d97d28abb4d5
4641608436f2927ae00b9b71ceb1e92fe6cdaf6e
8f54a533675d138b7f8af938c1bd6f28760a8db8cec10a1ef2808859667c1c54
GET /onsite/js/Render.c8d93e1c7f4761f6add3.js HTTP/1.1
Host: static-tracking.klaviyo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 84uUzU36YNZI/vFtm0k0m507Bs8iltCZkFfQvE4TchIzh/Dq+cHQVU6LBFveZkbR9CeB/JbAUNw=
x-amz-request-id: 87KV4F9W146TXYHP
last-modified: Thu, 01 Dec 2022 18:10:46 GMT
etag: "83350784f581e512902891de75c35378"
cache-control: max-age=2592000,stale-while-revalidate=10800
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
x-amz-version-id: KZeQ9FC0RlG24ByW2_hqmX5YlRTl2uJV
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 07 Dec 2022 11:43:10 GMT
age: 46961
x-served-by: cache-lga13620-LGA, cache-bma1657-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1969
vary: Accept-Encoding
content-length: 26930
X-Firefox-Spdy: h2
bat.bing.com/p/action/134605483.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/134605483.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/134605483.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=07FC2245686C65D12FC930366999649C; domain=.bing.com; expires=Mon, 01-Jan-2024 11:43:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0338C02F23454ACE9DD7BC1CD0727D48 Ref B: OSL30EDGE0509 Ref C: 2022-12-07T11:43:10Z
date: Wed, 07 Dec 2022 11:43:09 GMT
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/833441087/?random=1670413389969&cv=11&fst=1670413389969&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&ref=https%3A%2F%2Fno-go.kelkoogroup.net%2F&tiba=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&auid=1119373337.1670413390&data=event%3Dview_item%3Bid%3DGP_013901&rfmt=3&fmt=4
142.250.74.98200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/833441087/?random=1670413389969&cv=11&fst=1670413389969&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&ref=https%3A%2F%2Fno-go.kelkoogroup.net%2F&tiba=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&auid=1119373337.1670413390&data=event%3Dview_item%3Bid%3DGP_013901&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2541), with no line terminators
Hash 8e1c34c7102949265b2fdd3a40618130
3bb3855f9b166980827ec975b9ab31cfad5fb46c
3e09d48e9bd2db9842d42388fab6da231c7c8e9f042a3efd7f0c98717993ddae
GET /pagead/viewthroughconversion/833441087/?random=1670413389969&cv=11&fst=1670413389969&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&ref=https%3A%2F%2Fno-go.kelkoogroup.net%2F&tiba=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&auid=1119373337.1670413390&data=event%3Dview_item%3Bid%3DGP_013901&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 11:43:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1069
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 11:58:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/833441087/?random=1670413389962&cv=11&fst=1670413389962&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&ref=https%3A%2F%2Fno-go.kelkoogroup.net%2F&tiba=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&auid=1119373337.1670413390&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.98200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/833441087/?random=1670413389962&cv=11&fst=1670413389962&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&ref=https%3A%2F%2Fno-go.kelkoogroup.net%2F&tiba=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&auid=1119373337.1670413390&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2509), with no line terminators
Hash 848c732f54f65605e94d54f432a1fc68
d522ff4b3aee72068945e93a178765177b511651
69e37880b8ea731fbd8efb773142398250914d88ada94705b350b1d59ec2dab9
GET /pagead/viewthroughconversion/833441087/?random=1670413389962&cv=11&fst=1670413389962&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&ref=https%3A%2F%2Fno-go.kelkoogroup.net%2F&tiba=Elizabeth%20Arden%20Superstart%20Probiotic%20Boost%20Skin%20Renewal%20Biocellulose%20Mask&auid=1119373337.1670413390&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 11:43:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1056
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 11:58:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1e181f9ed09fb72bf80535f26ad7b91a
df966a15abb5b870e71527d73592f7d977011eb2
741e73d12b0fa5e76d9b4a78e8e70dbe307e059a0018aca245da0db44c5a5958
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-196343429-1&cid=1432934797.1670413389&jid=1464025633&gjid=2113262486&_gid=343058393.1670413390&_u=YADAAUAKAAAAACAAI~&z=1988990682
108.177.14.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-196343429-1&cid=1432934797.1670413389&jid=1464025633&gjid=2113262486&_gid=343058393.1670413390&_u=YADAAUAKAAAAACAAI~&z=1988990682
IP 108.177.14.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-196343429-1&cid=1432934797.1670413389&jid=1464025633&gjid=2113262486&_gid=343058393.1670413390&_u=YADAAUAKAAAAACAAI~&z=1988990682 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://nemdag.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Dec 2022 11:43:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1e181f9ed09fb72bf80535f26ad7b91a
df966a15abb5b870e71527d73592f7d977011eb2
741e73d12b0fa5e76d9b4a78e8e70dbe307e059a0018aca245da0db44c5a5958
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1pna5l3xsntoj.cloudfront.net/scripts/company/awAddGift.js
143.204.42.140200 OK 0 B URL HTTP/2 d1pna5l3xsntoj.cloudfront.net/scripts/company/awAddGift.js
IP 143.204.42.140:0
GET /scripts/company/awAddGift.js HTTP/1.1
Host: d1pna5l3xsntoj.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-language: en-US
last-modified: Wed, 30 Nov 2022 11:48:12 GMT
content-encoding: br
date: Wed, 07 Dec 2022 11:39:38 GMT
cache-control: public, max-age=600
expires: Wed, 07 Dec 2022 11:49:38 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WUdl9QducCNiQoBzEZjJnJamjU5qiunUhtR339qt8VUQ27IQBv-78g==
age: 212
X-Firefox-Spdy: h2
core.helloretail.com/serve/init?websiteUuid=&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&v=1
18.203.128.48200 OK 0 B URL HTTP/2 core.helloretail.com/serve/init?websiteUuid=&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&v=1
IP 18.203.128.48:0
GET /serve/init?websiteUuid=&url=https%3A%2F%2Fnemdag.no%2Fshop%2Felizabeth-arden-superstart-355182p.html%3Fkk%3Da4c626f-184ec6587d7-2e416%26gmsp%3D1%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DElizabeth%2BArden%2BSuperstart%2BProbiotic%2BBoo&v=1 HTTP/1.1
Host: core.helloretail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nemdag.no
Connection: keep-alive
Referer: https://nemdag.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:43:10 GMT
content-type: application/json;charset=utf-8
access-control-allow-origin: https://nemdag.no
vary: Origin
access-control-allow-credentials: true
content-language: en-US
content-disposition: inline
X-Firefox-Spdy: h2