Submitted URL: http://proff.no/
Effective URL: https://proff.no/
Submission: On May 24 via manual from NO — Scanned from NO

Summary

This website contacted 29 IPs in 8 countries across 23 domains to perform 76 HTTP transactions. The main IP is 13.51.113.218, located in Stockholm, Sweden and belongs to AMAZON-02, US. The main domain is proff.no. The Cisco Umbrella rank of the primary domain is 691103.
TLS certificate: Issued by Amazon on May 11th 2022. Valid for: a year.
This is the only time proff.no was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 13.51.113.218 16509 (AMAZON-02)
2 142.250.74.206 15169 (GOOGLE)
1 10 37.157.2.239 198622 (ADFORM)
4 142.250.185.228 15169 (GOOGLE)
4 2.18.233.201 16625 (AKAMAI-AS)
6 108.157.4.22 16509 (AMAZON-02)
5 37.157.5.73 198622 (ADFORM)
1 15.197.193.217 16509 (AMAZON-02)
1 91.228.74.189 16509 (AMAZON-02)
1 104.16.88.20 13335 (CLOUDFLAR...)
6 142.250.74.195 15169 (GOOGLE)
1 142.251.5.155 15169 (GOOGLE)
1 18.66.139.60 16509 (AMAZON-02)
1 99.86.4.83 16509 (AMAZON-02)
1 3 213.155.156.181 1299 (TWELVE99 ...)
3 195.181.174.7 60068 (CDN77 ^_^)
1 69.173.144.165 26667 (RUBICONPR...)
1 2 18.159.9.226 16509 (AMAZON-02)
1 2 34.249.126.234 16509 (AMAZON-02)
2 3 213.19.147.45 26120 (RHYTHMONE)
1 37.157.6.253 198622 (ADFORM)
1 104.36.113.107 62713 (AS-PUBMATIC)
1 2 185.94.180.125 35220 (SPOTX-AMS)
2 2 37.252.172.250 29990 (ASN-APPNEX)
1 2 23.35.236.247 16625 (AKAMAI-AS)
1 65.9.63.105 16509 (AMAZON-02)
2 213.155.156.188 1299 (TWELVE99 ...)
1 142.250.185.163 15169 (GOOGLE)
1 54.93.174.143 16509 (AMAZON-02)
76 29
Apex Domain
Subdomains
Transfer
17 proff.no
proff.no — Cisco Umbrella Rank: 691103
stats.proff.no
www.proff.no — Cisco Umbrella Rank: 838467
312 KB
16 adform.net
hb.adx.adform.net
s1.adform.net — Cisco Umbrella Rank: 8427
adx.adform.net — Cisco Umbrella Rank: 4019
dmp.adform.net — Cisco Umbrella Rank: 2468
634 KB
8 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 5262
cdn.de17a.com — Cisco Umbrella Rank: 958629
sting.de17a.com — Cisco Umbrella Rank: 389201
sting-cdn.de17a.com — Cisco Umbrella Rank: 390303
265 KB
8 consensu.org
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2100
test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 5533
audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 9812
275 KB
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
498 KB
4 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1281
4 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 7
25 KB
2 casalemedia.com
dsum.casalemedia.com — Cisco Umbrella Rank: 1272
2 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 240
2 KB
2 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 518
1 KB
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 520
657 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 646
825 B
2 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 435
582 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
1 userreport.com
sync.userreport.com
587 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 932
424 B
1 unrulymedia.com
usermatch.targeting.unrulymedia.com — Cisco Umbrella Rank: 3052
177 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 354
239 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 918
353 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 92
434 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 432
2 KB
1 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 987
10 KB
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 338
265 B
76 23
Domain Requested by
15 proff.no 1 redirects proff.no
quantcast.mgr.consensu.org
9 adx.adform.net 1 redirects proff.no
s1.adform.net
6 www.gstatic.com www.google.com
www.gstatic.com
6 quantcast.mgr.consensu.org proff.no
quantcast.mgr.consensu.org
5 s1.adform.net hb.adx.adform.net
proff.no
4 pixel.mathtag.com proff.no
pixel.mathtag.com
4 www.google.com proff.no
www.gstatic.com
www.google.com
3 d5p.de17a.com 1 redirects proff.no
d5p.de17a.com
2 sting.de17a.com d5p.de17a.com
2 dsum.casalemedia.com 1 redirects d5p.de17a.com
2 ib.adnxs.com 2 redirects
2 sync.search.spotxchange.com 1 redirects d5p.de17a.com
2 sync.1rx.io 1 redirects d5p.de17a.com
2 ad.360yield.com 1 redirects d5p.de17a.com
2 pixel.advertising.com 1 redirects d5p.de17a.com
2 cdn.de17a.com proff.no
sting.de17a.com
2 www.google-analytics.com proff.no
1 sting-cdn.de17a.com d5p.de17a.com
1 www.proff.no proff.no
1 audit-tcfv2.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 fonts.gstatic.com www.google.com
1 sync.userreport.com d5p.de17a.com
1 image2.pubmatic.com d5p.de17a.com
1 dmp.adform.net d5p.de17a.com
1 usermatch.targeting.unrulymedia.com 1 redirects
1 pixel.rubiconproject.com d5p.de17a.com
1 test.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 rules.quantcount.com secure.quantserve.com
1 stats.g.doubleclick.net www.google-analytics.com
1 cdn.jsdelivr.net s1.adform.net
1 secure.quantserve.com quantcast.mgr.consensu.org
1 match.adsrvr.org proff.no
1 stats.proff.no proff.no
1 hb.adx.adform.net proff.no
76 34
Subject Issuer Validity Valid
proff.no
Amazon
2022-05-11 -
2023-06-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
www.google.com
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA
2021-06-29 -
2022-07-07
a year crt.sh
*.cmp.quantcast.com
R3
2022-04-26 -
2022-07-25
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-03 -
2022-07-02
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
*.de17a.com
Sectigo ECC Domain Validation Secure Server CA
2021-12-20 -
2022-12-20
a year crt.sh
1072570458.rsc.cdn77.org
R3
2022-05-20 -
2022-08-18
3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2021-08-04 -
2022-09-04
a year crt.sh
*.userreport.com
Amazon
2022-01-19 -
2023-02-17
a year crt.sh
1147033924.rsc.cdn77.org
R3
2022-04-25 -
2022-07-24
3 months crt.sh

This page contains 12 frames:

Primary Page: https://proff.no/
Frame ID: 40237FB00A21EAACFF3290309D077908
Requests: 44 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=2719628c-f98d-4c00-8a37-72e62c872b3d&no_iframe=1&mt_adid=192315&source=mathtag
Frame ID: 9E83C222DDDB5D0CF50E396A5FEB3DEA
Requests: 2 HTTP requests in this frame

Frame: https://proff.no/consent.html
Frame ID: 67894885DC38B2543D4B2E70B387949C
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/banners/scripts/adx.js
Frame ID: 4FAD3B0A475C6B8075C9540D453DBFC0
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/banners/scripts/adx.js
Frame ID: 030F38F4F4AF609DA29C15678D1C699C
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/banners/scripts/adx.js
Frame ID: FD30E4B9343684741C1697F929D0D03B
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=4ch1nh5b8l6c
Frame ID: 9AB4BD4F0727545BEF9AE369C91F7C9B
Requests: 8 HTTP requests in this frame

Frame: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Frame ID: B0B40E4011D28F05CD381520BF1F81AB
Requests: 12 HTTP requests in this frame

Frame: https://cdn.de17a.com/i6n.js?source=dogfight&override_url=https%3A%2F%2Fd5p.de17a.com%2Fcontrol-notify%2Fadform%3Fauction_id%3D-2073556989_1889824_1653406094450_567721236_0
Frame ID: F55AEB045884D9E1B3072210E03FAD48
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Frame ID: 7B015B1411DAFE58146DEC03A9F8C191
Requests: 3 HTTP requests in this frame

Frame: https://sting.de17a.com/api/tags
Frame ID: B351698BED6F529BD7442DA03FFEBC75
Requests: 1 HTTP requests in this frame

Frame: https://cdn.de17a.com/i6n.js?source=sting&rid=xzuxiwnoxxjxxqnfheix
Frame ID: 94B5C1E43795586BF778198925DE5DF7
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Proff® – Nøkkeltall, Regnskap og Roller for norske bedrifter

Page URL History Show full URLs

  1. http://proff.no/ HTTP 301
    https://proff.no/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

76
Requests

91 %
HTTPS

0 %
IPv6

23
Domains

34
Subdomains

29
IPs

8
Countries

2049 kB
Transfer

5715 kB
Size

29
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://proff.no/ HTTP 301
    https://proff.no/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30
  • https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406093590_38475240197570915 HTTP 302
  • https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406093590_38475240197570915
Request Chain 44
  • https://d5p.de17a.com/victory/adform?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg HTTP 302
  • https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Request Chain 48
  • https://pixel.advertising.com/ups/55955/sync?uid=832883172971495699&_origin=1 HTTP 302
  • https://pixel.advertising.com/ups/55955/sync?uid=832883172971495699&_origin=1&verify=true
Request Chain 49
  • https://ad.360yield.com/match?publisher_dsp_id=61&external_user_id=832883172971495699&expiration=1655998094 HTTP 302
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=832883172971495699&expiration=1655998094
Request Chain 50
  • https://usermatch.targeting.unrulymedia.com/usermatch/delta/832883172971495699 HTTP 302
  • https://sync.1rx.io/usersync/delta/832883172971495699 HTTP 302
  • https://sync.1rx.io/usersync/delta/832883172971495699?zcc=1&cb=1653406095203
Request Chain 53
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=832883172971495699&img=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=832883172971495699&img=1&__user_check__=1&sync_id=21297ad9-db76-11ec-a57b-1bce7de30506
Request Chain 54
  • https://ib.adnxs.com/getuid?https://d5p.de17a.com/setuid/appnexus?anxs_uid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fd5p.de17a.com%2Fsetuid%2Fappnexus%3Fanxs_uid%3D%24UID HTTP 302
  • https://d5p.de17a.com/setuid/appnexus?anxs_uid=4663258537148423757
Request Chain 55
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=832883172971495699&expiration=1655998094 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=832883172971495699&expiration=1655998094&C=1

76 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
proff.no/
Redirect Chain
  • http://proff.no/
  • https://proff.no/
60 KB
18 KB
Document
General
Full URL
https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
461271ba8a5ddd6d0452d1d7b53d7247dac6282b03c2918e61af03d55dbd7be5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

content-encoding
gzip
content-language
no-NO
content-length
17635
content-type
text/html;charset=UTF-8
date
Tue, 24 May 2022 15:28:12 GMT

Redirect headers

Connection
keep-alive
Content-Length
134
Content-Type
text/html
Date
Tue, 24 May 2022 15:28:12 GMT
Location
https://proff.no:443/
Server
awselb/2.0
roboto-fontface.css
proff.no/fonts/roboto-fontface/css/
12 KB
1 KB
Stylesheet
General
Full URL
https://proff.no/fonts/roboto-fontface/css/roboto-fontface.css
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
d03b6c530e790642376b53b015d6f3d4aaff4280d53516fb8ee0e117c1afd8bc

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:33:55 GMT
etag
"1653428035362"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
718
expires
Tue, 24 May 2022 21:33:55 GMT
main.css
proff.no/stylesheets/css/
291 KB
51 KB
Stylesheet
General
Full URL
https://proff.no/stylesheets/css/main.css?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
5c1e3c8c463c7408661163e65494a1f0bfe02123044b77a266c5bb1b8f14f391

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:33:55 GMT
etag
"1653428035372"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
51170
expires
Tue, 24 May 2022 21:33:55 GMT
default.css
proff.no/stylesheets/css/
20 KB
5 KB
Stylesheet
General
Full URL
https://proff.no/stylesheets/css/default.css?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
22b23b9c137b0288305c383dd3c8c87bf82d5ff87966c8fbef24c5c6fece9c7e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:33:55 GMT
etag
"1653428035364"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
4694
expires
Tue, 24 May 2022 21:33:55 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
4145
date
Tue, 24 May 2022 14:19:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 24 May 2022 16:19:08 GMT
4395.js
hb.adx.adform.net/hb/
17 KB
4 KB
Script
General
Full URL
https://hb.adx.adform.net/hb/4395.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
942c52b43f6bb3b48ceec027594c2bfce6e34029cc1d485983b2f8e00c7a1034
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Host
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public, max-age=3600
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
Tue, 24 May 2022 16:28:12 GMT
vendor.js
proff.no/js/lib/
414 KB
117 KB
Script
General
Full URL
https://proff.no/js/lib/vendor.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
fa7318c53b32446d37cec15c70bf7dbec1db5d946cf876fcc02de429233361ce

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:10 GMT
etag
"1653428050795"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
119346
expires
Tue, 24 May 2022 21:34:10 GMT
menu.js
proff.no/js/lib/
5 KB
2 KB
Script
General
Full URL
https://proff.no/js/lib/menu.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
e8b4623a433dc3d0a2f2f985e51cbd97b222ba9d66ca9b58ab8b133f4f8715bd

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:33:55 GMT
etag
"1653428035391"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
1736
expires
Tue, 24 May 2022 21:33:55 GMT
api.js
www.google.com/recaptcha/
907 B
993 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=addCaptchaCb&render=explicit&hl=no
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
GSE /
Resource Hash
9842713db52e17ba6a1edde841d5eb36f94c00252d7e26c9f130d29aa0bce779
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
580
x-xss-protection
1; mode=block
expires
Tue, 24 May 2022 15:28:13 GMT
search.js
proff.no/js/lib/
10 KB
3 KB
Script
General
Full URL
https://proff.no/js/lib/search.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
142cfecbbe6b0c3605072d997fe3a1d199af6f4d7a7c9408e6ecd00b2f40a6cf

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:10 GMT
etag
"1653428050780"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
2915
expires
Tue, 24 May 2022 21:34:10 GMT
pa.min.js
stats.proff.no/
1 KB
2 KB
Script
General
Full URL
https://stats.proff.no/pa.min.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
0085b22dee76d92814ecfc0ff69e7d83678eb40ce28565d4746e6fbfa8f0f8be

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
cache-control
max-age=86400
last-modified
Mon, 02 May 2022 12:00:54 GMT
accept-ranges
bytes
content-length
1459
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
analytics.js
proff.no/js/lib/
2 KB
1 KB
Script
General
Full URL
https://proff.no/js/lib/analytics.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
15ac477a33c97d1562572d037318cfb6930df1e612229377a29a1d25ffdafdbb

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:10 GMT
etag
"1653428050792"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
749
expires
Tue, 24 May 2022 21:34:10 GMT
js
pixel.mathtag.com/event/
2 KB
2 KB
Script
General
Full URL
https://pixel.mathtag.com/event/js?mt_id=1200265&mt_adid=192315&s1=https://www.proff.no
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x29 config:1.0.0 /
Resource Hash
0ec7fd4629415e53dce078641b99f4092978805b6880126cb9fa989403bec8fb

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 15:28:13 GMT
Server
MT3 4409 ba5503e master cdg-pixel-x29 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript
Content-Length
1988
Expires
Tue, 24 May 2022 15:28:12 GMT
choice.js
quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/
5 KB
2 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/choice.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-22.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c5c7922ed40e9d4f2e4576bc8092aed89df49ab2790d5f84632cb4a97bac847

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 24 May 2022 15:28:07 GMT
content-encoding
br
last-modified
Tue, 31 Aug 2021 13:44:14 GMT
server
AmazonS3
age
40
etag
W/"3517e82c281f90e0212e505792a3be1d"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
vOFIQ9tww7fSBc9jLAQgxeQ0EKGkZf2cmQlqADlyI4GUXgW3rN3omw==
prebid.4.latest.js
s1.adform.net/banners/scripts/
2 MB
527 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/prebid.4.latest.js
Requested by
Host: hb.adx.adform.net
URL: https://hb.adx.adform.net/hb/4395.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f940358fee2cba0546b93557937fd06423a93d5534c395ef854c4470edd4b26e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
last-modified
Wed, 09 Sep 2020 12:09:49 GMT
server
nginx
etag
W/"5f58c60d-18c2d7"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
adx.js
s1.adform.net/banners/scripts/
58 KB
24 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: hb.adx.adform.net
URL: https://hb.adx.adform.net/hb/4395.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
last-modified
Wed, 26 Jan 2022 11:59:05 GMT
server
nginx
etag
W/"61f13789-e95e"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
polyfills.js
proff.no/js/lib/
18 KB
7 KB
Script
General
Full URL
https://proff.no/js/lib/polyfills.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
a8d9f2a4a3ef5baf61c43ef328bc45c3279ec7334e62e50624bae12c743f90b1

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:11 GMT
etag
"1653428051301"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
6465
expires
Tue, 24 May 2022 21:34:11 GMT
page_bg.png
proff.no/img/v3/
1 KB
2 KB
Image
General
Full URL
https://proff.no/img/v3/page_bg.png
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
2d7f2c49b8acf4fa9dfc186527ea2586d0634b58bb9d496e6efbee67ddb87e7a

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
last-modified
Tue, 24 May 2022 09:34:11 GMT
etag
"1653428051342"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
image/png;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
1092
expires
Tue, 24 May 2022 21:34:11 GMT
sprite_general_6.png
proff.no/img/v3/
14 KB
14 KB
Image
General
Full URL
https://proff.no/img/v3/sprite_general_6.png
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
e1abbbc7891f4f485fb5b9c26fa241b6503282f8bff9ef129da09251be61755f

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:32 GMT
etag
"1653428073000"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
image/png;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
14187
expires
Tue, 24 May 2022 21:34:33 GMT
ss-standard.woff
proff.no/fonts/
26 KB
27 KB
Font
General
Full URL
https://proff.no/fonts/ss-standard.woff
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
e47e764298124c12ec246cc3f33a5ece1cf82cacbef043ea83ebe58089b40287

Request headers

Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
Origin
https://proff.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:11 GMT
etag
"1653428051362"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/font-woff;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
27083
expires
Tue, 24 May 2022 21:34:11 GMT
proffglobal-bold-webfont.woff
proff.no/fonts/
50 KB
51 KB
Font
General
Full URL
https://proff.no/fonts/proffglobal-bold-webfont.woff
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
9c828769c82976773b3b8704e27cf5753cb3aa7f87edde89395b4a662b534aa5

Request headers

Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
Origin
https://proff.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:12 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:11 GMT
etag
"1653428051364"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/font-woff;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
51131
expires
Tue, 24 May 2022 21:34:11 GMT
iframe
pixel.mathtag.com/sync/ Frame 9E83
631 B
994 B
Document
General
Full URL
https://pixel.mathtag.com/sync/iframe?mt_uuid=2719628c-f98d-4c00-8a37-72e62c872b3d&no_iframe=1&mt_adid=192315&source=mathtag
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1200265&mt_adid=192315&s1=https://www.proff.no
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x28 config:1.0.0 /
Resource Hash
304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
631
Content-Type
text/html
Date
Tue, 24 May 2022 15:28:13 GMT
Expires
Tue, 24 May 2022 15:28:12 GMT
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4409 ba5503e master cdg-pixel-x28 config:1.0.0
generic
match.adsrvr.org/track/cmf/
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=k4lpo8g&ttd_tpi=1
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
img
pixel.mathtag.com/misc/
43 B
525 B
Image
General
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x33 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 15:28:13 GMT
Server
MT3 4409 ba5503e master cdg-pixel-x33 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 24 May 2022 15:28:12 GMT
img
pixel.mathtag.com/misc/ Frame 9E83
43 B
525 B
Image
General
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=2719628c-f98d-4c00-8a37-72e62c872b3d&no_iframe=1&mt_adid=192315&source=mathtag
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x29 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://pixel.mathtag.com/sync/iframe?mt_uuid=2719628c-f98d-4c00-8a37-72e62c872b3d&no_iframe=1&mt_adid=192315&source=mathtag
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 15:28:13 GMT
Server
MT3 4409 ba5503e master cdg-pixel-x29 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 24 May 2022 15:28:12 GMT
quant.js
secure.quantserve.com/
24 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/choice.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.189 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Tue, 31 May 2022 15:28:13 GMT
cmp2.js
quantcast.mgr.consensu.org/tcfv2/23/
266 KB
67 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-22.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
br
age
27
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Fri, 18 Dec 2020 15:09:37 GMT
server
AmazonS3
etag
W/"1d55b13d85c9837da884d1e8594cc025"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-meta-qc-ineu
True
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
mcSdIn6Atg40UuENvs6VRovmlsiTkeyVf9mvO42s9wALFRULcSYnww==
freewheel-mapping.json
cdn.jsdelivr.net/gh/prebid/category-mapping-file@1/
14 KB
2 KB
XHR
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/category-mapping-file@1/freewheel-mapping.json
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/prebid.4.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.88.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60d0cdf0b18fc47a4d55b4a2aeccd0b2bcc71063ca21ec0eb538bea39833dda4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
19172
x-jsd-version
1.0.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19121-FRA, cache-bma1668-BMA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"36b6-ffkBzh2j6c/gCM5tBPQMcNXdZI8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tQuGTwGYW4y0m%2BRHYO7E%2BR9Qh3XmaISG3wjPYQNqKgFTEdpvfhXNg%2FOeK2bCFbsOdgUpkSROfVK90DvtduigCQ4eEsMR2SfWkVhJPFLNDP0j5cN%2Frwhw2Ev%2FvqA8lFHEFo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
71070f56dab3fab8-OSL
recaptcha__no.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/
364 KB
144 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=addCaptchaCb&render=explicit&hl=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://proff.no/
Origin
https://proff.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 07:48:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147066
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 07:48:09 GMT
collect
stats.g.doubleclick.net/j/
1 B
434 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3244641-3&cid=2142805635.1653406093&jid=1330077205&gjid=31467001&_gid=1936883993.1653406093&_u=IGBAgEADAAAAAE~&z=1999257202
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.5.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wg-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 24 May 2022 15:28:13 GMT
content-type
text/plain
access-control-allow-origin
https://proff.no
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
194 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=839363965&t=pageview&_s=1&dl=https%3A%2F%2Fproff.no%2F&ul=en-us&de=UTF-8&dt=Proff%C2%AE%20%E2%80%93%20N%C3%B8kkeltall%2C%20Regnskap%20og%20Roller%20for%20norske%20bedrifter&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAD~&jid=1330077205&gjid=31467001&cid=2142805635.1653406093&tid=UA-3244641-3&_gid=1936883993.1653406093&z=1468784335
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 04:18:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
40177
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
adx.adform.net/adx/
Redirect Chain
  • https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406093590_38475240197570915
  • https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406093590_38475240197570915
931 B
1 KB
Script
General
Full URL
https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406093590_38475240197570915
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a32dff4a7de80405c213bd9dc4ccf2d520e9ea5f3169a4119369315d8972a3bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1

Redirect headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:13 GMT
server
nginx
location
https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406093590_38475240197570915
access-control-max-age
86400
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
consent.html
proff.no/ Frame 6789
4 KB
2 KB
Document
General
Full URL
https://proff.no/consent.html
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
9648602e46ca07cf53fe8ff07088110d712862147dbb4c5303d1676eb242d288

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=43200
content-encoding
gzip
content-length
1069
content-type
text/html;charset=UTF-8
date
Tue, 24 May 2022 15:28:13 GMT
etag
"1653428044979"
expires
Tue, 24 May 2022 21:34:04 GMT
last-modified
Tue, 24 May 2022 09:34:04 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers Accept-Encoding
adx.js
s1.adform.net/banners/scripts/ Frame 4FAD
58 KB
24 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
last-modified
Wed, 26 Jan 2022 11:59:05 GMT
server
nginx
etag
W/"61f13789-e95e"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
google-atp-list.json
quantcast.mgr.consensu.org/tcfv2/
153 KB
36 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-22.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1fd0f40aca4dc75d39a51e9b554986541cd2f514b0c4df7198fc8ac61bfada1a

Request headers

Accept
application/json, text/plain, */*
Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:31 GMT
content-encoding
br
age
44864
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Tue, 24 May 2022 03:00:27 GMT
server
AmazonS3
etag
W/"e357936593cc8ed65091e13f59db4400"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
mJ6n-54GgljyTmzSh7e-8_JveeX-7Vgnldv8BOE5-QJZiBQf8lc2AQ==
/
adx.adform.net/adx/
874 B
1 KB
Script
General
Full URL
https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc3NTkwOA&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406093879_4513458087105111
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
17f06cc09365763c3c94c6d9dcb15edc1e3aafed24e54353903b05869ccad34f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
adx.js
s1.adform.net/banners/scripts/ Frame 030F
58 KB
24 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
content-encoding
gzip
last-modified
Wed, 26 Jan 2022 11:59:05 GMT
server
nginx
etag
W/"61f13789-e95e"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
rules-p-B0t1hzyq1UTeN.js
rules.quantcount.com/
2 B
353 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-B0t1hzyq1UTeN.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-60.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:07:07 GMT
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
AmazonS3
age
1266
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA60-P4
content-length
2
x-amz-cf-id
HybUpQ_8PwWqRD-65w4pw_q2kuA87X-IpYrQW2iMtdMM--z_risCQQ==
/
adx.adform.net/adx/
874 B
1 KB
Script
General
Full URL
https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc3Nzk5Mw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406094105_8222746546944049
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
26788ddd9c3171963294f01910d43b2c9c213e4e299a574f83a5537b58bca23a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:14 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
adx.js
s1.adform.net/banners/scripts/ Frame FD30
58 KB
24 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:14 GMT
content-encoding
gzip
last-modified
Wed, 26 Jan 2022 11:59:05 GMT
server
nginx
etag
W/"61f13789-e95e"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
anchor
www.google.com/recaptcha/api2/ Frame 9AB4
43 KB
23 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=4ch1nh5b8l6c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
GSE /
Resource Hash
61ed40af46ff4ac50c810e4675b6e4ba3fb61c33b7fa27e54e568e6249e8ee07
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-LxUTO6FhWh2MFT1nDiS98w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
22689
content-security-policy
script-src 'report-sample' 'nonce-LxUTO6FhWh2MFT1nDiS98w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 24 May 2022 15:28:14 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 9AB4
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=4ch1nh5b8l6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1368
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24237
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 15:05:26 GMT
recaptcha__no.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 9AB4
364 KB
144 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=4ch1nh5b8l6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 07:48:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147066
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 07:48:09 GMT
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/
9 KB
3 KB
XHR
General
Full URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-83.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6797e5bc424d587014449f9825e0e68f8bfb7d163bdd86903fc462560dec3b57

Request headers

Accept
application/json, text/plain, */*
Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:41 GMT
content-encoding
gzip
age
44854
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Thu, 19 May 2022 19:52:29 GMT
server
AmazonS3
etag
W/"50900028e353b5405beb46af660d5881"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
IX6ESpJaeLGXuWQu6Zw9OjFVEOp9d7q.
via
1.1 89c822bb1ce1445a7be6d1057088cfbe.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA6-C1
content-type
application/json
x-amz-cf-id
WTHnI4vUobwv70erthk8J4J8nIvrvK3M5PXfqsSsWS8Nx1IySuP4RA==
/
adx.adform.net/adx/
2 KB
2 KB
Script
General
Full URL
https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc5ODczMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653406094416_10579883744464236
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9efc262701069917f3d20022f81ab34e49cd33b964f8a48b2729bb5464735e92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:14 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
adform;c
d5p.de17a.com/victory/ Frame B0B4
Redirect Chain
  • https://d5p.de17a.com/victory/adform?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMz...
  • https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoT...
3 KB
3 KB
Document
General
Full URL
https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.155.156.181 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-181.teliacarrier-cust.com
Software
/
Resource Hash
777fb6f3c18f054eca2c324ecacce6d2cde81f62b2004b51d3b11dd77b46010e

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

content-length
3073
content-type
text/html;charset=utf-8
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

Redirect headers

content-length
0
location
/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
i6n.js
cdn.de17a.com/ Frame F55A
13 KB
4 KB
Script
General
Full URL
https://cdn.de17a.com/i6n.js?source=dogfight&override_url=https%3A%2F%2Fd5p.de17a.com%2Fcontrol-notify%2Fadform%3Fauction_id%3D-2073556989_1889824_1653406094450_567721236_0
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.174.7 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
frankfurt-1.cdn77.com
Software
CDN77-Turbo /
Resource Hash
0e9988b7982504119f9a3c3c077461ea03f9146e696614c5a18de5fa78bf7b1e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-77-nzt
AcO1rgUGlrn/WQAAAA
x-accel-expires
@1653406606
date
Tue, 24 May 2022 15:28:15 GMT
content-encoding
br
etag
W/"5c6e6493-3319"
last-modified
Thu, 21 Feb 2019 08:42:59 GMT
server
CDN77-Turbo
x-77-nzt-ray
BrYc720k0zU
x-77-cache
HIT
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache
HIT
x-age
89
x-77-pop
frankfurtDE
/
adx.adform.net/adx/ssp/imp/ Frame F55A
35 B
535 B
Image
General
Full URL
https://adx.adform.net/adx/ssp/imp/?data=YtautBHD0atlO4XbQYYuPhF3HGlXExmGPMqHOajKUbT4yP9Xjlqlo0a_0phLS8h-DGe-Nxl_kVgEWZeN-d8kFS971EgKB3F_m0AQlnxsyfcPEE_0jvSIupB7upt7R8dNzfybG0Y4x5oTTPGW7XiDd9CYBUloO-JpgyIZ_8tgkcY2CMNOtl2Rfw2&adxvars=RHuwRKE__4BVfQCLwx1t7DR-hSeAUnhj7KZb_JGS9iwB0_BRuHfj8Hu4BIUZ_v3-yyZEAwdQLKbX2FwZStxKukdlintdx1QLW6w8mJ7v_YEtSsCZgKsz5AHi51cDrueYytCgAiRplGADSthRWUNwzfkmXdqHw_deXRX9L9HoMC9qvpbLSj2wsB0oXE55UawV27kv7lahysmjwCYWJWocLsWjAexNyLOV0&ord=254805
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:14 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
tap.php
pixel.rubiconproject.com/ Frame B0B4
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=6327&nid=2135&put=832883172971495699&expires=30
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif
sync
pixel.advertising.com/ups/55955/ Frame B0B4
Redirect Chain
  • https://pixel.advertising.com/ups/55955/sync?uid=832883172971495699&_origin=1
  • https://pixel.advertising.com/ups/55955/sync?uid=832883172971495699&_origin=1&verify=true
0
255 B
Image
General
Full URL
https://pixel.advertising.com/ups/55955/sync?uid=832883172971495699&_origin=1&verify=true
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Server
18.159.9.226 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-9-226.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:15 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://pixel.advertising.com/ups/55955/sync?uid=832883172971495699&_origin=1&verify=true
date
Tue, 24 May 2022 15:28:15 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
match
ad.360yield.com/ul_cb/ Frame B0B4
Redirect Chain
  • https://ad.360yield.com/match?publisher_dsp_id=61&external_user_id=832883172971495699&expiration=1655998094
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=832883172971495699&expiration=1655998094
43 B
422 B
Image
General
Full URL
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=832883172971495699&expiration=1655998094
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Server
34.249.126.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-126-234.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 24 May 2022 15:28:15 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=832883172971495699&expiration=1655998094
date
Tue, 24 May 2022 15:28:15 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
832883172971495699
sync.1rx.io/usersync/delta/ Frame B0B4
Redirect Chain
  • https://usermatch.targeting.unrulymedia.com/usermatch/delta/832883172971495699
  • https://sync.1rx.io/usersync/delta/832883172971495699
  • https://sync.1rx.io/usersync/delta/832883172971495699?zcc=1&cb=1653406095203
43 B
172 B
Image
General
Full URL
https://sync.1rx.io/usersync/delta/832883172971495699?zcc=1&cb=1653406095203
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Server
213.19.147.45 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:15 GMT
cache-control
no-store, no-cache, must-revalidate
server
Tengine
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:15 GMT
server
Tengine
etag
RXa476ab3de4ad47bb8d2b0cee361ba587003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://sync.1rx.io/usersync/delta/832883172971495699?zcc=1&cb=1653406095203
cache-control
no-store, no-cache, must-revalidate
content-type
text/html
expires
0
match
dmp.adform.net/serving/cookie/ Frame B0B4
35 B
468 B
Image
General
Full URL
https://dmp.adform.net/serving/cookie/match?party=1124&cid=832883172971495699
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:15 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
Pug
image2.pubmatic.com/AdServer/ Frame B0B4
42 B
424 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=&gdpr_consent=&piggybackCookie=832883172971495699
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:13 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
partner
sync.search.spotxchange.com/ Frame B0B4
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=832883172971495699&img=1
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=832883172971495699&img=1&__user_check__=1&sync_id=21297ad9-db76-11ec-a57b-1bce7de30506
43 B
549 B
Image
General
Full URL
https://sync.search.spotxchange.com/partner?adv_id=7326&uid=832883172971495699&img=1&__user_check__=1&sync_id=21297ad9-db76-11ec-a57b-1bce7de30506
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
HTTP/1.1
Server
185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 15:28:15 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
137
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Tue, 24 May 2022 15:28:15 GMT
Server
nginx
Location
/partner?adv_id=7326&uid=832883172971495699&img=1&__user_check__=1&sync_id=21297ad9-db76-11ec-a57b-1bce7de30506
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
95
Connection
keep-alive
Content-Length
0
appnexus
d5p.de17a.com/setuid/ Frame B0B4
Redirect Chain
  • https://ib.adnxs.com/getuid?https://d5p.de17a.com/setuid/appnexus?anxs_uid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fd5p.de17a.com%2Fsetuid%2Fappnexus%3Fanxs_uid%3D%24UID
  • https://d5p.de17a.com/setuid/appnexus?anxs_uid=4663258537148423757
35 B
198 B
Image
General
Full URL
https://d5p.de17a.com/setuid/appnexus?anxs_uid=4663258537148423757
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Server
213.155.156.181 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-181.teliacarrier-cust.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-type
image/gif
content-length
35
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

Redirect headers

Pragma
no-cache
Date
Tue, 24 May 2022 15:28:15 GMT
X-Proxy-Origin
178.255.148.170; 178.255.148.170; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
f32422a5-95bb-45ee-8b35-5a14668078f9
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://d5p.de17a.com/setuid/appnexus?anxs_uid=4663258537148423757
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum.casalemedia.com/ Frame B0B4
Redirect Chain
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=832883172971495699&expiration=1655998094
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=832883172971495699&expiration=1655998094&C=1
43 B
1003 B
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=832883172971495699&expiration=1655998094&C=1
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 May 2022 15:28:15 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 24 May 2022 15:28:15 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 24 May 2022 15:28:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=832883172971495699&expiration=1655998094&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
304
Expires
Tue, 24 May 2022 15:28:15 GMT
cs.gif
sync.userreport.com/ Frame B0B4
43 B
587 B
Image
General
Full URL
https://sync.userreport.com/cs.gif?s=d3prj11&fk=832883172971495699
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-meta-cb-modifiedtime
Thu, 25 Oct 2012 12:28:09 GMT
x-amz-version-id
null
Via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
Last-Modified
Thu, 30 Jan 2014 09:18:47 GMT
Server
AmazonS3
Age
41002
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Connection
keep-alive
Date
Tue, 24 May 2022 04:04:54 GMT
X-Amz-Cf-Pop
FRA56-C1
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
fUEiXHdjiRkyJa0fkN-Aw-AW3w1uR1CEyms1KWJJrE1uHrfattZAiw==
ctrl.js
sting.de17a.com/ Frame B0B4
47 KB
17 KB
Script
General
Full URL
https://sting.de17a.com/ctrl.js
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.155.156.188 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-188.teliacarrier-cust.com
Software
nginx/1.18.0 /
Resource Hash
204c8a77b6387ed0f4f572c209fd6f53b2682e863fe3271ee297c7267cecfff6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://d5p.de17a.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 04 Jan 2022 05:16:55 GMT
server
nginx/1.18.0
etag
"bbd017e2384d558"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
expires
Mon, 09 May 2022 19:34:24 GMT
cache-control
must-revalidate, private, max-age=0
x-proxy-cache
HIT
vendor-list.json
quantcast.mgr.consensu.org/GVL-v2/
327 KB
38 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-22.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b4a056bfa3f8317b9ba5aa9b1719971779672b0277107b45699add1db387e90

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:35 GMT
content-encoding
br
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
44860
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 24 May 2022 03:00:33 GMT
server
AmazonS3
etag
W/"f83f06b16bc8a3f2f85a6c82ec5700eb"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
-80TbCuKUKENE-g_uf64c8QFT4HeT1OpeFYtkrVfq0K-gHeBuRVDWw==
purposes-NO.json
quantcast.mgr.consensu.org/GVL-v2/
26 KB
4 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/purposes-NO.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-22.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f55f0bac8143ff8978e73cb65298124d0cecc55c7204ec1974e8033e97b02d09

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:39 GMT
content-encoding
br
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
44857
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 24 May 2022 03:00:33 GMT
server
AmazonS3
etag
W/"d0019502e06dfd5af4b9e79c72df651c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
ecA5Km6IYyo0PCQfa3mLt1jNxStS5i-kBhsVHq0poZ8Mc-BiycVDdw==
cmp2ui-no.js
quantcast.mgr.consensu.org/tcfv2/23/
470 KB
123 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-no.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-22.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d414cb2ce08a4dc9232a80cbe1abdffa0681474beed6257bac44fd9517c99a9f

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 23 May 2022 20:55:13 GMT
content-encoding
br
age
66783
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Fri, 18 Dec 2020 15:09:53 GMT
server
AmazonS3
etag
W/"345c5f67779d1bf2f68fb77385f5ac9d"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
DGKwHR_PZ6MfYspNhg-MGXk1t8EsTeo_J_c4VdAl6mIDoS52Nk_iKQ==
truncated
/ Frame 9AB4
14 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 9AB4
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 9AB4
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Thu, 19 May 2022 19:40:09 GMT
x-content-type-options
nosniff
age
416886
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Thu, 26 May 2022 19:40:09 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9AB4
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=4ch1nh5b8l6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 11:18:05 GMT
x-content-type-options
nosniff
age
15010
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 24 May 2023 11:18:05 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 9AB4
102 B
204 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=4ch1nh5b8l6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
GSE /
Resource Hash
4556056ae0b97237e430120fab528fdc692b0dc2af865e8bed4694dfb8cc1654
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=4ch1nh5b8l6c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Tue, 24 May 2022 15:28:15 GMT
bframe
www.google.com/recaptcha/api2/ Frame 7B01
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
GSE /
Resource Hash
80dc442559f930132315613e6b8a7a073a747683b07acfe2f58ab62a1c087665
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DuaOEajkkI_6dSpE6G2h8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
1114
content-security-policy
script-src 'report-sample' 'nonce-DuaOEajkkI_6dSpE6G2h8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 24 May 2022 15:28:15 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
audit-tcfv2.quantcast.mgr.consensu.org/
2 B
101 B
XHR
General
Full URL
https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22B0t1hzyq1UTeN%22%2C%22domain%22%3A%22proff.no%22%2C%22publisher%22%3A%22proff.no%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.23%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22ljS8kudZi43yRAwB1RnkQg%22%2C%22clientTimestamp%22%3A1653406095276%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-w6tdcl5yn26dz0gihw5j%22%7D
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-no.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.174.143 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-174-143.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 24 May 2022 15:28:15 GMT
content-length
2
content-type
text/plain; charset=utf-8
proff-logo-header-2020.png
www.proff.no/img/
8 KB
9 KB
Image
General
Full URL
https://www.proff.no/img/proff-logo-header-2020.png
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
74425d6a23825882584b8fc4ce285c8bbf7aa81303e468e80c8e4a905925dea9

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:28:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:06 GMT
etag
"1653428046585"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
image/png;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
8102
expires
Tue, 24 May 2022 21:34:06 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 7B01
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 15:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1369
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24237
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 15:05:26 GMT
recaptcha__no.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 7B01
364 KB
144 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 07:48:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27606
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147066
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 07:48:09 GMT
tags
sting.de17a.com/api/ Frame B351
2 KB
1 KB
Document
General
Full URL
https://sting.de17a.com/api/tags
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.155.156.188 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-188.teliacarrier-cust.com
Software
nginx/1.18.0 /
Resource Hash
6ac26d71f9dd4090087c79cbd37e5f07bf3bb15373251fb907c70b1fa4b63585

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://d5p.de17a.com
Referer
https://d5p.de17a.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 24 May 2022 15:28:15 GMT
p3p
CP="NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV" CP="NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV"
server
nginx/1.18.0
i6n.js
cdn.de17a.com/ Frame 94B5
13 KB
4 KB
Script
General
Full URL
https://cdn.de17a.com/i6n.js?source=sting&rid=xzuxiwnoxxjxxqnfheix
Requested by
Host: sting.de17a.com
URL: https://sting.de17a.com/ctrl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.174.7 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
frankfurt-1.cdn77.com
Software
CDN77-Turbo /
Resource Hash
0e9988b7982504119f9a3c3c077461ea03f9146e696614c5a18de5fa78bf7b1e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://d5p.de17a.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-77-nzt
AcO1rgWcolf/WQAAAA
x-accel-expires
@1653406606
date
Tue, 24 May 2022 15:28:15 GMT
content-encoding
br
etag
W/"5c6e6493-3319"
last-modified
Thu, 21 Feb 2019 08:42:59 GMT
server
CDN77-Turbo
x-77-nzt-ray
HqnQA0xjRak
x-77-cache
HIT
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache
HIT
x-age
89
x-77-pop
frankfurtDE
980x600.png
sting-cdn.de17a.com/files/1630613797000/001/012/142/ Frame 94B5
235 KB
236 KB
Image
General
Full URL
https://sting-cdn.de17a.com/files/1630613797000/001/012/142/980x600.png
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-2073556989_1889824_1653406094450_567721236_0&bp=1aUnH-ggyAwfxuQ1MntegQDnBhivKjajbLP7Wg&creative_id=762245&dfh=08&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTMzUzMTI4MzgyMDI3MTczOTU3MDCKhl05jpduEoOAUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaLS0yMDczNTU2OTg5XzE4ODk4MjRfMTY1MzQwNjA5NDQ1MF81Njc3MjEyMzZfMGDUB2isAnABeACAAdim1wSQAZzm56gMmAH.0PD3CKkB.9KXiuenFkCxAesnWSNAKg1AuQH.......8hQMkBAAAAAAAAAABK_CgAoAg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.174.7 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
frankfurt-1.cdn77.com
Software
CDN77-Turbo /
Resource Hash
e837efbebd7639ed08ab9608bb6b311af63e97e3391fb3c3efc419686cc1f581

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://d5p.de17a.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Tue, 24 May 2022 15:28:15 GMT
x-77-cache
HIT
x-cache
HIT
x-age
71986
alt-svc
quic="195.181.174.5:443"; ma=2592000; v="44,43,39"
content-length
240964
x-77-nzt
AcO1rgWpdO//MhkBAA
x-accel-expires
@1653420509
server
CDN77-Turbo
x-77-nzt-ray
p5N/DjHcq7w
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-proxy-cache
HIT
/
adx.adform.net/adx/unload/
35 B
483 B
Ping
General
Full URL
https://adx.adform.net/adx/unload/?1653406095810
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:15 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
https://proff.no
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
/
adx.adform.net/adx/unload/
35 B
483 B
Ping
General
Full URL
https://adx.adform.net/adx/unload/?1653406095811
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:15 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
https://proff.no
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
/
adx.adform.net/adx/unload/
35 B
492 B
Ping
General
Full URL
https://adx.adform.net/adx/unload/?1653406095811
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 24 May 2022 15:28:15 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
https://proff.no
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| __tcfapi function| __uspapi string| tagManagerId function| ga function| createElement object| googletag function| consentGiven object| adformtag object| _adform object| pbjs object| webpackJsonp string| cacheBustVersion string| polyfills object| scriptElement object| menuConfig object| jsMessages object| user string| site boolean| normalDevice string| language function| validate function| send function| addCaptchaCb function| useWallpaperFallback object| WebAnalytics string| paSiteId function| pa string| cookieValue object| scripts object| paScriptName string| endpoint object| expirationDate function| track function| metric object| _qevents function| pbjsChunk object| _pbjsGlobals function| JSEncrypt object| ADAGIO object| invibes string| nobidVersion object| nobid object| top1 object| realvu_aa_fifo object| realvu_aa number| boost_poll object| Adform object| _fscope object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_data object| gaplugins object| gaGlobal object| gaData undefined| _adform_cb_1653406093590_38475240197570915 object| regeneratorRuntime function| __tcfapiui boolean| _inter_adf_51524__rendered__ number| _inter_adf_51524 undefined| _adform_cb_1653406093879_4513458087105111 boolean| _inter_adf_187317__rendered__ number| _inter_adf_187317 function| quantserve function| __qc object| ezt object| _qoptions function| qtrack undefined| _adform_cb_1653406094105_8222746546944049 boolean| _inter_adf_650680__rendered__ number| _inter_adf_650680 object| recaptcha object| closure_lm_675969 undefined| _adform_cb_1653406094416_10579883744464236 boolean| _inter_adf_549092__rendered__ number| _inter_adf_549092 object| scCGSHMRCache

29 Cookies

Domain/Path Name / Value
proff.no/ Name: JSESSIONID
Value: 99AA4204E5203E8D164DC38B1482F3C8
proff.no/ Name: _pa
Value: PA0.285438307973791
.mathtag.com/ Name: uuid
Value: 2719628c-f98d-4c00-8a37-72e62c872b3d
.mathtag.com/ Name: mt_misc
Value: mt_bt:1
.proff.no/ Name: _ga
Value: GA1.2.2142805635.1653406093
.proff.no/ Name: _gid
Value: GA1.2.1936883993.1653406093
.proff.no/ Name: _gat
Value: 1
.adform.net/ Name: C
Value: 1
proff.no/ Name: AWSALB
Value: on5zs5akdGF3hyO3np/h2UwxG1vrn6UlonlIx2meCmrG9QXiBKScSQlssr5SFzOwFVbIb/AjXSia4BneQdGIyD1W8UywaQ7Ok5h0MTF8/++K65/bnckbS/2U3bUx
proff.no/ Name: AWSALBCORS
Value: on5zs5akdGF3hyO3np/h2UwxG1vrn6UlonlIx2meCmrG9QXiBKScSQlssr5SFzOwFVbIb/AjXSia4BneQdGIyD1W8UywaQ7Ok5h0MTF8/++K65/bnckbS/2U3bUx
.adform.net/ Name: uid
Value: 3531283820271739570
.de17a.com/ Name: guid2
Value: 1.832883172971495699
.adnxs.com/ Name: uuid2
Value: 4663258537148423757
.360yield.com/ Name: tuuid
Value: 62785e09-4d33-48f2-afe3-07ef07e8d248
.360yield.com/ Name: tuuid_lu
Value: 1653406095
.advertising.com/ Name: APID
Value: UP212724d2-db76-11ec-b6fc-0231421f89ac
.spotxchange.com/ Name: audience
Value: 21297a93-db76-11ec-a57b-1bce7de30506
.casalemedia.com/ Name: CMID
Value: Yoz5j-c0ItSf1iwSJaGKHQAA
.casalemedia.com/ Name: CMPS
Value: 660
.360yield.com/ Name: um
Value: !61,nc8M8rHBrrXwq.aIXNeSNCfOf.mMLA6Uigp-cdtXsCc=,1655998094
.360yield.com/ Name: umeh
Value: !61,0,1715614095,-1
.casalemedia.com/ Name: CMPRO
Value: 233
.casalemedia.com/ Name: CMRUM3
Value: af628cf98f2760832883172971495699
.casalemedia.com/ Name: CMST
Value: Yoz5j2KM+Y8A
www.proff.no/ Name: AWSALB
Value: 9HtBoWQ0Tsg0FQTkAX869OPSJWGrZVoLcqYVFNxZlwfaLOEFGP6dsM6TEl2tEgH3FSy6P2SBpSToHqB7x2lFfCKh1sKlyrqcf7lbxD0OAZrJGKgNHRSxpYO2qOU6
www.proff.no/ Name: AWSALBCORS
Value: 9HtBoWQ0Tsg0FQTkAX869OPSJWGrZVoLcqYVFNxZlwfaLOEFGP6dsM6TEl2tEgH3FSy6P2SBpSToHqB7x2lFfCKh1sKlyrqcf7lbxD0OAZrJGKgNHRSxpYO2qOU6
www.proff.no/ Name: JSESSIONID
Value: CE6D4DEF0DD635A11020B02F1C181975
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-832883172971495699
.pubmatic.com/ Name: PugT
Value: 1653406093

1 Console Messages

Source Level URL
Text
network error URL: https://pixel.advertising.com/ups/55955/sync?uid=832883172971495699&_origin=1&verify=true
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
adx.adform.net
audit-tcfv2.quantcast.mgr.consensu.org
cdn.de17a.com
cdn.jsdelivr.net
d5p.de17a.com
dmp.adform.net
dsum.casalemedia.com
fonts.gstatic.com
hb.adx.adform.net
ib.adnxs.com
image2.pubmatic.com
match.adsrvr.org
pixel.advertising.com
pixel.mathtag.com
pixel.rubiconproject.com
proff.no
quantcast.mgr.consensu.org
rules.quantcount.com
s1.adform.net
secure.quantserve.com
stats.g.doubleclick.net
stats.proff.no
sting-cdn.de17a.com
sting.de17a.com
sync.1rx.io
sync.search.spotxchange.com
sync.userreport.com
test.quantcast.mgr.consensu.org
usermatch.targeting.unrulymedia.com
www.google-analytics.com
www.google.com
www.gstatic.com
www.proff.no
104.16.88.20
104.36.113.107
108.157.4.22
13.51.113.218
142.250.185.163
142.250.185.228
142.250.74.195
142.250.74.206
142.251.5.155
15.197.193.217
18.159.9.226
18.66.139.60
185.94.180.125
195.181.174.7
2.18.233.201
213.155.156.181
213.155.156.188
213.19.147.45
23.35.236.247
34.249.126.234
37.157.2.239
37.157.5.73
37.157.6.253
37.252.172.250
54.93.174.143
65.9.63.105
69.173.144.165
91.228.74.189
99.86.4.83
0085b22dee76d92814ecfc0ff69e7d83678eb40ce28565d4746e6fbfa8f0f8be
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0e9988b7982504119f9a3c3c077461ea03f9146e696614c5a18de5fa78bf7b1e
0ec7fd4629415e53dce078641b99f4092978805b6880126cb9fa989403bec8fb
142cfecbbe6b0c3605072d997fe3a1d199af6f4d7a7c9408e6ecd00b2f40a6cf
15ac477a33c97d1562572d037318cfb6930df1e612229377a29a1d25ffdafdbb
17f06cc09365763c3c94c6d9dcb15edc1e3aafed24e54353903b05869ccad34f
1b4a056bfa3f8317b9ba5aa9b1719971779672b0277107b45699add1db387e90
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1fd0f40aca4dc75d39a51e9b554986541cd2f514b0c4df7198fc8ac61bfada1a
204c8a77b6387ed0f4f572c209fd6f53b2682e863fe3271ee297c7267cecfff6
22b23b9c137b0288305c383dd3c8c87bf82d5ff87966c8fbef24c5c6fece9c7e
26788ddd9c3171963294f01910d43b2c9c213e4e299a574f83a5537b58bca23a
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
2d7f2c49b8acf4fa9dfc186527ea2586d0634b58bb9d496e6efbee67ddb87e7a
304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65
3c5c7922ed40e9d4f2e4576bc8092aed89df49ab2790d5f84632cb4a97bac847
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4556056ae0b97237e430120fab528fdc692b0dc2af865e8bed4694dfb8cc1654
461271ba8a5ddd6d0452d1d7b53d7247dac6282b03c2918e61af03d55dbd7be5
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5c1e3c8c463c7408661163e65494a1f0bfe02123044b77a266c5bb1b8f14f391
60d0cdf0b18fc47a4d55b4a2aeccd0b2bcc71063ca21ec0eb538bea39833dda4
61ed40af46ff4ac50c810e4675b6e4ba3fb61c33b7fa27e54e568e6249e8ee07
6797e5bc424d587014449f9825e0e68f8bfb7d163bdd86903fc462560dec3b57
6ac26d71f9dd4090087c79cbd37e5f07bf3bb15373251fb907c70b1fa4b63585
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74425d6a23825882584b8fc4ce285c8bbf7aa81303e468e80c8e4a905925dea9
777fb6f3c18f054eca2c324ecacce6d2cde81f62b2004b51d3b11dd77b46010e
7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b
80dc442559f930132315613e6b8a7a073a747683b07acfe2f58ab62a1c087665
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
942c52b43f6bb3b48ceec027594c2bfce6e34029cc1d485983b2f8e00c7a1034
9648602e46ca07cf53fe8ff07088110d712862147dbb4c5303d1676eb242d288
9842713db52e17ba6a1edde841d5eb36f94c00252d7e26c9f130d29aa0bce779
9c828769c82976773b3b8704e27cf5753cb3aa7f87edde89395b4a662b534aa5
9efc262701069917f3d20022f81ab34e49cd33b964f8a48b2729bb5464735e92
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a32dff4a7de80405c213bd9dc4ccf2d520e9ea5f3169a4119369315d8972a3bd
a8d9f2a4a3ef5baf61c43ef328bc45c3279ec7334e62e50624bae12c743f90b1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d03b6c530e790642376b53b015d6f3d4aaff4280d53516fb8ee0e117c1afd8bc
d414cb2ce08a4dc9232a80cbe1abdffa0681474beed6257bac44fd9517c99a9f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e1abbbc7891f4f485fb5b9c26fa241b6503282f8bff9ef129da09251be61755f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47e764298124c12ec246cc3f33a5ece1cf82cacbef043ea83ebe58089b40287
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e837efbebd7639ed08ab9608bb6b311af63e97e3391fb3c3efc419686cc1f581
e8b4623a433dc3d0a2f2f985e51cbd97b222ba9d66ca9b58ab8b133f4f8715bd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f55f0bac8143ff8978e73cb65298124d0cecc55c7204ec1974e8033e97b02d09
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f940358fee2cba0546b93557937fd06423a93d5534c395ef854c4470edd4b26e
fa7318c53b32446d37cec15c70bf7dbec1db5d946cf876fcc02de429233361ce