Submitted URL: http://proff.no/
Effective URL: https://proff.no/
Submission: On May 24 via manual from NO — Scanned from NO

Summary

This website contacted 30 IPs in 8 countries across 23 domains to perform 73 HTTP transactions. The main IP is 13.51.113.218, located in Stockholm, Sweden and belongs to AMAZON-02, US. The main domain is proff.no. The Cisco Umbrella rank of the primary domain is 691103.
TLS certificate: Issued by Amazon on May 11th 2022. Valid for: a year.
This is the only time proff.no was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 13.51.113.218 16509 (AMAZON-02)
2 172.217.16.142 15169 (GOOGLE)
1 8 37.157.6.242 198622 (ADFORM)
4 142.250.184.228 15169 (GOOGLE)
4 2.18.233.201 16625 (AKAMAI-AS)
6 65.9.63.49 16509 (AMAZON-02)
4 37.157.5.72 198622 (ADFORM)
1 35.71.131.137 16509 (AMAZON-02)
1 104.16.88.20 13335 (CLOUDFLAR...)
1 91.228.74.134 16509 (AMAZON-02)
6 142.250.185.67 15169 (GOOGLE)
1 64.233.184.156 15169 (GOOGLE)
1 65.9.63.122 16509 (AMAZON-02)
1 3 213.155.156.169 1299 (TWELVE99 ...)
2 195.181.175.55 60068 (CDN77 ^_^)
1 18.66.139.106 16509 (AMAZON-02)
1 37.157.5.142 198622 (ADFORM)
1 2 54.155.185.156 16509 (AMAZON-02)
1 143.204.98.105 16509 (AMAZON-02)
1 2 23.35.236.247 16625 (AKAMAI-AS)
1 69.173.144.138 26667 (RUBICONPR...)
2 2 37.252.173.27 29990 (ASN-APPNEX)
1 2 18.159.49.182 16509 (AMAZON-02)
2 3 213.19.147.45 3356 (LEVEL3)
1 2 185.94.180.126 35220 (SPOTX-AMS)
1 104.36.113.107 62713 (AS-PUBMATIC)
2 213.155.156.188 1299 (TWELVE99 ...)
1 142.250.185.163 15169 (GOOGLE)
1 195.181.174.6 60068 (CDN77 ^_^)
1 18.194.110.81 16509 (AMAZON-02)
73 30
Apex Domain
Subdomains
Transfer
17 proff.no
proff.no — Cisco Umbrella Rank: 691103
stats.proff.no
www.proff.no — Cisco Umbrella Rank: 838467
312 KB
13 adform.net
hb.adx.adform.net
s1.adform.net — Cisco Umbrella Rank: 8427
adx.adform.net — Cisco Umbrella Rank: 4019
dmp.adform.net — Cisco Umbrella Rank: 2468
609 KB
8 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 5262
cdn.de17a.com — Cisco Umbrella Rank: 958629
sting.de17a.com — Cisco Umbrella Rank: 389201
sting-cdn.de17a.com — Cisco Umbrella Rank: 390303
265 KB
8 consensu.org
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2100
test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 5533
audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 9812
274 KB
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
498 KB
4 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1281
4 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 7
25 KB
2 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 518
1 KB
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 520
656 B
2 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 435
581 B
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 240
2 KB
2 casalemedia.com
dsum.casalemedia.com — Cisco Umbrella Rank: 1272
2 KB
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 646
825 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 932
424 B
1 unrulymedia.com
usermatch.targeting.unrulymedia.com — Cisco Umbrella Rank: 3052
176 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 354
239 B
1 userreport.com
sync.userreport.com
587 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 918
353 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 92
434 B
1 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 987
10 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 432
2 KB
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 338
265 B
73 23
Domain Requested by
15 proff.no 1 redirects proff.no
quantcast.mgr.consensu.org
7 adx.adform.net 1 redirects proff.no
s1.adform.net
6 www.gstatic.com www.google.com
www.gstatic.com
6 quantcast.mgr.consensu.org proff.no
quantcast.mgr.consensu.org
4 s1.adform.net hb.adx.adform.net
proff.no
4 pixel.mathtag.com proff.no
pixel.mathtag.com
4 www.google.com proff.no
www.gstatic.com
www.google.com
3 d5p.de17a.com 1 redirects proff.no
d5p.de17a.com
2 sting.de17a.com d5p.de17a.com
2 sync.search.spotxchange.com 1 redirects d5p.de17a.com
2 sync.1rx.io 1 redirects d5p.de17a.com
2 pixel.advertising.com 1 redirects d5p.de17a.com
2 ib.adnxs.com 2 redirects
2 dsum.casalemedia.com 1 redirects d5p.de17a.com
2 ad.360yield.com 1 redirects d5p.de17a.com
2 cdn.de17a.com proff.no
sting.de17a.com
2 www.google-analytics.com proff.no
1 www.proff.no proff.no
1 audit-tcfv2.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 sting-cdn.de17a.com d5p.de17a.com
1 fonts.gstatic.com www.google.com
1 image2.pubmatic.com d5p.de17a.com
1 usermatch.targeting.unrulymedia.com 1 redirects
1 pixel.rubiconproject.com d5p.de17a.com
1 sync.userreport.com d5p.de17a.com
1 dmp.adform.net d5p.de17a.com
1 test.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 rules.quantcount.com secure.quantserve.com
1 stats.g.doubleclick.net www.google-analytics.com
1 secure.quantserve.com quantcast.mgr.consensu.org
1 cdn.jsdelivr.net s1.adform.net
1 match.adsrvr.org proff.no
1 stats.proff.no proff.no
1 hb.adx.adform.net proff.no
73 34
Subject Issuer Validity Valid
proff.no
Amazon
2022-05-11 -
2023-06-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
www.google.com
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA
2021-06-29 -
2022-07-07
a year crt.sh
*.cmp.quantcast.com
R3
2022-04-26 -
2022-07-25
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-03 -
2022-07-02
a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
*.de17a.com
Sectigo ECC Domain Validation Secure Server CA
2021-12-20 -
2022-12-20
a year crt.sh
1072570458.rsc.cdn77.org
R3
2022-05-20 -
2022-08-18
3 months crt.sh
*.userreport.com
Amazon
2022-01-19 -
2023-02-17
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2021-08-04 -
2022-09-04
a year crt.sh
1147033924.rsc.cdn77.org
R3
2022-04-25 -
2022-07-24
3 months crt.sh

This page contains 11 frames:

Primary Page: https://proff.no/
Frame ID: 22FFD91C31758125452CED8E3017B03C
Requests: 42 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=3944628c-d3d4-4a00-a55d-7a7034f09d10&no_iframe=1&mt_adid=192315&source=mathtag
Frame ID: 26A3F8B6266D0DE42FCD9DE02A5C4EE5
Requests: 2 HTTP requests in this frame

Frame: https://proff.no/consent.html
Frame ID: 01ABA87D50BDADCF7250C54714AEE2D2
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/banners/scripts/adx.js
Frame ID: 57D243919255C40EB90174CB12F286DE
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/banners/scripts/adx.js
Frame ID: AA0AEA36334A09C309A28B928B08BA04
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=nse6w9v793nj
Frame ID: DBE28D67CA3DE8FBD94E1B45F926ECF8
Requests: 8 HTTP requests in this frame

Frame: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Frame ID: D2E0B7B7A4FAD3E8D4F8A04963B770B4
Requests: 12 HTTP requests in this frame

Frame: https://cdn.de17a.com/i6n.js?source=dogfight&override_url=https%3A%2F%2Fd5p.de17a.com%2Fcontrol-notify%2Fadform%3Fauction_id%3D-79412283_1959814_1653396437165_989614863_0
Frame ID: E31F00D3D3B5A188BE684F9C00B05498
Requests: 2 HTTP requests in this frame

Frame: https://sting.de17a.com/api/tags
Frame ID: F3B627DCD4CDE23EADEE95B481759985
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Frame ID: 309540A3B2096D58183B9EADCEE55A17
Requests: 3 HTTP requests in this frame

Frame: https://cdn.de17a.com/i6n.js?source=sting&rid=xxxzkxcxxdknnmmcxuxf
Frame ID: 89C7D308FD34DDE3C3AF0752040A74E4
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Proff® – Nøkkeltall, Regnskap og Roller for norske bedrifter

Page URL History Show full URLs

  1. http://proff.no/ HTTP 301
    https://proff.no/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

73
Requests

90 %
HTTPS

0 %
IPv6

23
Domains

34
Subdomains

30
IPs

8
Countries

2023 kB
Transfer

5656 kB
Size

29
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://proff.no/ HTTP 301
    https://proff.no/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30
  • https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396436543_9020267931899919 HTTP 302
  • https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396436543_9020267931899919
Request Chain 39
  • https://d5p.de17a.com/victory/adform?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg HTTP 302
  • https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Request Chain 46
  • https://ad.360yield.com/match?publisher_dsp_id=61&external_user_id=52722169351697654&expiration=1655988437 HTTP 302
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=52722169351697654&expiration=1655988437
Request Chain 48
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=52722169351697654&expiration=1655988437 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=52722169351697654&expiration=1655988437&C=1
Request Chain 50
  • https://ib.adnxs.com/getuid?https://d5p.de17a.com/setuid/appnexus?anxs_uid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fd5p.de17a.com%2Fsetuid%2Fappnexus%3Fanxs_uid%3D%24UID HTTP 302
  • https://d5p.de17a.com/setuid/appnexus?anxs_uid=8088760691678970027
Request Chain 51
  • https://pixel.advertising.com/ups/55955/sync?uid=52722169351697654&_origin=1 HTTP 302
  • https://pixel.advertising.com/ups/55955/sync?uid=52722169351697654&_origin=1&verify=true
Request Chain 52
  • https://usermatch.targeting.unrulymedia.com/usermatch/delta/52722169351697654 HTTP 302
  • https://sync.1rx.io/usersync/delta/52722169351697654 HTTP 302
  • https://sync.1rx.io/usersync/delta/52722169351697654?zcc=1&cb=1653396437836
Request Chain 53
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=52722169351697654&img=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=52722169351697654&img=1&__user_check__=1&sync_id=a4f065ff-db5f-11ec-bb50-1bbe6fc50406

73 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
proff.no/
Redirect Chain
  • http://proff.no/
  • https://proff.no/
60 KB
18 KB
Document
General
Full URL
https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
461271ba8a5ddd6d0452d1d7b53d7247dac6282b03c2918e61af03d55dbd7be5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

content-encoding
gzip
content-language
no-NO
content-length
17635
content-type
text/html;charset=UTF-8
date
Tue, 24 May 2022 12:47:15 GMT

Redirect headers

Connection
keep-alive
Content-Length
134
Content-Type
text/html
Date
Tue, 24 May 2022 12:47:15 GMT
Location
https://proff.no:443/
Server
awselb/2.0
roboto-fontface.css
proff.no/fonts/roboto-fontface/css/
12 KB
1 KB
Stylesheet
General
Full URL
https://proff.no/fonts/roboto-fontface/css/roboto-fontface.css
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
d03b6c530e790642376b53b015d6f3d4aaff4280d53516fb8ee0e117c1afd8bc

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:14 GMT
etag
"1653428054966"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
718
expires
Tue, 24 May 2022 21:34:14 GMT
main.css
proff.no/stylesheets/css/
291 KB
51 KB
Stylesheet
General
Full URL
https://proff.no/stylesheets/css/main.css?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
5c1e3c8c463c7408661163e65494a1f0bfe02123044b77a266c5bb1b8f14f391

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:00 GMT
etag
"1653428040537"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
51170
expires
Tue, 24 May 2022 21:34:00 GMT
default.css
proff.no/stylesheets/css/
20 KB
5 KB
Stylesheet
General
Full URL
https://proff.no/stylesheets/css/default.css?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
22b23b9c137b0288305c383dd3c8c87bf82d5ff87966c8fbef24c5c6fece9c7e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:00 GMT
etag
"1653428040527"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
4694
expires
Tue, 24 May 2022 21:34:00 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f142.1e100.net
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
1688
date
Tue, 24 May 2022 12:19:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 24 May 2022 14:19:08 GMT
4395.js
hb.adx.adform.net/hb/
17 KB
4 KB
Script
General
Full URL
https://hb.adx.adform.net/hb/4395.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
942c52b43f6bb3b48ceec027594c2bfce6e34029cc1d485983b2f8e00c7a1034
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Host
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public, max-age=3600
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
Tue, 24 May 2022 13:47:15 GMT
vendor.js
proff.no/js/lib/
414 KB
117 KB
Script
General
Full URL
https://proff.no/js/lib/vendor.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
fa7318c53b32446d37cec15c70bf7dbec1db5d946cf876fcc02de429233361ce

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:14 GMT
etag
"1653428054998"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
119346
expires
Tue, 24 May 2022 21:34:14 GMT
menu.js
proff.no/js/lib/
5 KB
2 KB
Script
General
Full URL
https://proff.no/js/lib/menu.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
e8b4623a433dc3d0a2f2f985e51cbd97b222ba9d66ca9b58ab8b133f4f8715bd

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:00 GMT
etag
"1653428040529"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
1736
expires
Tue, 24 May 2022 21:34:00 GMT
api.js
www.google.com/recaptcha/
907 B
993 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=addCaptchaCb&render=explicit&hl=no
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
GSE /
Resource Hash
9842713db52e17ba6a1edde841d5eb36f94c00252d7e26c9f130d29aa0bce779
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
580
x-xss-protection
1; mode=block
expires
Tue, 24 May 2022 12:47:16 GMT
search.js
proff.no/js/lib/
10 KB
3 KB
Script
General
Full URL
https://proff.no/js/lib/search.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
142cfecbbe6b0c3605072d997fe3a1d199af6f4d7a7c9408e6ecd00b2f40a6cf

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:00 GMT
etag
"1653428040530"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
2915
expires
Tue, 24 May 2022 21:34:00 GMT
pa.min.js
stats.proff.no/
1 KB
2 KB
Script
General
Full URL
https://stats.proff.no/pa.min.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
0085b22dee76d92814ecfc0ff69e7d83678eb40ce28565d4746e6fbfa8f0f8be

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
cache-control
max-age=86400
last-modified
Mon, 02 May 2022 12:00:54 GMT
accept-ranges
bytes
content-length
1459
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
analytics.js
proff.no/js/lib/
2 KB
1 KB
Script
General
Full URL
https://proff.no/js/lib/analytics.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
15ac477a33c97d1562572d037318cfb6930df1e612229377a29a1d25ffdafdbb

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:15 GMT
etag
"1653428055472"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
749
expires
Tue, 24 May 2022 21:34:15 GMT
js
pixel.mathtag.com/event/
2 KB
2 KB
Script
General
Full URL
https://pixel.mathtag.com/event/js?mt_id=1200265&mt_adid=192315&s1=https://www.proff.no
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x25 config:1.0.0 /
Resource Hash
065bdcdfe6dad6b5ddf5802759e3fe7ea58ffd4bb2b294ad965dfe458c898f13

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 12:47:16 GMT
Server
MT3 4409 ba5503e master cdg-pixel-x25 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript
Content-Length
1988
Expires
Tue, 24 May 2022 12:47:15 GMT
choice.js
quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/
5 KB
2 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/choice.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-49.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c5c7922ed40e9d4f2e4576bc8092aed89df49ab2790d5f84632cb4a97bac847

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
br
last-modified
Tue, 31 Aug 2021 13:44:14 GMT
server
AmazonS3
age
7
etag
W/"3517e82c281f90e0212e505792a3be1d"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
aRNxLnFfgjRQovr9eddgJHHs7ss3jvuEEHdlEN89NJby3hYB4k_bZg==
prebid.4.latest.js
s1.adform.net/banners/scripts/
2 MB
527 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/prebid.4.latest.js
Requested by
Host: hb.adx.adform.net
URL: https://hb.adx.adform.net/hb/4395.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f940358fee2cba0546b93557937fd06423a93d5534c395ef854c4470edd4b26e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
last-modified
Wed, 09 Sep 2020 12:10:01 GMT
server
nginx
etag
W/"5f58c619-18c2d7"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
adx.js
s1.adform.net/banners/scripts/
58 KB
24 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: hb.adx.adform.net
URL: https://hb.adx.adform.net/hb/4395.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
last-modified
Wed, 26 Jan 2022 11:59:05 GMT
server
nginx
etag
W/"61f13789-e95e"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
polyfills.js
proff.no/js/lib/
18 KB
7 KB
Script
General
Full URL
https://proff.no/js/lib/polyfills.js?v=5.1.107
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
a8d9f2a4a3ef5baf61c43ef328bc45c3279ec7334e62e50624bae12c743f90b1

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:15 GMT
etag
"1653428055177"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
6465
expires
Tue, 24 May 2022 21:34:15 GMT
page_bg.png
proff.no/img/v3/
1 KB
2 KB
Image
General
Full URL
https://proff.no/img/v3/page_bg.png
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
2d7f2c49b8acf4fa9dfc186527ea2586d0634b58bb9d496e6efbee67ddb87e7a

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
last-modified
Tue, 24 May 2022 09:34:15 GMT
etag
"1653428055447"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
image/png;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
1092
expires
Tue, 24 May 2022 21:34:15 GMT
sprite_general_6.png
proff.no/img/v3/
14 KB
14 KB
Image
General
Full URL
https://proff.no/img/v3/sprite_general_6.png
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
e1abbbc7891f4f485fb5b9c26fa241b6503282f8bff9ef129da09251be61755f

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:35:21 GMT
etag
"1653428121130"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
image/png;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
14187
expires
Tue, 24 May 2022 21:35:21 GMT
ss-standard.woff
proff.no/fonts/
26 KB
27 KB
Font
General
Full URL
https://proff.no/fonts/ss-standard.woff
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
e47e764298124c12ec246cc3f33a5ece1cf82cacbef043ea83ebe58089b40287

Request headers

Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
Origin
https://proff.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:16 GMT
etag
"1653428056465"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/font-woff;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
27083
expires
Tue, 24 May 2022 21:34:16 GMT
proffglobal-bold-webfont.woff
proff.no/fonts/
50 KB
51 KB
Font
General
Full URL
https://proff.no/fonts/proffglobal-bold-webfont.woff
Requested by
Host: proff.no
URL: https://proff.no/stylesheets/css/main.css?v=5.1.107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
9c828769c82976773b3b8704e27cf5753cb3aa7f87edde89395b4a662b534aa5

Request headers

Referer
https://proff.no/stylesheets/css/main.css?v=5.1.107
Origin
https://proff.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:15 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:16 GMT
etag
"1653428056476"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
application/font-woff;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
51131
expires
Tue, 24 May 2022 21:34:16 GMT
iframe
pixel.mathtag.com/sync/ Frame 26A3
631 B
994 B
Document
General
Full URL
https://pixel.mathtag.com/sync/iframe?mt_uuid=3944628c-d3d4-4a00-a55d-7a7034f09d10&no_iframe=1&mt_adid=192315&source=mathtag
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1200265&mt_adid=192315&s1=https://www.proff.no
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x34 config:1.0.0 /
Resource Hash
304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
631
Content-Type
text/html
Date
Tue, 24 May 2022 12:47:16 GMT
Expires
Tue, 24 May 2022 12:47:15 GMT
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4409 ba5503e master cdg-pixel-x34 config:1.0.0
generic
match.adsrvr.org/track/cmf/
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=k4lpo8g&ttd_tpi=1
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:16 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
img
pixel.mathtag.com/misc/
43 B
525 B
Image
General
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x35 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 12:47:16 GMT
Server
MT3 4409 ba5503e master cdg-pixel-x35 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 24 May 2022 12:47:15 GMT
img
pixel.mathtag.com/misc/ Frame 26A3
43 B
525 B
Image
General
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=3944628c-d3d4-4a00-a55d-7a7034f09d10&no_iframe=1&mt_adid=192315&source=mathtag
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4409 ba5503e master cdg-pixel-x24 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://pixel.mathtag.com/sync/iframe?mt_uuid=3944628c-d3d4-4a00-a55d-7a7034f09d10&no_iframe=1&mt_adid=192315&source=mathtag
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 12:47:16 GMT
Server
MT3 4409 ba5503e master cdg-pixel-x24 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 24 May 2022 12:47:15 GMT
freewheel-mapping.json
cdn.jsdelivr.net/gh/prebid/category-mapping-file@1/
14 KB
2 KB
XHR
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/category-mapping-file@1/freewheel-mapping.json
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/prebid.4.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.88.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60d0cdf0b18fc47a4d55b4a2aeccd0b2bcc71063ca21ec0eb538bea39833dda4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
9515
x-jsd-version
1.0.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19121-FRA, cache-bma1668-BMA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"36b6-ffkBzh2j6c/gCM5tBPQMcNXdZI8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cpMb509MFr%2B44zn%2FEQBehetCYUfcyjZErmu5XGd85pY4YqWfsD9MytQOmrWalMnVcUHlaGBL4hiUfaYVlWlzJK8DxiOOlRd4FKgJLwLO2P4nDryf8Kbvq3hugMGC6qTEy2I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
7106239259ff1c02-OSL
quant.js
secure.quantserve.com/
24 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/choice.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.134 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Tue, 31 May 2022 12:47:16 GMT
cmp2.js
quantcast.mgr.consensu.org/tcfv2/23/
266 KB
67 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/B0t1hzyq1UTeN/proff.no/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-49.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
br
age
16
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Fri, 18 Dec 2020 15:09:37 GMT
server
AmazonS3
etag
W/"1d55b13d85c9837da884d1e8594cc025"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
KyM_jBc4vR4g7NoQVtpFuwNSGQcDkZyud_7_lWTbufBtqFhSdI_ztQ==
recaptcha__no.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/
364 KB
144 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=addCaptchaCb&render=explicit&hl=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://proff.no/
Origin
https://proff.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 07:48:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17940
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147066
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 07:48:16 GMT
collect
stats.g.doubleclick.net/j/
1 B
434 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3244641-3&cid=1859551379.1653396436&jid=1406789892&gjid=20681783&_gid=307370284.1653396436&_u=IGBAgEADAAAAAE~&z=1720930152
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.233.184.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wa-in-f156.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 24 May 2022 12:47:16 GMT
content-type
text/plain
access-control-allow-origin
https://proff.no
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
194 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1233893226&t=pageview&_s=1&dl=https%3A%2F%2Fproff.no%2F&ul=en-us&de=UTF-8&dt=Proff%C2%AE%20%E2%80%93%20N%C3%B8kkeltall%2C%20Regnskap%20og%20Roller%20for%20norske%20bedrifter&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAD~&jid=1406789892&gjid=20681783&cid=1859551379.1653396436&tid=UA-3244641-3&_gid=307370284.1653396436&z=1399385157
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f142.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 23 May 2022 18:45:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
64921
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
adx.adform.net/adx/
Redirect Chain
  • https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396436543_9020267931899919
  • https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396436543_9020267931899919
930 B
1 KB
Script
General
Full URL
https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396436543_9020267931899919
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
6fa6a78888a56b3f099298d8de272a1e132470ea553da4374c61ecb7e0ef4f87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1

Redirect headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:16 GMT
server
nginx
location
https://adx.adform.net/adx/?CC=1&rp=3&pv=1&bWlkPTc0MzExMw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396436543_9020267931899919
access-control-max-age
86400
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
consent.html
proff.no/ Frame 01AB
4 KB
2 KB
Document
General
Full URL
https://proff.no/consent.html
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
9648602e46ca07cf53fe8ff07088110d712862147dbb4c5303d1676eb242d288

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=43200
content-encoding
gzip
content-length
1069
content-type
text/html;charset=UTF-8
date
Tue, 24 May 2022 12:47:16 GMT
etag
"1653428041625"
expires
Tue, 24 May 2022 21:34:01 GMT
last-modified
Tue, 24 May 2022 09:34:01 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers Accept-Encoding
adx.js
s1.adform.net/banners/scripts/ Frame 57D2
58 KB
24 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
last-modified
Wed, 26 Jan 2022 11:59:05 GMT
server
nginx
etag
W/"61f13789-e95e"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
google-atp-list.json
quantcast.mgr.consensu.org/tcfv2/
153 KB
36 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-49.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1fd0f40aca4dc75d39a51e9b554986541cd2f514b0c4df7198fc8ac61bfada1a

Request headers

Accept
application/json, text/plain, */*
Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:31 GMT
content-encoding
br
age
35207
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Tue, 24 May 2022 03:00:27 GMT
server
AmazonS3
etag
W/"e357936593cc8ed65091e13f59db4400"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json
via
1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
p_0Xm9mz2dMHbO0q9G_FZZx7bqs5yl3qzeWxjc2WxZFzDwaH6PrwSQ==
/
adx.adform.net/adx/
874 B
1 KB
Script
General
Full URL
https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc3NTkwOA&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396436893_7778274567621855
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b443351b735d523c3c0b987ff1bd5cabf5f710983cd4072d6d97e9e38388c92e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
adx.js
s1.adform.net/banners/scripts/ Frame AA0A
58 KB
24 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:16 GMT
content-encoding
gzip
last-modified
Wed, 26 Jan 2022 11:59:05 GMT
server
nginx
etag
W/"61f13789-e95e"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
rules-p-B0t1hzyq1UTeN.js
rules.quantcount.com/
2 B
353 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-B0t1hzyq1UTeN.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-122.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:07:07 GMT
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
server
AmazonS3
age
2409
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-C1
content-length
2
x-amz-cf-id
YBocE8_JELSQarWcnU6qNqNtvg3CGBd7lwclebYLnL-J6tjmGHi6MQ==
/
adx.adform.net/adx/
2 KB
2 KB
Script
General
Full URL
https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTc3Nzk5Mw&url=https%3A%2F%2Fproff.no%2F&callback=_adform_cb_1653396437125_6516115906133555
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
7396f7847ccb111979c02fcd4a0c1fd5ed7191a01ca99aa63977c116d4fa70a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:17 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
anchor
www.google.com/recaptcha/api2/ Frame DBE2
43 KB
23 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=nse6w9v793nj
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
GSE /
Resource Hash
5389af5ba3de3f645c3fa47046b31e9f47a2f53b3fec43f6c3ef4ae4fdcf1852
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-4i3eFHos3Lt--m6a76evDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
22854
content-security-policy
script-src 'report-sample' 'nonce-4i3eFHos3Lt--m6a76evDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 24 May 2022 12:47:17 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
adform;c
d5p.de17a.com/victory/ Frame D2E0
Redirect Chain
  • https://d5p.de17a.com/victory/adform?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1...
  • https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNT...
3 KB
3 KB
Document
General
Full URL
https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.155.156.169 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-169.teliacarrier-cust.com
Software
/
Resource Hash
3ed7b8ca0161953a0d986f70fea83498324e602f6a8ddfbbbe1d448c003c1ce6

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

content-length
3057
content-type
text/html;charset=utf-8
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

Redirect headers

content-length
0
location
/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
i6n.js
cdn.de17a.com/ Frame E31F
13 KB
3 KB
Script
General
Full URL
https://cdn.de17a.com/i6n.js?source=dogfight&override_url=https%3A%2F%2Fd5p.de17a.com%2Fcontrol-notify%2Fadform%3Fauction_id%3D-79412283_1959814_1653396437165_989614863_0
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.175.55 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
frankfurt-53.cdn77.com
Software
CDN77-Turbo /
Resource Hash
0e9988b7982504119f9a3c3c077461ea03f9146e696614c5a18de5fa78bf7b1e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-77-nzt
AcO1rzXBeSP/CQAAAA
x-accel-expires
@1653397028
date
Tue, 24 May 2022 12:47:17 GMT
content-encoding
br
etag
W/"5c6e6493-3319"
last-modified
Thu, 21 Feb 2019 08:42:59 GMT
server
CDN77-Turbo
x-77-nzt-ray
BuI/KOBlUdQ
x-77-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
x-cache
HIT
x-age
9
x-77-pop
frankfurtDE
/
adx.adform.net/adx/ssp/imp/ Frame E31F
35 B
544 B
Image
General
Full URL
https://adx.adform.net/adx/ssp/imp/?data=YtautBHD0att5QeXrVCg6mjrTL_3zW4WPbl1lZdKiUr4yP9Xjlqlo0a_0phLS8h-DGe-Nxl_kVgEWZeN-d8kFfTWggHKnPMjJE_0e1VmGQRuIQBa5iA6GoykYJHdSkZwYefaLSuL-XnRoA3UXoaCHeoymUDH2KEHazpzlNo332_yr5fMgP88cA2&adxvars=uE2O08ML3XpVfQCLwx1t7MMzB2AjQrr9XMvrYe0FLiAB0_BRuHfj8Hu4BIUZ_v3-yyZEAwdQLKaaxtZSOTD4u1GB96bFM23SMwZ8_X1ynIuYdjK3gCQuRmJsWKPulvg-shnlPD3w-76X1SVJqR9mDi9TRM83xF5YPz-8e2myEQ4JIhGLVZe8WB0oXE55UawV27kv7lahysnriW3EJLEZh8WjAexNyLOV0&ord=123584
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:17 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
styles__ltr.css
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame DBE2
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=nse6w9v793nj
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2798
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24237
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 12:00:39 GMT
recaptcha__no.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame DBE2
364 KB
144 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=nse6w9v793nj
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 07:48:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17941
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147066
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 07:48:16 GMT
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/
9 KB
3 KB
XHR
General
Full URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-106.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6797e5bc424d587014449f9825e0e68f8bfb7d163bdd86903fc462560dec3b57

Request headers

Accept
application/json, text/plain, */*
Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:41 GMT
content-encoding
br
age
35197
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Thu, 19 May 2022 19:52:29 GMT
server
AmazonS3
etag
W/"50900028e353b5405beb46af660d5881"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
IX6ESpJaeLGXuWQu6Zw9OjFVEOp9d7q.
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA60-P4
content-type
application/json
x-amz-cf-id
A9j16hBHb4HeorbKNoAi6ZUGA2TP5msroLNslrC7IJE38P_yXl7mJg==
match
dmp.adform.net/serving/cookie/ Frame D2E0
35 B
468 B
Image
General
Full URL
https://dmp.adform.net/serving/cookie/match?party=1124&cid=52722169351697654
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:17 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
match
ad.360yield.com/ul_cb/ Frame D2E0
Redirect Chain
  • https://ad.360yield.com/match?publisher_dsp_id=61&external_user_id=52722169351697654&expiration=1655988437
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=52722169351697654&expiration=1655988437
43 B
423 B
Image
General
Full URL
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=52722169351697654&expiration=1655988437
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Server
54.155.185.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-185-156.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 24 May 2022 12:47:17 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=61&external_user_id=52722169351697654&expiration=1655988437
date
Tue, 24 May 2022 12:47:17 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cs.gif
sync.userreport.com/ Frame D2E0
43 B
587 B
Image
General
Full URL
https://sync.userreport.com/cs.gif?s=d3prj11&fk=52722169351697654
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-105.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-meta-cb-modifiedtime
Thu, 25 Oct 2012 12:28:09 GMT
x-amz-version-id
null
Via
1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
Last-Modified
Thu, 30 Jan 2014 09:18:47 GMT
Server
AmazonS3
Age
31344
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Connection
keep-alive
Date
Tue, 24 May 2022 04:10:06 GMT
X-Amz-Cf-Pop
FRA50-C1
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
kS8JBm-6qPoM26oXehs6r-HmjaOocCeNTJ6prq5bEPKoipOJotLHMg==
rum
dsum.casalemedia.com/ Frame D2E0
Redirect Chain
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=52722169351697654&expiration=1655988437
  • https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=52722169351697654&expiration=1655988437&C=1
43 B
1002 B
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=52722169351697654&expiration=1655988437&C=1
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 May 2022 12:47:17 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 24 May 2022 12:47:17 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 24 May 2022 12:47:17 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum.casalemedia.com/rum?cm_dsp_id=175&external_user_id=52722169351697654&expiration=1655988437&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
303
Expires
Tue, 24 May 2022 12:47:17 GMT
tap.php
pixel.rubiconproject.com/ Frame D2E0
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=6327&nid=2135&put=52722169351697654&expires=30
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
66ef90d06496cfd000aab8206f2b6221
Content-Type
image/gif
appnexus
d5p.de17a.com/setuid/ Frame D2E0
Redirect Chain
  • https://ib.adnxs.com/getuid?https://d5p.de17a.com/setuid/appnexus?anxs_uid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fd5p.de17a.com%2Fsetuid%2Fappnexus%3Fanxs_uid%3D%24UID
  • https://d5p.de17a.com/setuid/appnexus?anxs_uid=8088760691678970027
35 B
197 B
Image
General
Full URL
https://d5p.de17a.com/setuid/appnexus?anxs_uid=8088760691678970027
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Server
213.155.156.169 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-169.teliacarrier-cust.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-type
image/gif
content-length
35
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

Redirect headers

Pragma
no-cache
Date
Tue, 24 May 2022 12:47:17 GMT
X-Proxy-Origin
178.255.148.170; 178.255.148.170; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
2e117d85-cc8c-4c2a-9bb5-e687c3f8dcc5
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://d5p.de17a.com/setuid/appnexus?anxs_uid=8088760691678970027
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
pixel.advertising.com/ups/55955/ Frame D2E0
Redirect Chain
  • https://pixel.advertising.com/ups/55955/sync?uid=52722169351697654&_origin=1
  • https://pixel.advertising.com/ups/55955/sync?uid=52722169351697654&_origin=1&verify=true
0
255 B
Image
General
Full URL
https://pixel.advertising.com/ups/55955/sync?uid=52722169351697654&_origin=1&verify=true
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Server
18.159.49.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-49-182.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:17 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://pixel.advertising.com/ups/55955/sync?uid=52722169351697654&_origin=1&verify=true
date
Tue, 24 May 2022 12:47:17 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
52722169351697654
sync.1rx.io/usersync/delta/ Frame D2E0
Redirect Chain
  • https://usermatch.targeting.unrulymedia.com/usermatch/delta/52722169351697654
  • https://sync.1rx.io/usersync/delta/52722169351697654
  • https://sync.1rx.io/usersync/delta/52722169351697654?zcc=1&cb=1653396437836
43 B
172 B
Image
General
Full URL
https://sync.1rx.io/usersync/delta/52722169351697654?zcc=1&cb=1653396437836
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Server
213.19.147.45 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:17 GMT
cache-control
no-store, no-cache, must-revalidate
server
Tengine
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:17 GMT
server
Tengine
etag
RXd9bbd0954b69449d9b699ab7a8b62976003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://sync.1rx.io/usersync/delta/52722169351697654?zcc=1&cb=1653396437836
cache-control
no-store, no-cache, must-revalidate
content-type
text/html
expires
0
partner
sync.search.spotxchange.com/ Frame D2E0
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=52722169351697654&img=1
  • https://sync.search.spotxchange.com/partner?adv_id=7326&uid=52722169351697654&img=1&__user_check__=1&sync_id=a4f065ff-db5f-11ec-bb50-1bbe6fc50406
43 B
549 B
Image
General
Full URL
https://sync.search.spotxchange.com/partner?adv_id=7326&uid=52722169351697654&img=1&__user_check__=1&sync_id=a4f065ff-db5f-11ec-bb50-1bbe6fc50406
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
HTTP/1.1
Server
185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 12:47:17 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
101
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Tue, 24 May 2022 12:47:17 GMT
Server
nginx
Location
/partner?adv_id=7326&uid=52722169351697654&img=1&__user_check__=1&sync_id=a4f065ff-db5f-11ec-bb50-1bbe6fc50406
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
71
Connection
keep-alive
Content-Length
0
Pug
image2.pubmatic.com/AdServer/ Frame D2E0
42 B
424 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=&gdpr_consent=&piggybackCookie=52722169351697654
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:17 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
ctrl.js
sting.de17a.com/ Frame D2E0
47 KB
17 KB
Script
General
Full URL
https://sting.de17a.com/ctrl.js
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.155.156.188 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-188.teliacarrier-cust.com
Software
nginx/1.18.0 /
Resource Hash
204c8a77b6387ed0f4f572c209fd6f53b2682e863fe3271ee297c7267cecfff6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://d5p.de17a.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 04 Jan 2022 05:16:55 GMT
server
nginx/1.18.0
etag
"bbd017e2384d558"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
expires
Mon, 09 May 2022 19:34:24 GMT
cache-control
must-revalidate, private, max-age=0
x-proxy-cache
HIT
vendor-list.json
quantcast.mgr.consensu.org/GVL-v2/
327 KB
38 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-49.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b4a056bfa3f8317b9ba5aa9b1719971779672b0277107b45699add1db387e90

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:35 GMT
content-encoding
br
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
35203
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 24 May 2022 03:00:33 GMT
server
AmazonS3
etag
W/"f83f06b16bc8a3f2f85a6c82ec5700eb"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
JbQhzTQB7f8CnQXvMFjtRg9b_7-BfCMk-N05R5YPkioHh1_PMI71HA==
purposes-NO.json
quantcast.mgr.consensu.org/GVL-v2/
26 KB
4 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/purposes-NO.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-49.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f55f0bac8143ff8978e73cb65298124d0cecc55c7204ec1974e8033e97b02d09

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 03:00:39 GMT
content-encoding
br
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
35200
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 24 May 2022 03:00:33 GMT
server
AmazonS3
etag
W/"d0019502e06dfd5af4b9e79c72df651c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
RskRgYOx4Sc4W_RCQ0Td3rY2CUevJVNBQRQkBKVeEjOubYxAanl_TQ==
cmp2ui-no.js
quantcast.mgr.consensu.org/tcfv2/23/
470 KB
123 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-no.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=proff.no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.63.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-63-49.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d414cb2ce08a4dc9232a80cbe1abdffa0681474beed6257bac44fd9517c99a9f

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 23 May 2022 20:55:13 GMT
content-encoding
br
age
57126
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Fri, 18 Dec 2020 15:09:53 GMT
server
AmazonS3
etag
W/"345c5f67779d1bf2f68fb77385f5ac9d"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
ljMMLCvkBCQDcLexrWJNR_c1MrWhRLVYIWmfJY0H71py2oMy9oVmrA==
tags
sting.de17a.com/api/ Frame F3B6
2 KB
1 KB
Document
General
Full URL
https://sting.de17a.com/api/tags
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.155.156.188 Uppsala, Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
213-155-156-188.teliacarrier-cust.com
Software
nginx/1.18.0 /
Resource Hash
3119d153f89dd2a3543353295d3da8502ad78ca57278ede7945e070e67276a92

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://d5p.de17a.com
Referer
https://d5p.de17a.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 24 May 2022 12:47:18 GMT
p3p
CP="NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV" CP="NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV"
server
nginx/1.18.0
truncated
/ Frame DBE2
14 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame DBE2
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame DBE2
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 18:59:48 GMT
x-content-type-options
nosniff
age
582450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Tue, 24 May 2022 18:59:48 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame DBE2
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=nse6w9v793nj
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 11:18:05 GMT
x-content-type-options
nosniff
age
5353
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 24 May 2023 11:18:05 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame DBE2
102 B
204 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=nse6w9v793nj
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
GSE /
Resource Hash
4556056ae0b97237e430120fab528fdc692b0dc2af865e8bed4694dfb8cc1654
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP&co=aHR0cHM6Ly9wcm9mZi5ubzo0NDM.&hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=nse6w9v793nj
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Tue, 24 May 2022 12:47:18 GMT
bframe
www.google.com/recaptcha/api2/ Frame 3095
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
GSE /
Resource Hash
664a115e2d5a3b5da6f7c1e304563322f459ac123b8e89fae4611b16aa20c77a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7DJy58TUx6VE0YGD3jjFdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://proff.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
1115
content-security-policy
script-src 'report-sample' 'nonce-7DJy58TUx6VE0YGD3jjFdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 24 May 2022 12:47:18 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
i6n.js
cdn.de17a.com/ Frame 89C7
13 KB
3 KB
Script
General
Full URL
https://cdn.de17a.com/i6n.js?source=sting&rid=xxxzkxcxxdknnmmcxuxf
Requested by
Host: sting.de17a.com
URL: https://sting.de17a.com/ctrl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.175.55 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
frankfurt-53.cdn77.com
Software
CDN77-Turbo /
Resource Hash
0e9988b7982504119f9a3c3c077461ea03f9146e696614c5a18de5fa78bf7b1e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://d5p.de17a.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-77-nzt
AcO1rzW0cs7/CgAAAA
x-accel-expires
@1653397028
date
Tue, 24 May 2022 12:47:18 GMT
content-encoding
br
etag
W/"5c6e6493-3319"
last-modified
Thu, 21 Feb 2019 08:42:59 GMT
server
CDN77-Turbo
x-77-nzt-ray
4SCdiVS3OEA
x-77-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
x-cache
HIT
x-age
10
x-77-pop
frankfurtDE
980x600.png
sting-cdn.de17a.com/files/1630613797000/001/012/142/ Frame 89C7
235 KB
236 KB
Image
General
Full URL
https://sting-cdn.de17a.com/files/1630613797000/001/012/142/980x600.png
Requested by
Host: d5p.de17a.com
URL: https://d5p.de17a.com/victory/adform;c?auction_id=-79412283_1959814_1653396437165_989614863_0&bp=bB8FpSJfAETyqdIuK2rV.ZBsklJbSE5Ym-LYog&creative_id=762245&dfh=06&dd=1~Cg9odHRwOi8vcHJvZmYubm8QACoTNTY1MTMyMTIzNzIxODE2OTM2NjCKhl05Gi.dJAbBUEBABUoPMTc4LjI1NS4xNDguMTcwUFRaKy03OTQxMjI4M18xOTU5ODE0XzE2NTMzOTY0MzcxNjVfOTg5NjE0ODYzXzBg1Ado2ARwAXgAgAHYptcEkAGqz-aoDJgB.9Dw9wipARnQbF15ABdAsQHDsoZNa7QNQLkBAAAAAAAAIkDJAQAAAAAAAAAAcg_CgAoAg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.174.6 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
frankfurt-1.cdn77.com
Software
CDN77-Turbo /
Resource Hash
e837efbebd7639ed08ab9608bb6b311af63e97e3391fb3c3efc419686cc1f581

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://d5p.de17a.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Tue, 24 May 2022 12:47:18 GMT
x-77-cache
HIT
x-cache
HIT
x-age
62329
alt-svc
quic="195.181.174.5:443"; ma=2592000; v="44,43,39"
content-length
240964
x-77-nzt
AcO1rgVyryf/efMAAA
x-accel-expires
@1653420509
server
CDN77-Turbo
x-77-nzt-ray
slCme3vX+ac
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-proxy-cache
HIT
/
audit-tcfv2.quantcast.mgr.consensu.org/
2 B
101 B
XHR
General
Full URL
https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22B0t1hzyq1UTeN%22%2C%22domain%22%3A%22proff.no%22%2C%22publisher%22%3A%22proff.no%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.23%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22ljS8kudZi43yRAwB1RnkQg%22%2C%22clientTimestamp%22%3A1653396438290%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-exe1r51armc2z07uxii7%22%7D
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-no.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.194.110.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-194-110-81.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 24 May 2022 12:47:18 GMT
content-length
2
content-type
text/plain; charset=utf-8
proff-logo-header-2020.png
www.proff.no/img/
8 KB
9 KB
Image
General
Full URL
https://www.proff.no/img/proff-logo-header-2020.png
Requested by
Host: proff.no
URL: https://proff.no/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.51.113.218 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-51-113-218.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
74425d6a23825882584b8fc4ce285c8bbf7aa81303e468e80c8e4a905925dea9

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://proff.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:47:18 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 09:34:05 GMT
etag
"1653428045586"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
content-type
image/png;charset=UTF-8
cache-control
max-age=43200
accept-ranges
bytes
content-length
8102
expires
Tue, 24 May 2022 21:34:05 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 3095
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 12:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2799
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24237
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 12:00:39 GMT
recaptcha__no.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 3095
364 KB
144 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__no.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=no&v=M-QqaF9xk6BpjLH22uHZRhXt&k=6LebsAITAAAAAL7tPKiSxodipRymNHMNytB7vaQP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 07:48:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17942
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147066
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 May 2023 07:48:16 GMT
/
adx.adform.net/adx/unload/
35 B
483 B
Ping
General
Full URL
https://adx.adform.net/adx/unload/?1653396438512
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:18 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
https://proff.no
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
/
adx.adform.net/adx/unload/
35 B
483 B
Ping
General
Full URL
https://adx.adform.net/adx/unload/?1653396438512
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://proff.no/
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 24 May 2022 12:47:18 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
https://proff.no
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| __tcfapi function| __uspapi string| tagManagerId function| ga function| createElement object| googletag function| consentGiven object| adformtag object| _adform object| pbjs object| webpackJsonp string| cacheBustVersion string| polyfills object| scriptElement object| menuConfig object| jsMessages object| user string| site boolean| normalDevice string| language function| validate function| send function| addCaptchaCb function| useWallpaperFallback object| WebAnalytics string| paSiteId function| pa string| cookieValue object| scripts object| paScriptName string| endpoint object| expirationDate function| track function| metric function| pbjsChunk object| _pbjsGlobals function| JSEncrypt object| ADAGIO object| invibes string| nobidVersion object| nobid object| top1 object| realvu_aa_fifo object| realvu_aa number| boost_poll object| _qevents object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| Adform object| _fscope object| google_tag_data object| gaplugins object| gaGlobal object| gaData undefined| _adform_cb_1653396436543_9020267931899919 object| regeneratorRuntime function| __tcfapiui boolean| _inter_adf_364704__rendered__ number| _inter_adf_364704 undefined| _adform_cb_1653396436893_7778274567621855 boolean| _inter_adf_723613__rendered__ number| _inter_adf_723613 function| quantserve function| __qc object| ezt object| _qoptions function| qtrack undefined| _adform_cb_1653396437125_6516115906133555 object| recaptcha object| closure_lm_519160 boolean| _inter_adf_933206__rendered__ number| _inter_adf_933206 object| scCGSHMRCache

29 Cookies

Domain/Path Name / Value
proff.no/ Name: JSESSIONID
Value: FD6793913F9F0F93FEC6DDA28D219CF0
proff.no/ Name: _pa
Value: PA9.411595667200709
.mathtag.com/ Name: uuid
Value: 3944628c-d3d4-4a00-a55d-7a7034f09d10
.mathtag.com/ Name: mt_misc
Value: mt_bt:1
.proff.no/ Name: _ga
Value: GA1.2.1859551379.1653396436
.proff.no/ Name: _gid
Value: GA1.2.307370284.1653396436
.proff.no/ Name: _gat
Value: 1
.adform.net/ Name: C
Value: 1
proff.no/ Name: AWSALB
Value: GYavsljqHTEg02LtF1OkailPW9mWop1HgtrxClTsB7twMWfq2fV/yMLUdW66+6mpX8aqfUir4QeYylRYp5o+8RJP6CHiiqp//tuI5zdKLABJnFBCoGilfp50lU4u
proff.no/ Name: AWSALBCORS
Value: GYavsljqHTEg02LtF1OkailPW9mWop1HgtrxClTsB7twMWfq2fV/yMLUdW66+6mpX8aqfUir4QeYylRYp5o+8RJP6CHiiqp//tuI5zdKLABJnFBCoGilfp50lU4u
.adform.net/ Name: uid
Value: 5651321237218169366
.de17a.com/ Name: guid2
Value: 1.52722169351697654
.advertising.com/ Name: APID
Value: UPa4e96dca-db5f-11ec-9812-02998f9e7684
.360yield.com/ Name: tuuid
Value: aaf4d893-90e2-47ca-8c29-a785f8ed26d8
.360yield.com/ Name: tuuid_lu
Value: 1653396437
.spotxchange.com/ Name: audience
Value: a4f065b3-db5f-11ec-bb50-1bbe6fc50406
.adnxs.com/ Name: uuid2
Value: 8088760691678970027
.casalemedia.com/ Name: CMID
Value: YozT1TYPlfkuATrUEh-rywAA
.casalemedia.com/ Name: CMPS
Value: 660
.360yield.com/ Name: um
Value: !61,m-PMHV6iE1h1tY.A2pWFVYTw3HInsjPFjIpEXRjD6Q==,1655988437
.360yield.com/ Name: umeh
Value: !61,0,1715604437,-1
.casalemedia.com/ Name: CMPRO
Value: 291
.casalemedia.com/ Name: CMRUM3
Value: af628cd3d5276052722169351697654
.casalemedia.com/ Name: CMST
Value: YozT1WKM09UA
www.proff.no/ Name: AWSALB
Value: LZuqOvB3omUQzwTS/lu1EYrHuJj6KzwMs+7q+TyHabvUk5hdcja3Oy6c0mdMwB3IQ3hcrtrWCRVdt7AjcU7YNSMOFGE0dUOiGX/6FyCNoKvrrVJM5WYjkZHaHwEd
www.proff.no/ Name: AWSALBCORS
Value: LZuqOvB3omUQzwTS/lu1EYrHuJj6KzwMs+7q+TyHabvUk5hdcja3Oy6c0mdMwB3IQ3hcrtrWCRVdt7AjcU7YNSMOFGE0dUOiGX/6FyCNoKvrrVJM5WYjkZHaHwEd
www.proff.no/ Name: JSESSIONID
Value: EBC30FD00E21EFE12EF94E21710D99AC
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-52722169351697654
.pubmatic.com/ Name: PugT
Value: 1653396437

1 Console Messages

Source Level URL
Text
network error URL: https://pixel.advertising.com/ups/55955/sync?uid=52722169351697654&_origin=1&verify=true
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
adx.adform.net
audit-tcfv2.quantcast.mgr.consensu.org
cdn.de17a.com
cdn.jsdelivr.net
d5p.de17a.com
dmp.adform.net
dsum.casalemedia.com
fonts.gstatic.com
hb.adx.adform.net
ib.adnxs.com
image2.pubmatic.com
match.adsrvr.org
pixel.advertising.com
pixel.mathtag.com
pixel.rubiconproject.com
proff.no
quantcast.mgr.consensu.org
rules.quantcount.com
s1.adform.net
secure.quantserve.com
stats.g.doubleclick.net
stats.proff.no
sting-cdn.de17a.com
sting.de17a.com
sync.1rx.io
sync.search.spotxchange.com
sync.userreport.com
test.quantcast.mgr.consensu.org
usermatch.targeting.unrulymedia.com
www.google-analytics.com
www.google.com
www.gstatic.com
www.proff.no
104.16.88.20
104.36.113.107
13.51.113.218
142.250.184.228
142.250.185.163
142.250.185.67
143.204.98.105
172.217.16.142
18.159.49.182
18.194.110.81
18.66.139.106
185.94.180.126
195.181.174.6
195.181.175.55
2.18.233.201
213.155.156.169
213.155.156.188
213.19.147.45
23.35.236.247
35.71.131.137
37.157.5.142
37.157.5.72
37.157.6.242
37.252.173.27
54.155.185.156
64.233.184.156
65.9.63.122
65.9.63.49
69.173.144.138
91.228.74.134
0085b22dee76d92814ecfc0ff69e7d83678eb40ce28565d4746e6fbfa8f0f8be
065bdcdfe6dad6b5ddf5802759e3fe7ea58ffd4bb2b294ad965dfe458c898f13
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0e9988b7982504119f9a3c3c077461ea03f9146e696614c5a18de5fa78bf7b1e
142cfecbbe6b0c3605072d997fe3a1d199af6f4d7a7c9408e6ecd00b2f40a6cf
15ac477a33c97d1562572d037318cfb6930df1e612229377a29a1d25ffdafdbb
1b4a056bfa3f8317b9ba5aa9b1719971779672b0277107b45699add1db387e90
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1fd0f40aca4dc75d39a51e9b554986541cd2f514b0c4df7198fc8ac61bfada1a
204c8a77b6387ed0f4f572c209fd6f53b2682e863fe3271ee297c7267cecfff6
22b23b9c137b0288305c383dd3c8c87bf82d5ff87966c8fbef24c5c6fece9c7e
27959adb07002b9ac7aa480b6357412fb96e7531af950c33714c8f9873aff5a3
29af788193140c53d73e92a95e87240bf2c9c89590bcb7703cb7de86bf2f388a
2d7f2c49b8acf4fa9dfc186527ea2586d0634b58bb9d496e6efbee67ddb87e7a
304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65
3119d153f89dd2a3543353295d3da8502ad78ca57278ede7945e070e67276a92
3c5c7922ed40e9d4f2e4576bc8092aed89df49ab2790d5f84632cb4a97bac847
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ed7b8ca0161953a0d986f70fea83498324e602f6a8ddfbbbe1d448c003c1ce6
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4556056ae0b97237e430120fab528fdc692b0dc2af865e8bed4694dfb8cc1654
461271ba8a5ddd6d0452d1d7b53d7247dac6282b03c2918e61af03d55dbd7be5
5389af5ba3de3f645c3fa47046b31e9f47a2f53b3fec43f6c3ef4ae4fdcf1852
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5c1e3c8c463c7408661163e65494a1f0bfe02123044b77a266c5bb1b8f14f391
60d0cdf0b18fc47a4d55b4a2aeccd0b2bcc71063ca21ec0eb538bea39833dda4
664a115e2d5a3b5da6f7c1e304563322f459ac123b8e89fae4611b16aa20c77a
6797e5bc424d587014449f9825e0e68f8bfb7d163bdd86903fc462560dec3b57
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fa6a78888a56b3f099298d8de272a1e132470ea553da4374c61ecb7e0ef4f87
7396f7847ccb111979c02fcd4a0c1fd5ed7191a01ca99aa63977c116d4fa70a6
74425d6a23825882584b8fc4ce285c8bbf7aa81303e468e80c8e4a905925dea9
7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
942c52b43f6bb3b48ceec027594c2bfce6e34029cc1d485983b2f8e00c7a1034
9648602e46ca07cf53fe8ff07088110d712862147dbb4c5303d1676eb242d288
9842713db52e17ba6a1edde841d5eb36f94c00252d7e26c9f130d29aa0bce779
9c828769c82976773b3b8704e27cf5753cb3aa7f87edde89395b4a662b534aa5
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a8d9f2a4a3ef5baf61c43ef328bc45c3279ec7334e62e50624bae12c743f90b1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b443351b735d523c3c0b987ff1bd5cabf5f710983cd4072d6d97e9e38388c92e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d03b6c530e790642376b53b015d6f3d4aaff4280d53516fb8ee0e117c1afd8bc
d414cb2ce08a4dc9232a80cbe1abdffa0681474beed6257bac44fd9517c99a9f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e1abbbc7891f4f485fb5b9c26fa241b6503282f8bff9ef129da09251be61755f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47e764298124c12ec246cc3f33a5ece1cf82cacbef043ea83ebe58089b40287
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e837efbebd7639ed08ab9608bb6b311af63e97e3391fb3c3efc419686cc1f581
e8b4623a433dc3d0a2f2f985e51cbd97b222ba9d66ca9b58ab8b133f4f8715bd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f55f0bac8143ff8978e73cb65298124d0cecc55c7204ec1974e8033e97b02d09
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f940358fee2cba0546b93557937fd06423a93d5534c395ef854c4470edd4b26e
fa7318c53b32446d37cec15c70bf7dbec1db5d946cf876fcc02de429233361ce