systest.duett.no Open in urlscan Pro
185.83.193.169 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
Submission: On June 20 via manual (June 20th 2023, 6:59:12 am UTC) from NO — Scanned from NO

Summary HTTP 27 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 27 HTTP transactions. The main IP is 185.83.193.169, located in Steinkjer, Norway and belongs to DUETT, NO. The main domain is systest.duett.no.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on July 26th 2022. Valid for: a year.

This is the only time systest.duett.no was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	185.83.193.169 185.83.193.169	204712 (DUETT) (DUETT)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
3	13.248.197.49 13.248.197.49	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
27	4

22 185.83.193.169 (Steinkjer, Norway)

ASN204712 (DUETT, NO)

systest.duett.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.197.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad08383350435e492.awsglobalaccelerator.com

duett.boost.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	duett.no systest.duett.no	3 MB
3	boost.ai duett.boost.ai	224 KB
1	gstatic.com fonts.gstatic.com	48 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 80	1 KB
27	4

	Domain	Requested by
22	systest.duett.no	systest.duett.no
3	duett.boost.ai	systest.duett.no duett.boost.ai
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	systest.duett.no
27	4

This site contains links to these domains. Also see Links.

Domain
duett.no

Subject Issuer	Validity	Valid
*.duett.no Sectigo RSA Organization Validation Secure Server CA	`2022-07-26` - `2023-07-26`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.boost.ai Amazon RSA 2048 M01	`2023-03-15` - `2023-11-05`	8 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
Frame ID: D95FFFD8E3CB2E2143A0B5ED8B41BC84
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Logg inn

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

3082 kB
Transfer

10848 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://duett.no/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/ 6 KB
3 KB 206ms
56ms Document
text/html 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

01c214dc09372c814485ccc6bce4f3296a783bdf3c0b8981197317baf08de920

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1513
Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Jun 2023 06:59:01 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.2
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 261ms
95ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400|Open+Sans:700|Roboto:700|Yantramanav:400

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8602c5c510cdfccc6f305202822be5693a3c4663f491459f037c693fea2c1ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 06:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 06:59:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Jun 2023 06:59:01 GMT

GET
H/1.1 200
OK kendo.common.min.css
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/ 402 KB
74 KB 60ms
58ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/kendo.common.min.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

3d38bd84a57db59738b509610ebec577b3f5d2882dd74355990c27639939f93a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:07 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "68b316258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 74398
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kendo.default.mobile.min.css
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/ 138 KB
25 KB 148ms
53ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/kendo.default.mobile.min.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

49950a2dbce35703cc34b82bf4e591a172cc6f4c43082c234cee9d6d1583c2de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:07 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "73e822258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24368
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kendo.metro.min.css
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/ 118 KB
20 KB 151ms
54ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/kendo.metro.min.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

c31262033733decfccb42732c6a29872165eebeda000b05a221f603a9f891717

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:07 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "49102c258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19457
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jqx.base.css
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/jqWidgets/ 190 KB
32 KB 155ms
58ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/jqWidgets/jqx.base.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

cbdd5abd5dabfff2a2b2fd11359734bfde9362eea3c0ad5fbf16a2530e84de75

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:07 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "1aeacd248247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31807
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK _Duett.css
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/ 106 KB
24 KB 153ms
56ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/_Duett.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

cef4a2c15925cc190caf11f06da60dad9b6b6f4a01d69eccda730cd568e2dcdf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 19 Jun 2023 10:30:00 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "b3ee2b099a2d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23030
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK _Duett.css
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/ddWrappers/ 61 KB
14 KB 149ms
52ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/ddWrappers/_Duett.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

3f95133f06719d2a8f183cee47f792477f34c35d48a5daaf89385706262e4e12

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 19 Jun 2023 10:30:04 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "93ed2299a2d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12686
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK login.css
systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/ 2 KB
2 KB 206ms
49ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/login.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

72d3b975fba0abfcc785c85a9064e3589d419bcddf14b4ac87a800817db0732a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 19 Jun 2023 10:31:49 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "2210444199a2d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 689
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loginResponsive.css
systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/ 61 B
1 KB 245ms
49ms Stylesheet
text/css 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/loginResponsive.css?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d954a0105eb4110f5b2b4fe5dcab10d880548a5ac6fdbe46d9abb3c53fabaf72

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 19 Jun 2023 10:31:49 GMT
Server: Microsoft-IIS/10.0
ETag: "3fc5724199a2d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 61
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery.min.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/ 95 KB
37 KB 249ms
53ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/jquery.min.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

5038a51d1b2a7a3b75a2edfe72c7747818a2da591b4aebd8054b369e6d9594d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:08 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "85c78258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 36940
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kendo.all.min.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/ 4 MB
1 MB 418ms
222ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/kendo.all.min.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

1264f1caff62eb37817889283cef13ed05ccaef73a1dcfc8d5eaaec4c1e438bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:08 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "30f297258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1380556
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kendo.culture.nb.min.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/ 5 KB
2 KB 247ms
51ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/kendo.culture.nb.min.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

9f94fb92c93a9a657216ebd19ac8b840aeecdcdf0d17e71671edfa19ac4680e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:08 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "1631b2258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 928
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kendo.messages.nb-NO.min.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/messages/ 13 KB
5 KB 248ms
50ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/messages/kendo.messages.nb-NO.min.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

a3ddd9e39fc1353467ff227993ef662fd0d8a2860c0e633af2ec1ca7433a6342

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:09 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "1d8d25268247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3247
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jqx-all.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/jqWidgets/ 4 MB
1 MB 363ms
157ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/jqWidgets/jqx-all.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

08280934a77662acc9feac6ffbcd53c283c6aa62a3f1caa29527231527fab68a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:08 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "362663258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1050642
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK globalize.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/jqWidgets/globalization/ 47 KB
16 KB 295ms
50ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/jqWidgets/globalization/globalize.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

aa638e7c0f524f9f992c1c226d9246afc6c1d40c3a8fdf7b0d74752b4b34a9bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:08 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "1a705c258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14922
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK common.nb-NO.res.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/resources/ 25 KB
9 KB 298ms
48ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/resources/common.nb-NO.res.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

17e4f3a9ccf455ff879a01506bbb00276da5c16c98f17566aa4c1fc401f1f7b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 19 Jun 2023 10:29:16 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "cfbeee598a2d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7397
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK _Duett.js Show response
systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/ 454 KB
124 KB 312ms
61ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/_Duett.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

86f39bcaa875993520eaa94f1ae38f8672ecbf0ae8fd4a02b7625eecf1ffab91

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 19 Jun 2023 10:29:37 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "7614cef298a2d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 125655
X-XSS-Protection: 1; mode=block

GET
H2 200 chatPanel.js Show response
duett.boost.ai/chatPanel/ 861 KB
184 KB 224ms
87ms Script
application/javascript 13.248.197.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duett.boost.ai/chatPanel/chatPanel.js

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.248.197.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ad08383350435e492.awsglobalaccelerator.com

Software

envoy /

Resource Hash

b499e07d4df3fc4c635b980d3d75ea1a58a0993531cfcc5d0a1860b70c207381

Security Headers

Name	Value
Strict-Transport-Security	max-age=94608000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 06:59:01 GMT
strict-transport-security: max-age=94608000; includeSubDomains
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:36:10 GMT
server: envoy
etag: W/"6474f09a-d7300"
vary: Accept-Encoding,Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: true
x-envoy-upstream-service-time: 8
x-robots-tag: noindex

GET
H/1.1 200
OK login.js Show response
systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Scripts/ 7 KB
4 KB 300ms
50ms Script
application/javascript 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Scripts/login.js?n=bqhif4

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

23bfae41c1ba90418adeaa6b9d7af291c0b4d6fb6dfb163ee60039a8e44b0f01

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 19 Jun 2023 10:31:59 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "157144799a2d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2910
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Duett_payoff_logo_hvit.svg
systest.duett.no/Duett/Core/FrontEnd/shared/content/img/ 8 KB
4 KB 74ms
74ms Image
image/svg+xml 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/shared/content/img/Duett_payoff_logo_hvit.svg

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/login.css?n=bqhif4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e530a4d491b39f0bcef0b4c9d57c611e7133661c6dc2163b770218724682194c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/login.css?n=bqhif4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:08 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "253d3c258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2770
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK DuettDLogo_DuettMinSide.svg
systest.duett.no/Duett/Core/FrontEnd/shared/content/img/ 4 KB
3 KB 58ms
58ms Image
image/svg+xml 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/shared/content/img/DuettDLogo_DuettMinSide.svg

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/login.css?n=bqhif4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

23e0865c74177df4ba2ab85b1e2c3c9998a78745763e861aad6800d744636fe7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Content/css/login.css?n=bqhif4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:08 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "dfc73b258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1632
X-XSS-Protection: 1; mode=block

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 47 KB
48 KB 271ms
74ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400|Open+Sans:700|Roboto:700|Yantramanav:400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://systest.duett.no
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:21:44 GMT
x-content-type-options: nosniff
age: 283038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 00:21:44 GMT

GET
H/1.1 200
OK kendoui.woff
systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/images/ 63 KB
30 KB 96ms
95ms Font
font/x-woff 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/images/kendoui.woff?v=1.1

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/kendo.default.mobile.min.css?n=bqhif4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

8329d2b4c1c7c96260d03217cae87833a6d0ff4196fa889ddb239641198db846

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://systest.duett.no/Duett/Core/FrontEnd/Shared/Content/css/kendo/kendo.default.mobile.min.css?n=bqhif4
Origin: https://systest.duett.no
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:01 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 23 Feb 2023 12:27:07 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
ETag: "f5672258247d91:0"
X-Powered-By: ASP.NET
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: font/x-woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29434
X-XSS-Protection: 1; mode=block

OPTIONS
H2 204 v2
duett.boost.ai/api/chat_panel/ 0
0 204ms
82ms Preflight 13.248.197.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duett.boost.ai/api/chat_panel/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.248.197.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ad08383350435e492.awsglobalaccelerator.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=94608000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://systest.duett.no
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Requested-With, Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, X-CSRF-TOKEN, X-XSRF-TOKEN, X-XHR-Logon, x-ms-client-application-name, x-ms-client-request-id, x-ms-client-session-id, x-ms-effective-locale, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://systest.duett.no
access-control-max-age: 600
date: Tue, 20 Jun 2023 06:59:08 GMT
server: envoy
strict-transport-security: max-age=94608000; includeSubDomains
vary: Origin
x-envoy-upstream-service-time: 3
x-frame-options: SAMEORIGIN
x-robots-tag: noindex

POST
H2 200 v2 Show response
duett.boost.ai/api/chat_panel/ 39 KB
39 KB 87ms
86ms XHR
text/json 13.248.197.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duett.boost.ai/api/chat_panel/v2

Requested by

Host: duett.boost.ai
URL: https://duett.boost.ai/chatPanel/chatPanel.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.248.197.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ad08383350435e492.awsglobalaccelerator.com

Software

envoy /

Resource Hash

1df8545f49eb39c24d5954d65325634f11b44f7d62fc3e0c7fa78b7f3f252e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=94608000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://systest.duett.no/
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 20 Jun 2023 06:59:08 GMT
strict-transport-security: max-age=94608000; includeSubDomains
server: envoy
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/json; charset=utf-8
access-control-allow-origin: https://systest.duett.no
cache-control: no-cache, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
x-robots-tag: noindex
content-length: 39890
x-process-time-seconds: 0.0023472830653190613

GET
H/1.1 200
OK OperationsMessages Show response
systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Login/ 2 B
1 KB 63ms
62ms XHR
application/json 185.83.193.169
DUETT

General

Check archive.org

Show headers Download Go to

Full URL

https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/Login/OperationsMessages

Requested by

Host: systest.duett.no
URL: https://systest.duett.no/Duett/Core/FrontEnd/Shared/Scripts/3rdParty/kendo/jquery.min.js?n=bqhif4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

185.83.193.169 Steinkjer, Norway, ASN204712 (DUETT, NO),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://systest.duett.no/Duett/Core/FrontEnd/WebApplications/Dashboard/
X-Requested-With: XMLHttpRequest
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com;media-src 'none';font-src 'self' data: *.gstatic.com;frame-ancestors 'self' *.duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.googletagmanager.com;img-src 'self' blob: data: *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.google.no *.google.com *.gstatic.com *.googleapis.com *.duett.no *.daldata.no;child-src 'self' blob: *.google.com *.bbs.no *.nets.eu *.duett.no;frame-src 'self' *.duett.no *.nets.no *.nets.eu player.vimeo.com *.youtube.com *.google.com *.hotjar.com;connect-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.doubleclick.net duett.boost.ai *.windows.net wss://*.duett.no https://*.duett.no *.hotjar.com *.hotjar.io wss://*.hotjar.com
Date: Tue, 20 Jun 2023 06:59:08 GMT
X-Content-Type-Options: nosniff
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store
Content-Length: 2
X-XSS-Protection: 1; mode=block
Expires: -1

Verdicts & Comments Add Verdict or Comment

315 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.systest.duett.no/Duett	1969-12-31 23:59:59	Name: clx.cwu3corl Value: gS7MWAPrLhIeigOe/r/JigLH33fVRA+AtxVfdvad37y0xkz+X5g5jTxB/Ggifita

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self';object-src 'self';style-src 'self' 'unsafe-inline' .googleapis.com;media-src 'none';font-src 'self' data: .gstatic.com;frame-ancestors 'self' .duett.no;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://duett.boost.ai .googleapis.com .google.com .gstatic.com .google-analytics.com .g.doubleclick.net .hotjar.com .googletagmanager.com;img-src 'self' blob: data: .amazonaws.com .google-analytics.com .g.doubleclick.net .google.no .google.com .gstatic.com .googleapis.com .duett.no .daldata.no;child-src 'self' blob: .google.com .bbs.no .nets.eu .duett.no;frame-src 'self' .duett.no .nets.no .nets.eu player.vimeo.com .youtube.com .google.com .hotjar.com;connect-src 'self' data: .gstatic.com .googleapis.com .google-analytics.com .doubleclick.net duett.boost.ai .windows.net wss://.duett.no https://.duett.no .hotjar.com .hotjar.io wss://*.hotjar.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

duett.boost.ai
fonts.googleapis.com
fonts.gstatic.com
systest.duett.no
13.248.197.49
185.83.193.169
2a00:1450:4001:80f::2003
2a00:1450:4001:82a::200a
01c214dc09372c814485ccc6bce4f3296a783bdf3c0b8981197317baf08de920
08280934a77662acc9feac6ffbcd53c283c6aa62a3f1caa29527231527fab68a
1264f1caff62eb37817889283cef13ed05ccaef73a1dcfc8d5eaaec4c1e438bd
17e4f3a9ccf455ff879a01506bbb00276da5c16c98f17566aa4c1fc401f1f7b3
1df8545f49eb39c24d5954d65325634f11b44f7d62fc3e0c7fa78b7f3f252e4b
23bfae41c1ba90418adeaa6b9d7af291c0b4d6fb6dfb163ee60039a8e44b0f01
23e0865c74177df4ba2ab85b1e2c3c9998a78745763e861aad6800d744636fe7
3d38bd84a57db59738b509610ebec577b3f5d2882dd74355990c27639939f93a
3f95133f06719d2a8f183cee47f792477f34c35d48a5daaf89385706262e4e12
49950a2dbce35703cc34b82bf4e591a172cc6f4c43082c234cee9d6d1583c2de
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5038a51d1b2a7a3b75a2edfe72c7747818a2da591b4aebd8054b369e6d9594d3
72d3b975fba0abfcc785c85a9064e3589d419bcddf14b4ac87a800817db0732a
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
8329d2b4c1c7c96260d03217cae87833a6d0ff4196fa889ddb239641198db846
8602c5c510cdfccc6f305202822be5693a3c4663f491459f037c693fea2c1ea1
86f39bcaa875993520eaa94f1ae38f8672ecbf0ae8fd4a02b7625eecf1ffab91
9f94fb92c93a9a657216ebd19ac8b840aeecdcdf0d17e71671edfa19ac4680e9
a3ddd9e39fc1353467ff227993ef662fd0d8a2860c0e633af2ec1ca7433a6342
aa638e7c0f524f9f992c1c226d9246afc6c1d40c3a8fdf7b0d74752b4b34a9bc
b499e07d4df3fc4c635b980d3d75ea1a58a0993531cfcc5d0a1860b70c207381
c31262033733decfccb42732c6a29872165eebeda000b05a221f603a9f891717
cbdd5abd5dabfff2a2b2fd11359734bfde9362eea3c0ad5fbf16a2530e84de75
cef4a2c15925cc190caf11f06da60dad9b6b6f4a01d69eccda730cd568e2dcdf
d954a0105eb4110f5b2b4fe5dcab10d880548a5ac6fdbe46d9abb3c53fabaf72
e530a4d491b39f0bcef0b4c9d57c611e7133661c6dc2163b770218724682194c

systest.duett.no Open in urlscan Pro 185.83.193.169 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

27 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

3082 kBTransfer

10848 kBSize

1 Cookies

1 Outgoing links

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

315 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

systest.duett.no Open in urlscan Pro
185.83.193.169 Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

3082 kB
Transfer

10848 kB
Size

1
Cookies

27 HTTP transactions
0 data transactions