r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8430
Expires: Mon, 24 Oct 2022 07:29:26 GMT
Date: Mon, 24 Oct 2022 05:08:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 24 Oct 2022 04:52:56 GMT
Expires: Mon, 24 Oct 2022 05:52:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aUxkoelLfNdavOncDf9yCx9qhjSnI_xv0_DSVhfdHDE8jT9abULkog==
Age: 960
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13292
Expires: Mon, 24 Oct 2022 08:50:28 GMT
Date: Mon, 24 Oct 2022 05:08:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +S7O2Plfnb4M9zqDunwSSUVtBY6pvievQ719R+4Pmh9rT9HLJ4+k5T6F3JggviBMLwJueLpGerQ=
x-amz-request-id: EZHZX9V15055QYZK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 24 Oct 2022 04:38:15 GMT
age: 1841
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 05:08:56 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ntlla.com/
64.225.91.73200 OK 329 B IP 64.225.91.73:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ecbcb8bae64098de3e587487b474f8b8
e275409fb40ea27c3826af493f70faf147d0f995
2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: ntlla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 24 Oct 2022 05:08:56 GMT
content-type: text/html
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c648afbf5e3d040dbc290bae3858eb4c
1d5ce50cd8fe30a0853fad3f599403b750784ccd
39a468aa8e7515d809fc04a03e9bc0f2afa85c276c5824e8e44183d4d6a7be45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4579
Cache-Control: max-age=142343
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:08:56 GMT
Etag: "6355950c-118"
Expires: Tue, 25 Oct 2022 20:41:19 GMT
Last-Modified: Sun, 23 Oct 2022 19:25:00 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.24.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ntlla.com
Connection: keep-alive
Referer: http://ntlla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 05:08:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 12031840
expires: Sat, 14 Oct 2023 05:08:56 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75f0328e2ef1b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c648afbf5e3d040dbc290bae3858eb4c
1d5ce50cd8fe30a0853fad3f599403b750784ccd
39a468aa8e7515d809fc04a03e9bc0f2afa85c276c5824e8e44183d4d6a7be45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4579
Cache-Control: max-age=142343
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:08:56 GMT
Etag: "6355950c-118"
Expires: Tue, 25 Oct 2022 20:41:19 GMT
Last-Modified: Sun, 23 Oct 2022 19:25:00 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 24 Oct 2022 04:33:32 GMT
Expires: Mon, 24 Oct 2022 04:52:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pmx7ii1JVCd8VsmnHKx4IkyFVcoXbn8FWAYPy7NDWNAnzSHjgY1jsQ==
Age: 2124
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8250dab842c716cf6d8c6f835b5dd5a6
88df29977728fbe371d2fffeb8c3bd6b67595ce5
c98d8c59b33aaf1f707eda917d4284611ce4be74ec93611e2f41f53e2c265ed8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C98D8C59B33AAF1F707EDA917D4284611CE4BE74EC93611E2F41F53E2C265ED8"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16194
Expires: Mon, 24 Oct 2022 09:38:50 GMT
Date: Mon, 24 Oct 2022 05:08:56 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3457
Cache-Control: max-age=100524
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:08:56 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 09:04:20 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
domaincntrol.com/?orighost=http://ntlla.com/
104.26.10.61200 OK 22 B URL HTTP/2 domaincntrol.com/?orighost=http://ntlla.com/
IP 104.26.10.61:0
File type ASCII text, with no line terminators
Hash cafe65cf246e1aae92124c1954480ad6
0d08cc547c58b2138e1e391931f20a5984067595
cc2201723d394dfd8b3fc6d1e27fc2a17631d3a5f7aefc04bad36d43f285ba9b
GET /?orighost=http://ntlla.com/ HTTP/1.1
Host: domaincntrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ntlla.com
Connection: keep-alive
Referer: http://ntlla.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 05:08:56 GMT
content-type: text/javascript;charset=UTF-8
content-length: 22
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9V6OkJHyOJ3H%2FSqSpl8VWjnMe82sduOh94%2BJT3twrQhIYyVHyXrTFfoM62xT0f9hY%2ByiIx7yCn169A%2FsgTvOEdKCpWoD%2FESwpYptGxAZadeBYe%2FSP4ea0YICIB1kyhYQ7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75f0328ede1ab4e8-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.238.3.246101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.3.246:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ixyKz5EEH4mJGzCghB7LnQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UU0wRkeg5oXSBtZWMsXgp11R2xs=
ww2.ntlla.com/
64.190.63.136200 OK 1.3 kB IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (676)
Hash 1c80f0d8edf7cd4eef1cb5ae23e3df06
f1bce45e9932454e19ae11a17e74c87a0ed247aa
62b779d32a6aabee60a96c55068ae86be67f1a5c847ebe6ee77098898ebcab17
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: ww2.ntlla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ntlla.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Mon, 24 Oct 2022 05:08:57 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_CmG/xZ8ZWcXuja4rW7Bu3CNGhgHZJ4oMRrmc+4dvlx+kFINzI5nDvb8eGZBMAdw0M6jjXfRU0B4cdzXdocXvzw==
last-modified: Mon, 24 Oct 2022 05:08:57 GMT
x-cache-miss-from: parking-687f5947c6-qpcw5
server: NginX
content-encoding: gzip
img.sedoparking.com/images/js_preloader.gif
205.234.175.175200 OK 4.3 kB URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP 205.234.175.175:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.ntlla.com/
HTTP/1.1 200 OK
Date: Mon, 24 Oct 2022 05:08:58 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Mon, 31 Oct 2022 05:08:58 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: c2a809361fd20b70797ae06834b342b2
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
ww2.ntlla.com/search/tsc.php?200=NDM0Nzc1ODA1&21=OTEuOTAuNDIuMTU0&681=MTY2NjU4ODEzNzliZDVmMTkyNzAzNDZjZDVjZjgxMDBiMzkyOTU4N2Jm&crc=6bdff42ed118778e27336e199101d7e37df079c9&cv=1
64.190.63.136200 OK 0 B URL HTTP/1.1 ww2.ntlla.com/search/tsc.php?200=NDM0Nzc1ODA1&21=OTEuOTAuNDIuMTU0&681=MTY2NjU4ODEzNzliZDVmMTkyNzAzNDZjZDVjZjgxMDBiMzkyOTU4N2Jm&crc=6bdff42ed118778e27336e199101d7e37df079c9&cv=1
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /search/tsc.php?200=NDM0Nzc1ODA1&21=OTEuOTAuNDIuMTU0&681=MTY2NjU4ODEzNzliZDVmMTkyNzAzNDZjZDVjZjgxMDBiMzkyOTU4N2Jm&crc=6bdff42ed118778e27336e199101d7e37df079c9&cv=1 HTTP/1.1
Host: ww2.ntlla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.ntlla.com/
HTTP/1.1 200 OK
date: Mon, 24 Oct 2022 05:08:58 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-687f5947c6-gthks
server: NginX
ww2.ntlla.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjjuDwUYS1SY_0&v=YTRlODdhMjBhOGQzNjQ0YTQ1ZjU3NmRjNDQ1Yjk1NmUJMQl3dzIubnRsbGEuY29tNjM1NjFkZTkzZTY1MTUuMjAwOTcyOTQJd3cyLm50bGxhLmNvbTYzNTYxZGU5M2U2NzcwLjc3NTQ0MDkxCTE2NjY1ODgxMzcJYWRfNjNfMA==&l=OAkyMzljMmRjMjY0NGIyN2JmMDFmNjFkNGUzN2JmMTM2OQkwCTM1CTAJZTQ5OTczMWNlOTc1NmYxYzFiNjdmYmY2YzU4ZTc5NzQJNDM0Nzc1ODA1CW50bGxhCTAJNjMJNgkyCTE2NjY1ODgxMzcJMC4wMDM5NwlOCTAJMQk4MzAJMTIwNQk0MjIzMDg0NjQJOTEuOTAuNDIuMTU0CTA%3D
64.190.63.136302 Found 0 B URL HTTP/1.1 ww2.ntlla.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjjuDwUYS1SY_0&v=YTRlODdhMjBhOGQzNjQ0YTQ1ZjU3NmRjNDQ1Yjk1NmUJMQl3dzIubnRsbGEuY29tNjM1NjFkZTkzZTY1MTUuMjAwOTcyOTQJd3cyLm50bGxhLmNvbTYzNTYxZGU5M2U2NzcwLjc3NTQ0MDkxCTE2NjY1ODgxMzcJYWRfNjNfMA==&l=OAkyMzljMmRjMjY0NGIyN2JmMDFmNjFkNGUzN2JmMTM2OQkwCTM1CTAJZTQ5OTczMWNlOTc1NmYxYzFiNjdmYmY2YzU4ZTc5NzQJNDM0Nzc1ODA1CW50bGxhCTAJNjMJNgkyCTE2NjY1ODgxMzcJMC4wMDM5NwlOCTAJMQk4MzAJMTIwNQk0MjIzMDg0NjQJOTEuOTAuNDIuMTU0CTA%3D
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjjuDwUYS1SY_0&v=YTRlODdhMjBhOGQzNjQ0YTQ1ZjU3NmRjNDQ1Yjk1NmUJMQl3dzIubnRsbGEuY29tNjM1NjFkZTkzZTY1MTUuMjAwOTcyOTQJd3cyLm50bGxhLmNvbTYzNTYxZGU5M2U2NzcwLjc3NTQ0MDkxCTE2NjY1ODgxMzcJYWRfNjNfMA==&l=OAkyMzljMmRjMjY0NGIyN2JmMDFmNjFkNGUzN2JmMTM2OQkwCTM1CTAJZTQ5OTczMWNlOTc1NmYxYzFiNjdmYmY2YzU4ZTc5NzQJNDM0Nzc1ODA1CW50bGxhCTAJNjMJNgkyCTE2NjY1ODgxMzcJMC4wMDM5NwlOCTAJMQk4MzAJMTIwNQk0MjIzMDg0NjQJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww2.ntlla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.ntlla.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Mon, 24 Oct 2022 05:08:58 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Mon, 24 Oct 2022 05:08:58 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjjuDwUYS1SY_0&v=YTRlODdhMjBhOGQzNjQ0YTQ1ZjU3NmRjNDQ1Yjk1NmUJMQl3dzIubnRsbGEuY29tNjM1NjFkZTkzZTY1MTUuMjAwOTcyOTQJd3cyLm50bGxhLmNvbTYzNTYxZGU5M2U2NzcwLjc3NTQ0MDkxCTE2NjY1ODgxMzcJYWRfNjNfMA==&l=OAkyMzljMmRjMjY0NGIyN2JmMDFmNjFkNGUzN2JmMTM2OQkwCTM1CTAJZTQ5OTczMWNlOTc1NmYxYzFiNjdmYmY2YzU4ZTc5NzQJNDM0Nzc1ODA1CW50bGxhCTAJNjMJNgkyCTE2NjY1ODgxMzcJMC4wMDM5NwlOCTAJMQk4MzAJMTIwNQk0MjIzMDg0NjQJOTEuOTAuNDIuMTU0CTA%3D
x-cache-miss-from: parking-687f5947c6-k6gv9
server: NginX
ww2.ntlla.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjjuDwUYS1SY_0&v=YTRlODdhMjBhOGQzNjQ0YTQ1ZjU3NmRjNDQ1Yjk1NmUJMQl3dzIubnRsbGEuY29tNjM1NjFkZTkzZTY1MTUuMjAwOTcyOTQJd3cyLm50bGxhLmNvbTYzNTYxZGU5M2U2NzcwLjc3NTQ0MDkxCTE2NjY1ODgxMzcJYWRfNjNfMA==&l=OAkyMzljMmRjMjY0NGIyN2JmMDFmNjFkNGUzN2JmMTM2OQkwCTM1CTAJZTQ5OTczMWNlOTc1NmYxYzFiNjdmYmY2YzU4ZTc5NzQJNDM0Nzc1ODA1CW50bGxhCTAJNjMJNgkyCTE2NjY1ODgxMzcJMC4wMDM5NwlOCTAJMQk4MzAJMTIwNQk0MjIzMDg0NjQJOTEuOTAuNDIuMTU0CTA%3D
64.190.63.136302 Found 311 B URL HTTP/1.1 ww2.ntlla.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjjuDwUYS1SY_0&v=YTRlODdhMjBhOGQzNjQ0YTQ1ZjU3NmRjNDQ1Yjk1NmUJMQl3dzIubnRsbGEuY29tNjM1NjFkZTkzZTY1MTUuMjAwOTcyOTQJd3cyLm50bGxhLmNvbTYzNTYxZGU5M2U2NzcwLjc3NTQ0MDkxCTE2NjY1ODgxMzcJYWRfNjNfMA==&l=OAkyMzljMmRjMjY0NGIyN2JmMDFmNjFkNGUzN2JmMTM2OQkwCTM1CTAJZTQ5OTczMWNlOTc1NmYxYzFiNjdmYmY2YzU4ZTc5NzQJNDM0Nzc1ODA1CW50bGxhCTAJNjMJNgkyCTE2NjY1ODgxMzcJMC4wMDM5NwlOCTAJMQk4MzAJMTIwNQk0MjIzMDg0NjQJOTEuOTAuNDIuMTU0CTA%3D
IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2e617672ef86a948a728f99e1ba508d3
87b341b733089227192eb97b4d276f90c14a0627
92d5c8dffbec2c70dac3a50aa49e1ea89d73211f8fdeb23d5387771e1958a386
Analyzer Verdict Alert quad9 Sinkholed
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DjjuDwUYS1SY_0&v=YTRlODdhMjBhOGQzNjQ0YTQ1ZjU3NmRjNDQ1Yjk1NmUJMQl3dzIubnRsbGEuY29tNjM1NjFkZTkzZTY1MTUuMjAwOTcyOTQJd3cyLm50bGxhLmNvbTYzNTYxZGU5M2U2NzcwLjc3NTQ0MDkxCTE2NjY1ODgxMzcJYWRfNjNfMA==&l=OAkyMzljMmRjMjY0NGIyN2JmMDFmNjFkNGUzN2JmMTM2OQkwCTM1CTAJZTQ5OTczMWNlOTc1NmYxYzFiNjdmYmY2YzU4ZTc5NzQJNDM0Nzc1ODA1CW50bGxhCTAJNjMJNgkyCTE2NjY1ODgxMzcJMC4wMDM5NwlOCTAJMQk4MzAJMTIwNQk0MjIzMDg0NjQJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww2.ntlla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.ntlla.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Mon, 24 Oct 2022 05:08:58 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Mon, 24 Oct 2022 05:08:58 GMT
location: http://xml.sedodna.com/click?i=jjuDwUYS1SY_0
x-cache-miss-from: parking-687f5947c6-t7bxg
server: NginX
xml.sedodna.com/click?i=jjuDwUYS1SY_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=jjuDwUYS1SY_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=jjuDwUYS1SY_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.ntlla.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://q3.quotes.com/f6b84eca-5359-11ed-8d6d-7e03aa4fca3d
Pragma: no-cache
q3.quotes.com/f6b84eca-5359-11ed-8d6d-7e03aa4fca3d
178.162.151.164200 OK 170 B URL HTTP/1.1 q3.quotes.com/f6b84eca-5359-11ed-8d6d-7e03aa4fca3d
IP 178.162.151.164:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 5734e632fad972dedaac89e80bb6aa0d
be2a9a1ad204d2919f66949209d89103b10bea17
f686383bd7dbcac1dc58b5ea58c8574beff8a88f9a93773ae7c149154660d235
GET /f6b84eca-5359-11ed-8d6d-7e03aa4fca3d HTTP/1.1
Host: q3.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.ntlla.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 170
content-type: text/html; charset=utf-8
date: Mon, 24 Oct 2022 05:08:58 GMT
server: nginx
q3.quotes.com/f6b84eca-5359-11ed-8d6d-7e03aa4fca3d?hr=1
178.162.151.164302 Found 11 B URL HTTP/1.1 q3.quotes.com/f6b84eca-5359-11ed-8d6d-7e03aa4fca3d?hr=1
IP 178.162.151.164:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /f6b84eca-5359-11ed-8d6d-7e03aa4fca3d?hr=1 HTTP/1.1
Host: q3.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 24 Oct 2022 05:08:58 GMT
location: http://bilqi-omv.com/zcvisitor/f6c8e874-5359-11ed-85c3-0ab73393c90d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
server: nginx
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6193
Expires: Mon, 24 Oct 2022 06:52:11 GMT
Date: Mon, 24 Oct 2022 05:08:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6193
Expires: Mon, 24 Oct 2022 06:52:11 GMT
Date: Mon, 24 Oct 2022 05:08:58 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9acbb6c9-f155-44fe-887b-d36b421dfa63.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9acbb6c9-f155-44fe-887b-d36b421dfa63.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83541a1138889c5e692e7021c073f990
b42a826513836e4bad11289a5ccec0966d0c6d11
7467154701943711c92a10449baf4f7eac42b31046f17778667db5ba673dd67f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9acbb6c9-f155-44fe-887b-d36b421dfa63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11434
x-amzn-requestid: 0970e5a1-a1dd-4685-b2a2-b748327b5e27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelOOEwHoAMFWzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b58e-30834eff039ef76267bf3459;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IGk98fgPhfTOLjKNa2rJJICeulHimmnIuJOSY9jJ31Lb6EXLozwT1A==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:01:50 GMT
age: 25628
etag: "b42a826513836e4bad11289a5ccec0966d0c6d11"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F888df8db-5e36-4530-9f02-09268aefe1af.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F888df8db-5e36-4530-9f02-09268aefe1af.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9896b15d25725efe19642f3e70ec9103
9f030fdc38125b6b523b0d12571d666907a83f4d
88a74f5fd7e694aa473ff0b1a2cc7f2328738dc9acf5c61f2501877dc72ec9bb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F888df8db-5e36-4530-9f02-09268aefe1af.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12770
x-amzn-requestid: c40e1251-15f4-486c-8744-af05d80ff14e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelkxERXoAMFdvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b61e-1bb648e9150a5cb95d69b3c5;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:46:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sTJGU6qqr-QIRMcYv4KRrL8_lHTZlQ8nteOgwApR9yaf77wYX3LqFg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 26542
etag: "9f030fdc38125b6b523b0d12571d666907a83f4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75bf2c3-b1dc-465c-ba9a-30b41f6f5cac.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75bf2c3-b1dc-465c-ba9a-30b41f6f5cac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9b1a13676d3fac304595806959135a2
9c16b23d37594b041cf8678399e6eaeb690346a9
7bc8f67670709caae6b39435fdaa3e5c71b9b30db76c006cc2c841300291a246
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75bf2c3-b1dc-465c-ba9a-30b41f6f5cac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9568
x-amzn-requestid: 0a162a3c-1723-4926-8651-7d22ecade080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelN4EVKoAMFWnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b58b-10dae6262d730d1f12c50a20;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e6PyqYG1xwBqFI9Xgbwto7aYrv_0Mu4OKyRfuLUFWberMEF00Qo5QA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 26542
etag: "9c16b23d37594b041cf8678399e6eaeb690346a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b92737-5f66-4330-9aa5-1885995d84b4.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b92737-5f66-4330-9aa5-1885995d84b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d881fb3b144fe90b2b4b5c59fee9fe3a
96535af6614ca397cf4110f49c8475a36a74d03b
6071a97c48b67fd18a8e0a25de5dd0ac9ac412a73cbd6f6f7c604effff4f14d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b92737-5f66-4330-9aa5-1885995d84b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6401a444-ca94-4ea9-b475-4b85c7ae51f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aeljXFdsoAMFWzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b615-25144e6f2e49d2e23222d2ce;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:45:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fekj21cZ8QM3XI5tDoLd5WXac4ysNY7PyvmLfyGOhNWRfn5Fw53bjQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:01:47 GMT
etag: "96535af6614ca397cf4110f49c8475a36a74d03b"
content-type: image/jpeg
age: 25631
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 772-513, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 0.000000, slope 241254190455726276608.000000\012- data
Hash 88436497b6fe5e22155afc45e9e8fe3e
5004575548d76d878a7f27bb3fc4a9a10e8f6909
304c2388dd96c82582d490cd473174b11eac53bf408a29ed78e23d77139ef243
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13962
x-amzn-requestid: 84f8b505-da9d-421c-b00a-3d6407aac332
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelDQETqoAMFwxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b547-566c7abb12b09a565be85833;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: N-R8_VOQSIhikiT-qqPi0ABMoZnr234hdcdinyzBath9A8M6aUZ37A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:54:05 GMT
age: 26093
etag: "5004575548d76d878a7f27bb3fc4a9a10e8f6909"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F869ea046-6a24-4b66-a52f-bc9a678d7ebb.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F869ea046-6a24-4b66-a52f-bc9a678d7ebb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3f174281da48e4a62aab93bcdc57d14a
8ee29d073b84530a30bb370838598115f1a65da8
0096edb7703f0bcea7e5c0d5b529482eceea9123f5f3b278f3f9012f87875f1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F869ea046-6a24-4b66-a52f-bc9a678d7ebb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8400
x-amzn-requestid: b1436934-5b97-4aa8-937a-78bce0b9181c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelN4GACoAMFYmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b58b-29da495d75578b3c20eb37ba;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:39 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EmusO-_70hMOdHGlmVAeiZI8nFPDJuJEsxtzTB4-j_8NDsIqwPVk_Q==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:54:06 GMT
age: 26092
etag: "8ee29d073b84530a30bb370838598115f1a65da8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bilqi-omv.com/zcvisitor/f6c8e874-5359-11ed-85c3-0ab73393c90d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
35.174.150.83200 996 B URL HTTP/1.1 bilqi-omv.com/zcvisitor/f6c8e874-5359-11ed-85c3-0ab73393c90d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 09864823581fa36dfb74e13c2b7c589a
be4166cbc9acead889a72297eca9e72461bdd15a
616944f5614072f4025075ed733e436b254136c52a8d5d2be5fcf18a412b0536
GET /zcvisitor/f6c8e874-5359-11ed-85c3-0ab73393c90d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97 HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 24 Oct 2022 05:08:58 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: FcNuQojF
bilqi-omv.com/zcredirect?visitid=f6c8e874-5359-11ed-85c3-0ab73393c90d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
35.174.150.83200 516 B URL HTTP/1.1 bilqi-omv.com/zcredirect?visitid=f6c8e874-5359-11ed-85c3-0ab73393c90d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c9d7ad4a52cfd61f942dc3e853f0c931
e8eb96408aed342c2597ba931657a16d2584816c
d294c214574284beab82ef83995fb8dc5ad77ab0b98366ea1aa093fcef864582
GET /zcredirect?visitid=f6c8e874-5359-11ed-85c3-0ab73393c90d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcvisitor/f6c8e874-5359-11ed-85c3-0ab73393c90d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 24 Oct 2022 05:08:58 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: WrTjeGJD
track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad4844828581b08d2ca9383806847783e88c837c19
35.180.17.130200 OK 310 B URL HTTP/2 track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad4844828581b08d2ca9383806847783e88c837c19
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d90d0ec1f21a0f4c7baf3168cf4885a3
c35c8aa8b6712357721426255c4e97cab213d14d
32a5530b4233a878a302082c037be02c38a9903c4e64aac22942cdb358aa140e
GET /tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad4844828581b08d2ca9383806847783e88c837c19 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bilqi-omv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 24 Oct 2022 05:08:59 GMT
content-length: 310
X-Firefox-Spdy: h2
track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad484482&cost=0.010000
35.180.17.130302 Found 158 B URL HTTP/2 track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad484482&cost=0.010000
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c184564c5f290572d03b0323eea4a55c
69da0e3bf633ce90de367906bec08827b7bf6bc4
12c579efcf0764649601111907e6c63bb7e31b074bc3c4fa78da027c7f1ef362
GET /tm2.ashx?&source=zp-1-1891178&pubid=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad484482&cost=0.010000 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad4844828581b08d2ca9383806847783e88c837c19
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
cache-control: private
content-type: text/html; charset=utf-8
location: https://service.no.like.it/in.ashx?c=1171
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 24 Oct 2022 05:08:59 GMT
content-length: 158
X-Firefox-Spdy: h2
track.domainparkingmanager.it/favicon.ico
35.180.17.130404 Not Found 1.2 kB URL HTTP/2 track.domainparkingmanager.it/favicon.ico
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /favicon.ico HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrf6c8e874535911ed85c30ab73393c90d6eeb86a4ad4844828581b08d2ca9383806847783e88c837c19
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 24 Oct 2022 05:08:59 GMT
content-length: 1245
X-Firefox-Spdy: h2
service.no.like.it/in.ashx?c=1171
35.180.205.178302 Found 192 B URL HTTP/2 service.no.like.it/in.ashx?c=1171
IP 35.180.205.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c0046cb8f0c1af2d43504ef5e7a22927
f223b06e4773a3e1c6e44185c6b714d4a1687b5d
9301737aafeee976b6ccedc1a55aeff206e4334c8074aca67096cffa38e27236
GET /in.ashx?c=1171 HTTP/1.1
Host: service.no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
location: https://no.like.it/Search?q=fjellreven bukse&country=no&language=no
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
set-cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=fjellreven+bukse&c=1171&logcookie=26754736; domain=no.like.it; expires=Mon, 24-Oct-2022 05:09:59 GMT; path=/; secure; SameSite=None
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 24 Oct 2022 05:08:59 GMT
content-length: 192
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c4dc07ad9e8c7ed0b15ee3e8e9c99333
4c0bbeca53374ad80a7c3c77d107bc33258424b2
7d234074796cafc936a9d9bc314cbe7a1fe21c968c4339ee84571aff159fef1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D234074796CAFC936A9D9BC314CBE7A1FE21C968C4339EE84571AFF159FEF1F"
Last-Modified: Sat, 22 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20034
Expires: Mon, 24 Oct 2022 10:42:53 GMT
Date: Mon, 24 Oct 2022 05:08:59 GMT
Connection: keep-alive
no.like.it/Search?q=fjellreven%20bukse&country=no&language=no
185.25.205.112200 OK 8.4 kB URL HTTP/2 no.like.it/Search?q=fjellreven%20bukse&country=no&language=no
IP 185.25.205.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6188), with CRLF, LF line terminators
Hash ed42cba163603927e5c424334719d204
61b6ebf07d363e62866113d940044535d1f4c007
1ab2cd9db122bd6c99cace83260ca2f8669b87713a2c781c6149b246aa742a41
GET /Search?q=fjellreven%20bukse&country=no&language=no HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=fjellreven+bukse&c=1171&logcookie=26754736
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Mon, 24 Oct 2022 05:06:27 GMT
content-length: 8442
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash c560beed39cecb5417cb24d408e854bd
8128cbbdbb9357227cff89cf4a0825d62e1821cd
a116fd57470c119c471df4fa54525043cddf2cd4d1c91eaf450155a2293d26f8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:09:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
142.250.74.164200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash dd6ca2cbf89954e2abefdffaded45600
c3f31124b3c516bc26540ab0aa1b3102b27b63e8
5354885c11b01c6cdf671d91859fcb3fd5b01f90bce1a342cfbe795c4967840a
GET /recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 24 Oct 2022 05:09:00 GMT
date: Mon, 24 Oct 2022 05:09:00 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7dbe328751574db3465bc8c4f745a487
661ca1463bea33b14bec8f6669dacb2f1ffb78c1
95b3e76c084b00b1d5ca6e02551a48d645b0eae239313b46cfb3468d62b08193
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:09:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:09:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:09:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 05:09:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 12:31:58 GMT
expires: Sun, 22 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 146222
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 00:48:31 GMT
expires: Sat, 21 Oct 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 274829
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
no.like.it/favicon.ico
185.25.205.112200 OK 11 kB IP 185.25.205.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11719), with CRLF, LF line terminators
Hash 885419b14b9999fb71650e7321c1039a
4eccccdbb1f1f5d94c82d8bb6ac6b85792c29389
62ddd9803111334e76e29c6792fc8fe4d1fc8ce6e5e49c5d61906b696c60372c
GET /favicon.ico HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/Search?q=fjellreven%20bukse&country=no&language=no
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=fjellreven+bukse&c=1171&logcookie=26754736
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Mon, 24 Oct 2022 05:06:28 GMT
content-length: 11324
X-Firefox-Spdy: h2