firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 06:13:57 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q2nxgUjuFQjx11UZBCWsolzpqsSpGxsLnBMT51WxvQPGzQ3IrzzEXw==
Age: 2334
mkkuei4kdsz.com/522/269.html
64.225.91.73200 OK 329 B URL HTTP/1.1 mkkuei4kdsz.com/522/269.html
IP 64.225.91.73:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ecbcb8bae64098de3e587487b474f8b8
e275409fb40ea27c3826af493f70faf147d0f995
2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /522/269.html HTTP/1.1
Host: mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Thu, 22 Sep 2022 06:52:51 GMT
content-type: text/html
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12859
Expires: Thu, 22 Sep 2022 10:27:10 GMT
Date: Thu, 22 Sep 2022 06:52:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash afb65a07bf7214addf83d17a53acba32
a8e973204431320aa7b362a4e73944520c4b51b9
46e1a9e6c98245afb7fa84bc6d9ba6844105024e2d3f56e28748e6c321475d02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2253
Expires: Thu, 22 Sep 2022 07:30:24 GMT
Date: Thu, 22 Sep 2022 06:52:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lPzNiWntXrPY/EI2W6+A+/R5lWZN5mtg9krGhn+BP6eRc65FQgyJOdBnwxsfGvhXX8VgiSrVw/0=
x-amz-request-id: C2WPGC73J6BVSTC5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 22 Sep 2022 06:46:08 GMT
age: 403
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 06:52:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mkkuei4kdsz.com
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 06:52:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 9273275
expires: Tue, 12 Sep 2023 06:52:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XrltQ1EOzc%2BcffYV12AgczLfXoCYmNQDIS3Wrkpm2Qutoxvo0OuBeGUvsQTVSvy8amx%2FofqQWJgwUQO62XGLWMijPcJKCD96AXO3H3rZI73sjtFTB%2BLjOoKL%2BS81M861ILdbLsiw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74e91ec878840afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b05b53d3d89eede6540bf415e7ed451
f8bc028a4f715ded9cf899f72ea85b97378607ce
5b5fdc50372d870b82bcb49a8b0f5de26a0b0a58b90418615bfb3b1ed7062998
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5B5FDC50372D870B82BCB49A8B0F5DE26A0B0A58B90418615BFB3B1ED7062998"
Last-Modified: Tue, 20 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9465
Expires: Thu, 22 Sep 2022 09:30:37 GMT
Date: Thu, 22 Sep 2022 06:52:52 GMT
Connection: keep-alive
domaincntrol.com/?orighost=http://mkkuei4kdsz.com/522/269.html
104.26.10.61200 OK 28 B URL HTTP/2 domaincntrol.com/?orighost=http://mkkuei4kdsz.com/522/269.html
IP 104.26.10.61:0
File type ASCII text, with no line terminators
Hash 7aae16ed70d2e07943585bbb1cd02b55
3209123510c034e6e38ca45edf14307f1375a8f5
51bfb53a70df6adc48f0670be59a16a657ab5a2bafc176973a32d5c36a4fc5d3
GET /?orighost=http://mkkuei4kdsz.com/522/269.html HTTP/1.1
Host: domaincntrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mkkuei4kdsz.com
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 06:52:52 GMT
content-type: text/javascript;charset=UTF-8
content-length: 28
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RO8hO%2Bt21LDidAxVjJG8u0Uhd%2F%2BJjSkHQLHWas9VqGVzjYIq4FiPcmDYycBKd%2BF%2FyFH0TrPk0QJNn%2FLWROUxoRloU1vEJ1c%2FgFP6HcdNW1cNWMSf5O9O4D456Hpp9ziH2Xw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74e91ec94e420b65-OSL
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 22 Sep 2022 06:03:22 GMT
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 06:05:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JBqzyZ-PkixEkvPt2jnS1cGLpqhgJjN9qoYJUKau1kxYT2xYmvLmOQ==
Age: 2970
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff6d50919e56aed75c47feb45ee2f2ec
98f558a4b2d4f3c271abc93d0b74ece4ad7a59ef
b1b6f0e78b5a1e2092cba6d71d0d5a918066c0486176cef0a19f51e2d5a9962e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 06:52:52 GMT
Last-Modified: Thu, 22 Sep 2022 05:47:47 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.40.161.235101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.40.161.235:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Bv0DeKrtUqs14vwxiSUnuw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7OLk0LZc6YPx+AblyGTyTCpJbIE=
ww2.mkkuei4kdsz.com/
64.190.63.136200 OK 1.2 kB IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (629)
Hash aaddb9302fe66a49c73ad30e742edddc
e0ed3530c0cdf1cf823c1e4dd5f4f3e6b1a50577
25e4df176504cd8b5eab46260f56b7bbbda509d10fe6bf9729d092343174a8db
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: ww2.mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Thu, 22 Sep 2022 06:52:53 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_RlGSCujrTwIV09ewwdBk8PiCOXknsvjzonXp/BabLYsbM4wWv0k1teTkRJynKg7Y1QeTz1UsnxJZ/TvhfinDdA==
last-modified: Thu, 22 Sep 2022 06:52:52 GMT
x-cache-miss-from: parking-75468f7c47-pc9rg
server: NginX
content-encoding: gzip
ww2.mkkuei4kdsz.com/search/tsc.php?200=MzgzNDQ1ODM3&21=OTEuOTAuNDIuMTU0&681=MTY2MzgyOTU3M2EwYWM0NDExMzFjNWYwNzczOWQ2MTMxZGIxMmEzNmRh&crc=321f06fd9e3d04ba4ffdaef7d4ccd741e12610d0&cv=1
64.190.63.136200 OK 0 B URL HTTP/1.1 ww2.mkkuei4kdsz.com/search/tsc.php?200=MzgzNDQ1ODM3&21=OTEuOTAuNDIuMTU0&681=MTY2MzgyOTU3M2EwYWM0NDExMzFjNWYwNzczOWQ2MTMxZGIxMmEzNmRh&crc=321f06fd9e3d04ba4ffdaef7d4ccd741e12610d0&cv=1
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /search/tsc.php?200=MzgzNDQ1ODM3&21=OTEuOTAuNDIuMTU0&681=MTY2MzgyOTU3M2EwYWM0NDExMzFjNWYwNzczOWQ2MTMxZGIxMmEzNmRh&crc=321f06fd9e3d04ba4ffdaef7d4ccd741e12610d0&cv=1 HTTP/1.1
Host: ww2.mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/
HTTP/1.1 200 OK
date: Thu, 22 Sep 2022 06:52:53 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-cache-miss-from: parking-75468f7c47-8spg2
server: NginX
img.sedoparking.com/images/js_preloader.gif
205.234.175.175200 OK 0 B URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP 205.234.175.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 06:52:53 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Thu, 29 Sep 2022 06:52:53 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 8743b28c33fa2d57d68466d835488f39
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
ww2.mkkuei4kdsz.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D0SJdSADcZ0Y_0&v=OTZiNDgyYzYzMGFiZGNiNTU5ZmQxNTVjOTZjMDFlODYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMyYzA2NDQ3NWJiYzcuNjE2ODUyOTUJd3cyLm1ra3VlaTRrZHN6LmNvbTYzMmMwNjQ0NzViZTgwLjI2MTMyMzE4CTE2NjM4Mjk1NzMJYWRfNjNfMA==&l=OAlhYmQ3MzNkN2YxMDJkZTM4Mzc2ODZkYzA3OWRjODBlYwkwCTM1CTAJOTIxZGFjZGIzODcxZDVlM2M1OTZmZTM2NjE4MjQwYTAJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjM4Mjk1NzMJMC4wMDA1OQlOCTAJMQkxODA1CTEyMDUJMTk0MDQzMTQyCTkxLjkwLjQyLjE1NAkw
64.190.63.136302 Found 311 B URL HTTP/1.1 ww2.mkkuei4kdsz.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D0SJdSADcZ0Y_0&v=OTZiNDgyYzYzMGFiZGNiNTU5ZmQxNTVjOTZjMDFlODYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMyYzA2NDQ3NWJiYzcuNjE2ODUyOTUJd3cyLm1ra3VlaTRrZHN6LmNvbTYzMmMwNjQ0NzViZTgwLjI2MTMyMzE4CTE2NjM4Mjk1NzMJYWRfNjNfMA==&l=OAlhYmQ3MzNkN2YxMDJkZTM4Mzc2ODZkYzA3OWRjODBlYwkwCTM1CTAJOTIxZGFjZGIzODcxZDVlM2M1OTZmZTM2NjE4MjQwYTAJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjM4Mjk1NzMJMC4wMDA1OQlOCTAJMQkxODA1CTEyMDUJMTk0MDQzMTQyCTkxLjkwLjQyLjE1NAkw
IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 68a6d243193a37dc0b9458e340119d36
e413102bf82d253f333586317dba89459f84c34d
6f83097ff92208f411e61b68626ec1fef42e9d69232db5a94b247a4992e2d78e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D0SJdSADcZ0Y_0&v=OTZiNDgyYzYzMGFiZGNiNTU5ZmQxNTVjOTZjMDFlODYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMyYzA2NDQ3NWJiYzcuNjE2ODUyOTUJd3cyLm1ra3VlaTRrZHN6LmNvbTYzMmMwNjQ0NzViZTgwLjI2MTMyMzE4CTE2NjM4Mjk1NzMJYWRfNjNfMA==&l=OAlhYmQ3MzNkN2YxMDJkZTM4Mzc2ODZkYzA3OWRjODBlYwkwCTM1CTAJOTIxZGFjZGIzODcxZDVlM2M1OTZmZTM2NjE4MjQwYTAJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjM4Mjk1NzMJMC4wMDA1OQlOCTAJMQkxODA1CTEyMDUJMTk0MDQzMTQyCTkxLjkwLjQyLjE1NAkw HTTP/1.1
Host: ww2.mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Thu, 22 Sep 2022 06:52:53 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Thu, 22 Sep 2022 06:52:53 GMT
location: http://xml.sedodna.com/click?i=0SJdSADcZ0Y_0
x-cache-miss-from: parking-75468f7c47-pc9rg
server: NginX
xml.sedodna.com/click?i=0SJdSADcZ0Y_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=0SJdSADcZ0Y_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=0SJdSADcZ0Y_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://irene-eux.com/zcvisitor/2df2cc64-3a43-11ed-9d84-0ab59e5074ef/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
Pragma: no-cache
irene-eux.com/zcvisitor/2df2cc64-3a43-11ed-9d84-0ab59e5074ef/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
34.194.66.161200 996 B URL HTTP/1.1 irene-eux.com/zcvisitor/2df2cc64-3a43-11ed-9d84-0ab59e5074ef/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
IP 34.194.66.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fc9de139a6e3e6f1cc8818b122f022e1
a4b9cb9bd3e83671b6c126e7c6b17819e625a19e
63b00972c86c3ea11bb10c0449abb92d97dea97c394557b4bc6119f231d7f014
GET /zcvisitor/2df2cc64-3a43-11ed-9d84-0ab59e5074ef/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97 HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Thu, 22 Sep 2022 06:52:53 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: xsflLNzf
irene-eux.com/zcredirect?visitid=2df2cc64-3a43-11ed-9d84-0ab59e5074ef&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
34.194.66.161200 516 B URL HTTP/1.1 irene-eux.com/zcredirect?visitid=2df2cc64-3a43-11ed-9d84-0ab59e5074ef&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 34.194.66.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0fcfece98def456450588d0d6b34aabe
73627ffefb9a27319811d46bfd7b6694b34a0742
e2aa9763e75821e4190ae6b50bd840247328af3129997857f3fcbc6ec5dc8264
GET /zcredirect?visitid=2df2cc64-3a43-11ed-9d84-0ab59e5074ef&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/2df2cc64-3a43-11ed-9d84-0ab59e5074ef/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Thu, 22 Sep 2022 06:52:53 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: LNBWpFGY
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11427
Expires: Thu, 22 Sep 2022 10:03:20 GMT
Date: Thu, 22 Sep 2022 06:52:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11427
Expires: Thu, 22 Sep 2022 10:03:20 GMT
Date: Thu, 22 Sep 2022 06:52:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11427
Expires: Thu, 22 Sep 2022 10:03:20 GMT
Date: Thu, 22 Sep 2022 06:52:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11427
Expires: Thu, 22 Sep 2022 10:03:20 GMT
Date: Thu, 22 Sep 2022 06:52:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11427
Expires: Thu, 22 Sep 2022 10:03:20 GMT
Date: Thu, 22 Sep 2022 06:52:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash af5773255351157d72c28a670a355c60
c803e5866edbe6c9baec14e93677f610bdf09bff
3229b4aa1c698647ad96d114174782549ad240f1b2c4ba8c268165a16afc84f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10754
x-amzn-requestid: 2d03531d-6055-477f-9cb6-9ea9fa27eeb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vHJ4IAMF42Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-692620e80d5b2efe1d0e3a82;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eYUP9NfAkmU4A-mZvysejq1228Qfb8vbfdXOaHQvr6mjXhnVoWdqJw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:09 GMT
etag: "c803e5866edbe6c9baec14e93677f610bdf09bff"
content-type: image/jpeg
age: 33524
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f33332-2080-459e-ab54-a452b2278994.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f33332-2080-459e-ab54-a452b2278994.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 888247c1153f8770b880395734749107
7c27c02029eb49e726a076679be2c793da696e45
515852e0d38cdaf86bce45fa5e0df453d08ca36cf6ecfa0c4b868c2143afe333
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f33332-2080-459e-ab54-a452b2278994.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8748
x-amzn-requestid: 83c28267-4d10-476d-8b11-08b48b046985
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YzG6CGtroAMFyqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ab840-1167c5285b6837d311bfe2a9;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 07:07:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xo0ilY8z0C3rDISFOM5EixEK7HAelSut4hgNNwGYAVQIfPP8C6pUCg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 07:08:33 GMT
age: 85460
etag: "7c27c02029eb49e726a076679be2c793da696e45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4d98acc059a69d51165fb5e0c7430ea3
09bd3300d710c3212483159f8398b84cde09da26
6e38bbb5c79c4f714973e10961d7bad9e7ae8711cf24d68b13a77206f474d2a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7507
x-amzn-requestid: 2a40c792-8b1b-4476-92de-1fce3df48fc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCmaHefoAMF4Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e28-6b05350006b7f3fb73d1e37a;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gZ8I075ljJuPvMcsyyRU3m09P9z7mL3WNBiex99pwXtoWDzt_jWP0A==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:25:13 GMT
age: 30460
etag: "09bd3300d710c3212483159f8398b84cde09da26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4ee5bbd-73ba-4da9-bcfc-b6aa9ce9eb86.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4ee5bbd-73ba-4da9-bcfc-b6aa9ce9eb86.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 069a8e60288777306e90e53763f87811
e5bb6dd623282f8db053604a852dda28e6f6de8f
48acd402e55b65f5bbde1bc7b13b604f07b58742712c3e50b07c5a57c6c109a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4ee5bbd-73ba-4da9-bcfc-b6aa9ce9eb86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10670
x-amzn-requestid: 5c5bf01a-3f05-4afe-9f13-61f7d4e0901c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GPFHSDoAMFXww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b83f9-11818e616f4e330e714fc44f;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:36:57 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KxP2AbGmfJBn-tJOQ5EE658LMbwd3euUkKqnJhbtJiFIlJgT6PJ9xw==
via: 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:19 GMT
age: 32674
etag: "e5bb6dd623282f8db053604a852dda28e6f6de8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5453bf0-e297-4ace-a174-b28be2bb7e8d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5453bf0-e297-4ace-a174-b28be2bb7e8d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 298be26294efc965abc5707a84df8a0a
5ee6c32afd92810ae61a791c059928e33148bb0c
d9b5fe88c8e03f6a6a64e360015080bca00f7fb147515a137447832bacc2e6e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5453bf0-e297-4ace-a174-b28be2bb7e8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11645
x-amzn-requestid: 0ae5c056-6d78-4c37-8e18-b9abfe1e1f47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YzG34FKIIAMF6Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ab832-59fbd91527ea400d333ddc41;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 07:07:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Q7rg9YqHScSwWXfS96bSI5Mb0mSYQ-jbShb7wddPcG51nhn0_8DIJA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 07:33:03 GMT
etag: "5ee6c32afd92810ae61a791c059928e33148bb0c"
content-type: image/jpeg
age: 83990
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bf12030-6891-4726-8589-181dc038b664.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bf12030-6891-4726-8589-181dc038b664.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 627a1957eb7fb1bd39319cfc87cb42ac
b778bfda1edeb8f55e27b26adfe1212a1698c4e6
efaa77c56866df2ca13fd87ac82eb12b82c0a2bd4b24ae747310de5b694f80ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bf12030-6891-4726-8589-181dc038b664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6747
x-amzn-requestid: c1009486-0109-4431-8027-470cc6d7232d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GD7HqxoAMFv4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b83b2-72cff3ea11f29a99721803e2;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wKtTDXaNE6AMdxubq7sKRV1JzRwJOdsG2ZxkeAHA32LoSGB90WgMbQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:05:10 GMT
age: 31663
etag: "b778bfda1edeb8f55e27b26adfe1212a1698c4e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001110&gio=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452da8d22f3034bb7f5b0677107cf0172acbdb
35.180.17.130200 OK 313 B URL HTTP/2 track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001110&gio=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452da8d22f3034bb7f5b0677107cf0172acbdb
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3c6aaea8b82411aca196e363213859f9
8b9c592c500263a8136c418a50f60dbc2cd92e0b
58857c92ac3f7f332cfd5eb542b0f60525aad8dd2479ac9ad4f393c6b811ebe6
GET /tm.ashx?source=zp-1-1891178&det=0.001110&gio=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452da8d22f3034bb7f5b0677107cf0172acbdb HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 22 Sep 2022 06:52:54 GMT
content-length: 313
X-Firefox-Spdy: h2
track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452d&cost=0.001110
35.180.17.130302 Found 158 B URL HTTP/2 track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452d&cost=0.001110
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c184564c5f290572d03b0323eea4a55c
69da0e3bf633ce90de367906bec08827b7bf6bc4
12c579efcf0764649601111907e6c63bb7e31b074bc3c4fa78da027c7f1ef362
GET /tm2.ashx?&source=zp-1-1891178&pubid=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452d&cost=0.001110 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001110&gio=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452da8d22f3034bb7f5b0677107cf0172acbdb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
cache-control: private
content-type: text/html; charset=utf-8
location: https://service.no.like.it/in.ashx?c=1171
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 22 Sep 2022 06:52:54 GMT
content-length: 158
X-Firefox-Spdy: h2
track.domainparkingmanager.it/favicon.ico
35.180.17.130404 Not Found 1.2 kB URL HTTP/2 track.domainparkingmanager.it/favicon.ico
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /favicon.ico HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001110&gio=zr2df2cc643a4311ed9d840ab59e5074ef0f2f157894f3452da8d22f3034bb7f5b0677107cf0172acbdb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 22 Sep 2022 06:52:54 GMT
content-length: 1245
X-Firefox-Spdy: h2
service.no.like.it/in.ashx?c=1171
35.180.205.178302 Found 200 B URL HTTP/2 service.no.like.it/in.ashx?c=1171
IP 35.180.205.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 26c8f07b5a60559b66066d6ddcfdeaf1
8a44fb19e4da1631dcfdc5cc6dc3c0d5c5b48c15
5790fa740c96149b471f67baf83b3abc3dd4d18defbfa45e3a6572d87e6d6a05
GET /in.ashx?c=1171 HTTP/1.1
Host: service.no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
location: https://no.like.it/Search?q=facebook annonsering mva&country=no&language=no
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
set-cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=facebook+annonsering+mva&c=1171&logcookie=24239543; domain=no.like.it; expires=Thu, 22-Sep-2022 06:53:54 GMT; path=/; secure; SameSite=None
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 22 Sep 2022 06:52:53 GMT
content-length: 200
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d823651c7e4081083f9fc274d9c71fe
a0a2980637afbab36978919a2febe1f417f2fc76
73fe20eb81263d11ec557866c3d6fc99f4642e5de0d7fba62aa47c91da95ecbc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73FE20EB81263D11EC557866C3D6FC99F4642E5DE0D7FBA62AA47C91DA95ECBC"
Last-Modified: Mon, 19 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4404
Expires: Thu, 22 Sep 2022 08:06:18 GMT
Date: Thu, 22 Sep 2022 06:52:54 GMT
Connection: keep-alive
no.like.it/Search?q=facebook%20annonsering%20mva&country=no&language=no
185.25.205.112200 OK 9.4 kB URL HTTP/2 no.like.it/Search?q=facebook%20annonsering%20mva&country=no&language=no
IP 185.25.205.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6110), with CRLF, LF line terminators
Hash 2a3aa15b834ccaa24f229e697b9ec4bd
300ccbab95bd2f5d612163a7a3911360d398af77
b1b1396dab039099d2b1e6003bd11cad4af262c4e56ff43dc2cc4f06d14763d4
GET /Search?q=facebook%20annonsering%20mva&country=no&language=no HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=facebook+annonsering+mva&c=1171&logcookie=24239543
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Thu, 22 Sep 2022 06:50:03 GMT
content-length: 9424
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 41630fb2c7ef9e435a8762b0943e0980
04b6c8bfe97bc5408e1450b5921331c6ae6de682
e9e83895eef14a5a26e91c9574fc9f60eb2f47959406eabe87b4618412519476
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 06:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
142.250.74.164200 OK 587 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash d8d03ff032e1f5d8a2ed794e59dbcc56
52f0760f6bd6e1efdb9cfe0443fdc2e2043f1d03
9bff1d557461f97ff2f3513412d4782a5b2dfbcc503678d2b24fa73c503a5317
GET /recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 22 Sep 2022 06:52:55 GMT
date: Thu, 22 Sep 2022 06:52:55 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 587
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1b33d59cf038a3fe7273f78fda2cce3a
0b367731ef6df8e1f6c1b8774198daa9959d7cf5
b02b1756112479f92786994de8e884986b0a7eb3d5885300bfd8a64f597f7cc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 06:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash ecad9d604746993f5361f1d4ece8022d
629abc60b6f4aa4f418125adc424c25079997c69
585fbc811d07b0be0fc914b51194755e56a740f43c67c7bc936da9577a23bbb7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 06:52:55 GMT
Last-Modified: Thu, 22 Sep 2022 06:15:17 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iEEYqb4QlZPq_ok_gug1qlkBhcxnDcbBcBrFE63MYFnhARFPOMLoow==
Age: 2258
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash ecad9d604746993f5361f1d4ece8022d
629abc60b6f4aa4f418125adc424c25079997c69
585fbc811d07b0be0fc914b51194755e56a740f43c67c7bc936da9577a23bbb7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 06:52:55 GMT
Server: ECS (dcb/7F39)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VIFItHNoWiPpR4yJMRdPxnQ3AsxnSm492m60be9aOz2LTTDYMAnZhQ==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5149084af9bb01e5471e0be93a009ab0
1aaae44973461346130015cba0c36e9d1b5b77f2
db8a390c5bb50072d57429a45c470496139deb98e04b175f45600e5e4b2ac884
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 06:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (581)
Size 158 kB (157726 bytes)
Hash 6519c7c04cf32a57b1c5ee45a73c233e
4939bb921988e9eb13780cc2244f3099776e9bfb
8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b
GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://no.like.it
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 05:37:29 GMT
expires: Thu, 21 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
age: 90926
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5149084af9bb01e5471e0be93a009ab0
1aaae44973461346130015cba0c36e9d1b5b77f2
db8a390c5bb50072d57429a45c470496139deb98e04b175f45600e5e4b2ac884
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 06:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yu.imageadvantage.net/5/6F/CF/DF317B696D22B2FE3BDDA3EE030.jpg?pid=9653.100&qs=yvFjhdjhrxo%27bstrwwlsntj%29q%7Db%2Bgg%7FAt664qx3hosuq%7Ciyjsm2oejfgurt%2A%7BuqCIjglctun6euottvnvpol%260%29Euottvnvpol%26rp%24Hofr%7C%7Ci-ejy%40V98%21mgu%29irtuku%7Diy%21xup%29nvcgku%29qle%25Ldliiptq%23xk%27itrgnv%27pxy%23xtwefzh%7Bx%27q%C3%AA%26w%7Biuejx%23r%24tbwqhmi%7B%2F%25%5Cl%29lhs%25rdwk%27fwld%7Bmuh%25shm%24%C3%AC%21xqdojl%21lugn%24yfx%7Bo%7De%7Bfw%26rp%24owtxgjr%27%C3%A6%25t%C3%A8%29hl%21won%7Dmnf%25s%C3%A8ukyvuvhwi&d=m51.no%2Fannonsering%2Ffacebook
54.230.111.17302 Moved Temporarily 1.0 kB URL HTTP/1.1 yu.imageadvantage.net/5/6F/CF/DF317B696D22B2FE3BDDA3EE030.jpg?pid=9653.100&qs=yvFjhdjhrxo%27bstrwwlsntj%29q%7Db%2Bgg%7FAt664qx3hosuq%7Ciyjsm2oejfgurt%2A%7BuqCIjglctun6euottvnvpol%260%29Euottvnvpol%26rp%24Hofr%7C%7Ci-ejy%40V98%21mgu%29irtuku%7Diy%21xup%29nvcgku%29qle%25Ldliiptq%23xk%27itrgnv%27pxy%23xtwefzh%7Bx%27q%C3%AA%26w%7Biuejx%23r%24tbwqhmi%7B%2F%25%5Cl%29lhs%25rdwk%27fwld%7Bmuh%25shm%24%C3%AC%21xqdojl%21lugn%24yfx%7Bo%7De%7Bfw%26rp%24owtxgjr%27%C3%A6%25t%C3%A8%29hl%21won%7Dmnf%25s%C3%A8ukyvuvhwi&d=m51.no%2Fannonsering%2Ffacebook
IP 54.230.111.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (780)
Hash 28ac9e450292a00f5f4ca21f5c44bfd2
d427bf83c203d3b8691dc1a72a244da5c926f410
b696e911fa7f5babdc010400b50d6cff643ef7ee8987d74414600847af32f9f3
GET /5/6F/CF/DF317B696D22B2FE3BDDA3EE030.jpg?pid=9653.100&qs=yvFjhdjhrxo%27bstrwwlsntj%29q%7Db%2Bgg%7FAt664qx3hosuq%7Ciyjsm2oejfgurt%2A%7BuqCIjglctun6euottvnvpol%260%29Euottvnvpol%26rp%24Hofr%7C%7Ci-ejy%40V98%21mgu%29irtuku%7Diy%21xup%29nvcgku%29qle%25Ldliiptq%23xk%27itrgnv%27pxy%23xtwefzh%7Bx%27q%C3%AA%26w%7Biuejx%23r%24tbwqhmi%7B%2F%25%5Cl%29lhs%25rdwk%27fwld%7Bmuh%25shm%24%C3%AC%21xqdojl%21lugn%24yfx%7Bo%7De%7Bfw%26rp%24owtxgjr%27%C3%A6%25t%C3%A8%29hl%21won%7Dmnf%25s%C3%A8ukyvuvhwi&d=m51.no%2Fannonsering%2Ffacebook HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 1047
Connection: keep-alive
Date: Thu, 22 Sep 2022 06:52:55 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/5/6F/CF/DF317B696D22B2FE3BDDA3EE030&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAt664qx3hosuq%257Ciyjsm2oejfgurt%252A%257BuqCIjglctun6euottvnvpol%25260%2529Euottvnvpol%2526rp%2524Hofr%257C%257Ci-ejy%2540V98%2521mgu%2529irtuku%257Diy%2521xup%2529nvcgku%2529qle%2525Ldliiptq%2523xk%2527itrgnv%2527pxy%2523xtwefzh%257Bx%2527q%25C3%25AA%2526w%257Biuejx%2523r%2524tbwqhmi%257B%252F%2525%255Cl%2529lhs%2525rdwk%2527fwld%257Bmuh%2525shm%2524%25C3%25AC%2521xqdojl%2521lugn%2524yfx%257Bo%257De%257Bfw%2526rp%2524owtxgjr%2527%25C3%25A6%2525t%25C3%25A8%2529hl%2521won%257Dmnf%2525s%25C3%25A8ukyvuvhwi&d=m51.no%252Fannonsering%252Ffacebook
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1fBvgZtm2Na8ZsA2q2mEpXiku6vB4zPowet5mWdxxHpLjZDFPgVEOg==
yu.imageadvantage.net/0/FB/DA/46B644DFDBE152D71E504704182.jpg?pid=9653.100&qs=yvFjhdjhrxo%27bstrwwlsntj%29q%7Db%2Bgg%7FAkjlowjpvquzx%7B2up4Ldliiptq%29%7Dxs%3EMphut%27njj%23jrupsyh%7B%24w%C3%A6%25Ldliiptq%236%24Zmnq%23u%7Drljy%23my%27j%25yr%7Cmhmj%26pnhpf%2Bjh%7CA%5Dj%25zluf%C2%80s%25x%C3%A8mkpwsoqp%24vh%25jurj%7B%21f%7C%23jrupsyh%7B%24p%21Xuvresf%25Shmmls3%26Nxr%7Bbpz%23xwz%21njdp2&d=digitalopptur.no%2FFacebook
54.230.111.17302 Moved Temporarily 883 B URL HTTP/1.1 yu.imageadvantage.net/0/FB/DA/46B644DFDBE152D71E504704182.jpg?pid=9653.100&qs=yvFjhdjhrxo%27bstrwwlsntj%29q%7Db%2Bgg%7FAkjlowjpvquzx%7B2up4Ldliiptq%29%7Dxs%3EMphut%27njj%23jrupsyh%7B%24w%C3%A6%25Ldliiptq%236%24Zmnq%23u%7Drljy%23my%27j%25yr%7Cmhmj%26pnhpf%2Bjh%7CA%5Dj%25zluf%C2%80s%25x%C3%A8mkpwsoqp%24vh%25jurj%7B%21f%7C%23jrupsyh%7B%24p%21Xuvresf%25Shmmls3%26Nxr%7Bbpz%23xwz%21njdp2&d=digitalopptur.no%2FFacebook
IP 54.230.111.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (616)
Hash 8f249bf22702d536dde480f2885bb670
ef08b1a929d29bce198fb4a9144a6d5abb6c1f10
aed94737a4255399caf85621d36ab603328310a4578028f206e0948e0a6f2fc0
GET /0/FB/DA/46B644DFDBE152D71E504704182.jpg?pid=9653.100&qs=yvFjhdjhrxo%27bstrwwlsntj%29q%7Db%2Bgg%7FAkjlowjpvquzx%7B2up4Ldliiptq%29%7Dxs%3EMphut%27njj%23jrupsyh%7B%24w%C3%A6%25Ldliiptq%236%24Zmnq%23u%7Drljy%23my%27j%25yr%7Cmhmj%26pnhpf%2Bjh%7CA%5Dj%25zluf%C2%80s%25x%C3%A8mkpwsoqp%24vh%25jurj%7B%21f%7C%23jrupsyh%7B%24p%21Xuvresf%25Shmmls3%26Nxr%7Bbpz%23xwz%21njdp2&d=digitalopptur.no%2FFacebook HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 883
Connection: keep-alive
Date: Thu, 22 Sep 2022 06:52:55 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/0/FB/DA/46B644DFDBE152D71E504704182&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAkjlowjpvquzx%257B2up4Ldliiptq%2529%257Dxs%253EMphut%2527njj%2523jrupsyh%257B%2524w%25C3%25A6%2525Ldliiptq%25236%2524Zmnq%2523u%257Drljy%2523my%2527j%2525yr%257Cmhmj%2526pnhpf%252Bjh%257CA%255Dj%2525zluf%25C2%2580s%2525x%25C3%25A8mkpwsoqp%2524vh%2525jurj%257B%2521f%257C%2523jrupsyh%257B%2524p%2521Xuvresf%2525Shmmls3%2526Nxr%257Bbpz%2523xwz%2521njdp2&d=digitalopptur.no%252FFacebook
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CbTrEyU6Hcrls4mT_9DbZo280WQ0rso0vqVBpy16l0Zrfbkj6rYVpg==
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 12:31:58 GMT
expires: Sun, 17 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 411658
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 00:48:31 GMT
expires: Sat, 16 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 540265
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
no.like.it/favicon.ico
185.25.205.112200 OK 10 kB IP 185.25.205.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8189), with CRLF, LF line terminators
Hash cc719cc54e5bf31b69e0ac2e4403db3f
73b441288c00b98b3e9a2f2517f0878514236375
cc6550bde7689dd3601a50541890996af83f9041a5498a632528ddb721b8c1e0
GET /favicon.ico HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/Search?q=facebook%20annonsering%20mva&country=no&language=no
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=facebook+annonsering+mva&c=1171&logcookie=24239543
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Thu, 22 Sep 2022 06:50:04 GMT
content-length: 10381
X-Firefox-Spdy: h2
mr0.imageadvantage.net/MRH/MediaHandler.php?path=/5/6F/CF/DF317B696D22B2FE3BDDA3EE030&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAt664qx3hosuq%257Ciyjsm2oejfgurt%252A%257BuqCIjglctun6euottvnvpol%25260%2529Euottvnvpol%2526rp%2524Hofr%257C%257Ci-ejy%2540V98%2521mgu%2529irtuku%257Diy%2521xup%2529nvcgku%2529qle%2525Ldliiptq%2523xk%2527itrgnv%2527pxy%2523xtwefzh%257Bx%2527q%25C3%25AA%2526w%257Biuejx%2523r%2524tbwqhmi%257B%252F%2525%255Cl%2529lhs%2525rdwk%2527fwld%257Bmuh%2525shm%2524%25C3%25AC%2521xqdojl%2521lugn%2524yfx%257Bo%257De%257Bfw%2526rp%2524owtxgjr%2527%25C3%25A6%2525t%25C3%25A8%2529hl%2521won%257Dmnf%2525s%25C3%25A8ukyvuvhwi&d=m51.no%252Fannonsering%252Ffacebook
54.230.111.49200 OK 0 B URL HTTP/2 mr0.imageadvantage.net/MRH/MediaHandler.php?path=/5/6F/CF/DF317B696D22B2FE3BDDA3EE030&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAt664qx3hosuq%257Ciyjsm2oejfgurt%252A%257BuqCIjglctun6euottvnvpol%25260%2529Euottvnvpol%2526rp%2524Hofr%257C%257Ci-ejy%2540V98%2521mgu%2529irtuku%257Diy%2521xup%2529nvcgku%2529qle%2525Ldliiptq%2523xk%2527itrgnv%2527pxy%2523xtwefzh%257Bx%2527q%25C3%25AA%2526w%257Biuejx%2523r%2524tbwqhmi%257B%252F%2525%255Cl%2529lhs%2525rdwk%2527fwld%257Bmuh%2525shm%2524%25C3%25AC%2521xqdojl%2521lugn%2524yfx%257Bo%257De%257Bfw%2526rp%2524owtxgjr%2527%25C3%25A6%2525t%25C3%25A8%2529hl%2521won%257Dmnf%2525s%25C3%25A8ukyvuvhwi&d=m51.no%252Fannonsering%252Ffacebook
IP 54.230.111.49:0
GET /MRH/MediaHandler.php?path=/5/6F/CF/DF317B696D22B2FE3BDDA3EE030&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAt664qx3hosuq%257Ciyjsm2oejfgurt%252A%257BuqCIjglctun6euottvnvpol%25260%2529Euottvnvpol%2526rp%2524Hofr%257C%257Ci-ejy%2540V98%2521mgu%2529irtuku%257Diy%2521xup%2529nvcgku%2529qle%2525Ldliiptq%2523xk%2527itrgnv%2527pxy%2523xtwefzh%257Bx%2527q%25C3%25AA%2526w%257Biuejx%2523r%2524tbwqhmi%257B%252F%2525%255Cl%2529lhs%2525rdwk%2527fwld%257Bmuh%2525shm%2524%25C3%25AC%2521xqdojl%2521lugn%2524yfx%257Bo%257De%257Bfw%2526rp%2524owtxgjr%2527%25C3%25A6%2525t%25C3%25A8%2529hl%2521won%257Dmnf%2525s%25C3%25A8ukyvuvhwi&d=m51.no%252Fannonsering%252Ffacebook HTTP/1.1
Host: mr0.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.like.it/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
date: Thu, 22 Sep 2022 06:52:56 GMT
server: Apache/2.4.18 (Ubuntu)
cache-control: no-cache, no-store
mrhdebug: initialize START w:/MRH/MediaHandler.php?path=/5/6F/CF/DF317B696D22B2FE3BDDA3EE030&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAt664qx3hosuq%257Ciyjsm2oejfgurt%252A%257BuqCIjglctun6euottvnvpol%25260%2529Euottvnvpol%2526rp%2524Hofr%257C%257Ci-ejy%2540V98%2521mgu%2529irtuku%257Diy%2521xup%2529nvcgku%2529qle%2525Ldliiptq%2523xk%2527itrgnv%2527pxy%2523xtwefzh%257Bx%2527q%25C3%25AA%2526w%257Biuejx%2523r%2524tbwqhmi%257B%252F%2525%255Cl%2529lhs%2525rdwk%2527fwld%257Bmuh%2525shm%2524%25C3%25AC%2521xqdojl%2521lugn%2524yfx%257Bo%257De%257Bfw%2526rp%2524owtxgjr%2527%25C3%25A6%2525t%25C3%25A8%2529hl%2521won%257Dmnf%2525s%25C3%25A8ukyvuvhwi&d=m51.no%252Fannonsering%252Ffacebook|| @ 1663829575.9765||
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QkHLx6F0AHIjV0FRJt9D9JAfPmZ1NOSCXgwylKUc8cxLlU_1kGx95Q==
X-Firefox-Spdy: h2
mr0.imageadvantage.net/MRH/MediaHandler.php?path=/0/FB/DA/46B644DFDBE152D71E504704182&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAkjlowjpvquzx%257B2up4Ldliiptq%2529%257Dxs%253EMphut%2527njj%2523jrupsyh%257B%2524w%25C3%25A6%2525Ldliiptq%25236%2524Zmnq%2523u%257Drljy%2523my%2527j%2525yr%257Cmhmj%2526pnhpf%252Bjh%257CA%255Dj%2525zluf%25C2%2580s%2525x%25C3%25A8mkpwsoqp%2524vh%2525jurj%257B%2521f%257C%2523jrupsyh%257B%2524p%2521Xuvresf%2525Shmmls3%2526Nxr%257Bbpz%2523xwz%2521njdp2&d=digitalopptur.no%252FFacebook
54.230.111.49200 OK 0 B URL HTTP/2 mr0.imageadvantage.net/MRH/MediaHandler.php?path=/0/FB/DA/46B644DFDBE152D71E504704182&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAkjlowjpvquzx%257B2up4Ldliiptq%2529%257Dxs%253EMphut%2527njj%2523jrupsyh%257B%2524w%25C3%25A6%2525Ldliiptq%25236%2524Zmnq%2523u%257Drljy%2523my%2527j%2525yr%257Cmhmj%2526pnhpf%252Bjh%257CA%255Dj%2525zluf%25C2%2580s%2525x%25C3%25A8mkpwsoqp%2524vh%2525jurj%257B%2521f%257C%2523jrupsyh%257B%2524p%2521Xuvresf%2525Shmmls3%2526Nxr%257Bbpz%2523xwz%2521njdp2&d=digitalopptur.no%252FFacebook
IP 54.230.111.49:0
GET /MRH/MediaHandler.php?path=/0/FB/DA/46B644DFDBE152D71E504704182&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAkjlowjpvquzx%257B2up4Ldliiptq%2529%257Dxs%253EMphut%2527njj%2523jrupsyh%257B%2524w%25C3%25A6%2525Ldliiptq%25236%2524Zmnq%2523u%257Drljy%2523my%2527j%2525yr%257Cmhmj%2526pnhpf%252Bjh%257CA%255Dj%2525zluf%25C2%2580s%2525x%25C3%25A8mkpwsoqp%2524vh%2525jurj%257B%2521f%257C%2523jrupsyh%257B%2524p%2521Xuvresf%2525Shmmls3%2526Nxr%257Bbpz%2523xwz%2521njdp2&d=digitalopptur.no%252FFacebook HTTP/1.1
Host: mr0.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.like.it/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Thu, 22 Sep 2022 06:52:56 GMT
server: Apache/2.4.18 (Ubuntu)
cache-control: no-cache, no-store
mrhdebug: initialize START w:/MRH/MediaHandler.php?path=/0/FB/DA/46B644DFDBE152D71E504704182&mt=04&pid=9653.100&qs=yvFjhdjhrxo%2527bstrwwlsntj%2529q%257Db%252Bgg%257FAkjlowjpvquzx%257B2up4Ldliiptq%2529%257Dxs%253EMphut%2527njj%2523jrupsyh%257B%2524w%25C3%25A6%2525Ldliiptq%25236%2524Zmnq%2523u%257Drljy%2523my%2527j%2525yr%257Cmhmj%2526pnhpf%252Bjh%257CA%255Dj%2525zluf%25C2%2580s%2525x%25C3%25A8mkpwsoqp%2524vh%2525jurj%257B%2521f%257C%2523jrupsyh%257B%2524p%2521Xuvresf%2525Shmmls3%2526Nxr%257Bbpz%2523xwz%2521njdp2&d=digitalopptur.no%252FFacebook|| @ 1663829576.1481||
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Uu5iasiPAAuYoOnyayjleXQgxiBXqzoFcSVVjGAFutMvpqm9XYnTEg==
X-Firefox-Spdy: h2