ww38.dl.xetapp.us/downloads/software/security/encryption/drowssap.zip
93.115.28.104200 OK 524 B URL HTTP/1.1 ww38.dl.xetapp.us/downloads/software/security/encryption/drowssap.zip
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (524), with no line terminators
Hash 75255c9204799a84d59cff6ed677221f
4b1bac8dc0f61754104d0d1be2c7a3d103569a3d
85dc0a8cb8561304468225b754a50c91cd39c7fb954776e3de6354517bfdf970
Analyzer Verdict Alert fortinet Malware
GET /downloads/software/security/encryption/drowssap.zip HTTP/1.1
Host: ww38.dl.xetapp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 524
content-type: text/html; charset=utf-8
date: Thu, 29 Sep 2022 06:23:49 GMT
server: nginx
set-cookie: sid=485d4900-3fbf-11ed-bf8a-6fdda327f9f1; path=/; domain=.xetapp.us; expires=Tue, 17 Oct 2090 09:37:57 GMT; max-age=2147483647; HttpOnly
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 05:29:34 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3Yn_KVY2kQsYxmgdr9s_X97tjo9n5hN00GGlFV9umO3iDZKPilZkOA==
Age: 3256
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2622
Expires: Thu, 29 Sep 2022 07:07:32 GMT
Date: Thu, 29 Sep 2022 06:23:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ImXv5eHCaBS4vmWve3hocxokWQhkGz-bv58arMZQhF324qfFxUxjmg==
age: 3323
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 06:23:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ww38.dl.xetapp.us/favicon.ico
93.115.28.104404 Not Found 9 B URL HTTP/1.1 ww38.dl.xetapp.us/favicon.ico
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: ww38.dl.xetapp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dl.xetapp.us/downloads/software/security/encryption/drowssap.zip
Cookie: sid=485d4900-3fbf-11ed-bf8a-6fdda327f9f1
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Thu, 29 Sep 2022 06:23:50 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 29 Sep 2022 05:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Thu, 29 Sep 2022 05:35:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TLgsWreFH0OqkbHkV4AqwsiC6k2cBpVdBQcaARsL7u791BCkDL1h8A==
Age: 3258
ww38.dl.xetapp.us/downloads/software/security/encryption/drowssap.zip?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NDQzOTgzMCwiaWF0IjoxNjY0NDMyNjMwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2NrMWE1NjRlajcxcmdpaG8yN2hhazEiLCJuYmYiOjE2NjQ0MzI2MzAsInRzIjoxNjY0NDMyNjMwMzc2MTE0fQ.y3DzcT6RqcNFBRGCWb4AltTPB65S-_6_JIAE9GuASOw&sid=485d4900-3fbf-11ed-bf8a-6fdda327f9f1
93.115.28.104302 Found 11 B URL HTTP/1.1 ww38.dl.xetapp.us/downloads/software/security/encryption/drowssap.zip?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NDQzOTgzMCwiaWF0IjoxNjY0NDMyNjMwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2NrMWE1NjRlajcxcmdpaG8yN2hhazEiLCJuYmYiOjE2NjQ0MzI2MzAsInRzIjoxNjY0NDMyNjMwMzc2MTE0fQ.y3DzcT6RqcNFBRGCWb4AltTPB65S-_6_JIAE9GuASOw&sid=485d4900-3fbf-11ed-bf8a-6fdda327f9f1
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /downloads/software/security/encryption/drowssap.zip?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NDQzOTgzMCwiaWF0IjoxNjY0NDMyNjMwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2NrMWE1NjRlajcxcmdpaG8yN2hhazEiLCJuYmYiOjE2NjQ0MzI2MzAsInRzIjoxNjY0NDMyNjMwMzc2MTE0fQ.y3DzcT6RqcNFBRGCWb4AltTPB65S-_6_JIAE9GuASOw&sid=485d4900-3fbf-11ed-bf8a-6fdda327f9f1 HTTP/1.1
Host: ww38.dl.xetapp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dl.xetapp.us/downloads/software/security/encryption/drowssap.zip
Cookie: sid=485d4900-3fbf-11ed-bf8a-6fdda327f9f1
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Thu, 29 Sep 2022 06:23:50 GMT
location: http://irene-eux.com/zcvisitor/48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
server: nginx
set-cookie: sid=485d4900-3fbf-11ed-bf8a-6fdda327f9f1; path=/; domain=.xetapp.us; expires=Tue, 17 Oct 2090 09:37:58 GMT; max-age=2147483647; HttpOnly
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6305
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 06:23:51 GMT
Last-Modified: Thu, 29 Sep 2022 04:38:46 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
irene-eux.com/zcvisitor/48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
35.174.150.83200 996 B URL HTTP/1.1 irene-eux.com/zcvisitor/48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9b914918e9beed8cb64071b7fcc17668
c5abc4939eea94c0ac8208c9d90d3859d27c3a6a
c4b93c6f906d5d0442aa6ed3811365ff71acf44479567fb41683f04064d9fea6
GET /zcvisitor/48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97 HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww38.dl.xetapp.us/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Thu, 29 Sep 2022 06:23:51 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: ishkBMKG
irene-eux.com/zcredirect?visitid=48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
35.174.150.83200 516 B URL HTTP/1.1 irene-eux.com/zcredirect?visitid=48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f18249f4698f5602462cdfd7b17442eb
1151d405d183b38f238bf69bd97fb3f19e67f317
d92a1b366ebc2df2717d1666c0c7ff3cc2ed002e6e4101870d86a716d5e0ab23
GET /zcredirect?visitid=48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/48ac0590-3fbf-11ed-b3bf-0ad4acf4bc97/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Thu, 29 Sep 2022 06:23:51 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: ishkBMKG
push.services.mozilla.com/
54.191.251.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.251.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: v8FYPqx/EbDLUKOaxu3thQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dN/PtLxPCZa74/xxr8lJSP85tV0=
track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f2448139c75060b78ddc6210678786fc828d89e91
35.180.17.130200 OK 310 B URL HTTP/2 track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f2448139c75060b78ddc6210678786fc828d89e91
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8c071be4f4672eec725c5fe1ef4caf0c
46fbaa25521417aac7db433d12629266a44169e1
ea4dfbd88f12325ea0a4d297aa2a4311f6b2ef31ba0a30ba483ea261753545cf
GET /tm.ashx?source=zp-1-1891178&det=0.010000&gio=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f2448139c75060b78ddc6210678786fc828d89e91 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 29 Sep 2022 06:23:51 GMT
content-length: 310
X-Firefox-Spdy: h2
track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f244813&cost=0.010000
35.180.17.130302 Found 158 B URL HTTP/2 track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f244813&cost=0.010000
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c184564c5f290572d03b0323eea4a55c
69da0e3bf633ce90de367906bec08827b7bf6bc4
12c579efcf0764649601111907e6c63bb7e31b074bc3c4fa78da027c7f1ef362
GET /tm2.ashx?&source=zp-1-1891178&pubid=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f244813&cost=0.010000 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f2448139c75060b78ddc6210678786fc828d89e91
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
cache-control: private
content-type: text/html; charset=utf-8
location: https://service.no.like.it/in.ashx?c=1171
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 29 Sep 2022 06:23:52 GMT
content-length: 158
X-Firefox-Spdy: h2
track.domainparkingmanager.it/favicon.ico
35.180.17.130404 Not Found 1.2 kB URL HTTP/2 track.domainparkingmanager.it/favicon.ico
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /favicon.ico HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zr48ac05903fbf11edb3bf0ad4acf4bc97d96ea80f5f2448139c75060b78ddc6210678786fc828d89e91
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 29 Sep 2022 06:23:52 GMT
content-length: 1245
X-Firefox-Spdy: h2
service.no.like.it/in.ashx?c=1171
35.180.205.178302 Found 192 B URL HTTP/2 service.no.like.it/in.ashx?c=1171
IP 35.180.205.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2982d758fa8b4b5505f33bc1d30f1f97
84d98a8f623a58b4cd8255abba28c57d9f2cd548
697b3b4fa9e7414ea357f98b39ccaefb2f92238a2b06840b3a94156a1caad7ef
GET /in.ashx?c=1171 HTTP/1.1
Host: service.no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
location: https://no.like.it/Search?q=liten svart sekk&country=no&language=no
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
set-cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=liten+svart+sekk&c=1171&logcookie=24496838; domain=no.like.it; expires=Thu, 29-Sep-2022 06:24:52 GMT; path=/; secure; SameSite=None
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 29 Sep 2022 06:23:52 GMT
content-length: 192
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7d750cb38b3e194308d8925b04a8c88
52ca8076e3635a4d95eeacd57814ff781dcd293c
3c42fd19783d561986ac6d21975f017beb30ccff96a8223fa0be37d5d2785add
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C42FD19783D561986AC6D21975F017BEB30CCFF96A8223FA0BE37D5D2785ADD"
Last-Modified: Wed, 28 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15173
Expires: Thu, 29 Sep 2022 10:36:45 GMT
Date: Thu, 29 Sep 2022 06:23:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9012
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:23:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9012
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:23:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9012
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:23:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2054ae778a3079d8233ee33045127df6
927d5a375d9607b23caadae148566fdff10147b1
6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9034
x-amzn-requestid: ccfaad8d-c270-491f-b0fa-ac56fb1ba14e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVJ_G2doAMFXqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633268a6-1599ec83051ceef5038d1296;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:06:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: G--ubYYfq5CFGAZzorD-TAgKentdIyvzSjrvqjTf_yGWDvjwX75KHg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:21 GMT
age: 7411
etag: "927d5a375d9607b23caadae148566fdff10147b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c62a6368c456e9614ca4c8e360a2ef12
35ec6e80d324bb215796c590a7ffafbaea55d88e
90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XwUZAphoqael30FgWCRQlHqBpjBOSG7rnlbPNKyojhONZ625gCUI5g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 08:28:02 GMT
age: 78950
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 456968f691ae9464d69a37bffe9bd7ce
31b8538deb0f00d5b4182739a4a2fcc1b956a998
5cde1e3158e6c6c0b7a01d3bd32f2aa292b3b205f604e5c4ed71cafedad06bf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7810
x-amzn-requestid: 7f6d92e1-c7b1-4dd2-9efa-52ad324ca19d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK6pFvkoAMF_yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334beaa-362b7368566955966db78385;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TbPFEVDpMOjK26iu1UGcx56vtP7Pywq05VAylNubOIfbMgo1qGsA-w==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:12:40 GMT
age: 7872
etag: "31b8538deb0f00d5b4182739a4a2fcc1b956a998"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VwWbbPJtnsSB1Y6riPtCZXX0Ocmxw024YRmlebWN1UQxZX3uvjsvOw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 05:41:14 GMT
age: 2558
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7277f59f-452d-4cb6-a76e-1561b4ff3de0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGW2REPzoAMFrww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326b5b-4f5d775830c95b065ce40d3f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:17:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jTiWrrcC29QaFlnaiNH_KmEaphRZhWyzf1JbWb6uL00D3vOMR7Wfyg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 03:28:09 GMT
age: 10543
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9f94853ffae41ec3c0e002bc152da1c4
7057c6707c7299ac386c6b2164240eff241db294
818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6795
x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCs6FbooAMFyHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: o1q8r6PSQDQyLs4xfhCSXu4q8fFi3zIoAIMlwNznvOsEtORfuVumCA==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 05:17:35 GMT
age: 3977
etag: "7057c6707c7299ac386c6b2164240eff241db294"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
no.like.it/Search?q=liten%20svart%20sekk&country=no&language=no
185.25.205.112200 OK 9.4 kB URL HTTP/2 no.like.it/Search?q=liten%20svart%20sekk&country=no&language=no
IP 185.25.205.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5826), with CRLF, LF line terminators
Hash 6b4ef8f5abb8fced72f3b08146a949af
d0086584a6f5b08bf7599b00920999576fd65b66
46cfdb5148ce4158a0a80e0d183de10bbe66e045fc66df256983a801ce9ec9fb
GET /Search?q=liten%20svart%20sekk&country=no&language=no HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=liten+svart+sekk&c=1171&logcookie=24496838
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Thu, 29 Sep 2022 06:21:05 GMT
content-length: 9412
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0acb404c6e5e614b2b45960b66540566
9dd62de9f34b30f89ff0fbe054affd8114562b65
78195875441b18f2c34830e59c85bfba8aa9e4afb3953ea232352b49d67d76bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 06:23:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
142.250.74.164200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 74761b26dcc751cca4af38da2a9cdce9
6b77bf6c517f1b98bdc4d8e61100c42aaeaa3901
8bad81c93823db478d5ed1b1bc51bd8cd547e5e0dea789de3693b0f4cb6efd31
GET /recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 29 Sep 2022 06:23:53 GMT
date: Thu, 29 Sep 2022 06:23:53 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7f6c1bbbde940ad17ceda150b7b1664d
7273da22f182d9540784068537cc678ec27800d3
4d8a6cd94e298a71543331248750230237a56a67cef251c7a204291612dbb569
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 06:23:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 5785ab42dafddac942db40a47f4b08b5
9ebc4367d9a9e9aa0e22895850e5c61403ab2236
a896c88afd4161564021701e4b2b6c0c50e9a947870fabf4392416c3e564d1a8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:23:53 GMT
Last-Modified: Thu, 29 Sep 2022 05:31:33 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bFLOVN3NpegxpFlxex_jTZvtBm8zIDP0M9J97sNauJZzZSS96kpldg==
Age: 3140
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 5785ab42dafddac942db40a47f4b08b5
9ebc4367d9a9e9aa0e22895850e5c61403ab2236
a896c88afd4161564021701e4b2b6c0c50e9a947870fabf4392416c3e564d1a8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:23:53 GMT
Last-Modified: Thu, 29 Sep 2022 06:05:18 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jZ2wKej2EHrh_Lf4veW24thIkUN2DGmthnI40b4dx6yw_SovbvmQhw==
Age: 1115
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 5785ab42dafddac942db40a47f4b08b5
9ebc4367d9a9e9aa0e22895850e5c61403ab2236
a896c88afd4161564021701e4b2b6c0c50e9a947870fabf4392416c3e564d1a8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:23:53 GMT
Server: ECS (dcb/7EA3)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bI0OyCxsWvX8AhqF2GElvaE3Ss8Yjki1zHngl7m_JAcs5bPqDqDb9g==
yu.imageadvantage.net/1/70/27/76A4F368A39E7A1133064EC139F.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3ysxv%7Btskw%7D2up4zx%7By%7Bty%7Fu8wllpku%2Fx%7BmBYh%29y%7Bwfrjnx%27ity%23%5Ctvsyyqnx%7B%212%26Vnorfw%26i%7Be%27lokq%7Di%27njxnnzhsjx%29miz%3EXvr%7Bxzojzw%29lhs%25kw%29w%7Bpwz%23%7Ex%7Dbqm%23jz%27tjqnnv%27unr%23%7Dvlontj5%24%7Bvw%26rp%24zqtxw7%24Rk%C3%BDv%23nrrfqz%23y%C3%A9%27ojzw7%24Zfpqh%7B%24%7Bjq%26gnk%27tts%23qey%21m%C3%BE%7Cn%24wsjlh%7Beutjx%236%24rk%C3%BDv%23mmu%21skv%7Di%27tjqn%29lvt%25uv%7C%25&d=www.sportsnett.no%2Fturutstyr%2Fsekker
54.230.111.96302 Moved Temporarily 1.1 kB URL HTTP/1.1 yu.imageadvantage.net/1/70/27/76A4F368A39E7A1133064EC139F.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3ysxv%7Btskw%7D2up4zx%7By%7Bty%7Fu8wllpku%2Fx%7BmBYh%29y%7Bwfrjnx%27ity%23%5Ctvsyyqnx%7B%212%26Vnorfw%26i%7Be%27lokq%7Di%27njxnnzhsjx%29miz%3EXvr%7Bxzojzw%29lhs%25kw%29w%7Bpwz%23%7Ex%7Dbqm%23jz%27tjqnnv%27unr%23%7Dvlontj5%24%7Bvw%26rp%24zqtxw7%24Rk%C3%BDv%23nrrfqz%23y%C3%A9%27ojzw7%24Zfpqh%7B%24%7Bjq%26gnk%27tts%23qey%21m%C3%BE%7Cn%24wsjlh%7Beutjx%236%24rk%C3%BDv%23mmu%21skv%7Di%27tjqn%29lvt%25uv%7C%25&d=www.sportsnett.no%2Fturutstyr%2Fsekker
IP 54.230.111.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (827)
Hash 617171b70df170acbd697bd8a5f6def4
101d5b8ffd8a38b72f036ae5b312ee66d1c68de8
421a0b4987819df7e22e7726a6bcab15900110ff93a1a0876fc6b24eba6ea435
GET /1/70/27/76A4F368A39E7A1133064EC139F.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3ysxv%7Btskw%7D2up4zx%7By%7Bty%7Fu8wllpku%2Fx%7BmBYh%29y%7Bwfrjnx%27ity%23%5Ctvsyyqnx%7B%212%26Vnorfw%26i%7Be%27lokq%7Di%27njxnnzhsjx%29miz%3EXvr%7Bxzojzw%29lhs%25kw%29w%7Bpwz%23%7Ex%7Dbqm%23jz%27tjqnnv%27unr%23%7Dvlontj5%24%7Bvw%26rp%24zqtxw7%24Rk%C3%BDv%23nrrfqz%23y%C3%A9%27ojzw7%24Zfpqh%7B%24%7Bjq%26gnk%27tts%23qey%21m%C3%BE%7Cn%24wsjlh%7Beutjx%236%24rk%C3%BDv%23mmu%21skv%7Di%27tjqn%29lvt%25uv%7C%25&d=www.sportsnett.no%2Fturutstyr%2Fsekker HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 1094
Connection: keep-alive
Date: Thu, 29 Sep 2022 06:23:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/1/70/27/76A4F368A39E7A1133064EC139F&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ysxv%257Btskw%257D2up4zx%257By%257Bty%257Fu8wllpku%252Fx%257BmBYh%2529y%257Bwfrjnx%2527ity%2523%255Ctvsyyqnx%257B%25212%2526Vnorfw%2526i%257Be%2527lokq%257Di%2527njxnnzhsjx%2529miz%253EXvr%257Bxzojzw%2529lhs%2525kw%2529w%257Bpwz%2523%257Ex%257Dbqm%2523jz%2527tjqnnv%2527unr%2523%257Dvlontj5%2524%257Bvw%2526rp%2524zqtxw7%2524Rk%25C3%25BDv%2523nrrfqz%2523y%25C3%25A9%2527ojzw7%2524Zfpqh%257B%2524%257Bjq%2526gnk%2527tts%2523qey%2521m%25C3%25BE%257Cn%2524wsjlh%257Beutjx%25236%2524rk%25C3%25BDv%2523mmu%2521skv%257Di%2527tjqn%2529lvt%2525uv%257C%2525&d=www.sportsnett.no%252Fturutstyr%252Fsekker
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xYmheo2rRoFz9jVuKHHCF7WIaXmyOBGhDzyyZptxECkgfuqvFl5xTg==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 06:23:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yu.imageadvantage.net/D/B7/56/A0301614AC57D435E11508BAEFA.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3hh%7Bkhox4fxq6tjqn%2Fx%7BmBHh%7Bkhox%26vnor%212%26Envnbsy%23xj%27Otxzj%7D-ejy%40Jp%7B%21i%7B%23%7Dvlolku%29xpm%25jlw%24ufxzh%29x%7Cstvsui%7Dfqyh7%24Msnrxoxzvyyw%C2%82v%27gtx%23ymvojxh%7B%24nkjtqxq%27fy%26%C3%A8%7Bl%7Coixh%29qle%25kynr%7Bzw2%23mikjpgvssu%21tm%23umkfsynjt5&d=www.bergans.com%2Fsekk
54.230.111.96302 Moved Temporarily 881 B URL HTTP/1.1 yu.imageadvantage.net/D/B7/56/A0301614AC57D435E11508BAEFA.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3hh%7Bkhox4fxq6tjqn%2Fx%7BmBHh%7Bkhox%26vnor%212%26Envnbsy%23xj%27Otxzj%7D-ejy%40Jp%7B%21i%7B%23%7Dvlolku%29xpm%25jlw%24ufxzh%29x%7Cstvsui%7Dfqyh7%24Msnrxoxzvyyw%C2%82v%27gtx%23ymvojxh%7B%24nkjtqxq%27fy%26%C3%A8%7Bl%7Coixh%29qle%25kynr%7Bzw2%23mikjpgvssu%21tm%23umkfsynjt5&d=www.bergans.com%2Fsekk
IP 54.230.111.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (614)
Hash 909615378fac9b089484a1abdcf06415
8fcfcbe1b648df0129b61513664954a5496d0dbd
4fc485ab0c08459b03170e4343bf76a5ca6463a6dabb8f56fc623cefd47623e9
GET /D/B7/56/A0301614AC57D435E11508BAEFA.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3hh%7Bkhox4fxq6tjqn%2Fx%7BmBHh%7Bkhox%26vnor%212%26Envnbsy%23xj%27Otxzj%7D-ejy%40Jp%7B%21i%7B%23%7Dvlolku%29xpm%25jlw%24ufxzh%29x%7Cstvsui%7Dfqyh7%24Msnrxoxzvyyw%C2%82v%27gtx%23ymvojxh%7B%24nkjtqxq%27fy%26%C3%A8%7Bl%7Coixh%29qle%25kynr%7Bzw2%23mikjpgvssu%21tm%23umkfsynjt5&d=www.bergans.com%2Fsekk HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 881
Connection: keep-alive
Date: Thu, 29 Sep 2022 06:23:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/D/B7/56/A0301614AC57D435E11508BAEFA&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3hh%257Bkhox4fxq6tjqn%252Fx%257BmBHh%257Bkhox%2526vnor%25212%2526Envnbsy%2523xj%2527Otxzj%257D-ejy%2540Jp%257B%2521i%257B%2523%257Dvlolku%2529xpm%2525jlw%2524ufxzh%2529x%257Cstvsui%257Dfqyh7%2524Msnrxoxzvyyw%25C2%2582v%2527gtx%2523ymvojxh%257B%2524nkjtqxq%2527fy%2526%25C3%25A8%257Bl%257Coixh%2529qle%2525kynr%257Bzw2%2523mikjpgvssu%2521tm%2523umkfsynjt5&d=www.bergans.com%252Fsekk
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ysHqEupS7vCFtLGjWrJzCES4tRx6oxvTSbUzYcBNYmkdD1bOpzMhdw==
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (826)
Size 158 kB (158248 bytes)
Hash db1b5789e9915e9c82f5df92e5982980
2e193e502995501c85f45fd89d9f83707a7f9573
db9c82b18117d7cff0f674de758f5bbb39bc6dee969cee679c741090968b9206
GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://no.like.it
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 22:25:55 GMT
expires: Mon, 25 Sep 2023 22:25:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/javascript
age: 287878
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15dbf298fc5c3f79b34abf59118cc01c
c48dc908b9aa86adb5017683a23b625d8fd1b955
9061294bc67906630f52dfdb486941691a8b9291b938c032076cef3f7bf21ce7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 06:23:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash d6c1bceb54fff8feb6221834a2f9461c
dd4cb81509cae4f2ec36f899968ea04038d70756
b2f2765546b13cf625d911f3501a05c90f3698c7a9e2799f566dd6a741ccf282
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:23:53 GMT
Last-Modified: Thu, 29 Sep 2022 06:09:33 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7YzvNKX6T3DaF_qb24wKLD18i9xHW1YB2eaFrzCBb5Fz_yALV3TOIQ==
Age: 860
yu.imageadvantage.net/6/1A/27/96318A8105F6124EEE7EF5475D3.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3ux%7Drvsyn1ws-uyr%40%5Czhsy%26vnor%212%26Ius%7Buj%26rp%24wsfqwrwrf%25x%7Cpkzfpqh%7B%2AkfxCNs%C3%BCw%21x%7Cd%7Bx%27tjqn%29lvt%25Ux%7Drvsyn1%29Tyjxr%C3%BBoxl-%25xd%7Co%27mj%7Ch%7Bmuh%25uj%29jyj%25xh%7Dyy%2F%25Nr%7C%24vtx%26irrufw%26g%7E%24rm%C3%ABx%2F%29wrp%25uj%29y%7Bty%7Fu%29jvs%25gn%7Dm%7Djykwnv%27pl%26w%7Biujsm%23%7Exloi%C3%BEu%7C2&d=www.outnorth.no
54.230.111.96302 Moved Temporarily 978 B URL HTTP/1.1 yu.imageadvantage.net/6/1A/27/96318A8105F6124EEE7EF5475D3.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3ux%7Drvsyn1ws-uyr%40%5Czhsy%26vnor%212%26Ius%7Buj%26rp%24wsfqwrwrf%25x%7Cpkzfpqh%7B%2AkfxCNs%C3%BCw%21x%7Cd%7Bx%27tjqn%29lvt%25Ux%7Drvsyn1%29Tyjxr%C3%BBoxl-%25xd%7Co%27mj%7Ch%7Bmuh%25uj%29jyj%25xh%7Dyy%2F%25Nr%7C%24vtx%26irrufw%26g%7E%24rm%C3%ABx%2F%29wrp%25uj%29y%7Bty%7Fu%29jvs%25gn%7Dm%7Djykwnv%27pl%26w%7Biujsm%23%7Exloi%C3%BEu%7C2&d=www.outnorth.no
IP 54.230.111.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (711)
Hash 4764442f96250aca37c4ba07da2ef7e1
8de1b18e81b4f6464711219983cdcfce0b14ab8a
7ba838df58416d9c2eb139c8629e10f2b3a6a25547ec9c279df3a6014294c182
GET /6/1A/27/96318A8105F6124EEE7EF5475D3.jpg?pid=9653.100&qs=yvFppujt%23%7Czhsy%26vnor%27fjyF%7B%7Ex3ux%7Drvsyn1ws-uyr%40%5Czhsy%26vnor%212%26Ius%7Buj%26rp%24wsfqwrwrf%25x%7Cpkzfpqh%7B%2AkfxCNs%C3%BCw%21x%7Cd%7Bx%27tjqn%29lvt%25Ux%7Drvsyn1%29Tyjxr%C3%BBoxl-%25xd%7Co%27mj%7Ch%7Bmuh%25uj%29jyj%25xh%7Dyy%2F%25Nr%7C%24vtx%26irrufw%26g%7E%24rm%C3%ABx%2F%29wrp%25uj%29y%7Bty%7Fu%29jvs%25gn%7Dm%7Djykwnv%27pl%26w%7Biujsm%23%7Exloi%C3%BEu%7C2&d=www.outnorth.no HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 978
Connection: keep-alive
Date: Thu, 29 Sep 2022 06:23:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/6/1A/27/96318A8105F6124EEE7EF5475D3&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ux%257Drvsyn1ws-uyr%2540%255Czhsy%2526vnor%25212%2526Ius%257Buj%2526rp%2524wsfqwrwrf%2525x%257Cpkzfpqh%257B%252AkfxCNs%25C3%25BCw%2521x%257Cd%257Bx%2527tjqn%2529lvt%2525Ux%257Drvsyn1%2529Tyjxr%25C3%25BBoxl-%2525xd%257Co%2527mj%257Ch%257Bmuh%2525uj%2529jyj%2525xh%257Dyy%252F%2525Nr%257C%2524vtx%2526irrufw%2526g%257E%2524rm%25C3%25ABx%252F%2529wrp%2525uj%2529y%257Bty%257Fu%2529jvs%2525gn%257Dm%257Djykwnv%2527pl%2526w%257Biujsm%2523%257Exloi%25C3%25BEu%257C2&d=www.outnorth.no
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ajAbpZPewWo4Ps9JFfApMXSS_zMTwwNrjNc22BYvOV7tbh0tbUhb2A==
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:31:58 GMT
expires: Sun, 24 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 409915
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 00:48:31 GMT
expires: Sat, 23 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 538522
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
no.like.it/favicon.ico
185.25.205.112200 OK 11 kB IP 185.25.205.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8215), with CRLF, LF line terminators
Hash 02af877c2d269c1f50ddfec87e59127d
56677806fda4eeaac035af971e5012e655c1e970
9d94992a27c12eb90a9d7c88f6f45740b0d66521947b0d4bc929d92e49af9bd6
GET /favicon.ico HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/Search?q=liten%20svart%20sekk&country=no&language=no
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=liten+svart+sekk&c=1171&logcookie=24496838
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Thu, 29 Sep 2022 06:21:06 GMT
content-length: 10562
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash a7a0301746a0be40b87b409af5552d6f
bdad0c49242735a1d4e5a3fc35713fa7eb1a80a4
efb97299ccd0a0ccf43014ccb4a256d151afc5368107d6c8faf1bb851068a7cd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:23:58 GMT
Last-Modified: Thu, 29 Sep 2022 04:34:04 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v3h7bhO2g6LNcn5QpG-lHoHzvxgjnt80gWs26xOy487N2spa6-x9PA==
Age: 6594
mr0.imageadvantage.net/MRH/MediaHandler.php?path=/D/B7/56/A0301614AC57D435E11508BAEFA&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3hh%257Bkhox4fxq6tjqn%252Fx%257BmBHh%257Bkhox%2526vnor%25212%2526Envnbsy%2523xj%2527Otxzj%257D-ejy%2540Jp%257B%2521i%257B%2523%257Dvlolku%2529xpm%2525jlw%2524ufxzh%2529x%257Cstvsui%257Dfqyh7%2524Msnrxoxzvyyw%25C2%2582v%2527gtx%2523ymvojxh%257B%2524nkjtqxq%2527fy%2526%25C3%25A8%257Bl%257Coixh%2529qle%2525kynr%257Bzw2%2523mikjpgvssu%2521tm%2523umkfsynjt5&d=www.bergans.com%252Fsekk
54.230.111.127200 OK 24 kB URL HTTP/2 mr0.imageadvantage.net/MRH/MediaHandler.php?path=/D/B7/56/A0301614AC57D435E11508BAEFA&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3hh%257Bkhox4fxq6tjqn%252Fx%257BmBHh%257Bkhox%2526vnor%25212%2526Envnbsy%2523xj%2527Otxzj%257D-ejy%2540Jp%257B%2521i%257B%2523%257Dvlolku%2529xpm%2525jlw%2524ufxzh%2529x%257Cstvsui%257Dfqyh7%2524Msnrxoxzvyyw%25C2%2582v%2527gtx%2523ymvojxh%257B%2524nkjtqxq%2527fy%2526%25C3%25A8%257Bl%257Coixh%2529qle%2525kynr%257Bzw2%2523mikjpgvssu%2521tm%2523umkfsynjt5&d=www.bergans.com%252Fsekk
IP 54.230.111.127:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 324c316c814d1df9add704b45f08d16b
1fec972ce8b59d1d7bc3a41f4eab19f917181772
635f7b4cf11835c214d62010475af591d33c445452364d229dc864309d03b965
GET /MRH/MediaHandler.php?path=/D/B7/56/A0301614AC57D435E11508BAEFA&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3hh%257Bkhox4fxq6tjqn%252Fx%257BmBHh%257Bkhox%2526vnor%25212%2526Envnbsy%2523xj%2527Otxzj%257D-ejy%2540Jp%257B%2521i%257B%2523%257Dvlolku%2529xpm%2525jlw%2524ufxzh%2529x%257Cstvsui%257Dfqyh7%2524Msnrxoxzvyyw%25C2%2582v%2527gtx%2523ymvojxh%257B%2524nkjtqxq%2527fy%2526%25C3%25A8%257Bl%257Coixh%2529qle%2525kynr%257Bzw2%2523mikjpgvssu%2521tm%2523umkfsynjt5&d=www.bergans.com%252Fsekk HTTP/1.1
Host: mr0.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.like.it/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
date: Thu, 29 Sep 2022 06:23:55 GMT
server: Apache/2.4.18 (Ubuntu)
cache-control: no-cache, no-store
mrhdebug: initialize START w:/MRH/MediaHandler.php?path=/D/B7/56/A0301614AC57D435E11508BAEFA&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3hh%257Bkhox4fxq6tjqn%252Fx%257BmBHh%257Bkhox%2526vnor%25212%2526Envnbsy%2523xj%2527Otxzj%257D-ejy%2540Jp%257B%2521i%257B%2523%257Dvlolku%2529xpm%2525jlw%2524ufxzh%2529x%257Cstvsui%257Dfqyh7%2524Msnrxoxzvyyw%25C2%2582v%2527gtx%2523ymvojxh%257B%2524nkjtqxq%2527fy%2526%25C3%25A8%257Bl%257Coixh%2529qle%2525kynr%257Bzw2%2523mikjpgvssu%2521tm%2523umkfsynjt5&d=www.bergans.com%252Fsekk|| @ 1664432633.808||
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: c607HIpdI5eEmcbkuIEG1aelCCSZehe1pwoK4POe2MuSm2SATG4zEw==
X-Firefox-Spdy: h2
r.search.yahoo.com/cbclk/dWU9MDgwNTJFNzcxQjc4NDQzQyZ1dD0xNjY0NDMyNjMyNjAzJnVvPTc5OTg5NTk3NDQ2NzYzJmx0PTImcz0yJmVzPWRTdEY4YklHUFM5dk5kVEROend0dHBrY0JQSHFUdTdXeFhxdE5yVFN0dDJJblEtLQ--/RV=2/RE=1664461432/RO=10/RU=https%3a%2f%2fwww.bing.com%2faclick%3fld%3de81uExOm7puxi_CWRcbdqUfDVUCUzUcrF7T8KAqcr9ZWPFvEVW5lv-loQlt0ykBKRsmBewqkExqSBLI7zD51LcRbQVs_GuVVmUDSmCpPcS8ZlB1PkZDLNvW5nK74MuYoizXZk-KPinDJPrd1G2ukJ3LKALHvlrh923MQjDJ-Lr5VjI__3Y%26u%3daHR0cHMlM2ElMmYlMmZ3d3cub3V0bm9ydGgubm8lMmZ0dXJ1dHN0eXIlMmZiYWVyZS1vcHBiZXZhcmluZyUyZnJ5Z2dzZWtrZXIlM2ZmJTI1NUJjb2xvciUyNTVEJTI1NUIlMjU1RCUzZGJsYWNrJTI2bXNjbGtpZCUzZGRlZDNiZjlkMzdiYzFlODk3ZDU4ZGNhODBlNDQ5MGE1JTI2dXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkJTI1NUJOTyUyNTVEJTI1MjBwLXMlYzMlYjZrLWthdGVnb3JpLXJ5Z2dzJWMzJWE0Y2thci12JWMzJWE0c2tvci1ibW0lMjZ1dG1fdGVybSUzZCUyNTJCc3ZhcnQlMjUyMCUyNTJCc2VrayUyNnV0bV9jb250ZW50JTNkU3ZhcnQlMjUyMFNla2s%26rlid%3dded3bf9d37bc1e897d58dca80e4490a5/RK=2/RS=p57onwXraKy2cz7ZhKPCyRFCbWQ-
212.82.100.137302 Found 0 B URL HTTP/2 r.search.yahoo.com/cbclk/dWU9MDgwNTJFNzcxQjc4NDQzQyZ1dD0xNjY0NDMyNjMyNjAzJnVvPTc5OTg5NTk3NDQ2NzYzJmx0PTImcz0yJmVzPWRTdEY4YklHUFM5dk5kVEROend0dHBrY0JQSHFUdTdXeFhxdE5yVFN0dDJJblEtLQ--/RV=2/RE=1664461432/RO=10/RU=https%3a%2f%2fwww.bing.com%2faclick%3fld%3de81uExOm7puxi_CWRcbdqUfDVUCUzUcrF7T8KAqcr9ZWPFvEVW5lv-loQlt0ykBKRsmBewqkExqSBLI7zD51LcRbQVs_GuVVmUDSmCpPcS8ZlB1PkZDLNvW5nK74MuYoizXZk-KPinDJPrd1G2ukJ3LKALHvlrh923MQjDJ-Lr5VjI__3Y%26u%3daHR0cHMlM2ElMmYlMmZ3d3cub3V0bm9ydGgubm8lMmZ0dXJ1dHN0eXIlMmZiYWVyZS1vcHBiZXZhcmluZyUyZnJ5Z2dzZWtrZXIlM2ZmJTI1NUJjb2xvciUyNTVEJTI1NUIlMjU1RCUzZGJsYWNrJTI2bXNjbGtpZCUzZGRlZDNiZjlkMzdiYzFlODk3ZDU4ZGNhODBlNDQ5MGE1JTI2dXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkJTI1NUJOTyUyNTVEJTI1MjBwLXMlYzMlYjZrLWthdGVnb3JpLXJ5Z2dzJWMzJWE0Y2thci12JWMzJWE0c2tvci1ibW0lMjZ1dG1fdGVybSUzZCUyNTJCc3ZhcnQlMjUyMCUyNTJCc2VrayUyNnV0bV9jb250ZW50JTNkU3ZhcnQlMjUyMFNla2s%26rlid%3dded3bf9d37bc1e897d58dca80e4490a5/RK=2/RS=p57onwXraKy2cz7ZhKPCyRFCbWQ-
IP 212.82.100.137:0
ASN #34010 Yahoo! UK Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cbclk/dWU9MDgwNTJFNzcxQjc4NDQzQyZ1dD0xNjY0NDMyNjMyNjAzJnVvPTc5OTg5NTk3NDQ2NzYzJmx0PTImcz0yJmVzPWRTdEY4YklHUFM5dk5kVEROend0dHBrY0JQSHFUdTdXeFhxdE5yVFN0dDJJblEtLQ--/RV=2/RE=1664461432/RO=10/RU=https%3a%2f%2fwww.bing.com%2faclick%3fld%3de81uExOm7puxi_CWRcbdqUfDVUCUzUcrF7T8KAqcr9ZWPFvEVW5lv-loQlt0ykBKRsmBewqkExqSBLI7zD51LcRbQVs_GuVVmUDSmCpPcS8ZlB1PkZDLNvW5nK74MuYoizXZk-KPinDJPrd1G2ukJ3LKALHvlrh923MQjDJ-Lr5VjI__3Y%26u%3daHR0cHMlM2ElMmYlMmZ3d3cub3V0bm9ydGgubm8lMmZ0dXJ1dHN0eXIlMmZiYWVyZS1vcHBiZXZhcmluZyUyZnJ5Z2dzZWtrZXIlM2ZmJTI1NUJjb2xvciUyNTVEJTI1NUIlMjU1RCUzZGJsYWNrJTI2bXNjbGtpZCUzZGRlZDNiZjlkMzdiYzFlODk3ZDU4ZGNhODBlNDQ5MGE1JTI2dXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkJTI1NUJOTyUyNTVEJTI1MjBwLXMlYzMlYjZrLWthdGVnb3JpLXJ5Z2dzJWMzJWE0Y2thci12JWMzJWE0c2tvci1ibW0lMjZ1dG1fdGVybSUzZCUyNTJCc3ZhcnQlMjUyMCUyNTJCc2VrayUyNnV0bV9jb250ZW50JTNkU3ZhcnQlMjUyMFNla2s%26rlid%3dded3bf9d37bc1e897d58dca80e4490a5/RK=2/RS=p57onwXraKy2cz7ZhKPCyRFCbWQ- HTTP/1.1
Host: r.search.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.like.it/
Connection: keep-alive
Cookie: GUCS=AVj1LBcs
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.bing.com/aclick?ld=e81uExOm7puxi_CWRcbdqUfDVUCUzUcrF7T8KAqcr9ZWPFvEVW5lv-loQlt0ykBKRsmBewqkExqSBLI7zD51LcRbQVs_GuVVmUDSmCpPcS8ZlB1PkZDLNvW5nK74MuYoizXZk-KPinDJPrd1G2ukJ3LKALHvlrh923MQjDJ-Lr5VjI__3Y&u=aHR0cHMlM2ElMmYlMmZ3d3cub3V0bm9ydGgubm8lMmZ0dXJ1dHN0eXIlMmZiYWVyZS1vcHBiZXZhcmluZyUyZnJ5Z2dzZWtrZXIlM2ZmJTI1NUJjb2xvciUyNTVEJTI1NUIlMjU1RCUzZGJsYWNrJTI2bXNjbGtpZCUzZGRlZDNiZjlkMzdiYzFlODk3ZDU4ZGNhODBlNDQ5MGE1JTI2dXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkJTI1NUJOTyUyNTVEJTI1MjBwLXMlYzMlYjZrLWthdGVnb3JpLXJ5Z2dzJWMzJWE0Y2thci12JWMzJWE0c2tvci1ibW0lMjZ1dG1fdGVybSUzZCUyNTJCc3ZhcnQlMjUyMCUyNTJCc2VrayUyNnV0bV9jb250ZW50JTNkU3ZhcnQlMjUyMFNla2s&rlid=ded3bf9d37bc1e897d58dca80e4490a5
content-length: 0
date: Thu, 29 Sep 2022 06:23:58 GMT
age: 0
server: ATS
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, enforce
referrer-policy: no-referrer-when-downgrade
set-cookie: A1=d=AQABBP45NWMCEDWYEmhl05BRKrleJnE9oYs&S=AQAAAuDneh4t7uBWozqJsz4iXBY; Expires=Fri, 29 Sep 2023 12:23:58 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=Lax; Secure; HttpOnly
A3=d=AQABBP45NWMCEDWYEmhl05BRKrleJnE9oYs&S=AQAAAuDneh4t7uBWozqJsz4iXBY; Expires=Fri, 29 Sep 2023 12:23:58 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
A1S=d=AQABBP45NWMCEDWYEmhl05BRKrleJnE9oYs&S=AQAAAuDneh4t7uBWozqJsz4iXBY&j=GDPR; Domain=.yahoo.com; Path=/; SameSite=Lax; Secure
X-Firefox-Spdy: h2
mr0.imageadvantage.net/MRH/MediaHandler.php?path=/1/70/27/76A4F368A39E7A1133064EC139F&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ysxv%257Btskw%257D2up4zx%257By%257Bty%257Fu8wllpku%252Fx%257BmBYh%2529y%257Bwfrjnx%2527ity%2523%255Ctvsyyqnx%257B%25212%2526Vnorfw%2526i%257Be%2527lokq%257Di%2527njxnnzhsjx%2529miz%253EXvr%257Bxzojzw%2529lhs%2525kw%2529w%257Bpwz%2523%257Ex%257Dbqm%2523jz%2527tjqnnv%2527unr%2523%257Dvlontj5%2524%257Bvw%2526rp%2524zqtxw7%2524Rk%25C3%25BDv%2523nrrfqz%2523y%25C3%25A9%2527ojzw7%2524Zfpqh%257B%2524%257Bjq%2526gnk%2527tts%2523qey%2521m%25C3%25BE%257Cn%2524wsjlh%257Beutjx%25236%2524rk%25C3%25BDv%2523mmu%2521skv%257Di%2527tjqn%2529lvt%2525uv%257C%2525&d=www.sportsnett.no%252Fturutstyr%252Fsekker
54.230.111.127200 OK 0 B URL HTTP/2 mr0.imageadvantage.net/MRH/MediaHandler.php?path=/1/70/27/76A4F368A39E7A1133064EC139F&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ysxv%257Btskw%257D2up4zx%257By%257Bty%257Fu8wllpku%252Fx%257BmBYh%2529y%257Bwfrjnx%2527ity%2523%255Ctvsyyqnx%257B%25212%2526Vnorfw%2526i%257Be%2527lokq%257Di%2527njxnnzhsjx%2529miz%253EXvr%257Bxzojzw%2529lhs%2525kw%2529w%257Bpwz%2523%257Ex%257Dbqm%2523jz%2527tjqnnv%2527unr%2523%257Dvlontj5%2524%257Bvw%2526rp%2524zqtxw7%2524Rk%25C3%25BDv%2523nrrfqz%2523y%25C3%25A9%2527ojzw7%2524Zfpqh%257B%2524%257Bjq%2526gnk%2527tts%2523qey%2521m%25C3%25BE%257Cn%2524wsjlh%257Beutjx%25236%2524rk%25C3%25BDv%2523mmu%2521skv%257Di%2527tjqn%2529lvt%2525uv%257C%2525&d=www.sportsnett.no%252Fturutstyr%252Fsekker
IP 54.230.111.127:0
GET /MRH/MediaHandler.php?path=/1/70/27/76A4F368A39E7A1133064EC139F&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ysxv%257Btskw%257D2up4zx%257By%257Bty%257Fu8wllpku%252Fx%257BmBYh%2529y%257Bwfrjnx%2527ity%2523%255Ctvsyyqnx%257B%25212%2526Vnorfw%2526i%257Be%2527lokq%257Di%2527njxnnzhsjx%2529miz%253EXvr%257Bxzojzw%2529lhs%2525kw%2529w%257Bpwz%2523%257Ex%257Dbqm%2523jz%2527tjqnnv%2527unr%2523%257Dvlontj5%2524%257Bvw%2526rp%2524zqtxw7%2524Rk%25C3%25BDv%2523nrrfqz%2523y%25C3%25A9%2527ojzw7%2524Zfpqh%257B%2524%257Bjq%2526gnk%2527tts%2523qey%2521m%25C3%25BE%257Cn%2524wsjlh%257Beutjx%25236%2524rk%25C3%25BDv%2523mmu%2521skv%257Di%2527tjqn%2529lvt%2525uv%257C%2525&d=www.sportsnett.no%252Fturutstyr%252Fsekker HTTP/1.1
Host: mr0.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.like.it/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
date: Thu, 29 Sep 2022 06:23:54 GMT
server: Apache/2.4.18 (Ubuntu)
cache-control: no-cache, no-store
mrhdebug: initialize START w:/MRH/MediaHandler.php?path=/1/70/27/76A4F368A39E7A1133064EC139F&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ysxv%257Btskw%257D2up4zx%257By%257Bty%257Fu8wllpku%252Fx%257BmBYh%2529y%257Bwfrjnx%2527ity%2523%255Ctvsyyqnx%257B%25212%2526Vnorfw%2526i%257Be%2527lokq%257Di%2527njxnnzhsjx%2529miz%253EXvr%257Bxzojzw%2529lhs%2525kw%2529w%257Bpwz%2523%257Ex%257Dbqm%2523jz%2527tjqnnv%2527unr%2523%257Dvlontj5%2524%257Bvw%2526rp%2524zqtxw7%2524Rk%25C3%25BDv%2523nrrfqz%2523y%25C3%25A9%2527ojzw7%2524Zfpqh%257B%2524%257Bjq%2526gnk%2527tts%2523qey%2521m%25C3%25BE%257Cn%2524wsjlh%257Beutjx%25236%2524rk%25C3%25BDv%2523mmu%2521skv%257Di%2527tjqn%2529lvt%2525uv%257C%2525&d=www.sportsnett.no%252Fturutstyr%252Fsekker|| @ 1664432633.9224||
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: B9eZyY6Yl6In4HEq9jFFUF13tTmVKATUDPq42tGrVuC-0ug0jFnPoA==
X-Firefox-Spdy: h2
mr0.imageadvantage.net/MRH/MediaHandler.php?path=/6/1A/27/96318A8105F6124EEE7EF5475D3&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ux%257Drvsyn1ws-uyr%2540%255Czhsy%2526vnor%25212%2526Ius%257Buj%2526rp%2524wsfqwrwrf%2525x%257Cpkzfpqh%257B%252AkfxCNs%25C3%25BCw%2521x%257Cd%257Bx%2527tjqn%2529lvt%2525Ux%257Drvsyn1%2529Tyjxr%25C3%25BBoxl-%2525xd%257Co%2527mj%257Ch%257Bmuh%2525uj%2529jyj%2525xh%257Dyy%252F%2525Nr%257C%2524vtx%2526irrufw%2526g%257E%2524rm%25C3%25ABx%252F%2529wrp%2525uj%2529y%257Bty%257Fu%2529jvs%2525gn%257Dm%257Djykwnv%2527pl%2526w%257Biujsm%2523%257Exloi%25C3%25BEu%257C2&d=www.outnorth.no
54.230.111.127200 OK 0 B URL HTTP/2 mr0.imageadvantage.net/MRH/MediaHandler.php?path=/6/1A/27/96318A8105F6124EEE7EF5475D3&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ux%257Drvsyn1ws-uyr%2540%255Czhsy%2526vnor%25212%2526Ius%257Buj%2526rp%2524wsfqwrwrf%2525x%257Cpkzfpqh%257B%252AkfxCNs%25C3%25BCw%2521x%257Cd%257Bx%2527tjqn%2529lvt%2525Ux%257Drvsyn1%2529Tyjxr%25C3%25BBoxl-%2525xd%257Co%2527mj%257Ch%257Bmuh%2525uj%2529jyj%2525xh%257Dyy%252F%2525Nr%257C%2524vtx%2526irrufw%2526g%257E%2524rm%25C3%25ABx%252F%2529wrp%2525uj%2529y%257Bty%257Fu%2529jvs%2525gn%257Dm%257Djykwnv%2527pl%2526w%257Biujsm%2523%257Exloi%25C3%25BEu%257C2&d=www.outnorth.no
IP 54.230.111.127:0
GET /MRH/MediaHandler.php?path=/6/1A/27/96318A8105F6124EEE7EF5475D3&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ux%257Drvsyn1ws-uyr%2540%255Czhsy%2526vnor%25212%2526Ius%257Buj%2526rp%2524wsfqwrwrf%2525x%257Cpkzfpqh%257B%252AkfxCNs%25C3%25BCw%2521x%257Cd%257Bx%2527tjqn%2529lvt%2525Ux%257Drvsyn1%2529Tyjxr%25C3%25BBoxl-%2525xd%257Co%2527mj%257Ch%257Bmuh%2525uj%2529jyj%2525xh%257Dyy%252F%2525Nr%257C%2524vtx%2526irrufw%2526g%257E%2524rm%25C3%25ABx%252F%2529wrp%2525uj%2529y%257Bty%257Fu%2529jvs%2525gn%257Dm%257Djykwnv%2527pl%2526w%257Biujsm%2523%257Exloi%25C3%25BEu%257C2&d=www.outnorth.no HTTP/1.1
Host: mr0.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.like.it/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Thu, 29 Sep 2022 06:23:54 GMT
server: Apache/2.4.18 (Ubuntu)
cache-control: no-cache, no-store
mrhdebug: initialize START w:/MRH/MediaHandler.php?path=/6/1A/27/96318A8105F6124EEE7EF5475D3&mt=04&pid=9653.100&qs=yvFppujt%2523%257Czhsy%2526vnor%2527fjyF%257B%257Ex3ux%257Drvsyn1ws-uyr%2540%255Czhsy%2526vnor%25212%2526Ius%257Buj%2526rp%2524wsfqwrwrf%2525x%257Cpkzfpqh%257B%252AkfxCNs%25C3%25BCw%2521x%257Cd%257Bx%2527tjqn%2529lvt%2525Ux%257Drvsyn1%2529Tyjxr%25C3%25BBoxl-%2525xd%257Co%2527mj%257Ch%257Bmuh%2525uj%2529jyj%2525xh%257Dyy%252F%2525Nr%257C%2524vtx%2526irrufw%2526g%257E%2524rm%25C3%25ABx%252F%2529wrp%2525uj%2529y%257Bty%257Fu%2529jvs%2525gn%257Dm%257Djykwnv%2527pl%2526w%257Biujsm%2523%257Exloi%25C3%25BEu%257C2&d=www.outnorth.no|| @ 1664432634.0823||
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a2z_QUyyjKAHEzaHzKVDDf4D5Tg0YJwAWXSVKbAYVenZTH3-lV5xyA==
X-Firefox-Spdy: h2
www.bing.com/aclick?ld=e81uExOm7puxi_CWRcbdqUfDVUCUzUcrF7T8KAqcr9ZWPFvEVW5lv-loQlt0ykBKRsmBewqkExqSBLI7zD51LcRbQVs_GuVVmUDSmCpPcS8ZlB1PkZDLNvW5nK74MuYoizXZk-KPinDJPrd1G2ukJ3LKALHvlrh923MQjDJ-Lr5VjI__3Y&u=aHR0cHMlM2ElMmYlMmZ3d3cub3V0bm9ydGgubm8lMmZ0dXJ1dHN0eXIlMmZiYWVyZS1vcHBiZXZhcmluZyUyZnJ5Z2dzZWtrZXIlM2ZmJTI1NUJjb2xvciUyNTVEJTI1NUIlMjU1RCUzZGJsYWNrJTI2bXNjbGtpZCUzZGRlZDNiZjlkMzdiYzFlODk3ZDU4ZGNhODBlNDQ5MGE1JTI2dXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkJTI1NUJOTyUyNTVEJTI1MjBwLXMlYzMlYjZrLWthdGVnb3JpLXJ5Z2dzJWMzJWE0Y2thci12JWMzJWE0c2tvci1ibW0lMjZ1dG1fdGVybSUzZCUyNTJCc3ZhcnQlMjUyMCUyNTJCc2VrayUyNnV0bV9jb250ZW50JTNkU3ZhcnQlMjUyMFNla2s&rlid=ded3bf9d37bc1e897d58dca80e4490a5
13.107.21.200302 Found 0 B URL HTTP/2 www.bing.com/aclick?ld=e81uExOm7puxi_CWRcbdqUfDVUCUzUcrF7T8KAqcr9ZWPFvEVW5lv-loQlt0ykBKRsmBewqkExqSBLI7zD51LcRbQVs_GuVVmUDSmCpPcS8ZlB1PkZDLNvW5nK74MuYoizXZk-KPinDJPrd1G2ukJ3LKALHvlrh923MQjDJ-Lr5VjI__3Y&u=aHR0cHMlM2ElMmYlMmZ3d3cub3V0bm9ydGgubm8lMmZ0dXJ1dHN0eXIlMmZiYWVyZS1vcHBiZXZhcmluZyUyZnJ5Z2dzZWtrZXIlM2ZmJTI1NUJjb2xvciUyNTVEJTI1NUIlMjU1RCUzZGJsYWNrJTI2bXNjbGtpZCUzZGRlZDNiZjlkMzdiYzFlODk3ZDU4ZGNhODBlNDQ5MGE1JTI2dXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkJTI1NUJOTyUyNTVEJTI1MjBwLXMlYzMlYjZrLWthdGVnb3JpLXJ5Z2dzJWMzJWE0Y2thci12JWMzJWE0c2tvci1ibW0lMjZ1dG1fdGVybSUzZCUyNTJCc3ZhcnQlMjUyMCUyNTJCc2VrayUyNnV0bV9jb250ZW50JTNkU3ZhcnQlMjUyMFNla2s&rlid=ded3bf9d37bc1e897d58dca80e4490a5
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
GET /aclick?ld=e81uExOm7puxi_CWRcbdqUfDVUCUzUcrF7T8KAqcr9ZWPFvEVW5lv-loQlt0ykBKRsmBewqkExqSBLI7zD51LcRbQVs_GuVVmUDSmCpPcS8ZlB1PkZDLNvW5nK74MuYoizXZk-KPinDJPrd1G2ukJ3LKALHvlrh923MQjDJ-Lr5VjI__3Y&u=aHR0cHMlM2ElMmYlMmZ3d3cub3V0bm9ydGgubm8lMmZ0dXJ1dHN0eXIlMmZiYWVyZS1vcHBiZXZhcmluZyUyZnJ5Z2dzZWtrZXIlM2ZmJTI1NUJjb2xvciUyNTVEJTI1NUIlMjU1RCUzZGJsYWNrJTI2bXNjbGtpZCUzZGRlZDNiZjlkMzdiYzFlODk3ZDU4ZGNhODBlNDQ5MGE1JTI2dXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkJTI1NUJOTyUyNTVEJTI1MjBwLXMlYzMlYjZrLWthdGVnb3JpLXJ5Z2dzJWMzJWE0Y2thci12JWMzJWE0c2tvci1ibW0lMjZ1dG1fdGVybSUzZCUyNTJCc3ZhcnQlMjUyMCUyNTJCc2VrayUyNnV0bV9jb250ZW50JTNkU3ZhcnQlMjUyMFNla2s&rlid=ded3bf9d37bc1e897d58dca80e4490a5 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-store
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://www.outnorth.no/turutstyr/baere-oppbevaring/ryggsekker?f%5Bcolor%5D%5B%5D=black&msclkid=ded3bf9d37bc1e897d58dca80e4490a5&utm_source=bing&utm_medium=cpc&utm_campaign=%5BNO%5D%20p-s%C3%B6k-kategori-ryggs%C3%A4ckar-v%C3%A4skor-bmm&utm_term=%2Bsvart%20%2Bsekk&utm_content=Svart%20Sekk
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo", CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
referrer-policy: origin
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DECE89E4507E42A48260B7E1B0C9E4B4 Ref B: OSL30EDGE0205 Ref C: 2022-09-29T06:23:58Z
set-cookie: _EDGE_S=F=1&SID=31D189F886B4636833A29BD68741625C; path=/; httponly; domain=bing.com
_EDGE_V=1; path=/; httponly; expires=Tue, 24-Oct-2023 06:23:59 GMT; domain=bing.com
MUID=040DF0C3B9136BA12782E2EDB8E66A24; samesite=none; path=/; secure; expires=Tue, 24-Oct-2023 06:23:59 GMT; domain=bing.com
date: Thu, 29 Sep 2022 06:23:58 GMT
X-Firefox-Spdy: h2
www.outnorth.no/turutstyr/baere-oppbevaring/ryggsekker?f%5Bcolor%5D%5B%5D=black&msclkid=ded3bf9d37bc1e897d58dca80e4490a5&utm_source=bing&utm_medium=cpc&utm_campaign=%5BNO%5D%20p-s%C3%B6k-kategori-ryggs%C3%A4ckar-v%C3%A4skor-bmm&utm_term=%2Bsvart%20%2Bsekk&utm_content=Svart%20Sekk
104.18.31.175301 Moved Permanently 0 B URL HTTP/2 www.outnorth.no/turutstyr/baere-oppbevaring/ryggsekker?f%5Bcolor%5D%5B%5D=black&msclkid=ded3bf9d37bc1e897d58dca80e4490a5&utm_source=bing&utm_medium=cpc&utm_campaign=%5BNO%5D%20p-s%C3%B6k-kategori-ryggs%C3%A4ckar-v%C3%A4skor-bmm&utm_term=%2Bsvart%20%2Bsekk&utm_content=Svart%20Sekk
IP 104.18.31.175:0
GET /turutstyr/baere-oppbevaring/ryggsekker?f%5Bcolor%5D%5B%5D=black&msclkid=ded3bf9d37bc1e897d58dca80e4490a5&utm_source=bing&utm_medium=cpc&utm_campaign=%5BNO%5D%20p-s%C3%B6k-kategori-ryggs%C3%A4ckar-v%C3%A4skor-bmm&utm_term=%2Bsvart%20%2Bsekk&utm_content=Svart%20Sekk HTTP/1.1
Host: www.outnorth.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.like.it/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 29 Sep 2022 06:23:59 GMT
content-type: text/html; charset=utf-8
location: https://www.outnorth.no/turutstyr/baere-oppbevare/ryggsekker?f%5Bcolor%5D%5B%5D=black&msclkid=ded3bf9d37bc1e897d58dca80e4490a5
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-request-id: abdcc65a-3db9-4d00-8356-1d2914fb2603
x-runtime: 0.079360
strict-transport-security: max-age=31536000
x-cacheable: YES
age: 0
x-cache: MISS
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7522a21ace89b4f7-OSL
X-Firefox-Spdy: h2