Overview

URL canada.is-great.org/canada.is.php
IP185.27.134.214
ASNAS34119 Wildcard UK Limited
Location United Kingdom
Report completed2018-08-09 13:17:26 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/ Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/event Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/dtagent50_jp3_6206.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/framework.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/jquery.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/login.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54d3852762323900162f0400.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/mbox-contents-76a6dcc270e1f105fec2216c (...) Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/foresee-surveydef.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/satelliteLib-1dcd6e2c98eb2fcfe6e3ad2ea (...) Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/deploy.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/id Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/mTag.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/id_002 Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/OpinionLab.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/foresee-trigger.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/s_code_bell.js Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/dest4.htm Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111_dat (...) Malware
2018-08-09 2 a0226319.xsph.ru/custom/foresee/foresee-surveydef.js?build=24 Malware
2018-08-09 2 a0226319.xsph.ru/custom/foresee/foresee-transport.swf Malware
2018-08-09 2 a0226319.xsph.ru/ca/Bell_Refund/dynaTraceMonitor?$3p=assets.adobedtm.com%7C (...) Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 185.27.134.214

Date UQ / IDS / BL URL IP
2018-09-25 12:53:49 +0200
0 - 1 - 0 outdoors.ga/wp/wp-login.php 185.27.134.214
2018-05-28 07:31:12 +0200
0 - 0 - 1 www.sqs1000y.com/ks.rar 185.27.134.214
2018-03-28 12:01:26 +0200
0 - 0 - 11 www.rolored.260mb.net/2015/07/descargar-windo (...) 185.27.134.214
2018-03-08 10:19:06 +0100
0 - 0 - 0 www.lazytownpoint.com 185.27.134.214
2017-12-09 08:40:18 +0100
0 - 1 - 0 www.ovooo.ml/ 185.27.134.214
2017-10-11 10:50:28 +0200
0 - 0 - 0 srtyruyg.1-ws.com 185.27.134.214
2017-10-11 10:01:46 +0200
0 - 0 - 0 zxyuktic.1-ws.com 185.27.134.214
2017-10-11 09:49:14 +0200
0 - 0 - 0 vreytua.1-ws.com 185.27.134.214
2017-10-05 16:10:35 +0200
0 - 1 - 0 wisc3.com/ 185.27.134.214
2017-08-13 20:22:46 +0200
0 - 0 - 11 www.rolored.260mb.net/2015/09/la-profesora-ho (...) 185.27.134.214

Last 10 reports on ASN: AS34119 Wildcard UK Limited

Date UQ / IDS / BL URL IP
2018-10-22 23:12:09 +0200
0 - 0 - 0 https://emmythielebrand.com/avd/12/12/ 31.22.4.60
2018-10-22 22:50:47 +0200
0 - 0 - 19 bikercolors.in/Choppers/officials-say-michael (...) 31.22.4.233
2018-10-22 16:51:52 +0200
0 - 0 - 16 printnow.club 185.27.132.34
2018-10-22 13:02:16 +0200
0 - 1 - 0 leatherjacketmarket.com/motor-biker-leather-j (...) 31.22.4.240
2018-10-22 05:56:35 +0200
0 - 0 - 0 xfhmga.epizy.com 185.27.134.224
2018-10-22 05:51:20 +0200
0 - 0 - 0 ndghfa.epizy.com 185.27.134.224
2018-10-21 11:28:15 +0200
0 - 0 - 0 185.27.134.217 185.27.134.217
2018-10-21 09:26:47 +0200
0 - 0 - 0 qerghgacx.epizy.com 185.27.134.218
2018-10-21 09:24:04 +0200
0 - 0 - 0 cxgjhaxc.epizy.com 185.27.134.218
2018-10-21 08:09:10 +0200
0 - 1 - 0 mobiletechnology.ml/ 185.27.134.97

No other reports on domain: is-great.org



JavaScript

Executed Scripts (50)


Executed Evals (1)

#1 JavaScript::Eval (size: 46432, repeated: 1) - SHA256: f821ec2b96eed6df47830e709237d11598dd89ac2c83ea80263a982aa2bcefc2

                                        if (typeof Array.prototype.splice === 'undefined') {
    Array.prototype.splice = function(a, c) {
        var i = 0,
            e = arguments,
            d = this.copy(),
            f = a;
        if (!c) {
            c = this.length - a
        }
        for (i; i < e.length - 2; i++) {
            this[a + i] = e[i + 2]
        }
        for (a; a < this.length - c; a++) {
            this[a + e.length - 2] = d[a - c]
        }
        this.length -= c - e.length + 2;
        return d.slice(f, f + c)
    }
}

function hcArrayStorage() {
    this.idx = 0;
    this.nArr = [];
    this.vArr = []
}
hcArrayStorage.prototype.add = function(n, v, unescD) {
    if (typeof(unescD) == 'undefined') {
        unescD = false
    }
    if (typeof(v) == 'undefined') {
        var temp = n.split('=');
        n = temp[0];
        v = temp[1]
    }
    if (unescD) {
        this.nArr[this.idx] = unescape(n);
        this.vArr[this.idx] = unescape(v)
    } else {
        this.nArr[this.idx] = n;
        this.vArr[this.idx] = v
    }
    this.idx++
};
hcArrayStorage.prototype.size = function() {
    return this.idx
};
hcArrayStorage.prototype.get = function(i) {
    if (typeof(this.nArr[i]) == 'undefined') {
        return ''
    }
    var tmp = escape(this.nArr[i]) + '=' + escape(this.vArr[i]);
    tmp = tmp.replace(/\+/g, "%2B");
    return tmp
};
hcArrayStorage.prototype.getName = function(i) {
    return this.nArr[i]
};
hcArrayStorage.prototype.getValue = function(i) {
    return this.vArr[i]
};
hcArrayStorage.prototype.getValueEsc = function(i) {
    return escape(this.vArr[i])
};
hcArrayStorage.prototype.getByName = function(n) {
    for (var i = 0; i < this.idx; i++) {
        if (this.getName(i) == n) {
            return i
        }
    }
    return -1
};
hcArrayStorage.prototype.remove = function(i) {
    if (typeof(i) == 'undefined' || i == null || typeof(this.nArr[i]) == 'undefined') {
        return
    }
    this.nArr.splice(i, 1);
    this.vArr.splice(i, 1);
    this.idx--
};
hcArrayStorage.prototype.paramLength = function(i) {
    var url = '&' + this.get(i);
    return url.length
};
hcArrayStorage.prototype.fullLength = function() {
    var length = 0;
    for (var i = 0; i < this.idx; i++) {
        length += this.paramLength(i)
    }
    return length
};
hcArrayStorage.prototype.getMaxLengthItem = function() {
    var max = 0,
        maxItemId = -1;
    for (var i = 0; i < this.idx; i++) {
        if (this.paramLength(i) > max) {
            max = this.paramLength(i);
            maxItemId = i
        }
    }
    return maxItemId
};
hcArrayStorage.prototype.clone = function() {
    var cObj = new hcArrayStorage();
    cObj.idx = this.idx;
    for (var i = 0; i < this.idx; i++) {
        cObj.nArr[i] = this.nArr[i];
        cObj.vArr[i] = this.vArr[i]
    }
    return cObj
};

function lpRequest(protocolVer, Url, params, Callback, requireConfirm, maxretries, prunId, lpjson, enc, browser, postAutoConfirm, spImmediateCleanup, partial, part, outOf, forceget, forcePost, encodingBlankUrl, minPost, minPostMaxGets, allowTruncate) {
    this.headLoc = document.getElementsByTagName("head").item(0);
    this.timeStamp = new Date();
    this.callId = this.getCID();
    this.protocolVer = protocolVer;
    this.scriptId = 'lpScriptId' + this.callId;
    this.callbackFunc = Callback;
    this.requireConfirm = requireConfirm;
    this.spImmediateCleanup = spImmediateCleanup;
    this.postAutoConfirm = postAutoConfirm;
    this.params = params;
    this.BaseUrl = Url;
    this.fullUrl = '';
    if (typeof(enc) != 'undefined' && enc != '' && enc != null) {
        this.dataEncoding = enc.toUpperCase()
    } else {
        this.dataEncoding = "UTF-8"
    }
    this.retries = 0;
    this.confirmed = false;
    this.usedget = true;
    this.usedSpecialPost = false;
    this.maxretries = maxretries;
    this.prunId = prunId;
    this.lpjson = lpjson;
    this.browser = browser;
    this.spImmediateCleanup = true;
    if (typeof(partial) == 'undefined') {
        partial = false
    }
    this.partial = partial;
    if (typeof(part) == 'undefined') {
        part = 0
    }
    this.part = part;
    if (typeof(outOf) == 'undefined') {
        outOf = 0
    }
    this.outOf = outOf;
    this.forceget = forceget;
    this.forcePost = forcePost;
    this.encodingBlankUrl = encodingBlankUrl;
    this.minimizePost = minPost;
    this.minimizePostMaxGets = minPostMaxGets;
    this.allowTruncate = allowTruncate
}
lpRequest.prototype.getCID = function() {
    var sKey = lpConnLib.getC('HumanClickKEY'),
        i = 999999999999;
    if (sKey == null) {
        sKey = this.getPadding(Math.round(Math.random() * i), ('' + i).length)
    }
    return sKey + '-' + this.getPadding(Math.round(Math.random() * i), ('' + i).length)
};
lpRequest.prototype.getPadding = function(n, maxLen) {
    var s = '000000000000' + n;
    return s.substring(s.length - maxLen)
};
lpRequest.prototype.BuildBaseCallUrl = function() {
    var url = this.BaseUrl;
    if (url.indexOf('?') == -1) {
        url += '?'
    } else {
        url += '&'
    }
    url += 'lpCallId=' + this.callId;
    url += '&protV=' + this.protocolVer;
    url += '&' + this.prunId + this.lpjson;
    return url
};
lpRequest.prototype.BuildCallUrl = function(type, maxLn, nolog) {
    var cUrl = this.BuildBaseCallUrl(),
        urlLn = cUrl.length;
    if (type == 'get') {
        if (this.params.size() > 0) {
            for (var i = 0; i < this.params.size(); i++) {
                cUrl += '&' + this.params.get(i)
            }
        }
        urlLn = cUrl.length;
        if (urlLn > maxLn) {
            if (!nolog) {
                lpConnLib.log('BuildCallUrl Cut length:' + urlLn + ' m=' + maxLn, 'WARN', 'EMT')
            }
            cUrl = cUrl.substring(0, maxLn)
        }
    }
    this.fullUrl = cUrl;
    return urlLn
};
lpRequest.prototype.MakeCallByScript = function() {
    this.scriptObj = document.createElement('script');
    this.scriptObj.setAttribute('type', 'text/javascript');
    this.scriptObj.setAttribute('charset', this.dataEncoding);
    this.scriptObj.setAttribute('src', this.fullUrl);
    this.scriptObj.setAttribute('id', this.scriptId);
    this.headLoc.appendChild(this.scriptObj)
};
lpRequest.prototype.removeScriptTag = function() {
    try {
        this.headLoc.removeChild(this.scriptObj)
    } catch (e) {
        lpConnLib.log('removeScript FAILED:' + e, 'ERROR', 'EMT')
    }
};
lpRequest.prototype.clone = function() {
    var cRq = new lpRequest();
    for (var p in this) {
        if (typeof(this[p]) != 'undefined') {
            if (typeof(this[p]) != 'object') {
                cRq[p] = this[p]
            } else if (typeof(this[p]) != 'undefined' && this[p] != null && this[p].constructor == hcArrayStorage) {
                cRq[p] = this[p].clone()
            } else {
                cRq[p] = this[p]
            }
        }
    }
    return cRq
};

function lpConnectionLibrary() {
    this.protocolVer = 20;
    this.garbagePeriod = 10;
    this.gcT = 0;
    this.callTimeoutPeriod = 3 * this.garbagePeriod;
    this.maxurllengthMZ = 2083;
    this.maxurllengthIE = 2083;
    this.postDeleteIfrDelay = 3;
    this.iframeName = 'lpIframeContainer-' + Math.round(1000 * Math.random());
    this.onPostAutoConfirm = true;
    this.queue = [];
    this.partialQueue = [];
    this.fullForPartialQueue = {};
    this.browser = this.BrowserSniff();
    this.maxurlgetlength = 2083;
    this.callCounter = 0;
    this.garbageCollectCounter = 0;
    this.forcedGet = 0;
    this.reconfirmedCalls = 0;
    this.resendCounter = 0;
    this.partialCounter = 0;
    this.lpExecuteErrors = 0;
    this.lpCallbackCnt = 0;
    this.lpjson = 1;
    this.prunId = 'lpjson=';
    this.DebugDisplay = false;
    this.postParams = [];
    this.spPostIframesFree = [];
    this.spPostIframesBusy = []
}
lpConnectionLibrary.prototype.SortQueue = function(a, b) {
    if (a.confirmed == b.confirmed) {
        return a.timeStamp.getTime() - b.timeStamp.getTime()
    }
    if (a.confirmed && !b.confirmed) {
        return -1
    }
    if (!a.confirmed && b.confirmed) {
        return 1
    }
    return 0
};
lpConnectionLibrary.prototype.confirmConnection = function(idList) {
    var tempList = ',' + idList + ',';
    for (var i = 0; i < this.queue.length; i++) {
        var myid = ',' + this.queue[i].callId + ',';
        if (!this.queue[i].confirmed && tempList.indexOf(myid) > -1) {
            this.queue[i].confirmed = true
        }
    }
};
lpConnectionLibrary.prototype.getRequestForCallId = function(callId) {
    for (var i = 0; i < this.queue.length; i++) {
        if (callId == this.queue[i].callId) {
            return this.queue[i]
        }
    }
    return null
};
lpConnectionLibrary.prototype.addToQueue = function(Url, params, Callback, requireConfirm, maxretries, forceget, onPostAutoConfirm, lpjson, dataEncoding, forcePost, specialPost, spImmediateCleanup, encodingBlankUrl, minimizePost, minimizePostMaxGets, allowTruncate) {
    var callType = '',
        postAutoConfirm = false;
    if (typeof(lpjson) != 'undefined') {
        this.lpjson = lpjson
    }
    if (typeof(onPostAutoConfirm) != 'undefined') {
        postAutoConfirm = onPostAutoConfirm
    } else {
        postAutoConfirm = this.onPostAutoConfirm
    }
    if (typeof(encodingBlankUrl) == 'undefined') {
        if (typeof(lpMTagConfig) != 'undefined') {
            encodingBlankUrl = lpMTagConfig.lpProtocol + '://' + lpMTagConfig.lpServer + '/hcp/asp/blankenc.asp'
        } else if (typeof(lpChatConfig) != 'undefined') {
            encodingBlankUrl = lpChatConfig.lpProtocol + '://' + lpChatConfig.lpServer + '/hcp/asp/blankenc.asp'
        }
    }
    this.encodingBlankUrl = encodingBlankUrl;
    if (typeof(spImmediateCleanup) == 'undefined') {
        spImmediateCleanup = true
    }
    var request = new lpRequest(this.protocolVer, Url, params, Callback, requireConfirm, maxretries, this.prunId, this.lpjson, dataEncoding, this.browser, postAutoConfirm, spImmediateCleanup, undefined, 0, 0, forceget, forcePost, encodingBlankUrl, minimizePost, minimizePostMaxGets, allowTruncate);
    if (typeof(lpMTagDebug) != 'undefined' && typeof(lpMTagDebug.Display) != 'undefined') {
        this.DebugDisplay = true
    }
    if (forceget) {
        this.forcedGet++
    }
    var partial = '',
        urlLength = request.BuildCallUrl('get', this.maxurlgetlength, true);
    if (!forcePost && (urlLength <= this.maxurlgetlength || forceget)) {
        callType = this.makeTheCall(request, 'get', requireConfirm)
    } else {
        if (typeof(minimizePost) == 'undefined') {
            if (typeof(lpMTagConfig.minimizePost) == 'undefined') {
                minimizePost = false
            } else {
                minimizePost = lpMTagConfig.minimizePost
            }
        }
        var minPostStatus = false;
        if (!forcePost && minimizePost) {
            if (typeof(minimizePostMaxGets) == 'undefined') {
                if (typeof(lpMTagConfig.minimizePostMaxGets) == 'undefined') {
                    minimizePostMaxGets = 3
                } else {
                    minimizePostMaxGets = lpMTagConfig.minimizePostMaxGets
                }
            }
            if (typeof(allowTruncate) == 'undefined') {
                if (typeof(lpMTagConfig.allowTruncate) == 'undefined') {
                    allowTruncate = false
                } else {
                    allowTruncate = lpMTagConfig.allowTruncate
                }
            }
            var origRequest = request.clone();
            this.splitRequestIntoGets(request, origRequest, minimizePostMaxGets, allowTruncate, specialPost, postAutoConfirm, spImmediateCleanup, minimizePostMaxGets, requireConfirm);
            minPostStatus = true
        }
        if (!minPostStatus) {
            if (specialPost) {
                callType = this.makeTheCall(request, 'sp-post', !postAutoConfirm, spImmediateCleanup)
            } else {
                callType = this.makeTheCall(request, 'post', !postAutoConfirm)
            }
        }
    }
    return callType
};
lpConnectionLibrary.prototype.makeTheCall = function(r, pr) {
    pr = pr.toUpperCase();
    var ret, qsize;
    if (pr == 'GET') {
        r.BuildCallUrl('get', this.maxurlgetlength);
        qsize = this.queue.length;
        this.queue[qsize] = r;
        this.queue[qsize].MakeCallByScript();
        if (!r.requireConfirm) {
            this.queue[qsize].confirmed = true
        }
        ret = 'GET'
    } else if (pr == 'POST') {
        r.BuildCallUrl('post', this.maxurlgetlength);
        qsize = this.queue.length;
        this.queue[qsize] = r;
        this.queue[qsize].MakeCallByIframe(this.browser);
        if (r.postAutoConfirm) {
            this.queue[qsize].confirmed = true
        }
        ret = 'POST'
    } else if (pr == 'SP-POST') {
        r.BuildCallUrl('post', this.maxurlgetlength);
        qsize = this.queue.length;
        this.queue[qsize].spImmediateCleanup = r.spImmediateCleanup;
        this.specialPostHandler(r.callId);
        if (r.postAutoConfirm) {
            this.queue[qsize].confirmed = true
        }
        ret = 'POST'
    }
    if (this.DebugDisplay) {
        var cmd = '';
        try {
            cmd = r.params.getValue(r.params.getByName('cmd'));
            if (typeof(cmd) == 'undefined') {
                cmd = r.fullUrl.match(/cmd=.*?&/).toString();
                if (cmd != null && cmd != 'null') {
                    cmd = cmd.replace(/&/g, '')
                }
            }
            cmd = '<strong><span style="color:rgb(255,153,0);">' + cmd + '</span></strong>'
        } catch (e) {}
        lpConnLib.log('Making ' + pr + ' Call id=' + r.callId + ' ' + cmd, 'DEBUG', 'EMT')
    }
    this.callCounter++;
    return ret
};
lpConnectionLibrary.prototype.hasNonLatinChars = function(params) {
    for (var i = 0; i < params.size(); i++) {
        if (params.get(i).indexOf("%u") != -1) {
            return true
        }
    }
    return false
};
lpConnectionLibrary.prototype.BrowserSniff = function() {
    var agt = navigator.userAgent.toLowerCase();
    if (agt.indexOf("safari") != -1) {
        return 'SAFARI'
    }
    if (document.all) {
        var is_opera = (agt.indexOf("opera") != -1);
        if (is_opera) {
            return "OPR"
        } else {
            return "IE"
        }
    }
    if (document.getElementById) {
        var is_ff = (agt.indexOf("firefox") != -1);
        if (is_ff) {
            return "FF"
        }
        return "MOZ"
    }
    return "MOZ"
};
lpConnectionLibrary.prototype.GetCallbackFunc = function(usrCallId) {
    var qSize = this.queue.length;
    for (var i = 0; i < qSize; i++) {
        if (this.queue[i].callId == usrCallId) {
            return this.queue[i].callbackFunc
        }
    }
    return null
};
lpConnectionLibrary.prototype.CleanUpBusySpecialPost = function(callID) {
    if (typeof(callID) == 'undefined') {
        callID = null
    }
    for (var i = 0; i < this.spPostIframesBusy.length; i++) {
        if ((this.spPostIframesBusy[i]['spImmediateCleanup'] && this.spPostIframesBusy[i]['callMade']) || this.spPostIframesBusy[i]['callID'] == callID) {
            this.releaseIframe(this.spPostIframesBusy[i]['callID'])
        }
    }
};
lpConnectionLibrary.prototype.gc = function() {
    lpConnLib.log('GC', 'OK', 'EMT');
    this.queue.sort(this.SortQueue);
    var confirmedCnt = 0,
        i;
    for (i = 0; i < this.queue.length; i++) {
        if (this.queue[i].confirmed) {
            if (this.queue[i].usedget) {
                this.queue[i].removeScriptTag()
            }
            confirmedCnt++
        }
    }
    this.queue.splice(0, confirmedCnt);
    this.garbageCollectCounter++;
    this.CleanUpBusySpecialPost();
    var now = new Date().getTime();
    for (i = 0; i < this.queue.length; i++) {
        if (!this.queue[i].confirmed && (now - this.queue[i].timeStamp.getTime()) > this.callTimeoutPeriod * 1000) {
            if (this.queue[i].retries < this.queue[i].maxretries) {
                this.queue[i].retries++;
                this.callCounter++;
                this.reconfirmedCalls++;
                lpConnLib.log('Retry ' + this.queue[i].retries + '/' + this.queue[i].maxretries + ' cId=' + this.queue[i].callId, 'DEBUG', 'EMT');
                this.queue[i].timeStamp = new Date();
                if (this.queue[i].usedget) {
                    this.queue[i].MakeCallByScript()
                } else {
                    if (this.usedSpecialPost) {
                        this.CleanUpBusySpecialPost(this.queue[i].callId);
                        this.specialPostHandler(this.queue[i].callId)
                    } else {
                        this.queue[i].MakeCallByIframe(this.browser)
                    }
                }
            } else {
                this.queue[i].confirmed = true;
                lpConnLib.log('Timeout for cId=' + this.queue[i].callId, 'DEBUG', 'EMT');
                var lpDataObj = {
                    "ResultSet": {
                        "lpCallId": this.queue[i].callId,
                        "lpCallError": "TIMEOUT"
                    }
                };
                this.UsrCFn(lpDataObj)
            }
        }
    }
};
lpConnectionLibrary.prototype.Process = function(d) {
    if (d == null) {
        lpConnLib.log('Cback No data', 'ERROR', 'EMT');
        return
    }
    this.lpCallbackCnt++;
    var dRS = d.ResultSet;
    d.ServiceInfo = {};
    var dSI = d.ServiceInfo;
    if (dRS.lpCallId == 0 || dRS.lpCallId == null || dRS.lpCallId == '') {
        lpConnLib.log('Cback No Call ID', 'ERROR', 'EMT');
        return
    }
    dSI.requestType = 'REGULAR';
    dSI.resendCall = false;
    dSI.origCallId = dRS.lpCallId;
    if (typeof(dRS.lpData) != 'undefined' && typeof(dRS.lpData) == 'object' && typeof(dRS.lpData[0]) != 'undefined') {
        if (typeof(dRS.lpData[0].TYPE) != 'undefined') {
            dSI.requestType = dRS.lpData[0].TYPE
        }
        if (typeof(dRS.lpData[0].RESEND) != 'undefined') {
            dSI.resendCall = dRS.lpData[0].RESEND
        }
    }
    if (dSI.resendCall) {
        this.resendCounter++
    }
    if (dSI.requestType == 'PARTIAL REQUEST') {
        dRS.lpCallId = dRS.lpCallId + '!' + dRS.lpData[0].PART
    }
    lpConnLib.log('Cback cId=' + dRS.lpCallId, 'DEBUG', 'EMT');
    if (typeof(dRS.lpCallConfirm) == 'undefined' || dRS.lpCallConfirm == '') {
        dRS.lpCallConfirm = dRS.lpCallId
    } else {
        dRS.lpCallConfirm += ',' + dRS.lpCallId
    }
    var req;
    if (dSI.requestType == 'PARTIAL REQUEST' && dSI.resendCall) {
        req = this.fullForPartialQueue[dSI.origCallId];
        delete this.fullForPartialQueue[dSI.origCallId];
        lpConnLib.log('CId=' + dRS.lpCallId + ' Deleted - fullForPartialQueue[' + dSI.origCallId + ']', 'DEBUG', 'EMT')
    } else {
        req = this.getRequestForCallId(dRS.lpCallId);
        if (req != null && req.partial) {
            req = this.fullForPartialQueue[dSI.origCallId]
        }
    }
    if (dSI.requestType != 'PARTIAL REQUEST') {
        if (this.fullForPartialQueue[dSI.origCallId]) {
            delete this.fullForPartialQueue[dSI.origCallId];
            lpConnLib.log('CId=' + dRS.lpCallId + ' Deleted fullForPartialQueue[' + dSI.origCallId + ']', 'DEBUG', 'EMT')
        }
    }
    if (req == null) {
        lpConnLib.log('REQ is NULL callId=' + dSI.origCallId, 'ERROR', 'EMT')
    }
    this.confirmConnection(dRS.lpCallConfirm);
    if (dSI.requestType == 'PARTIAL REQUEST') {
        var callNum, outOfcalls;
        if (typeof(dRS.lpData) != 'undefined' && typeof(dRS.lpData) == 'object') {
            if (typeof(dRS.lpData[0].PART) != 'undefined') {
                callNum = dRS.lpData[0].PART
            }
            if (typeof(dRS.lpData[0].OUTOF) != 'undefined') {
                outOfcalls = dRS.lpData[0].OUTOF
            }
        }
        if (dSI.resendCall) {
            for (var i = (callNum + 1); i <= outOfcalls; i++) {
                var cid = dSI.origCallId + '!' + i;
                delete this.partialQueue[cid]
            }
        } else {
            try {
                var ncId = dSI.origCallId + '!' + (callNum + 1);
                lpConnLib.log('P Call Response recieved  - ' + dRS.lpCallId + ' part=' + callNum + ' outof=' + outOfcalls, 'DEBUG', 'EMT');
                var r = this.partialQueue[ncId];
                if (r != null) {
                    delete this.partialQueue[ncId];
                    if (r.part == r.outOf) {
                        r.callId = this.spPartFromStr(r.callId)
                    }
                    this.makeTheCall(r, 'get')
                } else {
                    if (typeof(dbg) != 'undefined' && dbg.Display) {
                        dbg.Display('P Call NOT found for id=' + ncId, 'ERROR', 'EMT')
                    }
                }
            } catch (e) {
                if (typeof(dbg) != 'undefined' && dbg.Display) {
                    dbg.Display('P Call Proces error for id=' + dRS.lpCallId + ' exception=' + e, 'ERROR', 'EMT')
                }
            }
            return
        }
    }
    if (typeof(dRS.lpJS_Execute) != 'undefined') {
        var d_msg = [];
        for (var MTagI = 0; MTagI < dRS.lpJS_Execute.length; MTagI++) {
            var no_err_flag = true,
                err_msg = '',
                code_id = dRS.lpJS_Execute[MTagI].code_id;
            try {
                eval(dRS.lpJS_Execute[MTagI].js_code);
                if (typeof(lpMTag) != 'undefined' && typeof(lpMTag.tmpCode) != 'undefined' && lpMTag.tmpCode != '') {
                    eval(lpMTag.tmpCode)
                }
            } catch (hcExecError) {
                this.lpExecuteErrors++;
                no_err_flag = false;
                err_msg = hcExecError
            }
            if (typeof(lpMTag) != 'undefined') {
                lpMTag.tmpCode = ''
            }
            if (this.DebugDisplay) {
                if (no_err_flag) {
                    d_msg[d_msg.length] = 'OK Executed snippet=<strong>' + code_id + '</strong><!!>EXEC-OK'
                } else {
                    d_msg[d_msg.length] = 'ERROR Executing snippet=<strong>' + code_id + '</strong> &nbsp #' + err_msg + '#<!!>ERROR'
                }
            }
        }
        if (this.DebugDisplay) {
            lpMTagDebug.DisplayArray(d_msg, 'EMT')
        }
    }
    if (typeof(dRS.lpCallError) != 'undefined') {
        lpConnLib.log('ERR Recieved=' + dRS.lpCallError + ' &nbsp # CallID = ' + dRS.lpCallId + '#', 'ERROR', 'EMT')
    }
    this.UsrCFn(d, req)
};
lpConnectionLibrary.prototype.spPartFromStr = function(str) {
    var temp = str.split('!');
    return temp[0]
};
lpConnectionLibrary.prototype.UsrCFn = function(d, r) {
    var userCallbackFunc = this.GetCallbackFunc(d.ResultSet.lpCallId);
    if (userCallbackFunc != '' && userCallbackFunc != null) {
        var no_err_flag = true,
            err_msg = '';
        try {
            userCallbackFunc(d, r)
        } catch (hcExecError) {
            no_err_flag = false;
            err_msg = hcExecError
        }
        if (no_err_flag) {
            lpConnLib.log('OK Exec User function - ' + d.ResultSet.lpCallId, 'EXEC-OK', 'EMT')
        } else {
            lpConnLib.log('ERROR Exec User function=' + userCallbackFunc + ' &nbsp #' + err_msg + '#', 'ERROR', 'EMT')
        }
    }
};
lpConnectionLibrary.prototype.getC = function(n) {
    var c = document.cookie,
        start = c.indexOf(n + "=");
    if (typeof(n) == 'undefined' || start == -1) {
        return null
    }
    var len = start + n.length + 1;
    if ((!start) && (n != c.substring(0, n.length))) {
        return null
    }
    var end = c.indexOf(";", len);
    if (end == -1) {
        end = c.length
    }
    return unescape(c.substring(len, end))
};
lpConnectionLibrary.prototype.log = function(m, t, s) {
    if (this.DebugDisplay) {
        lpMTagDebug.Display(m, t, s)
    }
};
if (typeof(lpConnLib) == 'undefined') {
    function lpJSLibrary() {}
    var lpJSLib = new lpJSLibrary(),
        lpConnLib = new lpConnectionLibrary();
    lpConnLib.gcT = setInterval('lpConnLib.gc()', lpConnLib.garbagePeriod * 1000)
}

function lpMonitorTag() {
    var c = lpMTagConfig;
    this.maxretries = 3;
    this.maxErrorCnt = 2;
    this.connErrorCnt = 0;
    this.errorDelay = 10;
    if (typeof(c.lpProtocol) == 'undefined') {
        c.lpProtocol = (document.location.toString().indexOf("https:") == 0) ? "https" : "http"
    }
    this.lpURL = c.lpProtocol + '://' + c.lpServer + '/hc/' + c.lpNumber + '/';
    this.lpPageLocation = this.getPageUrl();
    if (typeof(c.lpUseSecureCookies) == 'undefined') {
        c.lpUseSecureCookies = false
    }
    if (typeof(c.sendCookies) == 'undefined') {
        c.sendCookies = true
    }
    if (typeof(c.lpSendCookies) == 'undefined') {
        c.lpSendCookies = false
    }
    this.dCkName = 'LP_DATA_COOKIE';
    this.lpVisitorStatus = 'INSITE_STATUS';
    this.lpCmd = 'mTagKnockPage';
    this.webServerCookie = 'LPNMT_DOMAIN-' + c.lpNumber;
    this.lpPageID = this.getPId();
    this.title = this.getTitle();
    this.referrer = this.getRefr();
    this.lpJavaEnabled = (this.lpIsJavaEnabled() ? 'true' : 'false');
    this.lpLoopTimer = -1;
    this.lpFirstInPage = true;
    this.lpKnockPageRequestDelay = 0;
    this.lpStartPageRequestDelay = 0;
    this.lpFirstInPageRequestDelay = 0;
    this.lpInPageRequestDelay = 30;
    this.lpDelayAfterPost = 10;
    this.lpBrowser = lpConnLib.browser;
    this.lpDataToSend = '';
    if (typeof(c.activePlugin) == 'undefined') {
        c.activePlugin = 'none'
    }
    if (typeof(c.enableActivityMon) != 'undefined') {
        this.actMon = c.enableActivityMon
    } else {
        this.actMon = true
    }
    if (typeof(c.inactivityPeriod) != 'undefined') {
        this.inactPer = c.inactivityPeriod
    } else {
        this.inactPer = 120
    }
    if (typeof(c.actPollingInterval) != 'undefined') {
        this.actPolInt = c.actPollingInterval
    } else {
        this.actPolInt = 3
    }
    this.lastActiveDate = new Date();
    this.cookieRemovedCnt = 0;
    this.prevCookie = '';
    this.splitCookieLeft = '';
    this.events = {
        eventId: 0,
        lstnrs: {},
        fired: [],
        prefix: 'evId_',
        register: function(evName, fn) {
            if (typeof(evName) == 'undefined' || typeof(fn) != 'function') {
                lpConnLib.log('Ev listen has invalid params: evName=[' + evName + ']  fn=[' + fn + ']', 'ERROR', 'EMT-Events');
                return null
            }
            var evId = this.eventId++;
            this.lstnrs[this.prefix + evId] = {
                id: evId,
                name: evName,
                fn: fn
            };
            lpConnLib.log('Ev listen rgstr: evName=[' + evName + ']  fn=[' + fn + ']', 'DEBUG', 'EMT-Events');
            return evId
        },
        unregister: function(id) {
            if (typeof(id) == 'undefined') {
                lpConnLib.log('Ev listen id not spec for unregister', 'ERROR', 'EMT-Events');
                return null
            }
            var ev = this.lstnrs[this.prefix + id];
            if (typeof(ev) == 'undefined') {
                lpConnLib.log('Ev listen id not Found for unregister id=' + id, 'ERROR', 'EMT-Events');
                return false
            } else {
                delete this.lstnrs[this.prefix + id];
                lpConnLib.log('Ev listen id=' + id + ' unregister', 'DEBUG', 'EMT-Events');
                return true
            }
        },
        hasFired: function(evName) {
            if (typeof(evName) == 'undefined' || evName == '*') {
                return this.fired
            }
            var ret = [];
            for (var n = 0; n < this.fired.length; n++) {
                if (this.fired[n].evName == evName) {
                    ret[ret.length] = this.fired[n]
                }
            }
            return ret
        },
        publish: function(evName, pJson) {
            if (typeof(evName) == 'undefined') {
                lpConnLib.log('Ev name not spec for publish', 'ERROR', 'EMT-Events');
                return null
            }
            this.fired[this.fired.length] = {
                evName: evName,
                evData: pJson
            };
            var anyLstnr = false;
            for (var n in this.lstnrs) {
                var l = this.lstnrs[n];
                if (l.name == evName || l.name == '*') {
                    l.fn(evName, pJson);
                    anyLstnr = true;
                    lpConnLib.log('Ev listen=' + n + ' ev=' + evName + ' exec', 'DEBUG', 'EMT-Events')
                }
            }
            return anyLstnr
        }
    }
}
lpMonitorTag.prototype.startActMon = function() {
    if (this.actMon) {
        lpConnLib.log('Start ActMon', 'DEBUG', 'EMT');
        var c = lpMTagConfig;
        c.visitorActive = true;
        if (typeof(c.pageVar) == 'undefined') {
            c.pageVar = []
        }
        c.pageVar[c.pageVar.length] = 'visitorActive=1';
        if (window.attachEvent) {
            document.attachEvent('onmousedown', this.MAct);
            document.attachEvent('onmousemove', this.MAct);
            document.attachEvent('onmouseover', this.MAct);
            window.attachEvent('onresize', this.MAct);
            window.attachEvent('onblur', this.MAct);
            window.attachEvent('onfocus', this.MAct);
            document.attachEvent('onkeydown', this.MAct);
            document.attachEvent('onscroll', this.MAct)
        } else {
            var fn = window.addEventListener;
            fn("mousedown", this.MAct, false);
            fn("mousemove", this.MAct, false);
            fn("mouseover", this.MAct, false);
            fn("scroll", this.MAct, false);
            fn("resize", this.MAct, false);
            fn("blur", this.MAct, false);
            fn("focus", this.MAct, false);
            fn("keydown", this.MAct, false)
        }
        this.actT = setInterval(this.cAct, this.actPolInt * 1000)
    }
};
lpMonitorTag.prototype.getPageUrl = function() {
    var u = document.location.href.toString();
    if (u == null || u == '') {
        u = '__blank__'
    }
    return u
};
lpMonitorTag.prototype.getTitle = function() {
    var title = '';
    if (typeof(document.title) != "undefined" && document.title.length > 0) {
        title = document.title
    }
    return title
};
lpMonitorTag.prototype.getPId = function() {
    return Math.round(Math.random() * 9999999999)
};
lpMonitorTag.prototype.getRefr = function() {
    var referrer = '';
    if (typeof(document.referrer) != "undefined" && document.referrer.length > 0) {
        referrer = document.referrer
    }
    return referrer
};
lpMonitorTag.prototype.MAct = function() {
    lpMTag.lastActiveDate = new Date()
};
lpMonitorTag.prototype.cAct = function() {
    var c = lpMTagConfig,
        cTime = new Date().getTime(),
        lastActTime = lpMTag.lastActiveDate.getTime(),
        actSt = c.visitorActive;
    actSt = (cTime - lastActTime) <= (lpMTag.inactPer * 1000);
    if (actSt != c.visitorActive) {
        lpConnLib.log('Visitor Act STATUS= ' + (actSt ? '1' : '0'), 'DEBUG', 'EMT');
        c.pageVar[c.pageVar.length] = 'visitorActive=' + (actSt ? '1' : '0');
        c.visitorActive = actSt
    }
};
lpMonitorTag.prototype.removeUrlParameter = function(url, p) {
    var pnt = url.indexOf('&' + p + '=');
    if (pnt > -1) {
        var tmp = url.substring(pnt + ('&' + p + '=').length),
            endpnt = tmp.indexOf('&');
        if (endpnt > -1) {
            url = url.substring(0, pnt) + tmp.substring(endpnt)
        } else {
            url = url.substring(0, pnt)
        }
    }
    return url
};
lpMonitorTag.prototype.addFirstPartyCookies = function(url, cmd, params) {
    var c = lpMTagConfig;
    if (typeof(cmd) == 'undefined') {
        var pnt = url.indexOf('&cmd=');
        if (pnt > -1) {
            var tmp = url.substring(pnt + 5);
            if (tmp.indexOf('&') > -1) {
                tmp = tmp.substring(0, tmp.indexOf('&'))
            }
            cmd = tmp
        } else {
            cmd = ''
        }
    }
    if (typeof(c.useFirstParty) != 'undefined' && c.useFirstParty || cmd == 'mTagKnockPage') {
        var vid = lpConnLib.getC(c.FPC_VID_NAME ? c.FPC_VID_NAME : c.lpNumber + '-VID'),
            skey = lpConnLib.getC(c.FPC_SKEY_NAME ? c.FPC_SKEY_NAME : c.lpNumber + '-SKEY'),
            contId = lpConnLib.getC(c.FPC_CONT_NAME ? c.FPC_CONT_NAME : 'HumanClickSiteContainerID_' + c.lpNumber);
        if (url.indexOf('?') == -1) {
            url += '?'
        }
        if (url.indexOf('&visitor=') > -1) {
            lpConnLib.log('FPC Found &v in url - remove', 'DEBUG', 'EMT');
            url = this.removeUrlParameter(url, 'visitor')
        }
        if (url.indexOf('&msessionkey=') > -1) {
            lpConnLib.log('FPC Found &m in the url - remove', 'DEBUG', 'EMT');
            url = this.removeUrlParameter(url, 'msessionkey')
        }
        if (url.indexOf('&siteContainer=') > -1) {
            lpConnLib.log('FPC Found &s in the url - remove', 'DEBUG', 'EMT');
            url = this.removeUrlParameter(url, 'siteContainer')
        }
        if (typeof(params) != 'undefined') {
            var idx;
            idx = params.getByName('visitor');
            if (idx > -1) {
                lpConnLib.log('FPC visitor - remove', 'DEBUG', 'EMT');
                params.remove(idx)
            }
            idx = params.getByName('msessionkey');
            if (idx > -1) {
                lpConnLib.log('FPC msessionkey - remove', 'DEBUG', 'EMT');
                params.remove(idx)
            }
            idx = params.getByName('siteContainer');
            if (idx > -1) {
                lpConnLib.log('FPC siteContainer - remove', 'DEBUG', 'EMT');
                params.remove(idx)
            }
        }
        if (vid != null) {
            url += '&visitor=' + vid
        }
        if (skey != null) {
            url += '&msessionkey=' + skey
        }
        if (contId != null) {
            url += '&siteContainer=' + contId
        }
    }
    return url
};
lpMonitorTag.prototype.mtagAddReqToQueue = function(req) {
    this.mtagAddToQueue(req.BaseUrl, req.params, req.callbackFunc, req.requireConfirm, req.maxretries, req.forceget, req.postAutoConfirm, req.lpjson, req.dataEncoding, req.forcePost, req.usedSpecialPost, req.spImmediateCleanup, req.encodingBlankUrl, req.minimizePost, req.minimizePostMaxGets, req.allowTruncate)
};
lpMonitorTag.prototype.mtagAddToQueue = function(Url, params, Callback, requireConfirm, maxretries, forceget, onPostAutoConfirm, lpjson, dataEncoding, forcePost, specialPost, spImmediateCleanup, encodingBlankUrl, minimizePost, minimizePostMaxGets, allowTruncate) {
    var cmd = params.getValue(params.getByName('cmd'));
    Url = this.addFirstPartyCookies(Url, cmd, params);
    Url = this.addStatCmdToUrl(Url, params);
    params = this.avoidPost(Url, params, cmd);
    return lpConnLib.addToQueue(Url, params, Callback, requireConfirm, maxretries, forceget, onPostAutoConfirm, lpjson, dataEncoding, forcePost, specialPost, spImmediateCleanup, encodingBlankUrl, minimizePost, minimizePostMaxGets, allowTruncate)
};
lpMonitorTag.prototype.addStatCmdToUrl = function(url, params) {
    var indx, value = '';
    if (url.indexOf('?') == -1) {
        url += '?'
    }
    indx = params.getByName('site');
    if (indx != -1) {
        value = params.getValue(indx);
        url += '&site=' + value;
        params.remove(indx)
    }
    indx = params.getByName('cmd');
    if (indx != -1) {
        value = params.getValue(indx);
        url += '&cmd=' + value;
        params.remove(indx)
    }
    return url
};
lpMonitorTag.prototype.avoidPost = function(Url, params, cmd) {
    var c = lpMTagConfig,
        avoidPost = this.getAPProps(),
        splitCookie = c.sgpemtSplitCookie,
        splitCookieMinDelta = 0;
    if (splitCookie) {
        splitCookieMinDelta = c.sgpemtSplitCookieMinDelta
    }
    if (!avoidPost.avoidPost && !splitCookie) {
        return params
    }
    var r = new lpRequest(lpConnLib.protocolVer, Url, params, null, false, 0, lpConnLib.prunId, lpConnLib.lpjson, 'UTF-8', lpConnLib.browser, false, true, undefined, 0, 0, false, false),
        baseUrl = r.BuildBaseCallUrl(),
        urlLength = baseUrl.length + params.fullLength() + 1,
        orgCk = '';
    if (urlLength > lpConnLib.maxurlgetlength) {
        var indx = params.getByName('cookie');
        if (indx > -1) {
            lpConnLib.log('AP ' + avoidPost.avoidPost + ' SC ' + splitCookie + ' Limit ' + urlLength + ': drop cookies', 'DEBUG', 'EMT');
            orgCk = params.getValue(indx);
            params.remove(indx);
            this.cookieRemovedCnt++;
            if (this.cookieRemovedCnt > 1) {
                lpConnLib.log('AP set sendCookies to FALSE', 'DEBUG', 'EMT');
                lpMTagConfig.sendCookies = false
            }
        } else {
            lpConnLib.log('AP Limit ' + urlLength + ': cookies not FOUND', 'DEBUG', 'EMT')
        }
        urlLength = baseUrl.length + params.fullLength() + 1;
        if (urlLength > (lpConnLib.maxurlgetlength - splitCookieMinDelta)) {
            lpConnLib.log('AP Limit ' + urlLength + ': after drop cookies - trim', 'DEBUG', 'EMT');
            params = this.trimParam(params, 'pageWindowName', avoidPost.maxPageWinNameLength);
            urlLength = baseUrl.length + params.fullLength() + 1;
            if (urlLength > lpConnLib.maxurlgetlength) {
                lpConnLib.log('AP Limit ' + urlLength + ' after trim pageWindowName ', 'DEBUG', 'EMT')
            } else {
                return this.prSplitC(cmd, params, urlLength, orgCk)
            }
            params = this.trimParam(params, 'title', avoidPost.emtMaxTitleLength);
            urlLength = baseUrl.length + params.fullLength() + 1;
            if (urlLength > (lpConnLib.maxurlgetlength - splitCookieMinDelta)) {
                lpConnLib.log('AP Limit ' + urlLength + ' after trim title ', 'DEBUG', 'EMT');
                params = this.trimParam(params, 'referrer', avoidPost.emtMaxReferLength)
            } else {
                return this.prSplitC(cmd, params, urlLength, orgCk)
            }
            urlLength = baseUrl.length + params.fullLength() + 1;
            if (urlLength > (lpConnLib.maxurlgetlength - splitCookieMinDelta)) {
                lpConnLib.log('AP Limit ' + urlLength + 'trim page', 'DEBUG', 'EMT');
                params = this.trimParam(params, 'page', avoidPost.emtMaxUrlLength)
            } else {
                return this.prSplitC(cmd, params, urlLength, orgCk)
            }
            urlLength = baseUrl.length + params.fullLength() + 1;
            if (urlLength > (lpConnLib.maxurlgetlength - splitCookieMinDelta)) {
                lpConnLib.log('AP Limit ' + urlLength, 'DEBUG', 'EMT');
                params = this.trimParam(params, 'title', avoidPost.emtMinTitleLength)
            } else {
                return this.prSplitC(cmd, params, urlLength, orgCk)
            }
            urlLength = baseUrl.length + params.fullLength() + 1;
            if (urlLength > (lpConnLib.maxurlgetlength - splitCookieMinDelta)) {
                lpConnLib.log('AP Limit ' + urlLength, 'DEBUG', 'EMT');
                params = this.trimParam(params, 'referrer', avoidPost.emtMinReferLength)
            } else {
                return this.prSplitC(cmd, params, urlLength, orgCk)
            }
            urlLength = baseUrl.length + params.fullLength() + 1;
            if (urlLength > (lpConnLib.maxurlgetlength - splitCookieMinDelta)) {
                lpConnLib.log('AP Limit ' + urlLength, 'DEBUG', 'EMT');
                params = this.trimParam(params, 'page', avoidPost.emtMinUrlLength)
            } else {
                return this.prSplitC(cmd, params, urlLength, orgCk)
            }
            urlLength = baseUrl.length + params.fullLength() + 1;
            if (urlLength > (lpConnLib.maxurlgetlength - splitCookieMinDelta)) {
                lpConnLib.log('AP over limit  ' + urlLength + ': DO POST', 'DEBUG', 'EMT');
                var idx = params.getByName('page');
                if (idx > -1) {
                    params.remove(idx);
                    params.add('page', this.lpPageLocation)
                }
                idx = params.getByName('referrer');
                if (idx > -1) {
                    params.remove(idx);
                    params.add('referrer', this.referrer)
                }
                idx = params.getByName('title');
                if (idx > -1) {
                    params.remove(idx);
                    params.add('title', this.title)
                }
                if (orgCk != '') {
                    this.cookieRemovedCnt--;
                    params.add('cookie', orgCk)
                }
                return params
            } else {
                return this.prSplitC(cmd, params, urlLength, orgCk)
            }
        } else {
            return this.prSplitC(cmd, params, urlLength, orgCk)
        }
    } else {
        return this.prSplitC(cmd, params, urlLength, orgCk)
    }
};
lpMonitorTag.prototype.prSplitC = function(cmd, params, urlLength, orgCk) {
    var d = lpMTagDebug;
    if (!lpMTagConfig.sgpemtSplitCookie || (cmd != 'mTagStartPage' && cmd != 'mTagInPage' && cmd != 'mTagUDEsend')) {
        lpConnLib.log('SplitCookie ' + lpMTagConfig.sgpemtSplitCookie + ' cmd ' + cmd, 'DEBUG', 'EMT');
        return params
    }
    var chunk = '',
        sizeLeft = lpConnLib.maxurlgetlength - urlLength - "&sc=".length;
    if (typeof(orgCk) == 'undefined' || orgCk == '') {
        if (this.splitCookieLeft.length == 0) {
            lpConnLib.log('SplitCookie - nothing to send - DONE', 'DEBUG', 'EMT');
            return params
        }
        sizeLeft = this.adjustForSpChars(this.splitCookieLeft, sizeLeft);
        chunk = this.splitCookieLeft.substr(0, sizeLeft);
        this.splitCookieLeft = this.splitCookieLeft.substr(sizeLeft);
        var pname = 'ac';
        if (this.splitCookieLeft == '') {
            pname = 'ec'
        }
        lpConnLib.log('SC send ' + pname + ' chunk size=' + chunk.length + ' left=' + this.splitCookieLeft.length, 'DEBUG', 'EMT');
        params.add(pname, this.specialUnescape(chunk))
    } else {
        var escCk = this.specialEscape(orgCk);
        sizeLeft = this.adjustForSpChars(escCk, sizeLeft);
        chunk = escCk.substr(0, sizeLeft);
        params.add('sc', this.specialUnescape(chunk));
        lpConnLib.log('SC send sc chunk size=' + chunk.length + ' total size=' + orgCk.length, 'DEBUG', 'EMT');
        this.splitCookieLeft = escCk.substr(sizeLeft)
    }
    return params
};
lpMonitorTag.prototype.specialEscape = function(characters) {
    var tmp = escape(characters);
    tmp = tmp.replace(/\+/g, "%2B");
    return tmp
};
lpMonitorTag.prototype.specialUnescape = function(characters) {
    var tmp = characters.replace(/%2B/g, "+");
    tmp = unescape(characters);
    return tmp
};
lpMonitorTag.prototype.adjustForSpChars = function(escCk, sizeLeft) {
    if (escCk.charAt(sizeLeft - 1) == '%') {
        return sizeLeft - 1
    }
    if (escCk.charAt(sizeLeft - 2) == '%') {
        return sizeLeft - 2
    }
    var chunkSlice = escCk.substr(0, sizeLeft).substr(-6),
        unicodeIdx = chunkSlice.lastIndexOf("%u");
    if (unicodeIdx > 0) {
        return sizeLeft - (chunkSlice.length - unicodeIdx)
    }
    return sizeLeft
};
lpMonitorTag.prototype.trimParam = function(p, name, maxSize) {
    var str = '',
        indx = p.getByName(name);
    if (indx > -1) {
        str = p.getValueEsc(indx)
    }
    if (str.length > maxSize) {
        lpConnLib.log('trimParam ' + name.toUpperCase() + ' length ' + str.length + ' to ' + maxSize, 'DEBUG', 'EMT');
        str = this.trimLength(str, maxSize);
        p.remove(indx);
        if (str != '') {
            p.add(name, str, true)
        }
    }
    return p
};
lpMonitorTag.prototype.getAPProps = function() {
    var ret = {
        avoidPost: false
    };
    var c = lpMTagConfig;
    if (c.emtAvoidPOST || (typeof(c.emtAvoidPOST) == 'undefined' && c.sgpemtAvoidPOST)) {
        ret.avoidPost = true
    } else {
        return ret
    }
    if (typeof(c.emtMaxUrlLength) != 'undefined') {
        ret.emtMaxUrlLength = c.emtMaxUrlLength
    } else {
        if (typeof(c.sgpemtMaxUrlLength) == 'undefined') {
            ret.emtMaxUrlLength = 500
        } else {
            ret.emtMaxUrlLength = c.sgpemtMaxUrlLength
        }
    }
    if (typeof(c.emtMinUrlLength) != 'undefined') {
        ret.emtMinUrlLength = c.emtMinUrlLength
    } else {
        if (typeof(c.sgpemtMinUrlLength) == 'undefined') {
            ret.emtMinUrlLength = 100
        } else {
            ret.emtMinUrlLength = c.sgpemtMinUrlLength
        }
    }
    if (typeof(c.emtMaxReferLength) != 'undefined') {
        ret.emtMaxReferLength = c.emtMaxReferLength
    } else {
        if (typeof(c.sgpemtMaxReferLength) == 'undefined') {
            ret.emtMaxReferLength = 300
        } else {
            ret.emtMaxReferLength = c.sgpemtMaxReferLength
        }
    }
    if (typeof(c.emtMinReferLength) != 'undefined') {
        ret.emtMinReferLength = c.emtMinReferLength
    } else {
        if (typeof(c.sgpemtMinReferLength) == 'undefined') {
            ret.emtMinReferLength = 100
        } else {
            ret.emtMinReferLength = c.sgpemtMinReferLength
        }
    }
    if (typeof(c.emtMaxTitleLength) != 'undefined') {
        ret.emtMaxTitleLength = c.emtMaxTitleLength
    } else {
        if (typeof(c.sgpemtMaxTitleLength) == 'undefined') {
            ret.emtMaxTitleLength = 100
        } else {
            ret.emtMaxTitleLength = c.sgpemtMaxTitleLength
        }
    }
    if (typeof(c.emtMinTitleLength) != 'undefined') {
        ret.emtMinTitleLength = c.emtMinTitleLength
    } else {
        if (typeof(c.sgpemtMinTitleLength) == 'undefined') {
            ret.emtMinTitleLength = 50
        } else {
            ret.emtMinTitleLength = c.sgpemtMinTitleLength
        }
    }
    if (typeof(c.maxPageWinNameLength) != 'undefined') {
        ret.maxPageWinNameLength = c.maxPageWinNameLength
    }
    return ret
};
lpMonitorTag.prototype.lpSetCallParams = function(lpCmd, extra) {
    var c = lpMTagConfig,
        i, tmpData, cPrm = new hcArrayStorage();
    cPrm.add('site', c.lpNumber);
    cPrm.add('cmd', lpCmd);
    if (lpCmd != 'mTagKnockPage') {
        cPrm.add('page', this.lpPageLocation)
    }
    cPrm.add('id', this.lpPageID);
    cPrm.add('javaSupport', this.lpJavaEnabled);
    cPrm.add('visitorStatus', this.lpVisitorStatus);
    if (lpCmd == 'mTagInPage') {
        var data = lpConnLib.getC(this.dCkName);
        if (data != '' && data != null) {
            this.lpDeleteCookie(this.dCkName);
            cPrm.add(data)
        }
    }
    if (lpCmd != 'mTagKnockPage') {
        if (typeof(c.defaultChatInvite) != 'undefined') {
            cPrm.add('defCInvite', c.defaultChatInvite)
        }
        if (typeof(c.defaultVoiceInvite) != 'undefined') {
            cPrm.add('defVInvite', c.defaultVoiceInvite)
        }
        if (typeof(c.defaultMultiChannelInvite) != 'undefined') {
            cPrm.add('defMCInvite', c.defaultMultiChannelInvite)
        }
        if (typeof(c.defaultInvite) != 'undefined') {
            cPrm.add('defInvite', c.defaultInvite)
        }
        if (typeof(c.cobrowseEnabled) != 'undefined') {
            if (typeof(c.lpActivePlugin) == 'undefined') {
                c.lpActivePlugin = 'none'
            }
            cPrm.add('activePlugin', c.lpActivePlugin);
            cPrm.add('cobrowse', 'true');
            if (typeof(c.pageWindowName) != 'undefined') {
                cPrm.add('pageWindowName', c.pageWindowName)
            } else {
                var name = '';
                try {
                    if (top && typeof(top.document) != 'undefined') {
                        name = '' + top.name
                    }
                } catch (e) {
                    name = ''
                }
                if (name != '') {
                    if (escape(name).length > c.maxPageWinNameLength) {
                        name = this.trimLength(name, c.maxPageWinNameLength)
                    }
                    cPrm.add('pageWindowName', name)
                }
            }
            if (typeof(c.lpOperatorPageType) != "undefined") {
                cPrm.add('cobrowsetitle', c.lpOperatorPageType)
            }
            if (typeof(c.lpOperatorPageUrl) != "undefined") {
                cPrm.add('cobrowseurl', c.lpOperatorPageUrl)
            }
        }
    }
    if (lpCmd == 'mTagStartPage' || lpCmd == 'mTagInPage') {
        if (typeof(c.pageVar) != 'undefined' && c.pageVar.length > 0) {
            for (i = 0; i < c.pageVar.length; i++) {
                cPrm.add('PV!' + c.pageVar[i], undefined, true);
                this.addUDESt('page', c.pageVar[i])
            }
            c.pageVar = []
        }
        if (typeof(c.sessionVar) != 'undefined' && c.sessionVar.length > 0) {
            for (i = 0; i < c.sessionVar.length; i++) {
                cPrm.add('SV!' + c.sessionVar[i], undefined, true);
                this.addUDESt('session', c.sessionVar[i])
            }
            c.sessionVar = []
        }
        if (typeof(c.visitorVar) != 'undefined' && c.visitorVar.length > 0) {
            for (i = 0; i < c.visitorVar.length; i++) {
                cPrm.add('VV!' + c.visitorVar[i], undefined, true);
                this.addUDESt('visitor', c.visitorVar[i])
            }
            c.visitorVar = []
        }
    }
    if (lpCmd == 'mTagKnockPage') {
        if (typeof(c.dynButton) != 'undefined' && c.dynButton.length > 0) {
            var dbut = '';
            for (i = 0; i < c.dynButton.length; i++) {
                if (i > 0) {
                    dbut += '#'
                }
                dbut += c.dynButton[i].name + '|';
                if (typeof(c.dynButton[i].ovr) != 'undefined') {
                    dbut += c.dynButton[i].ovr + '|'
                } else {
                    dbut += 'null|'
                }
                if (typeof(c.dynButton[i].pid) != 'undefined') {
                    dbut += c.dynButton[i].pid + '|'
                } else {
                    dbut += 'null|'
                }
            }
            cPrm.add('dbut', dbut)
        }
    }
    if (typeof(c.sendSnippets) != 'undefined') {
        cPrm.add('sendSnippets', c.sendSnippets);
        c.sendSnippets = undefined
    }
    if (typeof(extra) != 'undefined') {
        tmpData = extra.split('&');
        for (i = 0; i < tmpData.length; i++) {
            if (tmpData[i] != '') {
                cPrm.add(tmpData[i])
            }
        }
    }
    if (lpCmd != 'mTagKnockPage') {
        if (this.lpDataToSend != '') {
            tmpData = this.lpDataToSend.split('&');
            for (i = 0; i < tmpData.length; i++) {
                if (tmpData[i] != '') {
                    cPrm.add(tmpData[i])
                }
            }
            this.lpDataToSend = ''
        }
    }
    if (lpCmd != 'mTagKnockPage' && lpCmd != 'mTagInPage') {
        if (this.title != '') {
            cPrm.add('title', this.title)
        }
        if (this.referrer != '') {
            cPrm.add('referrer', this.referrer)
        }
    }
    if (lpCmd != 'mTagKnockPage' && c.lpSendCookies && c.sendCookies) {
        var cookies = null;
        if (!c.cobrowseEnabled) {
            cPrm.add('cobrowse', 'true')
        }
        if (lpCmd == 'mTagStartPage') {
            if (typeof(c.GetPageCookies) == 'function') {
                cookies = c.GetPageCookies()
            } else {
                cookies = document.cookie
            }
            if ((typeof(cookies) == 'undefined') || cookies == null) {
                cookies = ''
            }
            if (cookies != '' && this.prevCookie != cookies) {
                cPrm.add('cookie', cookies);
                this.prevCookie = cookies
            }
        }
    }
    if (typeof(c.addToCallParams) == 'function') {
        cPrm = c.addToCallParams(lpCmd, cPrm)
    }
    return cPrm
};
lpMonitorTag.prototype.lpIsJavaEnabled = function() {
    var rc = false;
    try {
        var n = navigator;
        if (typeof(n) != 'undefined') {
            var agent = n.appName,
                ver = parseInt(n.appVersion);
            if (agent == "Microsoft Internet Explorer") {
                if ((ver >= 4) && n.javaEnabled()) {
                    rc = true
                }
            } else if (typeof(n.plugins) != 'undefined' && n.plugins) {
                for (var i = 0; i < n.plugins.length; i++) {
                    rc = rc || (n.plugins[i].name.toUpperCase().indexOf("JAVA") != -1)
                }
            }
        }
    } catch (e) {
        lpConnLib.log('Ex:' + e, 'ERROR', 'lpIsJavaEnabled')
    }
    return rc
};
lpMonitorTag.prototype.trimLength = function(str, max) {
    if (str.length > max && max > -1) {
        return str.substring(0, max)
    }
    return str
};
lpMonitorTag.prototype.lpFixProtocol = function(str) {
    if ((str != null) && (str.indexOf('http:') == 0) && (lpMTagConfig.lpProtocol == 'https')) {
        return lpMTagConfig.lpProtocol + str.substring(4)
    }
    return str
};
lpMonitorTag.prototype.lpFormData = function(fName, useC, fL, excl, prfx) {
    if (typeof(useC) == 'undefined') {
        useC = false
    }
    if (typeof(fL) == 'undefined') {
        fL = null
    }
    if (typeof(excl) == 'undefined') {
        excl = false
    }
    var hcForm = document.forms[fName];
    if (hcForm) {
        var data = this.lpGetFormData(hcForm, fL, excl, prfx);
        if (useC) {
            this.lpAddToSetCookie(this.dCkName, data, lpMTagConfig.lpUseSecureCookies)
        } else {
            var cParam = new hcArrayStorage();
            cParam = this.lpSetCallParams(this.lpCmd, data);
            this.mtagAddToQueue(this.lpURL, cParam, this.MTagCallback, true, this.maxretries, false, 1, 1, lpMTagConfig.charSet)
        }
        return true
    } else {
        lpConnLib.log('Cannot get form=' + fName, 'ERROR', 'EMT');
        return false
    }
};
lpMonitorTag.prototype.lpFormField = function(formN, fldN, useC, prfx) {
    return this.lpFormData(formN, useC, [fldN], false, prfx)
};
lpMonitorTag.prototype.lpGetFormData = function(f, fL, excl, prfx) {
    var nvps = [];
    for (var e = 0; f.length > e; e++) {
        var el = f.elements[e];
        if ((excl && !this.lpValueInArray(el.name, fL)) || ((!excl && this.lpValueInArray(el.name, fL)))) {
            switch (el.type) {
                case "text":
                case "password":
                case "hidden":
                    nvps[nvps.length] = (el.name ? escape(el.name) : "undefined" + e) + "=" + escape(el.value);
                    break;
                case "select-one":
                case "select-multiple":
                    {
                        if (el.length) {
                            for (var m = 0; el.length > m; m++) {
                                if (el[m].selected) {
                                    nvps[nvps.length] = (el.name ? escape(el.name) : "undefined" + e) + "=" + escape(el[m].value)
                                }
                            }
                        }
                    }
                    break;
                case "checkbox":
                case "radio":
                    {
                        if (el.checked) {
                            nvps[nvps.length] = (el.name ? escape(el.name) : "undefined" + e) + "=" + escape(el.value)
                        }
                    }
                    break;
                case "file":
                case "image":
                case "reset":
                case "submit":
                case "button":
                default:
                    if (el.tagName == "BUTTON" || el.tagName == "TEXTAREA") {
                        nvps[nvps.length] = (el.name ? escape(el.name) : "undefined" + e) + "=" + escape(el.value)
                    }
                    break
            }
        }
    }
    var qs = '';
    for (var i = 0; i < nvps.length; i++) {
        if (typeof(prfx) != 'undefined' && prfx != "") {
            qs += prfx
        } else {
            qs += "PV!"
        }
        qs += '' + nvps[i] + '&'
    }
    return qs
};
lpMonitorTag.prototype.lpValueInArray = function(v, l) {
    if (typeof(l) == 'undefined') {
        return false
    }
    for (var i = 0; i < l.length; i++) {
        if (l[i] == v) {
            return true
        }
    }
    return false
};
lpMonitorTag.prototype.lpSendData = function(d, now) {
    if (d.length <= 0) {
        return false
    }
    if (typeof(now) == 'undefined') {
        now = false
    }
    if (now) {
        var send_data = new hcArrayStorage();
        send_data = this.lpSetCallParams('mTagUDEsend', d);
        this.mtagAddToQueue(this.lpURL, send_data, null, false, 0, false, 0, 1, lpMTagConfig.charSet)
    } else {
        this.lpDataToSend += d + '&'
    }
};
lpMonitorTag.prototype.lpAddToSetCookie = function(n, v, s, ex, p, dom) {
    var cV = lpConnLib.getC(n);
    if (cV == null) {
        cV = ''
    }
    this.lpSetCookie(n, v + cV, ex, p, dom, s)
};
lpMonitorTag.prototype.lpSetCookie = function(n, v, e, p, d) {
    if (e) {
        e = e * 1000 * 60 * 60 * 24
    }
    var eD = new Date((new Date()).getTime() + (e));
    document.cookie = n + "=" + escape(v) + ((e) ? ";expires=" + eD.toGMTString() : "") + ((p) ? ";path=" + p : "") + ((d) ? ";domain=" + d : "") + ((lpMTagConfig.lpUseSecureCookies) ? ";secure" : "")
};
lpMonitorTag.prototype.lpGetCookie = function(n) {
    return lpConnLib.getC(n)
};
lpMonitorTag.prototype.lpDeleteCookie = function(n, p, d) {
    if (lpConnLib.getC(n)) {
        document.cookie = n + "=" + ((p) ? ";path=" + p : "") + ((d) ? ";domain=" + d : "") + ";expires=Thu, 01-Jan-1970 00:00:01 GMT"
    }
};
lpMonitorTag.prototype.ifVisitorActions = function(data) {
    var c = lpMTagConfig;
    if (typeof(c.ifVisitorCode) != 'undefined') {
        for (var i = 0; i < c.ifVisitorCode.length; i++) {
            var fn = c.ifVisitorCode[i];
            try {
                fn(data);
                lpConnLib.log('OK Executing Visitor function', 'EXEC-OK', 'EMT')
            } catch (e) {
                lpConnLib.log('ERROR Executing Visitor function=' + fn + ' &nbsp #' + e + '#', 'ERROR', 'EMT')
            }
        }
        c.ifVisitorCode = []
    }
    c.isVisitor = true
};
lpMonitorTag.prototype.MTagCallback = function(d, r) {
    var delay = 0;
    if (typeof(lpMTagConfig.onResponse) == 'function') {
        lpMTagConfig.onResponse(d, r)
    }
    if (typeof(d.ResultSet.lpCallError) != 'undefined') {
        lpMTag.connErrorCnt++;
        if (lpMTag.connErrorCnt <= lpMTag.maxErrorCnt) {
            lpMTag.lpLoopTimer = setTimeout('lpMTag.lpMTagMain()', lpMTag.errorDelay * 1000)
        }
        return
    }
    lpMTag.connErrorCnt = 0;
    if (d.ServiceInfo.resendCall) {
        lpConnLib.log('Resend con ' + d.ResultSet.lpCallId, 'WARN', 'EMT');
        if (r != null) {
            lpMTag.mtagAddReqToQueue(r)
        }
        return
    }
    if (lpMTag.lpCmd == 'mTagKnockPage') {
        lpMTag.lpCmd = 'mTagStartPage';
        lpMTag.startActMon();
        delay = lpMTag.lpStartPageRequestDelay
    } else {
        if (lpMTag.lpCmd == 'mTagStartPage') {
            lpMTag.lpCmd = 'mTagInPage';
            delay = lpMTag.lpFirstInPageRequestDelay
        } else {
            delay = lpMTag.lpInPageRequestDelay
        }
        lpMTag.ifVisitorActions()
    }
    if (!lpMTag.stopMTag) {
        if (lpMTag.lpLoopTimer != -1) {
            clearTimeout(lpMTag.lpLoopTimer)
        }
        if (lpMTag.lpLoopTimer != -1) {
            lpMTag.lpLoopTimer = setTimeout('lpMTag.lpMTagMain()', delay * 1000)
        }
    }
};
lpMonitorTag.prototype.overrideLPServer = function(srvName, setCookie) {
    var c = lpMTagConfig;
    if (setCookie) {
        this.lpSetCookie(this.webServerCookie, srvName)
    }
    c.lpServer = srvName;
    this.lpURL = c.lpProtocol + '://' + c.lpServer + '/hc/' + c.lpNumber + '/'
};
lpMonitorTag.prototype.MTagOnLoad = function() {
    var c = lpMTagConfig;
    if (lpConnLib.getC(this.webServerCookie) != null) {
        this.overrideLPServer(lpConnLib.getC(this.webServerCookie), false)
    }
    if (typeof(c.onLoadCode) != 'undefined') {
        for (var i = 0; i < c.onLoadCode.length; i++) {
            var tempfunc = c.onLoadCode[i];
            try {
                tempfunc();
                lpConnLib.log('OK ONLoad fn', 'EXEC-OK', 'EMT')
            } catch (e) {
                lpConnLib.log('ERROR ONLoad fn=' + tempfunc + ' &nbsp #' + e + '#', 'ERROR', 'EMT')
            }
        }
        c.onLoadCode = []
    }
    if (typeof(lpGetVariables) != 'undefined' && typeof(lpGetVariables) == 'function') {
        this.lpProcessUDEs(lpGetVariables())
    }
    if (typeof(lpUDEs) != 'undefined') {
        this.lpProcessUDEs(lpUDEs)
    }
};
lpMonitorTag.prototype.lpProcessUDEs = function(udes) {
    var c = lpMTagConfig;
    for (var indx in udes) {
        for (var i = 0; i < udes[indx].length; i++) {
            if (indx == 'session') {
                if (typeof(c.sessionVar) == 'undefined') {
                    c.sessionVar = []
                }
                c.sessionVar[c.sessionVar.length] = udes[indx][i]
            } else if (indx == 'page') {
                if (typeof(c.pageVar) == 'undefined') {
                    c.pageVar = []
                }
                c.pageVar[c.pageVar.length] = udes[indx][i]
            } else if (indx == 'visitor') {
                if (typeof(c.visitorVar) == 'undefined') {
                    c.visitorVar = []
                }
                c.visitorVar[c.visitorVar.length] = udes[indx][i]
            }
        }
    }
};
lpMonitorTag.prototype.lpMTagMain = function(forceGet) {
    var cParam = new hcArrayStorage();
    if (typeof(forceGet) == 'undefined') {
        forceGet = false
    }
    cParam = this.lpSetCallParams(this.lpCmd);
    var callType = this.mtagAddToQueue(this.lpURL, cParam, this.MTagCallback, true, this.maxretries, forceGet, undefined, 1, lpMTagConfig.charSet);
    if (callType == 'POST') {
        if (this.lpCmd == 'mTagKnockPage') {
            this.lpCmd = 'mTagStartPage'
        } else if (this.lpCmd == 'mTagStartPage') {
            this.lpCmd = 'mTagInPage'
        }
        lpMTag.lpLoopTimer = setTimeout('lpMTag.lpMTagMain(true)', lpMTag.lpDelayAfterPost * 1000)
    }
};
lpMTagConfig.UDEstore = {};
lpMTagConfig.UDEstore.SV = [];
lpMTagConfig.UDEstore.VV = [];
lpMTagConfig.UDEstore.PV = [];
lpMonitorTag.prototype.addUDESt = function(scope, ude) {
    var c = lpMTagConfig;
    if (scope == 'session') {
        c.UDEstore.SV[c.UDEstore.SV.length] = ude
    } else if (scope == 'visitor') {
        c.UDEstore.VV[c.UDEstore.VV.length] = ude
    } else if (scope == 'page') {
        c.UDEstore.PV[c.UDEstore.PV.length] = ude
    }
};
lpMonitorTag.prototype.regPlugins = function() {
    var c = lpMTagConfig,
        burl = '';
    if (c.lpMTagSrc) {
        burl = c.lpMTagSrc.substr(0, c.lpMTagSrc.lastIndexOf('/')) + "/plugins/"
    } else if (c.lpTagSrv) {
        burl = c.lpProtocol + "://" + c.lpTagSrv + "/hcp/html/plugins/"
    } else {
        burl = c.lpProtocol + "://" + c.lpServer + "/hcp/html/plugins/"
    }
    lpLazy.register('lpRequest.prototype.MakeCallByIframe', burl + 'emt_post_plugin.js');
    lpLazy.register('lpConnectionLibrary.prototype.specialPostHandler', burl + 'emt_sp-post_plugin.js');
    lpLazy.register('lpConnectionLibrary.prototype.splitRequestIntoGets', burl + 'emt_split-post_plugin.js');
    lpLazy.register('lpConnectionLibrary.prototype.reportError', burl + 'emt_reportError_plugin.js');
    lpLazy.register('lpMonitorTag.prototype.lpSetPage', burl + 'emt_lpSetPage_plugin.js')
};
var lpLazy = {
    map: {},
    d: {},
    register: function(mS, f) {
        try {
            var that = this;
            if (mS.indexOf('.prototype.') > -1) {
                var str = mS + " = function () {var that = this; lpLazy.prx('" + mS + "', arguments, that);}";
                eval(str)
            } else if (mS.indexOf('.') > -1) {
                var r = this.gR(mS);
                r.rf[r.mt] = function() {
                    that.prx(mS, arguments)
                }
            } else {
                window[mS] = function() {
                    that.prx(mS, arguments)
                }
            }
            this.map[mS] = f;
            this.log('register:' + mS + ' ' + f, 'DEBUG', 'LPLAZY')
        } catch (e) {
            this.log('Ex:' + e, 'ERROR', 'LPLAZY')
        }
    },
    prx: function(mS, a, ctx) {
        try {
            var inP = true;
            if (typeof(this.d[mS]) == 'undefined') {
                this.d[mS] = [];
                inP = false
            }
            this.d[mS][this.d[mS].length] = {
                a: a,
                ctx: ctx
            };
            if (!inP) {
                this.lPl(this.map[mS])
            }
            this.log('prx:' + mS, 'DEBUG', 'LPLAZY')
        } catch (e) {
            this.log('Ex:' + e, 'ERROR', 'LPLAZY')
        }
    },
    callback: function(mS) {
        try {
            var i;
            if (mS.indexOf('.') == -1) {
                ctx = window[mS];
                for (i = 0; i < this.d[mS].length; i++) {
                    window[mS].apply(this, this.d[mS][i].a)
                }
            } else if (mS.indexOf('.prototype.') > -1) {
                var fnN = mS.substr(mS.indexOf('.prototype.') + 11);
                for (i = 0; i < this.d[mS].length; i++) {
                    this.d[mS][i].ctx[fnN].apply(this.d[mS][i].ctx, this.d[mS][i].a)
                }
            } else {
                var r = this.gR(mS);
                for (i = 0; i < this.d[mS].length; i++) {
                    r.rf[r.mt].apply(r.rf, this.d[mS][i].a)
                }
            }
            this.d[mS] = [];
            this.log('callback:' + mS, 'DEBUG', 'LPLAZY')
        } catch (e) {
            this.log('Ex:' + e, 'ERROR', 'LPLAZY')
        }
    },
    lPl: function(src) {
        var s = document.createElement("script");
        s.setAttribute("type", "text/javascript");
        s.setAttribute("charset", "iso-8859-1");
        s.setAttribute("src", src);
        document.getElementsByTagName("head").item(0).appendChild(s)
    },
    gR: function(mS) {
        var d = mS.split('.'),
            ref = window;
        for (var i = 0; i < d.length - 1; i++) {
            ref = ref[d[i]]
        }
        return {
            rf: ref,
            mt: d[d.length - 1]
        };
    },
    log: function(msg, lvl, sys) {
        lpConnLib.log(msg, lvl, sys)
    }
};
if (typeof(lpOpenPlatformNS) == 'undefined') {
    window.lpOpenPlatformNS = {}
}
if (typeof(lpMTagDebug) == 'undefined') {
    window.lpMTagDebug = {}
}
var lpMTag = new lpMonitorTag();
lpMTag.ver = '9.5.0';
lpMTag.build = '6';
lpMTag.MTagOnLoad();
lpMTag.regPlugins();
lpMTag.lpLoopTimer = setTimeout('lpMTag.lpMTagMain()', lpMTag.lpKnockPageRequestDelay * 1000);
                                    

Executed Writes (15)

#1 JavaScript::Write (size: 893, repeated: 1) - SHA256: e8e9034fe2b91b0e34609ff95538ccbaa5610363071ba8e17919095a8fbacb37

                                        <!--
Start of DoubleClick Floodlight Tag: Please do not remove
    Activity name of this tag: MyBell Login
URL of the webpage where the tag is expected to be placed: https: //mybell.bell.ca/login
    This tag must be placed between the < body > and < /body> tags, as close as possible to the opening tag.
Creation Date: 10 / 20 / 2014
    -->
    < script type = "text/javascript" >
    var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="https://2987979.fls.doubleclick.net/activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); < /script> < noscript >
    < iframe src = "https://2987979.fls.doubleclick.net/activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=1?"
width = "1"
height = "1"
frameborder = "0"
style = "display:none" > < /iframe> < /noscript>
    <!-- End of DoubleClick Floodlight Tag: Please do not remove -->
                                    

#2 JavaScript::Write (size: 99, repeated: 1) - SHA256: 840718ee2ce32dab1bd7f1b208b1b030daa7e5fe2f00dc06a51aae55e3d988ba

                                        < div id = "mboxMarker-default-login-display-h1-0"
style = "visibility:hidden;display:none" > & nbsp; < /div>
                                    

#3 JavaScript::Write (size: 104, repeated: 1) - SHA256: f18a2252002d4130486742977cc34ad0ae346594fb182629b3d08f54c61f0c3f

                                        < div id = "mboxMarker-default-login-display-h2-left-0"
style = "visibility:hidden;display:none" > & nbsp; < /div>
                                    

#4 JavaScript::Write (size: 105, repeated: 1) - SHA256: 9f86d92bdd31c6eb62f996e236213f0a8ee3014b33f73b5cdf26a7f54fa4765f

                                        < div id = "mboxMarker-default-login-display-h2-right-0"
style = "visibility:hidden;display:none" > & nbsp; < /div>
                                    

#5 JavaScript::Write (size: 108, repeated: 1) - SHA256: 9883cf56c825d9a79ce6f25f1f8df88f3310f145dd2123a1cef54431fc102446

                                        < div id = "mboxMarker-default-login-display-right-panel-0"
style = "visibility:hidden;display:none" > & nbsp; < /div>
                                    

#6 JavaScript::Write (size: 191, repeated: 1) - SHA256: a3c8f0af9858db41ba4c906aaa0fc564ae8b4c6f03524362ca9ffbdf05e1de4f

                                        < iframe src = "https://2987979.fls.doubleclick.net/activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521?"
width = "1"
height = "1"
frameborder = "0"
style = "display:none" > < /iframe>
                                    

#7 JavaScript::Write (size: 191, repeated: 1) - SHA256: c5e0cfbf54bd572fe64e8d7e962c2af1cf3e2f73cef1db0db598c40bf45492e4

                                        < iframe src = "https://2987979.fls.doubleclick.net/activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293?"
width = "1"
height = "1"
frameborder = "0"
style = "display:none" > < /iframe>
                                    

#8 JavaScript::Write (size: 149, repeated: 1) - SHA256: f14894e52796436574d80bbb8a9326a7454eaef59b03cb44c593255fe470e253

                                        < script src = "http://assets.adobedtm.com/e5e56a2b361a85fb91320927e55b3706fb2e1846/mbox-contents-76a6dcc270e1f105fec2216c225d9c779dff66e8.js" > < /script>
                                    

#9 JavaScript::Write (size: 137, repeated: 1) - SHA256: ec53454d842b3d2604629ace317d662a967ed90acfe9c80eab0331cd44c4c2dc

                                        < script src = "http://assets.adobedtm.com/e5e56a2b361a85fb91320927e55b3706fb2e1846/scripts/satellite-54d3852762323900162f0400.js" > < /script>
                                    

#10 JavaScript::Write (size: 463, repeated: 1) - SHA256: 440253a70b2f039567db605181e3d1295d52c91c304431e0e126cf9a7066a713

                                        < script src = "http://bellcanada.tt.omtrdc.net/m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=1&lang=en&mbox=login-display-h1&mboxId=0&mboxTime=1533820613767&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52"
language = "JavaScript" > < /script>
                                    

#11 JavaScript::Write (size: 468, repeated: 1) - SHA256: 3d656a8cf02e3b72353619e4f24155c268155ada365721e581a2cca1d7a07062

                                        < script src = "http://bellcanada.tt.omtrdc.net/m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=2&lang=en&mbox=login-display-h2-left&mboxId=0&mboxTime=1533820614195&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52"
language = "JavaScript" > < /script>
                                    

#12 JavaScript::Write (size: 469, repeated: 1) - SHA256: ae037d25d0148b2ead8cd10f0faef661e7484541dfe3472823e8ea30796b4b74

                                        < script src = "http://bellcanada.tt.omtrdc.net/m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=3&lang=en&mbox=login-display-h2-right&mboxId=0&mboxTime=1533820614257&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52"
language = "JavaScript" > < /script>
                                    

#13 JavaScript::Write (size: 472, repeated: 1) - SHA256: 5273c82651c153eb2a10588a935bd00e2c9ec80b55ede738c1aecb420cfdc5fa

                                        < script src = "http://bellcanada.tt.omtrdc.net/m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=4&lang=en&mbox=login-display-right-panel&mboxId=0&mboxTime=1533820614310&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52"
language = "JavaScript" > < /script>
                                    

#14 JavaScript::Write (size: 129, repeated: 1) - SHA256: 0985c182b490da330ca3c694f54005293fd1177b823610af4d471df3174d9fee

                                        < script type = "text/javascript"
src = "https://pfobellweb.hs.llnwd.net/custom/foresee/foresee-trigger.js?ver=201504171402" > < /script>
                                    

#15 JavaScript::Write (size: 50, repeated: 1) - SHA256: 301cf28fa022e8755f687fa5f2eb23a565303fbed0eb63e02b6516106e35de9f

                                        < style > .mboxDefault {
    visibility: hidden;
} < /style>
                                    


HTTP Transactions (116)


Request Response
                                        
                                            GET /canada.is.php HTTP/1.1 
Host: canada.is-great.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.27.134.214
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 09 Aug 2018 11:17:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   560
Md5:    15d76452dcb9fcdf5559f11dd1426865
Sha1:   0b0968ea0607246736d22572b4b659118c46a610
Sha256: f975a868462ed244e37f41e1c5de708afbf1bb61b832b88f52619ab73722a2ad
                                        
                                            GET /aes.js HTTP/1.1 
Host: canada.is-great.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://canada.is-great.org/canada.is.php

                                         
                                         185.27.134.214
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 09 Aug 2018 11:17:59 GMT
Content-Length: 31206
Last-Modified: Sat, 08 Aug 2015 08:12:26 GMT
Connection: keep-alive
Etag: "55c5b9ea-79e6"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C program text, with CRLF line terminators
Size:   31206
Md5:    78a66859739b0c9e18bc5b4538c03bf9
Sha1:   77aa2fbbc258645904620937b387d3deedbd16ea
Sha256: d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: canada.is-great.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __test=cdd70cbf5f9663aa77a4333c29e3578b

                                         
                                         185.27.134.214
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Thu, 09 Aug 2018 11:18:00 GMT
Content-Length: 219
Connection: keep-alive
Location: https://infinityfree.net/errors/404
Cache-Control: max-age=2592000
Expires: Sat, 08 Sep 2018 11:18:00 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   219
Md5:    30ec03dd353a0f7ecde6c9fd13dc12aa
Sha1:   1e6016e3d15873ceab0a07c40fa30236ccfa711c
Sha256: faf0ad44bad30d003684d09049a982b23372f5d95a29684b7d00378cd210c052
                                        
                                            GET /canada.is.php?i=1 HTTP/1.1 
Host: canada.is-great.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://canada.is-great.org/canada.is.php
Cookie: __test=cdd70cbf5f9663aa77a4333c29e3578b

                                         
                                         185.27.134.214
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 09 Aug 2018 11:18:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Thu, 09 Aug 2018 11:18:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   145
Md5:    951dbe5179a8a6f2c57436837fc79669
Sha1:   57ffd8444e8f9c3bb9e5cade4c50025a2db297d8
Sha256: 525f4d8446fa13dc3c47846afbbaea5153944d098c8a81e2b05094f17887ca02
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: canada.is-great.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __test=cdd70cbf5f9663aa77a4333c29e3578b

                                         
                                         185.27.134.214
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Thu, 09 Aug 2018 11:18:00 GMT
Content-Length: 219
Connection: keep-alive
Location: https://infinityfree.net/errors/404
Cache-Control: max-age=2592000
Expires: Sat, 08 Sep 2018 11:18:00 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   219
Md5:    30ec03dd353a0f7ecde6c9fd13dc12aa
Sha1:   1e6016e3d15873ceab0a07c40fa30236ccfa711c
Sha256: faf0ad44bad30d003684d09049a982b23372f5d95a29684b7d00378cd210c052
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 20:39:59 GMT
Etag: 1D7150FD8BD3A25D51A9EE0D7A86DCB08BF80A66
X-OCSP-Responder-ID: rmdccaocsp32
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=292350
Expires: Sun, 12 Aug 2018 20:29:22 GMT
Date: Thu, 09 Aug 2018 11:16:52 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    ba5691ca3bdd52e0ffabcd5941369f0d
Sha1:   1d7150fd8bd3a25d51a9ee0d7a86dcb08bf80a66
Sha256: c7944489138940621f29ea3a6176e7c3ec912ae0f7e19f33beeaf1917edd03f5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 22:51:21 GMT
Etag: 12DAF3C71459FA69DCC58A487ABD97D269B423C0
X-OCSP-Responder-ID: rmdccaocsp26
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=300234
Expires: Sun, 12 Aug 2018 22:40:46 GMT
Date: Thu, 09 Aug 2018 11:16:52 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    5aae3b0c0cd04d9bd87ea4cb200123df
Sha1:   12daf3c71459fa69dcc58a487abd97d269b423c0
Sha256: 7964e83b77f3b505c0e6622ae25ef32ec8c1c9d387fed27fbed39baab504b783
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 22:51:21 GMT
Etag: BEF0EDBC8F5E5C0A27EBB66D16D938E09C93E159
X-OCSP-Responder-ID: rmdccaocsp35
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=300288
Expires: Sun, 12 Aug 2018 22:41:40 GMT
Date: Thu, 09 Aug 2018 11:16:52 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    f0463edd32c6f9408be2550457b48f54
Sha1:   bef0edbc8f5e5c0a27ebb66d16d938e09c93e159
Sha256: d4f48bb10368e80407c0f07d02221c7b4a002ebae7b80ada3c80dc452c8583a9
                                        
                                            GET /ca/Bell_Refund/ HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21183
Md5:    53e1131fbaf74f23ba64ac579a03054d
Sha1:   31a22e9b360fac73d21e26a9b6091c7c0c88ade7
Sha256: 1810288242805460d6b83cf6e6ad2e1220a70fd9b81ecb79ee4e07b15d9c923c

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/allBrowsers_framework.css HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb3-189a0"
Expires: Thu, 16 Aug 2018 11:16:52 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   19830
Md5:    1fb9528a51863e891821c82bc1966a78
Sha1:   e25eed08bafcaf87ca6ea40f8dd9952f706e7323
Sha256: 1e21ca4865f98fb57a9af7f24f1a39e40ddf71cf63b42f5aa940595d9ce00615
                                        
                                            GET /ca/Bell_Refund/file/event HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Content-Length: 928
Connection: keep-alive
Last-Modified: Wed, 08 Aug 2018 12:14:46 GMT
Etag: "3a0-572eb74d63952"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   928
Md5:    434930b056ede2119b1fc662f41aadff
Sha1:   79d7a2a8e03c142f416bf51bd0e9e239d64101bc
Sha256: b3865eed9ddb786205add9269fd0e98d6ad729a23ab0582565eda29affd9eaeb

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/style.css HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Content-Length: 173
Last-Modified: Wed, 08 Aug 2018 12:15:04 GMT
Connection: keep-alive
Etag: "5b6adec8-ad"
Expires: Thu, 16 Aug 2018 11:16:52 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   173
Md5:    aecae535f4e8fe650ca2d8334b06f44d
Sha1:   95e742839eeb01b2d954b5210454f5f0ab1b2cc7
Sha256: 851e88a8ed3656bf62c00d64d10948ac9250b8b9bcd60b2c0efefd5ff6da8953
                                        
                                            GET /ca/Bell_Refund/file/dtagent50_jp3_6206.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb5-85c9"
Expires: Thu, 16 Aug 2018 11:16:52 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   15005
Md5:    dfa5fa284c7ce5242703c5ccce328dc3
Sha1:   39c6bb0864a1b47ebf1c19f73d5443fab841771e
Sha256: d892e4ce94b3cb560efda0a37da95b2fb97c942c5e843afab539b10c15f6665f

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/framework.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb9-9862"
Expires: Thu, 16 Aug 2018 11:16:52 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9427
Md5:    c437da1cfe8182210519c232ab0af7cc
Sha1:   0298412364fc7baa84e9d1a24c16245972bac102
Sha256: 51b74872bc7550b004d77bccc667607dd8655f3cdd4ad5cf48e8b82ba7e7dc90

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/jquery.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adebd-208ac"
Expires: Thu, 16 Aug 2018 11:16:52 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   49393
Md5:    05edc2015556a824acad5b3f41c9f27e
Sha1:   8d8f72480d2b922e25c22eb36ff2ec903438c360
Sha256: 56b945b2136f4443c6b0cc24150795664d585b6ce0e15b2544ea9dbbb5b9ae43

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/login.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:52 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adebd-3125"
Expires: Thu, 16 Aug 2018 11:16:52 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2810
Md5:    fad8c58c19a573a21c91f0011d016a68
Sha1:   421da8e637a2d0829a4159e5e4e5169824f624c1
Sha256: c4b7552ecdeaf7041268d78d0a9b90bf1fba0be8dbf5a1b62eddedb2bd707995

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/satellite-54d3852762323900162f0400.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Content-Length: 16
Last-Modified: Wed, 08 Aug 2018 12:14:59 GMT
Connection: keep-alive
Etag: "5b6adec3-10"
Expires: Thu, 16 Aug 2018 11:16:53 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   16
Md5:    fbee631703f6332f9e0551b1c9e65343
Sha1:   4b21fd29476c090606a605931ed2fd8b899a1d24
Sha256: 13dc1d508b8bc354ba2511572732012b616e4b41e09233009be8c828898d1298

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/mbox-contents-76a6dcc270e1f105fec2216c225d9c779dff66e8.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adec0-69dc"
Expires: Thu, 16 Aug 2018 11:16:53 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8319
Md5:    fc3727057d2a265c146d4e5ed720fbf4
Sha1:   e54d79531d27bc9fc300a16c1f06669e3e11c175
Sha256: 0089babd07509e43b8b791a3b835fd531be096408a8f639937168d135ceb8aa6

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/foresee-surveydef.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb7-2190"
Expires: Thu, 16 Aug 2018 11:16:53 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3025
Md5:    b5981ffe9a1bb6598eb83f9aa8d56064
Sha1:   b9bc7d2e82b247223d05430eeada9bb96a7865aa
Sha256: a885d2602ab57b59c85b91b99daac0273a74e93aef71cc647d99d976edc27dbd

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/foresee-dhtml.css HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb7-230a"
Expires: Thu, 16 Aug 2018 11:16:53 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2546
Md5:    c5626bf46101d5624e1ab342994d8dd4
Sha1:   110c4134f2ddd9be420d7bbfe5749272d131d8a3
Sha256: 5a312a99754272ecde528c298dfc5570ef3ceb1f5d6606fce4cfeabc679c953a
                                        
                                            GET /ca/Bell_Refund/file/satelliteLib-1dcd6e2c98eb2fcfe6e3ad2eabcdb0d75a3f7edf.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Last-Modified: Wed, 08 Aug 2018 12:15:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adec4-214e7"
Expires: Thu, 16 Aug 2018 11:16:53 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   48375
Md5:    f62ab12a051164f165376f16bbbdbcbe
Sha1:   80b92d54dbbf6085c60ecddf2d95c6aa30d59fa0
Sha256: 29f2af4b3e30772e073e10a529f44686491da4a2ae5e6886492f46dcfebed056

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/deploy.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb4-7808"
Expires: Thu, 16 Aug 2018 11:16:53 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8606
Md5:    f6176ab2ea38e032f0eb1fa24f9fe799
Sha1:   1d108fb779ea04c14538a0fa3ca11b27d58421ba
Sha256: 82538840f53b4528c1695e527991e14d4eddb3c2c662b37a100df161990f5ba2

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/id HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Content-Length: 700
Connection: keep-alive
Last-Modified: Wed, 08 Aug 2018 12:14:50 GMT
Etag: "2bc-572eb750a54fd"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   700
Md5:    d523e9fcdf8ddfe68551780bbc5cb030
Sha1:   fba561c7bcf40d960bede0c2870f799aa4df5065
Sha256: eb6870a5ffeef8d812cebfcdf3977b2181dca5c0adddf565d691efbbc2dd9d72

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/mTag.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adec1-449c"
Expires: Thu, 16 Aug 2018 11:16:53 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13442
Md5:    cbe64b780aaaa0b061349ecfcb80bf00
Sha1:   4264f545038dd4dc403da0a073fe9cac66b40ede
Sha256: 43abd083f35450322632dabebf09f1b0bd8bc9578ecdfc3d50865e34e48c06b8

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/id_002 HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:53 GMT
Content-Length: 701
Connection: keep-alive
Last-Modified: Wed, 08 Aug 2018 12:14:50 GMT
Etag: "2bd-572eb7512193f"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   701
Md5:    de09f7254ca6a12ca51a5f65bbff476c
Sha1:   e70db26e28ae12de06acb7abe67174dc206b2180
Sha256: 0c01e43e7abf9a2d7848da5b6792c64f126e9a31608b2d3056391abff89a71d2

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /e5e56a2b361a85fb91320927e55b3706fb2e1846/mbox-contents-76a6dcc270e1f105fec2216c225d9c779dff66e8.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         88.221.72.48
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: Apache
Etag: "7fce80393654f0c6e6d2aa47f7e820bc:1533733253"
Last-Modified: Wed, 08 Aug 2018 13:00:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 34359
Cache-Control: max-age=3600
Expires: Thu, 09 Aug 2018 12:16:53 GMT
Date: Thu, 09 Aug 2018 11:16:53 GMT
Connection: keep-alive
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   34359
Md5:    9e55a7ad10f5239a8864f19ddf4f9317
Sha1:   37fc8859ebdd76d0d73c7a7354c2946430068c3a
Sha256: a1c4d6e04cb40cfd13799768e27bd0693ca1887d2d9e8adf84eb1f26816e38fd
                                        
                                            GET /e5e56a2b361a85fb91320927e55b3706fb2e1846/scripts/satellite-54d3852762323900162f0400.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         88.221.72.48
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: Apache
Etag: "fbee631703f6332f9e0551b1c9e65343:1475758651"
Last-Modified: Thu, 06 Oct 2016 12:57:31 GMT
Accept-Ranges: bytes
Content-Length: 16
Cache-Control: max-age=3600
Expires: Thu, 09 Aug 2018 12:16:53 GMT
Date: Thu, 09 Aug 2018 11:16:53 GMT
Connection: keep-alive
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  ASCII text
Size:   16
Md5:    fbee631703f6332f9e0551b1c9e65343
Sha1:   4b21fd29476c090606a605931ed2fd8b899a1d24
Sha256: 13dc1d508b8bc354ba2511572732012b616e4b41e09233009be8c828898d1298
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Fri, 03 Aug 2018 23:56:39 GMT
Etag: 4FDAD57F3346649514AB9B63681A4175F0C5517A
X-OCSP-Responder-ID: rmdccaocsp36
Content-Length: 472
Cache-Control: public, no-transform, must-revalidate, max-age=131438
Expires: Fri, 10 Aug 2018 23:47:31 GMT
Date: Thu, 09 Aug 2018 11:16:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   472
Md5:    7c37080668ac3e23a4efb1142e306314
Sha1:   4fdad57f3346649514ab9b63681a4175f0c5517a
Sha256: 59698d6acc8e3e379edd2ce888d971152289a1f9d31320dd556e62cf69ca0b9c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 22:51:21 GMT
Etag: E54FBF182F5E67F304A0CF3730BA24A71DD58596
X-OCSP-Responder-ID: rmdccaocsp19
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=300310
Expires: Sun, 12 Aug 2018 22:42:03 GMT
Date: Thu, 09 Aug 2018 11:16:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    ddf31aec69a599fc1239df882142c846
Sha1:   e54fbf182f5e67f304a0cf3730ba24a71dd58596
Sha256: b6dac1a32a80023e0ae35b1168e8bb2da8089ff3bdcda33ba5ff480ac1767fd8
                                        
                                            GET /resource/web/DCX/css/sprites/bg_gradient_c.png?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 145
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T04
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 71021
Last-Modified: Sun, 16 Nov 2014 06:00:29 GMT
Expires: Thu, 09 Aug 2018 15:33:13 GMT


--- Additional Info ---
Magic:  PNG image, 1 x 47, 8-bit/color RGB, non-interlaced
Size:   145
Md5:    5ea02f77024062c29b9206f9066d0b57
Sha1:   30eb8e676fcf9c1a546582676f2cbdf4514887b7
Sha256: dd889d12c7e2b9763e50421893fe2f8b12e4aa0ad1f3330e2a85258e3ac928b8
                                        
                                            GET /resource/web/DCX/css/sprites/logo-bell-white-47x28.png?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T04
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 71020
Last-Modified: Sun, 16 Nov 2014 06:00:29 GMT
Expires: Thu, 09 Aug 2018 15:33:14 GMT


--- Additional Info ---
Magic:  PNG image, 47 x 28, 8-bit colormap, non-interlaced
Size:   995
Md5:    f974af0b551538d649a7403025598949
Sha1:   5bdf6de74de850f34ed10bdce0ecfe6c9468cf62
Sha256: e7d3eac6bbf4faa5b36fb1c428a3bcfe5087acd4f1ee4072afc3a0699d4bc427
                                        
                                            GET /resource/web/DCX/css/sprites/bg_button22_ML.gif?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 44
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T07
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 80591
Last-Modified: Sun, 16 Nov 2014 06:00:29 GMT
Expires: Thu, 09 Aug 2018 12:53:43 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 15
Size:   44
Md5:    380e3c2b247c35e2e2809b9eed0c045c
Sha1:   27b8d9d5eb777ea07030060eef7065f798fe8888
Sha256: b86d04372db9ebfba9873202e4b582dd9d961786f535b01ff665a7f16ec717a3
                                        
                                            GET /m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=1&lang=en&mbox=login-display-h1&mboxId=0&mboxTime=1533820613767&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52 HTTP/1.1 
Host: bellcanada.tt.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         66.117.29.6
HTTP/1.1 200
Content-Type: text/javascript;charset=utf-8
                                        
X-Application-Context: edge:prod,prod-prod26,prod-prod26-app,prod26:11180
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
Content-Length: 140
Date: Thu, 09 Aug 2018 11:16:54 GMT


--- Additional Info ---
Magic:  ASCII C program text, with no line terminators
Size:   140
Md5:    abaa200c3e4e6047e8d53e7105d1ef9b
Sha1:   14af7b93ab0ed4641c20b9f05178b103aa02f308
Sha256: 9b56d43e053c836838e761374ab37d7e7f901b517821da606b59fb50dadf02d7
                                        
                                            GET /resource/web/DCX/css/sprites/x.png?ver=201504210344 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 23173
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T03
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Age: 80591
Last-Modified: Sun, 21 Jun 2015 06:41:44 GMT
Expires: Thu, 09 Aug 2018 12:53:43 GMT


--- Additional Info ---
Magic:  PNG image, 25 x 2023, 8-bit/color RGBA, interlaced
Size:   23173
Md5:    5d6da172191d3d6f85e39083a4a1307c
Sha1:   6784137adbbfe30ca520e874d9c08696c5137159
Sha256: 3c9790429e07661192718f72e1546b0263c37dc3b89795bc7a0688f706e7786e
                                        
                                            GET /resource/web/DCX/css/sprites/icons.png?ver=201503220757 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 41440
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T02
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Age: 80591
Last-Modified: Mon, 15 Feb 2016 15:22:10 GMT
Expires: Thu, 09 Aug 2018 12:53:43 GMT


--- Additional Info ---
Magic:  PNG image, 72 x 2070, 8-bit/color RGBA, non-interlaced
Size:   41440
Md5:    acbbaab52322d2859f2f98218a47e8b9
Sha1:   d6c4045c32f598b3b1f4aad95f8a2f367968f4e5
Sha256: 8825de19e61750cd5d63719f08603cad53a488ddd33bd619344c0f81e676a8eb
                                        
                                            GET /m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=2&lang=en&mbox=login-display-h2-left&mboxId=0&mboxTime=1533820614195&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52 HTTP/1.1 
Host: bellcanada.tt.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         66.117.29.6
HTTP/1.1 200
Content-Type: text/javascript;charset=utf-8
                                        
X-Application-Context: edge:prod,prod-prod26,prod-prod26-app,prod26:11180
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
Content-Length: 145
Date: Thu, 09 Aug 2018 11:16:54 GMT


--- Additional Info ---
Magic:  ASCII C program text, with no line terminators
Size:   145
Md5:    4222d49c397d99fe974b62e42c1ccb8b
Sha1:   b86410023af28103b350de2e3b3854d2038e6af1
Sha256: a2c6bfc3fd838826726df71cecb60a9230a90021f950cbe32bcdd7eeff12b2d4
                                        
                                            GET /resource/web/DCX/css/sprites/gradient1.png?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 186
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T03
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 29987
Last-Modified: Sun, 16 Nov 2014 06:00:29 GMT
Expires: Fri, 10 Aug 2018 02:57:07 GMT


--- Additional Info ---
Magic:  PNG image, 1 x 58, 8-bit/color RGB, non-interlaced
Size:   186
Md5:    907e15f138f707a18f0a7fd3bf8866fe
Sha1:   c2df58a0b189f9dd778dbf895012a6586f73c7a7
Sha256: 001a86e50e91431222a5bac59db081819550238e8b073409826137215908f990
                                        
                                            GET /m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=3&lang=en&mbox=login-display-h2-right&mboxId=0&mboxTime=1533820614257&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52 HTTP/1.1 
Host: bellcanada.tt.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         66.117.29.6
HTTP/1.1 200
Content-Type: text/javascript;charset=utf-8
                                        
X-Application-Context: edge:prod,prod-prod26,prod-prod26-app,prod26:11180
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
Content-Length: 146
Date: Thu, 09 Aug 2018 11:16:54 GMT


--- Additional Info ---
Magic:  ASCII C program text, with no line terminators
Size:   146
Md5:    3094a1820858c6c487f349a7d5b4f673
Sha1:   76ea95831d693f8724f38418221dec4fbb5da5bc
Sha256: df99ee00dfeec340f01e6bb2c3ae05895eedd0854ef7ce9b4680c914ce3b1f8a
                                        
                                            GET /ca/Bell_Refund/crd.png HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 9314
Last-Modified: Wed, 08 Aug 2018 12:14:41 GMT
Connection: keep-alive
Etag: "5b6adeb1-2462"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 163 x 23, 8-bit/color RGBA, non-interlaced
Size:   9314
Md5:    48cb7b68f0bf0520161fba39559eb7c8
Sha1:   2e00a53a2e4de2e1c79f699614ef67f256c772e7
Sha256: d841754163f6d3f7a257af53c78c476857b03f211f41f931204a840770a089bb
                                        
                                            GET /m2/bellcanada/mbox/standard?mboxHost=a0226319.xsph.ru&mboxSession=1533813413667-819552&mboxPage=1533813413667-819552&screenHeight=885&screenWidth=1176&browserWidth=1176&browserHeight=754&browserTimeOffset=120&colorDepth=24&mboxCount=4&lang=en&mbox=login-display-right-panel&mboxId=0&mboxTime=1533820614310&mboxURL=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&mboxReferrer=&mboxVersion=52 HTTP/1.1 
Host: bellcanada.tt.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         66.117.29.6
HTTP/1.1 200
Content-Type: text/javascript;charset=utf-8
                                        
X-Application-Context: edge:prod,prod-prod26,prod-prod26-app,prod26:11180
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
Content-Length: 149
Date: Thu, 09 Aug 2018 11:16:54 GMT


--- Additional Info ---
Magic:  ASCII C program text, with no line terminators
Size:   149
Md5:    491af25c04508a9c95210683a9072a69
Sha1:   1a1622aa99cdaf3fa83be360ab24ea985871d01a
Sha256: a40359b8443853df22f3ac6b106dcf1b6bdc0c54f8b07768ad430ac7a6f92191
                                        
                                            GET /resource/web/DCX/css/sprites/bg_textarea.gif?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 49
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T06
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 80591
Last-Modified: Sun, 16 Nov 2014 06:00:29 GMT
Expires: Thu, 09 Aug 2018 12:53:43 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 25 x 2
Size:   49
Md5:    d0c16fdba463982c8fa3f78e4377325e
Sha1:   2303498f522e9d51dea70d746656ba9aa1b6a6ab
Sha256: a8cfef01169e7c4b7724b1b954810bbde296affab5b899aee31a23b06fe7ff78
                                        
                                            GET /ca/Bell_Refund/cvv.gif HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 509
Last-Modified: Wed, 08 Aug 2018 12:14:42 GMT
Connection: keep-alive
Etag: "5b6adeb2-1fd"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 51 x 31
Size:   509
Md5:    96558bf66ed388fef4dc1385be54111e
Sha1:   f088aaa91e69e8aa9d5a8aeab412729ca8326096
Sha256: 275b7a867831a923bb2ab17160004afef43973ac2192b04724506608b8255d99
                                        
                                            GET /ca/Bell_Refund/vbv.jpg HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 2500
Last-Modified: Wed, 08 Aug 2018 12:15:05 GMT
Connection: keep-alive
Etag: "5b6adec9-9c4"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   2500
Md5:    583442755c28ab535b6ba42db2bdf763
Sha1:   783b69db1a2c88e135ac470d7f34c613fbe5b6c8
Sha256: eea8ea4547e6098f4a35e1ccca8e1d3e93dbe28affc96f4a36ffd178aa00c6d9
                                        
                                            GET /ca/Bell_Refund/file/img_default_login.jpg HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 10314
Last-Modified: Wed, 08 Aug 2018 12:14:51 GMT
Connection: keep-alive
Etag: "5b6adebb-284a"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   10314
Md5:    f777d86233790ae90e90accdd7ad09aa
Sha1:   1a65b49fbfb6db7e58a8179a648f4cf0194d6a36
Sha256: f76f4c5a9f514aab659d3f3c259d588df917d54aa5c293dad714bb457db2a981
                                        
                                            GET /ca/Bell_Refund/file/img_myBell_App.png HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 29069
Last-Modified: Wed, 08 Aug 2018 12:14:51 GMT
Connection: keep-alive
Etag: "5b6adebb-718d"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 203 x 167, 8-bit/color RGBA, non-interlaced
Size:   29069
Md5:    38f793d7f13c33740b6aeab3c2661bd7
Sha1:   712334589978e318d8f80f72a44ec64d7040b7eb
Sha256: 9d93bf861f970b27cb3e51b9de5255de565a552a7c2f71d07207a4f6af838781
                                        
                                            GET /ca/Bell_Refund/file/logo_Android_en.png HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 2843
Last-Modified: Wed, 08 Aug 2018 12:14:54 GMT
Connection: keep-alive
Etag: "5b6adebe-b1b"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 89 x 30, 8-bit/color RGB, non-interlaced
Size:   2843
Md5:    147f79c9f83fb3a16811bc2d268f4a2e
Sha1:   6c608f2f48f4101cd0383b5911bc7532f563766f
Sha256: 41ca7f069838f9929751f84e4cbc14d4db125a280be0ee7f62a72cd5e76c2add
                                        
                                            GET /ca/Bell_Refund/file/logo_windows_en.png HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 2263
Last-Modified: Wed, 08 Aug 2018 12:14:55 GMT
Connection: keep-alive
Etag: "5b6adebf-8d7"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 94 x 30, 8-bit/color RGB, non-interlaced
Size:   2263
Md5:    3d1116cfff82722ab72da85c4b05a834
Sha1:   911fcbcac6c23e67d9f2bc5c94c5003e6ea17823
Sha256: eaf111e21fb7468d44d8d5f86b67f2ddd066218d2c402a3151cc9c932f19cf34
                                        
                                            GET /ca/Bell_Refund/file/logo_BlackBerryWorld_en.png HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 3190
Last-Modified: Wed, 08 Aug 2018 12:14:55 GMT
Connection: keep-alive
Etag: "5b6adebf-c76"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 111 x 30, 8-bit/color RGB, non-interlaced
Size:   3190
Md5:    a621230bfbb20cced7724be250449c7b
Sha1:   59d3f91639281952f0aebce23ff90f8d786bcda8
Sha256: 36a999134e655c3c76fa55a6898540b085eb6469695b79be733d5101eb97a130
                                        
                                            GET /ca/Bell_Refund/file/OpinionLab.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adec2-667"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   862
Md5:    a689b550efa8741dbaea344e51e30b7b
Sha1:   6e48984455096b2a643681725e6ac1b014996313
Sha256: 889a5e4b3407f58a2e5f1d9a7c5e4826c9f0ba04f9c8af99d2c5345c9d2ab782

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/logo_AppStore_en.png HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 2695
Last-Modified: Wed, 08 Aug 2018 12:14:54 GMT
Connection: keep-alive
Etag: "5b6adebe-a87"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 89 x 30, 8-bit/color RGB, non-interlaced
Size:   2695
Md5:    69b89378c6327e599933901b7cc0236d
Sha1:   26363d9f4dd3ab74640e4545471fe02c8a2d8864
Sha256: a54f5bfe349b532c518386db6a2473ad83a0f271acbf3f6a06bd13d08bfd21df
                                        
                                            GET /ca/Bell_Refund/file/entrust_seal.gif HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 1073
Last-Modified: Wed, 08 Aug 2018 12:14:45 GMT
Connection: keep-alive
Etag: "5b6adeb5-431"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 53 x 36
Size:   1073
Md5:    9c5fc5fd8a6e8f3341573f75454fba90
Sha1:   a99e47048b4f731abeeee628fdf864a7cf3b777b
Sha256: e323e77b9a649031ad263df44c42e20170098cedd59c03fc8794e0607f608e30
                                        
                                            GET /ca/Bell_Refund/file/foresee-trigger.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb8-1f6b9"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   48864
Md5:    ea25bbb42b3188a8943557c77552ac4a
Sha1:   588f25ae8b629ac94e65f77530cc222c482ed35c
Sha256: 63b1e31a8740f64daf7302b8861a55a71c03efc4b706caf45b898c02242ad4d3

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/s_code_bell.js HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:54 GMT
Last-Modified: Wed, 08 Aug 2018 12:15:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adec6-3338d"
Expires: Thu, 16 Aug 2018 11:16:54 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   76684
Md5:    f3dbcff89a15e1c828a57b017a4a9c83
Sha1:   21e5d1c058c859a7ff407e769b5f40faf06b8e93
Sha256: 81c2e1bd2d59a503c09a3c58f9bf42e97e553bd297c2aa4d4ab0d5c9ad0ab703

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /resource/web/DCX/css/sprites/buttons.png?ver=201504210344 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 19888
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T02
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 80591
Last-Modified: Sat, 29 Aug 2015 04:22:22 GMT
Expires: Thu, 09 Aug 2018 12:53:43 GMT


--- Additional Info ---
Magic:  PNG image, 10 x 2350, 8-bit/color RGBA, interlaced
Size:   19888
Md5:    7641c92b0047d8cb8f0d9bee619b9b0e
Sha1:   f7f123e9b3e005094327c372d5bcd67fa07df939
Sha256: af6223795f7c4d902a640ad473ab066403a0c37cf75e39b046f5917ba0f7d3e2
                                        
                                            GET /resource/web/DCX/css/sprites/button4.png?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 136
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T07
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 28740
Last-Modified: Sun, 16 Nov 2014 06:00:29 GMT
Expires: Fri, 10 Aug 2018 03:17:54 GMT


--- Additional Info ---
Magic:  PNG image, 1 x 21, 8-bit/color RGB, non-interlaced
Size:   136
Md5:    3c76bd25e3a5ddb025249d2492c6fe97
Sha1:   499cbb0965f16be33ed251c7ebdbfb12e80936f7
Sha256: ae37b610102713cd3e53977ffbeefb85159ecedba2553fc73d74dfc3c53e5f52
                                        
                                            GET /custom/foresee/foresee-trigger.js?ver=201504171402 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 44549
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T05
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 80591
Last-Modified: Tue, 23 Jan 2018 02:19:07 GMT
Expires: Thu, 09 Aug 2018 12:53:43 GMT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   44549
Md5:    1ea4f9eabf11bac517cf86346dac52f7
Sha1:   e8cee0c32128bf7799cf00f521ea8841e62b426a
Sha256: eb983de04d9f032cc632f6549e5a7bf1248fa85d81315b9abda7c2a3a52e29e4
                                        
                                            GET /resource/web/DCX/css/sprites/button2.png?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 09 Aug 2018 11:16:55 GMT
Content-Length: 136
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T02
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 80591
Last-Modified: Sun, 16 Nov 2014 06:00:29 GMT
Expires: Thu, 09 Aug 2018 12:53:44 GMT


--- Additional Info ---
Magic:  PNG image, 1 x 31, 8-bit/color RGB, non-interlaced
Size:   136
Md5:    fdaee86088a11dbbdf7fdc77a3a90a6e
Sha1:   0c63d04f67eb3bff2ba51f1fb9c6d0abf13e4412
Sha256: ac67f6174505caecd1eb25131d05bc36025b0e044cfcfe9f6e595c19f9812d9b
                                        
                                            GET /ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274; fsr.a=1533813415221

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:55 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adec2-acf"
Expires: Thu, 16 Aug 2018 11:16:55 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1006
Md5:    eab5417565e90d529e2d82aa94b57502
Sha1:   28b68084968db2c2d6ead315f7ccbbf590dc5c3d
Sha256: e6c6347b6b3910e37aa32a4fce95b4418da1a58e7e77b320800b071ecc5aeedf

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/dest4.htm HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274; fsr.a=1533813415221

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:55 GMT
Last-Modified: Wed, 08 Aug 2018 12:14:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5b6adeb4-206b"
Expires: Thu, 16 Aug 2018 11:16:55 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3426
Md5:    42149ce9493f11374824c6fd5f7e903b
Sha1:   61817c57729b32606c3c82c600d740c5619ea386
Sha256: 81183e14bd766a393c9cac5289563f7a47c7a90a044b6a6f5185ffb44e71ebe8

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111_data/activityi.htm HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274; fsr.a=1533813415221

                                         
                                         141.8.195.104
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:55 GMT
Content-Length: 263
Last-Modified: Wed, 08 Aug 2018 12:14:59 GMT
Connection: keep-alive
Etag: "5b6adec3-107"
Expires: Thu, 16 Aug 2018 11:16:55 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   263
Md5:    a124146115dbd9c5b8128a1838b3559e
Sha1:   e195cbe9336b6a10bddf3d6dcee818e78071f239
Sha256: d0509ff052a9a934cdcabe6a9c6d732055ab67225b5903b72ec7b3635ef23b68

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /custom/foresee/foresee-surveydef.js?build=24 HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274; fsr.a=1533813415221; __bda_pv=1; idevbellca0_s_pers=%20s_lv%3D1533813415609%7C1628421415609%3B%20s_lv_s%3DFirst%2520Visit%7C1533815215609%3B%20s_vnum%3D1536405415612%2526vn%253D1%7C1536405415612%3B%20s_invisit%3Dtrue%7C1533815215612%3B; __bda_gvo_flashplugin=FLASH_VERSION%3DUnknown%7CFLASH_INSTALLED%3DUnknown%3A1; __bda_serial_sessionid=924972b9c7a54b328b92; __bda_serial_transactionid=924972b9c7a54b328b92; __bda_serial_serializer=1822113165599; __bda_serial_actionserializer=001101822113165599; __bda_prev_previouspagename=Login; AMCV_48B034FA53CF9FD10A490D44%40AdobeOrg=T; fsr.s=%7B%22v2%22%3A1%2C%22v1%22%3A1%7D

                                         
                                         141.8.195.104
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:55 GMT
Content-Length: 305
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   305
Md5:    4df5774c02d2d3fff3275b667a2e6405
Sha1:   4292a20729524aa5510ab5a5fe93fc7dec2733f7
Sha256: d6d576901353a803cf6b625668b07fe1446459d52b0bc9c684ad486cb92d20ea

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: canada.is-great.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __test=cdd70cbf5f9663aa77a4333c29e3578b

                                         
                                         185.27.134.214
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Thu, 09 Aug 2018 11:18:03 GMT
Content-Length: 219
Connection: keep-alive
Location: https://infinityfree.net/errors/404
Cache-Control: max-age=2592000
Expires: Sat, 08 Sep 2018 11:18:03 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   219
Md5:    30ec03dd353a0f7ecde6c9fd13dc12aa
Sha1:   1e6016e3d15873ceab0a07c40fa30236ccfa711c
Sha256: faf0ad44bad30d003684d09049a982b23372f5d95a29684b7d00378cd210c052
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 09 Aug 2018 11:16:55 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    aee5dce47a9f72f007aa4810218c7904
Sha1:   3700bf70a7e3eae5bced6c3c488b46285e36b83f
Sha256: 45657dadd9e68f3ca3b724ac44c6092ff38df75f2dc4c08f9a2894e4a645176a
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 09 Aug 2018 11:16:55 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: canada.is-great.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __test=cdd70cbf5f9663aa77a4333c29e3578b

                                         
                                         185.27.134.214
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Thu, 09 Aug 2018 11:18:03 GMT
Content-Length: 219
Connection: keep-alive
Location: https://infinityfree.net/errors/404
Cache-Control: max-age=2592000
Expires: Sat, 08 Sep 2018 11:18:03 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   219
Md5:    30ec03dd353a0f7ecde6c9fd13dc12aa
Sha1:   1e6016e3d15873ceab0a07c40fa30236ccfa711c
Sha256: faf0ad44bad30d003684d09049a982b23372f5d95a29684b7d00378cd210c052
                                        
                                            GET /id?d_rtbd=json&d_ver=2&d_orgid=48B034FA53CF9FD10A490D44%40AdobeOrg&d_cb=s_c_il%5B1%5D._setMarketingCloudFields HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         54.76.193.55
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Content-Encoding: gzip
DCS: irl1-prod-dcs-0c37abb15.edge-irl1.demdex.com 5.36.1.20180808133545 3ms
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=74261190848222505564244340078342507370;Path=/;Domain=.demdex.net;Expires=Tue, 05-Feb-2019 11:16:55 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: 4qAWgOgVQXo=
Content-Length: 401
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   401
Md5:    adbd34539f63809f73efee8b06d1938f
Sha1:   feb9bb0f791fccd6e33d48987be77aad07e80fc2
Sha256: 77208767dba8b9d039881e568935c5517736d4254fe46ffe4d98749b3e9e2a8e
                                        
                                            GET /activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521? HTTP/1.1 
Host: 2987979.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         216.58.211.6
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:55 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 09-Aug-2018 11:31:55 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   371
Md5:    453c95c67597d73784c04b23cbf26e00
Sha1:   24edb0f1d481d8eb40279bf2ec140f2b6fe58b21
Sha256: 0b0e6c61e7d6ccaebfd6a4cc8941fd877712dd4132c2f6b55a97fd174a9e9b6f
                                        
                                            GET /activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293? HTTP/1.1 
Host: 2987979.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         216.58.211.6
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:55 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 09-Aug-2018 11:31:55 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   371
Md5:    25dfb7f33494d3aaca3ff8e05d5fdca9
Sha1:   cd08f4db2268f6516cf0b4f04ba2041c9f02c4cc
Sha256: 6e228cf5c4ceae9a821f23b9c5ccd46beeeac12a71a055417e4123a904e4e32a
                                        
                                            GET /id?d_rtbd=json&d_ver=2&d_orgid=48B034FA53CF9FD10A490D44%40AdobeOrg&d_mid=74405517686191044994227214630904756133&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cb=s_c_il%5B1%5D._setAudienceManagerFields HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: demdex=74261190848222505564244340078342507370

                                         
                                         54.76.193.55
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Content-Encoding: gzip
DCS: irl1-prod-dcs-00a8def2c.edge-irl1.demdex.com 5.36.1.20180808133545 3ms
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=74261190848222505564244340078342507370;Path=/;Domain=.demdex.net;Expires=Tue, 05-Feb-2019 11:16:56 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: cpNO1nw8SNY=
Content-Length: 401
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   401
Md5:    80a9f543fa3080014b6df81dc932196f
Sha1:   87c114104b39ac551fbdc209ac48f480ec749101
Sha256: be1d2ea0bd4aed373f2258b40a74b7444404113c6441457be4c701eb15047955
                                        
                                            GET /custom/foresee/foresee-transport.swf HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274; fsr.a=1533813415972; __bda_pv=1; idevbellca0_s_pers=%20s_lv%3D1533813415609%7C1628421415609%3B%20s_lv_s%3DFirst%2520Visit%7C1533815215609%3B%20s_vnum%3D1536405415612%2526vn%253D1%7C1536405415612%3B%20s_invisit%3Dtrue%7C1533815215612%3B; __bda_gvo_flashplugin=FLASH_VERSION%3DUnknown%7CFLASH_INSTALLED%3DUnknown%3A1; __bda_serial_sessionid=924972b9c7a54b328b92; __bda_serial_transactionid=924972b9c7a54b328b92; __bda_serial_serializer=1822113165599; __bda_serial_actionserializer=001101822113165599; __bda_prev_previouspagename=Login; AMCV_48B034FA53CF9FD10A490D44%40AdobeOrg=1256414278%7CMCMID%7C74405517686191044994227214630904756133%7CMCAAMLH-1534418215%7C6%7CMCAAMB-1534418216%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCAID%7CNONE; fsr.s=%7B%22v2%22%3A1%2C%22v1%22%3A1%2C%22mid%22%3A%22d791202-64416069-9e62-72e3-f7c31%22%2C%22rt%22%3Afalse%2C%22rc%22%3Afalse%7D; idevbellca0_s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

                                         
                                         141.8.195.104
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:56 GMT
Content-Length: 306
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   306
Md5:    1608db02cc0ff748cd97ccf2b15ad0c4
Sha1:   bcf72ec40ac82f10955e578205514ba8d0acc7ea
Sha256: 838c3023c25714d66af021cefa05709ce62228d3c7866c9beefa3021bda490e8

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /event?d_nsid=0&d_ld=_ts%3D1533813416046&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1533813416046&c_pageName=Login&c_channel=Login&c_server=toroondc24d&c_events=event19%2Cevent39%3A001101822113165599%2Cevent83%2Cevent1&c_prop1=false&c_eVar1=D%3Dc1&c_prop9=D%3DpageName&c_prop10=D%3DpageName&c_prop14=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2Fbell_refund%2F&c_prop21=en-on&c_eVar21=D%3Dc21&c_prop27=FLASH_VERSION%3DUnknown%7CFLASH_INSTALLED%3DUnknown%3A1&c_eVar30=D%3Dc57&c_prop33=D%3DpageName&c_prop36=Thursday-7%3A15AM&c_eVar36=D%3Dc36&c_prop37=1&c_eVar37=D%3Dc37&c_prop39=First%20Visit&c_eVar39=D%3Dc39&c_prop45=No%20Referrer&c_eVar46=D%3DpageName&c_prop50=11063001%2F_bda%5B2.25%3AND%3A2015-05-05%5D%2Fmap%5B3.10%3AND%3A2015-05-06%5D&c_eVar51=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2Fbell_refund%2F&c_prop55=001-1-0&c_prop57=001&c_prop59=DTM&c_prop65=2018-08-09%2C13%3A16%3A55.623%2C2018-08-09%2C06%3A16%3A55.623&c_eVar67=924972b9-c7a5-4b32-8b92-8b5cb5f92709%3Ad894aee0-7170-41c5-8a8b-0b3186e25330&c_prop68=D%3DpageName&c_prop70=D%3DUser-Agent&c_hier1=D%3DpageName%2B%22%3Aen%3Aon%22&c_hier2=D%3D%22en%3A%22%2BpageName%2B%22%3Aon%22&c_hier3=D%3D%22on%3A%22%2BpageName%2B%22%3Aen%22 HTTP/1.1 
Host: bellca.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: demdex=74261190848222505564244340078342507370

                                         
                                         54.76.193.55
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Content-Encoding: gzip
DCS: irl1-prod-dcs-0af484e51.edge-irl1.demdex.com 5.36.1.20180808133545 6ms
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=74261190848222505564244340078342507370;Path=/;Domain=.demdex.net;Expires=Tue, 05-Feb-2019 11:16:56 GMT;Max-Age=15552000 bellca=74261190848222505564244340078342507370;Path=/;Domain=.bellca.demdex.net;Expires=Tue, 05-Feb-2019 11:16:56 GMT;Max-Age=15552000 DST=;Path=/;Domain=.demdex.net;Expires=Tue, 05-Feb-2019 11:16:56 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: sK9m/RhSQPU=
Content-Length: 462
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   462
Md5:    1f2c47c3b7d278a7c8b7fc3e1b90606d
Sha1:   fa80ea70c910a674a4a61c7527f889bb31ff0fce
Sha256: 47914b2d3410fe5b82c3a7d3880790dffdaefe8c711f36a0c765863fb3c0bff4
                                        
                                            GET /b/ss/devbellca/1/H.27.4/s91090933800103?AQB=1&ndh=1&t=9%2F7%2F2018%2013%3A16%3A56%204%20-120&mid=74405517686191044994227214630904756133&aamlh=6&ce=UTF-8&cdp=2&pageName=Login&g=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2F&cc=USD&ch=Login&server=toroondc24d&events=event19%2Cevent39%3A001101822113165599%2Cevent83%2Cevent1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=false&v1=D%3Dc1&c9=D%3DpageName&c10=D%3DpageName&c14=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2Fbell_refund%2F&c21=en-on&v21=D%3Dc21&c27=FLASH_VERSION%3DUnknown%7CFLASH_INSTALLED%3DUnknown%3A1&v30=D%3Dc57&c33=D%3DpageName&c36=Thursday-7%3A15AM&v36=D%3Dc36&c37=1&v37=D%3Dc37&c39=First%20Visit&v39=D%3Dc39&c45=No%20Referrer&v46=D%3DpageName&c50=11063001%2F_bda%5B2.25%3AND%3A2015-05-05%5D%2Fmap%5B3.10%3AND%3A2015-05-06%5D&v51=http%3A%2F%2Fa0226319.xsph.ru%2Fca%2Fbell_refund%2F&c55=001-1-0&c57=001&c59=DTM&c65=2018-08-09%2C13%3A16%3A55.623%2C2018-08-09%2C06%3A16%3A55.623&v67=924972b9-c7a5-4b32-8b92-8b5cb5f92709%3Ad894aee0-7170-41c5-8a8b-0b3186e25330&c68=D%3DpageName&c70=D%3DUser-Agent&h1=D%3DpageName%2B%22%3Aen%3Aon%22&h2=D%3D%22en%3A%22%2BpageName%2B%22%3Aon%22&h3=D%3D%22on%3A%22%2BpageName%2B%22%3Aen%22&s=1176x885&c=24&j=1.8.2&v=Y&k=Y&bw=1176&bh=754&p=Mozilla%20Default%20Plug-in%3BShockwave%20Flash%3BJava%20Deployment%20Toolkit%207.0.50.5%3BJava%28TM%29%20Platform%20SE%207%20U5%3BWindows%20Presentation%20Foundation%3BAdobe%20Acrobat%3BMicrosoft%C2%AE%20DRM%3BWindows%20Media%20Player%20Plug-in%20Dynamic%20Link%20Library%3B&AQE=1 HTTP/1.1 
Host: data0.bell.ca
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/

                                         
                                         66.117.29.227
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 43
Connection: keep-alive
Date: Thu, 09 Aug 2018 11:16:56 GMT
Server: Omniture DC
Access-Control-Allow-Origin: *
X-C: ms-6.4.0
Expires: Wed, 08 Aug 2018 11:16:56 GMT
Last-Modified: Fri, 10 Aug 2018 11:16:56 GMT
Pragma: no-cache
Etag: "3293839230030086144-6196745314461763291"
Vary: *
P3P: CP="This is not a P3P policy"
xserver: www65
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 2 x 2
Size:   43
Md5:    ad480fd0732d0f6f1a8b06359e3a42bb
Sha1:   a544538683a2dfe574eeb2e358ac8fcc78289d50
Sha256: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 09 Aug 2018 11:16:56 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    16941788c343db2b7e2aa26b81171a75
Sha1:   4cabf6c2abcb81bf6b3b293e8a870bdad34645ec
Sha256: 9d22ca724ce47159951036cd784e45a29eb25286d24aeac9c1046ffab3b9f1dc
                                        
                                            GET /errors/404 HTTP/1.1 
Host: infinityfree.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.27.17.86
HTTP/1.1 301 Moved Permanently
Content-Type: application/octet-stream
                                        
Date: Thu, 09 Aug 2018 11:16:56 GMT
Content-Length: 27
Connection: keep-alive
Set-Cookie: __cfduid=d96bf48523d30908530bd1e044f4ce3511533813416; expires=Fri, 09-Aug-19 11:16:56 GMT; path=/; domain=.infinityfree.net; HttpOnly
Location: /errors/404/
Etag: W/"1b-iZU0YarwTJJrWhJMHqE3GkGuKiE"
Via: 1.1 varnish
X-Served-By: cache-bma1636-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1533807243.071775,VS0,VE164
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Thu, 09 Aug 2018 12:16:56 GMT
Cache-Control: public, max-age=3600
X-Content-Type-Options: nosniff
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4479d03a2fab427f-OSL


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   27
Md5:    944f09223c812b12ec155970b14c7d3b
Sha1:   89953461aaf04c926b5a124c1ea1371a41ae2a21
Sha256: 33af2ea0bd3b79acc6e619e657115a15a1044b1f4cadbb793ea69c9e45845597
                                        
                                            GET /errors/404/ HTTP/1.1 
Host: infinityfree.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d96bf48523d30908530bd1e044f4ce3511533813416

                                         
                                         104.27.17.86
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 09 Aug 2018 11:16:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-guploader-uploadid: AEnB2UoyljfOLDGAEI2cDNLOzFZcdfmEqgE5tXET7AvpDZ3Zorxe35ofJucDRcEicRaZUX1Tr5KACFS-E1fAPie3HHtXZeb7pw
Expires: Thu, 09 Aug 2018 12:16:56 GMT
Cache-Control: public, max-age=3600
Last-Modified: Wed, 01 Aug 2018 10:16:38 GMT
x-goog-generation: 1533118598045824
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 2639
x-goog-hash: crc32c=9WPIJg==, md5=Sk0DYzfFQVZhyrsSHE3i7w==
x-goog-storage-class: MULTI_REGIONAL
Strict-Transport-Security: max-age=31556926
Via: 1.1 varnish
X-Served-By: cache-bma1648-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1533803110.375295,VS0,VE1
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4479d03c9911427f-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2367
Md5:    4b5df735823719c7a45730292ccf85c0
Sha1:   7083ecf5ce132490fbc52b116e606de10d7d21de
Sha256: 39fe5a10d004b10889ef6a422e5937eda7a4f73f67413ab8b2dff8cc6498530a
                                        
                                            GET /ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=1;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521?

                                         
                                         216.58.207.226
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:56 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   370
Md5:    1ede5db4b81a7f40d9a7605d1f15a26b
Sha1:   f8cdf1d6ba48349e49276f34f3d751d51f3c064b
Sha256: 05a558463de765a108d37fb35b2214649bb20ad4b743ab91c7a5c99db32db93a
                                        
                                            GET /ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=1;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/activityi;src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293?

                                         
                                         216.58.207.226
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:56 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   370
Md5:    a76944874c5e46ec63c0a34bdd980b70
Sha1:   0abf7812ed200bb1aed62fc1dcfeaf7090051a43
Sha256: 8299ca3bf65cfb7f6c00f1ec18fb7e68627bb0a548b97eed2621cae39dd1ef34
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 09 Aug 2018 11:16:56 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    a2443749efa6cd938955f0d17d7c118c
Sha1:   cf756015d87820a6876de25708571380e353aac1
Sha256: 478a2f922b24ac1c0e934b8986eae1c6a1cf064c07f277e3f46f64036ec71d4b
                                        
                                            GET /ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://adservice.google.com/ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=1;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         216.58.207.226
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:56 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
                                        
                                            GET /ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://adservice.google.com/ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=1;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         216.58.207.226
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:56 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
                                        
                                            GET /ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm HTTP/1.1 
Host: 2987979.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://adservice.google.com/ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=1;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm
Cookie: test_cookie=CheckForPermission

                                         
                                         216.58.211.6
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:56 GMT
Expires: Thu, 09 Aug 2018 11:16:56 GMT
Cache-Control: private, max-age=0
Strict-Transport-Security: max-age=21600
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Set-Cookie: IDE=AHWqTUlz1t085mm2gMrdw0snQNCvSoFyntuLpbfhITX1MwoMsjW9-TJxKCign4G1; expires=Sat, 08-Aug-2020 11:16:56 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   895
Md5:    b294bda2087fc4896831af21aeb69778
Sha1:   c2074f7aaf85fb3ef9f345441bdf83da10b7d526
Sha256: 67fe58fca9adf2bfdc61edc230d5df0c8fd1e1512d3ea87a0da11e4142caa027
                                        
                                            GET /ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm HTTP/1.1 
Host: 2987979.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://adservice.google.com/ddm/fls/i/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=1;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm
Cookie: test_cookie=CheckForPermission

                                         
                                         216.58.211.6
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:56 GMT
Expires: Thu, 09 Aug 2018 11:16:56 GMT
Cache-Control: private, max-age=0
Strict-Transport-Security: max-age=21600
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Set-Cookie: IDE=AHWqTUmWyURyMYSdLnvOQjzc0bImoy4TmKzTXf4AMlQPr4J3-i_xm1lmw2LfJ49M; expires=Sat, 08-Aug-2020 11:16:56 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   895
Md5:    b294bda2087fc4896831af21aeb69778
Sha1:   c2074f7aaf85fb3ef9f345441bdf83da10b7d526
Sha256: 67fe58fca9adf2bfdc61edc230d5df0c8fd1e1512d3ea87a0da11e4142caa027
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=151790
Date: Thu, 09 Aug 2018 11:16:56 GMT
Etag: "5b6bae59-1d7"
Expires: Sat, 11 Aug 2018 05:20:20 GMT
Last-Modified: Thu, 09 Aug 2018 03:00:41 GMT
Server: ECS (arn/45DF)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    9e0baea4dc2ac275666dfaee17a4640f
Sha1:   e280b8e915f60a322507d4b2329b29eb0124738e
Sha256: cd05072c8082810dcd632e6956a7f04b6d449d61b0903fc9cfe46a770c778928
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=152700
Date: Thu, 09 Aug 2018 11:16:56 GMT
Etag: "5b6bc5d5-1d7"
Expires: Sat, 11 Aug 2018 05:36:11 GMT
Last-Modified: Thu, 09 Aug 2018 04:40:53 GMT
Server: ECS (arn/4667)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    5037d1362b8117bfa191d101beffc742
Sha1:   098300f9c1996c8fb6537840f0ae6205cf8dd1bb
Sha256: 232cac69db17aa35b01d382070d1c1845ca34ffebb2453d8443029d0264b1f62
                                        
                                            GET /en_US/fbds.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         31.13.72.12
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
                                        
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 281c3346a609c671d9644fb1df8b148e
Etag: "068f1df4e973c98bbf17178dc3fe44c0"
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
X-XSS-Protection: 0
X-Frame-Options: DENY
Timing-Allow-Origin: *
Content-Security-Policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
Expires: Thu, 09 Aug 2018 11:25:20 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-MD5: o/w8WqdnHkH4o9Si/YprUw==
X-FB-Debug: 0KIxUe76repgbZevqOD+/d9MbU1qJUmo/NKsA5KsGsbAYOKdNdJMY+Ffq/l3M4ZISMVcr86JRF132VEq6vq/tg==
Date: Thu, 09 Aug 2018 11:16:56 GMT
Connection: keep-alive
Content-Length: 2115


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2115
Md5:    a3fc3c5aa7671e41f8a3d4a2fd8a6b53
Sha1:   6358c8c3cb0711db99234a4bcf30e944a3e673f6
Sha256: 0644cde597ac16125051637bb0e447e72cfde7da0f062be0366fbe3e26b78ef3
                                        
                                            GET /tr/?id=null&ev=6021330793498&dl=https%3A%2F%2F2987979.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D2987979%3Btype%3Dmybel0%3Bcat%3DMyBel0%3Bord%3D1%3Bnum%3D6139285169398.521%3B_dc_1%3D3%3B~oref%3Dhttp%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2Ffile%2Fsatellite-54458e0b8ebbed38f4000111.htm&rl=https%3A%2F%2Fadservice.google.com%2Fddm%2Ffls%2Fi%2Fsrc%3D2987979%3Btype%3Dmybel0%3Bcat%3DMyBel0%3Bord%3D1%3Bnum%3D6139285169398.521%3B_dc_1%3D1%3B~oref%3Dhttp%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2Ffile%2Fsatellite-54458e0b8ebbed38f4000111.htm&if=true&ts=1533813416719&cd[value]=0.00&cd[currency]=CAD HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         31.13.72.38
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 09 Aug 2018 11:16:56 GMT
Expires: Thu, 09 Aug 2018 11:16:56 GMT
Last-Modified: Fri, 21 Dec 2012 00:00:01 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Set-Cookie: fr=0EZJ92klYVcFCi2pj..BbbCKo...1.0.BbbCKo.; expires=Wednesday, 07-Nov-2018 11:16:56 GMT; path=/; domain=.facebook.com; HttpOnly; secure
Server: proxygen
Connection: keep-alive
Content-Length: 44


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   44
Md5:    b798f4ce7359fd815df4bdf76503b295
Sha1:   f8cc6addf1707ad236ad9970b0a48f9733d07da5
Sha256: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
                                        
                                            GET /tr/?id=null&ev=6021330793498&dl=https%3A%2F%2F2987979.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D2987979%3Btype%3Dmybel0%3Bcat%3DMyBel0%3Bord%3D1%3Bnum%3D9583662335343.293%3B_dc_1%3D3%3B~oref%3Dhttp%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2Ffile%2Fsatellite-54458e0b8ebbed38f4000111.htm&rl=https%3A%2F%2Fadservice.google.com%2Fddm%2Ffls%2Fi%2Fsrc%3D2987979%3Btype%3Dmybel0%3Bcat%3DMyBel0%3Bord%3D1%3Bnum%3D9583662335343.293%3B_dc_1%3D1%3B~oref%3Dhttp%3A%2F%2Fa0226319.xsph.ru%2Fca%2FBell_Refund%2Ffile%2Fsatellite-54458e0b8ebbed38f4000111.htm&if=true&ts=1533813416723&cd[value]=0.00&cd[currency]=CAD HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         31.13.72.38
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 09 Aug 2018 11:16:56 GMT
Expires: Thu, 09 Aug 2018 11:16:56 GMT
Last-Modified: Fri, 21 Dec 2012 00:00:01 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Set-Cookie: fr=0gIHbm7BD7n2a5FBm..BbbCKo...1.0.BbbCKo.; expires=Wednesday, 07-Nov-2018 11:16:56 GMT; path=/; domain=.facebook.com; HttpOnly; secure
Server: proxygen-bolt
Connection: keep-alive
Content-Length: 44


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   44
Md5:    b798f4ce7359fd815df4bdf76503b295
Sha1:   f8cc6addf1707ad236ad9970b0a48f9733d07da5
Sha256: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 10:58:46 GMT
Etag: A0D0BF8F8427673D03AED5359D1B56FCF8FB2E1B
X-OCSP-Responder-ID: rmdccaocsp36
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=257511
Expires: Sun, 12 Aug 2018 10:48:47 GMT
Date: Thu, 09 Aug 2018 11:16:56 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    274f42f0c2203e46130208902df85172
Sha1:   a0d0bf8f8427673d03aed5359d1b56fcf8fb2e1b
Sha256: f3cf87aba3ed80fe184341497523a07069fd15960c8e94d8cdf22e9c2be0c6df
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 22:51:21 GMT
Etag: AA574501BAA9BFAB21483877902FE641A7F51A96
X-OCSP-Responder-ID: rmdccaocsp19
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=300269
Expires: Sun, 12 Aug 2018 22:41:25 GMT
Date: Thu, 09 Aug 2018 11:16:56 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    562535190d65f7e9793cb5de79d8f3c0
Sha1:   aa574501baa9bfab21483877902fe641a7f51a96
Sha256: 0035bf70c33311f9d506bbce5e28698c2dedcabc2daaa783e8a5d7605fb629d9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 06 Aug 2018 14:51:30 GMT
Etag: 8F6E7180BD4E4798B0C10A42E97D3387C522185C
X-OCSP-Responder-ID: rmdccaocsp26
Content-Length: 472
Cache-Control: public, no-transform, must-revalidate, max-age=357831
Expires: Mon, 13 Aug 2018 14:40:47 GMT
Date: Thu, 09 Aug 2018 11:16:56 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   472
Md5:    cb19c998dd9e0ff85f5a82ac39235399
Sha1:   8f6e7180bd4e4798b0c10a42e97d3387c522185c
Sha256: e0c29444a1da2bd56b65646b0251d7b0810d17eec76d0fa4ae3f8fa640ede82d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 22:51:21 GMT
Etag: 4E7AD8B2DBA77CE4746A20EEA4FC74857AB7A6A7
X-OCSP-Responder-ID: rmdccaocsp35
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=300319
Expires: Sun, 12 Aug 2018 22:42:15 GMT
Date: Thu, 09 Aug 2018 11:16:56 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    e225e44a33ae585029c382391bdf0766
Sha1:   4e7ad8b2dba77ce4746a20eea4fc74857ab7a6a7
Sha256: 07dc38c6976e5f1186b518278b7db9f7a4482d10b5574f9cdad9117908b86739
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 05 Aug 2018 22:51:21 GMT
Etag: 65FC2E5460E4B5ED67CDA0496E9FB4A4C74E05B4
X-OCSP-Responder-ID: rmdccaocsp35
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=300209
Expires: Sun, 12 Aug 2018 22:40:25 GMT
Date: Thu, 09 Aug 2018 11:16:56 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    1f11f0c33f15c86028b5c482fe920f9e
Sha1:   65fc2e5460e4b5ed67cda0496e9fb4a4c74e05b4
Sha256: 5e92b8328187bed80619ef0e2f2220cd17bd3a1b69918536a68898237b849712
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         52.85.69.53
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=155317
Date: Thu, 09 Aug 2018 11:16:57 GMT
Etag: "5b6bb548-1d7"
Expires: Sat, 11 Aug 2018 06:25:34 GMT
Last-Modified: Thu, 09 Aug 2018 03:30:16 GMT
Server: ECS (lcy/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 18ab487c2f9a73b18d18515f1dde6556.cloudfront.net (CloudFront)
X-Amz-Cf-Id: JO3JRnXcYk_g2QqfxVPw4iPawTot5wZ3EmD4kyVSzsrTD2-462mQ7A==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    7d16902c7c46235c1dc8151c9f09d00a
Sha1:   a44f019c5d1240b6f1e1f378cb62d7b3031b27f2
Sha256: c55084a2f19c57f5a84420f12716ef6cce7136d67017eaba31a29c1f9186b663
                                        
                                            POST / HTTP/1.1 
Host: ocsp.rootca1.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         52.85.69.89
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 1426
Connection: keep-alive
Date: Thu, 09 Aug 2018 11:16:57 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.7/2018-03-28)
X-Cache: Miss from cloudfront
Via: 1.1 4222b2a73c8078ae05f5cfa25b5cd0ab.cloudfront.net (CloudFront)
X-Amz-Cf-Id: f1qjboztlQzPeryAozd3lBeRJiHUBdA4IWJ3Wu5GSE_faNVPKLm18g==


--- Additional Info ---
Magic:  data
Size:   1426
Md5:    92925794d8bb3a30013e1ed9685cac09
Sha1:   8e77f3d5aa3e3141aaff93693e04e27166a21bfb
Sha256: 99c9550b7508ab4e5c8fd8862226c697840b5bdeda96f466085221adb202ba23
                                        
                                            GET /rt?sid=-TL0ZQLj1SJWieIAeKm8rg HTTP/1.1 
Host: srv.stackadapt.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         52.2.36.112
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 09 Aug 2018 11:16:57 GMT
Server: nginx/1.6.1
Set-Cookie: sa-user-id=s%3A0-1b4a2a6d-58c3-4b56-4962-ad068b60484f.OXq6Kq012MmF9Arn%2FNLvifZd3O0v3KhY%2BdhWmpojY70; Domain=srv.stackadapt.com; Max-Age=157680000 sa-user-id-v2=s%3A0-1b4a2a6d-58c3-4b56-4962-ad068b60484f%24ip%2477.40.129.123.1jWuuQWRaz6uz8Wsh9fkkfV6SZwgWqcRunSDUi4r5oY; Domain=srv.stackadapt.com; Max-Age=157680000
Content-Length: 43
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    07fff40b5dd495aca2ac4e1c3fbc60aa
Sha1:   e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
Sha256: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
                                        
                                            GET /Pixel/Retarget/553 HTTP/1.1 
Host: bttrack.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         192.132.33.27
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private,no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
X-ServerName: track001-dc3-va
Date: Thu, 09 Aug 2018 11:16:24 GMT
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /rt?sid=-TL0ZQLj1SJWieIAeKm8rg HTTP/1.1 
Host: srv.stackadapt.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         52.2.36.112
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 09 Aug 2018 11:16:57 GMT
Server: nginx/1.6.1
Set-Cookie: sa-user-id=s%3A0-e889e4ea-5054-4377-4214-03ed1bc2e22d.KuHV8gnvaHKrrQadNdO6x228xlxOxQFMhwwosMF9dCo; Domain=srv.stackadapt.com; Max-Age=157680000 sa-user-id-v2=s%3A0-e889e4ea-5054-4377-4214-03ed1bc2e22d%24ip%2477.40.129.123.mhl%2FaVDa33AqOJSYW7oPZVKMvuOpHb5Bmqkpa0zDJpQ; Domain=srv.stackadapt.com; Max-Age=157680000
Content-Length: 43
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    07fff40b5dd495aca2ac4e1c3fbc60aa
Sha1:   e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
Sha256: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
                                        
                                            GET /Pixel/Retarget/553 HTTP/1.1 
Host: bttrack.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         192.132.33.27
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private,no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
X-ServerName: track002-dc3-va
Date: Thu, 09 Aug 2018 11:16:56 GMT
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /iui3?d=forester-did&ex-fargs=%3Fid%3D55d0e6bb-1aef-2c72-b039-9978cf941392%26type%3D4%26m%3D7&ex-fch=416613&ex-src=https://www.bell.ca&ex-hargs=v%3D1.0%3Bc%3D6333118450901%3Bp%3D55D0E6BB-1AEF-2C72-B039-9978CF941392 HTTP/1.1 
Host: s.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         52.46.130.13
HTTP/1.1 302 Found
                                        
Server: Server
Date: Thu, 09 Aug 2018 11:16:57 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D55d0e6bb-1aef-2c72-b039-9978cf941392%26type%3D4%26m%3D7&ex-fch=416613&ex-src=https://www.bell.ca&ex-hargs=v%3D1.0%3Bc%3D6333118450901%3Bp%3D55D0E6BB-1AEF-2C72-B039-9978CF941392&dcc=t
Set-Cookie: ad-id=A4j35pS2zEjHv6p3GAQW5EI|t; Domain=.amazon-adsystem.com; Expires=Mon, 01-Apr-2019 11:16:57 GMT; Path=/
Vary: User-Agent


--- Additional Info ---
                                        
                                            GET /iui3?d=forester-did&ex-fargs=%3Fid%3D55d0e6bb-1aef-2c72-b039-9978cf941392%26type%3D4%26m%3D7&ex-fch=416613&ex-src=https://www.bell.ca&ex-hargs=v%3D1.0%3Bc%3D6333118450901%3Bp%3D55D0E6BB-1AEF-2C72-B039-9978CF941392&dcc=t HTTP/1.1 
Host: s.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=6139285169398.521;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm
Cookie: ad-id=A4j35pS2zEjHv6p3GAQW5EI|t

                                         
                                         52.46.130.13
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: Server
Date: Thu, 09 Aug 2018 11:16:57 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A4j35pS2zEjHv6p3GAQW5EI; Domain=.amazon-adsystem.com; Expires=Mon, 01-Apr-2019 11:16:57 GMT; Path=/ ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Mon, 01-Apr-2019 11:16:57 GMT; Path=/
Vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    6851dbf491ae442da3314f19e8aff085
Sha1:   ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
Sha256: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
                                        
                                            POST /ca/Bell_Refund/dynaTraceMonitor?$a=1%7C_load_%7C-%7C_load_%7C1533813413009%7C1533813417956%7C1295%2C2%7Chttpa0619xsphrucaBell_Refundfileid%5B1%5D%20s_c_il%20is%20not%20defined%7C-%7C_error_%7C1533813413140%7C1533813413140%7C-1%2C2%7Chttpa0619xsphrucaBell_Refundfileid_00%5B1%5D%20s_c_il%20is%20not%20defined%7C-%7C_error_%7C1533813413193%7C1533813413193%7C-1%2C2%7C%5B0%5D%20Script%20error%7C-%7C_error_%7C1533813413485%7C1533813413485%7C-1%2C2%7Chttpa0619xsphrucaBell_Refundfileforesee-surveydefjs%5B1%5D%20FSR%20is%20not%20defined%7C-%7C_error_%7C1533813413671%7C1533813413671%7C-1%2C2%7Chttpa0619xsphrucaBell_Refundfiledeployjs%5B1%5D%20lpAddMonitorTag%20is%20not%20defined%7C-%7C_error_%7C1533813413683%7C1533813413683%7C-1%2C2%7Chttpa0619xsphrucaBell_RefundfilemTagjs%5B1%5D%20lpMTagConfig%20is%20not%20defined%7C-%7C_error_%7C1533813413726%7C1533813413726%7C-1%2C2%7Chttpa0619xsphrucaBell_Refund%5B09%5D%20isChatAllowed%20is%20not%20defined%7C-%7C_error_%7C1533813415409%7C1533813415409%7C-1%2C2%7C%5B0%5D%20uncaught%20exception%20%5BException%20%22Not%20enough%20arguments%22%20%20nsresult%20%220x80570001%20%28NS_ERROR_XPC_NOT_ENOUGH_ARGS%29%22%20%20location%20%22JS%20frame%20%20httpa0619xsphrucaBell_Refundfileframeworkjs%20%20anonymous%20%20line%2016%22%20%20data%20no%5D%7C-%7C_error_%7C1533813415558%7C1533813415558%7C-1%2C2%7Chttpa0619xsphrucustomforeseeforesee-surveydefjs%3Fbuild%3D4%5B1%5D%20Error%20loading%20script%7C-%7C_error_%7C1533813415881%7C1533813415881%7C-1%2C2%7C_onload_%7C-%7C_load_%7C1533813417932%7C1533813417955%7C1295$fId=213413012_3$rId=RID_329498$rpId=1171193175$title=MyBell$domR=1533813415506$w=1176$h=754$p=1466$time=1533813417972 HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: text/plain;charset=UTF-8
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274; fsr.a=1533813417458; __bda_pv=1; idevbellca0_s_pers=%20s_lv%3D1533813415609%7C1628421415609%3B%20s_lv_s%3DFirst%2520Visit%7C1533815215609%3B%20s_vnum%3D1536405415612%2526vn%253D1%7C1536405415612%3B%20s_invisit%3Dtrue%7C1533815215612%3B; __bda_gvo_flashplugin=FLASH_VERSION%3DUnknown%7CFLASH_INSTALLED%3DUnknown%3A1; __bda_serial_sessionid=924972b9c7a54b328b92; __bda_serial_transactionid=924972b9c7a54b328b92; __bda_serial_serializer=1822113165599; __bda_serial_actionserializer=001101822113165599; __bda_prev_previouspagename=Login; AMCV_48B034FA53CF9FD10A490D44%40AdobeOrg=1256414278%7CMCMID%7C74405517686191044994227214630904756133%7CMCAAMLH-1534418215%7C6%7CMCAAMB-1534418216%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCAID%7CNONE; fsr.s=%7B%22v2%22%3A1%2C%22v1%22%3A1%2C%22mid%22%3A%22d791202-64416069-9e62-72e3-f7c31%22%2C%22rt%22%3Afalse%2C%22rc%22%3Afalse%7D; idevbellca0_s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; at_bellcanada=segments%3D5594445%2C5594445; aam_uuid=74261190848222505564244340078342507370
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

                                         
                                         141.8.195.104
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:16:57 GMT
Content-Length: 301
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   301
Md5:    779f8eea1fcdf74129f4ebf28c7f38fa
Sha1:   af2590d6096f7b51750384de9df735d9ef99f3cf
Sha256: 32974e02fbca96e0622b20ca9487aa184c6f4346a1f606e16fb77b0c95685f70
                                        
                                            GET /dest4.html?d_nsid=0 HTTP/1.1 
Host: fast.bellca.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: demdex=74261190848222505564244340078342507370; bellca=74261190848222505564244340078342507370; DST=

                                         
                                         91.135.34.121
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache
Etag: "870b87db36d8bab737d9cd066da12f39:1529611098"
Last-Modified: Thu, 21 Jun 2018 19:58:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2424
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: max-age=21600
Date: Thu, 09 Aug 2018 11:16:58 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   2424
Md5:    477abecd501a4bc18bccab3659958c95
Sha1:   f645f65a92b9184dafd5b3f135369f6a273b239b
Sha256: e8e02ccc5a58c3dffd14d4c5e6a4a03248db60de1a9791c6cff15e409f606a82
                                        
                                            GET /iui3?d=forester-did&ex-fargs=%3Fid%3D55d0e6bb-1aef-2c72-b039-9978cf941392%26type%3D4%26m%3D7&ex-fch=416613&ex-src=https://www.bell.ca&ex-hargs=v%3D1.0%3Bc%3D6333118450901%3Bp%3D55D0E6BB-1AEF-2C72-B039-9978CF941392 HTTP/1.1 
Host: s.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm

                                         
                                         52.46.130.13
HTTP/1.1 302 Found
                                        
Server: Server
Date: Thu, 09 Aug 2018 11:16:58 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D55d0e6bb-1aef-2c72-b039-9978cf941392%26type%3D4%26m%3D7&ex-fch=416613&ex-src=https://www.bell.ca&ex-hargs=v%3D1.0%3Bc%3D6333118450901%3Bp%3D55D0E6BB-1AEF-2C72-B039-9978CF941392&dcc=t
Set-Cookie: ad-id=AxjWcmaRuk_KpZ5Fw9DT-R8|t; Domain=.amazon-adsystem.com; Expires=Mon, 01-Apr-2019 11:16:58 GMT; Path=/
Vary: User-Agent


--- Additional Info ---
                                        
                                            GET /activityi;src=3165817;type=gener0;cat=anyon0;ord=1? HTTP/1.1 
Host: 3165817.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fast.bellca.demdex.net/dest4.html?d_nsid=0
Cookie: IDE=AHWqTUmWyURyMYSdLnvOQjzc0bImoy4TmKzTXf4AMlQPr4J3-i_xm1lmw2LfJ49M

                                         
                                         216.58.211.6
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 09 Aug 2018 11:16:58 GMT
Expires: Thu, 09 Aug 2018 11:16:58 GMT
Cache-Control: private, max-age=0
Strict-Transport-Security: max-age=21600
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 244
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   244
Md5:    1f3d4a7bf589eefaaec26fd506aa20ec
Sha1:   f93ee00b0e48a033e0cd56142de2fa2634b0beea
Sha256: 2653cb72946b1afb0f8c03e298d3d31bbb706754e44d5867fa5ca9415beb62de
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 09 Aug 2018 11:16:58 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    6a5dc5c81f1007d52d745b7b363d2de7
Sha1:   43cd8ca18f28d3875525d88095aafb2f7212ab80
Sha256: a3b7a7830338e16d83210ebf518078cbb8a32fda513a4dac6c55ab92104cbe20
                                        
                                            GET /c.gif?uid=74261190848222505564244340078342507370&Red3=MSAdobe_pd HTTP/1.1 
Host: c.bing.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fast.bellca.demdex.net/dest4.html?d_nsid=0

                                         
                                         204.79.197.200
HTTP/1.1 302 Redirect
                                        
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://dpm.demdex.net/ibs:dpid=1957&dpuuid=3C923FE6B842628B2B2333A0BC426170
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: ANONCHK=1; domain=c.bing.com; expires=Thu, 09-Aug-2018 11:26:58 GMT; path=/; MUID=3C923FE6B842628B2B2333A0BC426170; domain=.bing.com; expires=Tue, 03-Sep-2019 11:16:58 GMT; path=/; MUIDB=3B114DC69B0061DC23F441809A3D6019; path=/; httponly; expires=Tue, 03-Sep-2019 11:16:58 GMT
X-Powered-By: ASP.NET
X-MSEdge-Ref: Ref A: 008AFF42654A44DBABD18DA6AE870B4C Ref B: STOEDGE0307 Ref C: 2018-08-09T11:16:58Z
Date: Thu, 09 Aug 2018 11:16:58 GMT
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /pixel?google_nid=adobe_dmp&google_cm HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fast.bellca.demdex.net/dest4.html?d_nsid=0
Cookie: IDE=AHWqTUmWyURyMYSdLnvOQjzc0bImoy4TmKzTXf4AMlQPr4J3-i_xm1lmw2LfJ49M

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECUeaQLCXgWIMA9mOURaOQU&google_cver=1
Date: Thu, 09 Aug 2018 11:16:58 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 289
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  HTML document text
Size:   289
Md5:    158c80cf1e5820701c125de6c2593f2d
Sha1:   e9155ca0ed0da45b684a2262f76c34a3ae8651ff
Sha256: 345e2a8c85c57e942e764890816b2e93eb96a002b0d7231b4f462ad9663f9323
                                        
                                            GET /iui3?d=forester-did&ex-fargs=%3Fid%3D55d0e6bb-1aef-2c72-b039-9978cf941392%26type%3D4%26m%3D7&ex-fch=416613&ex-src=https://www.bell.ca&ex-hargs=v%3D1.0%3Bc%3D6333118450901%3Bp%3D55D0E6BB-1AEF-2C72-B039-9978CF941392&dcc=t HTTP/1.1 
Host: s.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://2987979.fls.doubleclick.net/ddm/fls/r/src=2987979;type=mybel0;cat=MyBel0;ord=1;num=9583662335343.293;_dc_1=3;~oref=http://a0226319.xsph.ru/ca/Bell_Refund/file/satellite-54458e0b8ebbed38f4000111.htm
Cookie: ad-id=AxjWcmaRuk_KpZ5Fw9DT-R8|t; ad-privacy=0

                                         
                                         52.46.130.13
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: Server
Date: Thu, 09 Aug 2018 11:16:58 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=AxjWcmaRuk_KpZ5Fw9DT-R8; Domain=.amazon-adsystem.com; Expires=Mon, 01-Apr-2019 11:16:58 GMT; Path=/ ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Mon, 01-Apr-2019 11:16:58 GMT; Path=/
Vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    6851dbf491ae442da3314f19e8aff085
Sha1:   ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
Sha256: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
                                        
                                            GET /ibs:dpid=1957&dpuuid=3C923FE6B842628B2B2333A0BC426170 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fast.bellca.demdex.net/dest4.html?d_nsid=0
Cookie: demdex=74261190848222505564244340078342507370; DST=; dextp=771-1-1533813418118|1957-1-1533813418132

                                         
                                         54.76.193.55
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: irl1-prod-dcs-0bd7a4445.edge-irl1.demdex.com 5.36.1.20180808133545 3ms
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=74261190848222505564244340078342507370;Path=/;Domain=.demdex.net;Expires=Tue, 05-Feb-2019 11:16:58 GMT;Max-Age=15552000 dpm=74261190848222505564244340078342507370;Path=/;Domain=.dpm.demdex.net;Expires=Tue, 05-Feb-2019 11:16:58 GMT;Max-Age=15552000
X-TID: aPRfRrr7QdY=
Content-Length: 42
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=162374
Date: Thu, 09 Aug 2018 11:16:58 GMT
Etag: "5b6bd875-1d7"
Expires: Sat, 11 Aug 2018 08:16:46 GMT
Last-Modified: Thu, 09 Aug 2018 06:00:21 GMT
Server: ECS (arn/467B)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    5a1ad16b5deb7b146c7375e3171fa3db
Sha1:   1fb06f98c7ba5da2f6669c556c176a5eb191757a
Sha256: 97e482a14ed3e5585d3ff1d5bfe75135bc6a1b47e2530bac4cf7e196b904f335
                                        
                                            GET /ibs:dpid=771&dpuuid=CAESECUeaQLCXgWIMA9mOURaOQU&google_cver=1 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fast.bellca.demdex.net/dest4.html?d_nsid=0
Cookie: demdex=74261190848222505564244340078342507370; DST=; dextp=771-1-1533813418118|1957-1-1533813418132

                                         
                                         54.76.193.55
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: irl1-prod-dcs-401f80cb.edge-irl1.demdex.com 5.36.1.20180808133545 3ms
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=74261190848222505564244340078342507370;Path=/;Domain=.demdex.net;Expires=Tue, 05-Feb-2019 11:16:58 GMT;Max-Age=15552000 dpm=74261190848222505564244340078342507370;Path=/;Domain=.dpm.demdex.net;Expires=Tue, 05-Feb-2019 11:16:58 GMT;Max-Age=15552000
X-TID: 7dlNdoo2SK0=
Content-Length: 42
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /ca/Bell_Refund/dynaTraceMonitor?$3p=assets.adobedtm.com%7C4%7C2%7C0%7C0%7C0%7C2%7C0%7C202_477_512_649%7C206%7C137%7C275%7C%7C0%7C0%7C0%3Bbellcanada.tt.omtrdc.net%7C4%7C4%7C0%7C0%7C0%7C4%7C0%7C762_1180_1216_1244_1263_1280_1351_1354%7C116%7C3%7C418%7C%7C0%7C0%7C0%3Bpfobellweb.hs.llnwd.net%7C4%7C1%7C0%7C0%7C0%7C1%7C0%7C1508_2216%7C708%7C708%7C708%7C%7C0%7C0%7C0%3Bdpm.demdex.net%7C4%7C2%7C0%7C0%7C0%7C2%7C0%7C2825_3041%7C107%7C78%7C137%7C%7C0%7C0%7C0%3Bbellca.demdex.net%7C4%7C1%7C0%7C0%7C0%7C1%7C0%7C3322_3326%7C4%7C4%7C4%7C%7C0%7C0%7C0$fId=213413012_3$time=1533813424986 HTTP/1.1 
Host: a0226319.xsph.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: text/plain;charset=UTF-8
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/
Cookie: mbox=check#true#1533813474|session#1533813413667-819552#1533815274; fsr.a=1533813424958; __bda_pv=1; idevbellca0_s_pers=%20s_lv%3D1533813415609%7C1628421415609%3B%20s_lv_s%3DFirst%2520Visit%7C1533815215609%3B%20s_vnum%3D1536405415612%2526vn%253D1%7C1536405415612%3B%20s_invisit%3Dtrue%7C1533815215612%3B; __bda_gvo_flashplugin=FLASH_VERSION%3DUnknown%7CFLASH_INSTALLED%3DUnknown%3A1; __bda_serial_sessionid=924972b9c7a54b328b92; __bda_serial_transactionid=924972b9c7a54b328b92; __bda_serial_serializer=1822113165599; __bda_serial_actionserializer=001101822113165599; __bda_prev_previouspagename=Login; AMCV_48B034FA53CF9FD10A490D44%40AdobeOrg=1256414278%7CMCMID%7C74405517686191044994227214630904756133%7CMCAAMLH-1534418215%7C6%7CMCAAMB-1534418216%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCAID%7CNONE; fsr.s=%7B%22v2%22%3A1%2C%22v1%22%3A1%2C%22mid%22%3A%22d791202-64416069-9e62-72e3-f7c31%22%2C%22rt%22%3Afalse%2C%22rc%22%3Afalse%7D; idevbellca0_s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; at_bellcanada=segments%3D5594445%2C5594445; aam_uuid=74261190848222505564244340078342507370
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

                                         
                                         141.8.195.104
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: openresty
Date: Thu, 09 Aug 2018 11:17:04 GMT
Content-Length: 301
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   301
Md5:    779f8eea1fcdf74129f4ebf28c7f38fa
Sha1:   af2590d6096f7b51750384de9df735d9ef99f3cf
Sha256: 32974e02fbca96e0622b20ca9487aa184c6f4346a1f606e16fb77b0c95685f70

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /bellIcon_196x196_precomposed.png HTTP/1.1 
Host: mybell.bell.ca
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mybell.bell.ca
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /resource/web/DCX/css/font/bellslim_semibold-webfont.ttf?ver=201411160600 HTTP/1.1 
Host: pfobellweb.hs.llnwd.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a0226319.xsph.ru/ca/Bell_Refund/file/allBrowsers_framework.css
Origin: http://a0226319.xsph.ru

                                         
                                         178.79.243.0
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Thu, 09 Aug 2018 11:16:54 GMT
Content-Length: 45368
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Generated-By: O-9X-T03
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca
Age: 74201
Last-Modified: Sun, 16 Nov 2014 06:00:28 GMT
Expires: Thu, 09 Aug 2018 14:40:13 GMT


--- Additional Info ---
                                        
                                            GET /bellIcon_196x196_precomposed.png HTTP/1.1 
Host: mybell.bell.ca
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         0.0.0.0
                                        


--- Additional Info ---