Overview

URL unrealmatone.blogspot.com/
IP172.217.22.161
ASNAS15169 Google Inc.
Location United States
Report completed2017-10-12 23:26:42 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-10-12 23:26:13 CEST 1  104.31.9.176 Client IP ET INFO Suspicious Darkwave Popads Pop Under Redirect


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-10-12 2 creative.wwwpromoter.com/static/v2/pop.min.js Malware
2017-10-12 2 creative.wwwpromoter.com/pop-bid/38101 Malware
2017-10-12 2 hi.notkodi.science/guidoclick.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 172.217.22.161

Date UQ / IDS / BL URL IP
2017-10-20 01:11:19 +0200
0 - 0 - 3 www.appustories.blogspot.com/2011/06/shakira- (...) 172.217.22.161
2017-10-20 01:10:54 +0200
3 - 1 - 5 berita-tanahmelayu.blogspot.com/2015/09/kuran (...) 172.217.22.161
2017-10-20 01:10:48 +0200
2 - 1 - 4 allsexyinbox.blogspot.com/2013/01/marta-goter (...) 172.217.22.161
2017-10-20 01:10:50 +0200
0 - 0 - 4 www.alindaenua.blogspot.com/2011/01/christina (...) 172.217.22.161
2017-10-20 01:10:41 +0200
0 - 0 - 4 www.baixeaquir.blogspot.com/2012/01/dvd-banda (...) 172.217.22.161
2017-10-20 01:10:42 +0200
0 - 0 - 3 ameganfoxhairstyle.blogspot.com/search/label/Winsy 172.217.22.161
2017-10-20 01:10:25 +0200
2 - 1 - 6 www.aphoto-galleri.blogspot.com/search/label/Event 172.217.22.161
2017-10-20 01:10:19 +0200
0 - 0 - 2 beutiful-girl-fuck-moviepp.blogspot.it/search (...) 172.217.22.161
2017-10-20 01:10:19 +0200
2 - 0 - 4 anew-automotive.blogspot.com/2012/02/toy-cars.html 172.217.22.161
2017-10-20 01:10:25 +0200
0 - 0 - 1 angolamissuniverse2011.blogspot.com/2011/09/o (...) 172.217.22.161

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2017-10-20 01:22:13 +0200
0 - 0 - 3 youtube-movies-series.blogspot.com.tr/2014/04 (...) 64.233.165.132
2017-10-20 01:11:19 +0200
0 - 0 - 3 www.appustories.blogspot.com/2011/06/shakira- (...) 172.217.22.161
2017-10-20 01:11:17 +0200
0 - 0 - 2 activatewin.blogspot.com/2014/03/novo-ativado (...) 64.233.165.132
2017-10-20 01:10:54 +0200
3 - 1 - 5 berita-tanahmelayu.blogspot.com/2015/09/kuran (...) 172.217.22.161
2017-10-20 01:10:48 +0200
2 - 1 - 4 allsexyinbox.blogspot.com/2013/01/marta-goter (...) 172.217.22.161
2017-10-20 01:10:50 +0200
0 - 0 - 4 www.alindaenua.blogspot.com/2011/01/christina (...) 172.217.22.161
2017-10-20 01:10:41 +0200
0 - 0 - 4 www.baixeaquir.blogspot.com/2012/01/dvd-banda (...) 172.217.22.161
2017-10-20 01:10:42 +0200
0 - 0 - 3 ameganfoxhairstyle.blogspot.com/search/label/Winsy 172.217.22.161
2017-10-20 01:10:25 +0200
2 - 1 - 6 www.aphoto-galleri.blogspot.com/search/label/Event 172.217.22.161
2017-10-20 01:10:19 +0200
0 - 0 - 2 beutiful-girl-fuck-moviepp.blogspot.it/search (...) 172.217.22.161

No other reports on domain: unrealmatone.blogspot.com



JavaScript

Executed Scripts (60)


Executed Evals (3)

#1 JavaScript::Eval (size: 5571, repeated: 1) - SHA256: c2b60f46934af26ca221bd1c65083a0fb531ce82461bec828117e3645cb09729

                                        function acPrefetch(e) {
    var t, n = document.createElement("link");
    t = void 0 !== document.head ? document.head : document.getElementsByTagName("head")[0], n.rel = "dns-prefetch", n.href = e, t.appendChild(n);
    var a = document.createElement("link");
    a.rel = "preconnect", a.href = e, t.appendChild(a)
}
var CTABPu = new function() {
    var e = this,
        t = Math.random(),
        n = 2147483646,
        a = 86400;
    this._allowedParams = {
        sub1: !0,
        sub2: !0,
        excluded_countries: !0,
        allowed_countries: !0,
        pu: !0,
        lang: !0,
        lon: !0,
        lat: !0,
        storeurl: !0,
        c1: !0,
        c2: !0,
        c3: !0
    }, this.emergencyFixer = new function() {
        var e = this;
        this.detected = !1, this.simpleCheck = function() {
            void 0 !== document.body && null !== document.body ? (scriptElement = document.createElement("script"), scriptCFASync = document.createAttribute("data-cfasync"), scriptCFASync.value = !1, scriptElement.setAttributeNode(scriptCFASync), scriptElement.src = "//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", scriptElement.onerror = function() {
                e.detected = !0
            }, document.body.appendChild(scriptElement)) : setTimeout(e.onlyFixer, 150)
        }, this.onlyFixer = function() {
            e.simpleCheck(), setTimeout(function() {
                e.detected && e.fixIt()
            }, 150)
        }, this.fixIt = function() {
            if ("string" == typeof zoneSett.r && !(zoneSett.r.length < 5)) {
                var t = document.createElement("div");
                t.innerHTML = "&nbsp;", t.className = "adsbox", document.body.appendChild(t), window.setTimeout(function() {
                    if (0 === t.offsetHeight || !0 === e.detected) {
                        var r = 0,
                            i = new(window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)({
                                iceServers: [{
                                    url: "stun:1755001826:443"
                                }]
                            }, {
                                optional: [{
                                    RtpDataChannels: !0
                                }]
                            });
                        i.onicecandidate = function(e) {
                            var t = "";
                            !e.candidate || e.candidate && -1 == e.candidate.candidate.indexOf("srflx") || !(e = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/.exec(e.candidate.candidate)[1]) || o || e.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/) || e.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/) || (o = !0, t = e, document.onclick = function() {
                                if (current_count = parseInt((document.cookie.match("noprpkedvhozafiwrcnt=([^;].+?)(;|$)") || [])[1] || 0), !r && n > current_count && !(document.cookie.match("notskedvhozafiwr=([^;].+?)(;|$)") || [])[1]) {
                                    r = 1;
                                    var e = Math.floor(1e12 * Math.random()),
                                        i = Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10),
                                        o = "http://" + t + "/" + c.encode(e + "/" + (parseInt(zoneSett.r) + e) + "/" + i);
                                    if ("object" == typeof adcashMacros && "object" == typeof CTABPu._allowedParams)
                                        for (var s in adcashMacros) adcashMacros.hasOwnProperty(s) && "string" == typeof adcashMacros[s] && "" !== adcashMacros[s] && adcashMacros[s].length > 0 && "boolean" == typeof CTABPu._allowedParams[s] && !0 === CTABPu._allowedParams[s] && (o = o + (o.indexOf("?") > 0 ? "&" : "?") + s + "=" + encodeURIComponent(adcashMacros[s]));
                                    var d = document.createElement("a"),
                                        l = Math.floor(1e12 * Math.random());
                                    d.href = "boolean" == typeof urls.fixerBeneath && !0 === urls.fixerBeneath ? document.location : o, d.target = "_blank", document.body.appendChild(d), l = new MouseEvent("click", {
                                        view: window,
                                        bubbles: !1,
                                        cancelable: !1
                                    }), d.dispatchEvent(l), d.parentNode.removeChild(d), (d = new Date).setTime(d.getTime() + 1e4), b_date = d.toGMTString(), d = "; expires=" + b_date, document.cookie = "notskedvhozafiwr=1" + d + "; path=/", (d = new Date).setTime(d.getTime() + 1e3 * a), b_date = (existing_date = unescape((document.cookie.match("noprpkedvhozafiwrexp=([^;].+?)(;|$)") || [])[1] || "")) ? existing_date : d.toGMTString(), d = "; expires=" + b_date, document.cookie = "noprpkedvhozafiwrcnt=" + (current_count + 1) + d + "; path=/", document.cookie = "noprpkedvhozafiwrexp=" + b_date + d + "; path=/", "boolean" == typeof urls.fixerBeneath && !0 === urls.fixerBeneath && (document.location = o)
                                }
                            })
                        }, i.createDataChannel(""), i.createOffer(function(e) {
                            i.setLocalDescription(e, function() {}, function() {})
                        }, function() {})
                    }
                    Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
                    var o = !1,
                        c = {
                            _0: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
                            encode: function(e) {
                                for (var t, n, a, r, i, o, c = "", s = 0; s < e.length;) t = e.charCodeAt(s++), n = e.charCodeAt(s++), a = e.charCodeAt(s++), r = t >> 2, t = (3 & t) << 4 | n >> 4, i = (15 & n) << 2 | a >> 6, o = 63 & a, isNaN(n) ? i = o = 64 : isNaN(a) && (o = 64), c = c + this._0.charAt(r) + this._0.charAt(t) + this._0.charAt(i) + this._0.charAt(o);
                                return c
                            }
                        }
                }, 400)
            }
        }, this.prepare = function() {
            "boolean" == typeof urls.useFixer && !0 === urls.useFixer && (document.addEventListener("DOMContentLoaded", function() {
                e.fixIt()
            }), window.setTimeout(e.fixIt, 50))
        }
    }, e.getRand = function() {
        return t
    }, this.attachCdnScript = function() {
        if (urls.cdnIndex < urls.cdnUrls.length) try {
            var t = document.createElement("script");
            t.setAttribute("data-cfasync", "false"), t.src = urls.cdnUrls[urls.cdnIndex] + "/script/compatibility.js", t.onerror = function() {
                urls.cdnIndex++, e.attachCdnScript()
            };
            var n;
            void 0 !== document.scripts && (n = document.scripts[0]), void 0 === n && (n = document.getElementsByTagName("script")[0]), n.parentNode.insertBefore(t, n)
        } catch (e) {} else "object" == typeof e.emergencyFixer && "boolean" == typeof urls.useFixer && !0 === urls.useFixer && e.emergencyFixer.prepare()
    }, this.uniformAttachEvent = function(e, t, n) {
        return (n = n || document).addEventListener ? n.addEventListener(e, t, !0) : n.attachEvent("on" + e, t)
    }, this.uniformDetachEvent = function(e, t, n) {
        return (n = n || document).removeEventListener ? n.removeEventListener(e, t, !0) : n.detachEvent("on" + e, t)
    }, this.loader = function(t) {
        if ("function" == typeof window["jonIUBFjnvJDNvluc" + e.getRand()]) {
            window["jonIUBFjnvJDNvluc" + e.getRand()](t);
            for (var n = 0; n < urls.events.length; n++) e.uniformDetachEvent(urls.events[n], e.loader)
        }
    }, this.init = function() {
        var t;
        if ("boolean" == typeof urls.onlyFixer && !0 === urls.onlyFixer) return e.emergencyFixer.onlyFixer();
        for (t = 0; t < urls.events.length; t++) e.uniformAttachEvent(urls.events[t], e.loader);
        for (t = 0; t < urls.cdnUrls.length; t++) acPrefetch(urls.cdnUrls[t]);
        e.attachCdnScript()
    }
};
CTABPu.init();
                                    

#2 JavaScript::Eval (size: 13533, repeated: 1) - SHA256: 988a233a0b119068e42bc40335e725ad6a8c617b435de7894087463cbc73b726

                                        var Cnac = new function() {
    'use strict';
    var self = this;
    this.isClickAllowed = function(event) {
        var availableButtons = [];
        availableButtons[0] = true;
        availableButtons[1] = false;
        availableButtons[2] = false;
        availableButtons[3] = false;
        availableButtons[4] = false;
        if (typeof event.button === 'number') {
            return (typeof availableButtons[event.button] === 'boolean') ? !availableButtons[event.button] : false
        }
        return false
    };
    this.decrypt = function(text) {
        var total = text.length;
        var t = '',
            a, b;
        for (var i = 0; i < total; i += 3) {
            a = text.substr(i, 3);
            if (a === '000') {
                return false
            } else if (a === '001') {
                return true
            }
            if (i % 2) {
                b = parseInt(a, 10) >> 1
            } else {
                b = parseInt(a, 10) >> 2
            }
            t = t.concat(String.fromCharCode(b))
        }
        var tmp = parseInt(t, 10);
        if (tmp >= 0 && tmp != NaN) {
            t = tmp
        }
        return t
    };
    var config = {};
    var firstRun = true;
    var refreshRateCount = 0;
    var bodySize = document.getElementsByTagName('body')[0];
    var startTime = 0;
    var emptyInitialURL;
    var cookieLoaded = false;
    var latencyPixelPlaced = false;
    var latencyPixelParametersLocked = false;
    var cdnToUse = urls.cdnUrls[urls.cdnIndex];
    if (window.self !== window.top) {
        config.parent = self;
        config.innerWidth = screen.availWidth || window.innerWidth || document.documentElement.clientWidth || bodySize.clientWidth;
        config.innerHeight = screen.availHeight || window.innerHeight || document.documentElement.clientHeight || bodySize.clientHeight
    } else {
        config.parent = top;
        config.innerWidth = window.innerWidth || document.documentElement.clientWidth || bodySize.clientWidth;
        config.innerHeight = window.innerHeight || document.documentElement.clientHeight || bodySize.clientHeight
    }
    config.width = config.width || config.innerWidth;
    config.height = config.height || config.innerHeight;
    this.browser = (function(n) {
        var b = {};
        b.version = (n.match(/.+(?:ox|me|ra|ie)[\/: ]([\d.]+)/) || [])[1];
        b.majorVersion = parseInt(b.version);
        b.userAgent = n;
        b.getEventName = function() {
            return 'click'
        };
        return b
    })(navigator.userAgent);
    this.openCloseWindow = function() {
        var ghostWindow = window.open('about:blank');
        if (typeof ghostWindow !== 'undefined') {
            ghostWindow.focus();
            ghostWindow.close()
        }
    };
    this.doTabOver = function(event) {
        try {
            if (self.isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabOver);
        try {
            var tabOverWindow = self.openWindow(config.window_name)
        } catch (e) {}
        self.postRunEvents()
    };
    this.doPopOver = function(event) {
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doPopOver);
        try {
            if (self.isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        try {
            var windowOptions = 'toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=' + config.width.toString() + ',height=' + config.height.toString() + ',screenX=' + window.screenX + ',screenY=' + window.screenY;
            var popUnderWindow = self.openWindow(config.window_name, windowOptions)
        } catch (e) {}
        self.postRunEvents()
    };
    this.doPopUnder = function(event) {
        try {
            if (isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doPopUnder);
        var windowOptions = 'toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=' + config.width.toString() + ',height=' + config.height.toString() + ',screenX=' + window.screenX + ',screenY=' + window.screenY;
        var popUnderWindow = self.openWindow(config.window_name, windowOptions);
        try {
            if (typeof popUnderWindow !== 'undefined') {
                popUnderWindow.blur();
                popUnderWindow.opener.window.focus();
                window.focus();
                self.openCloseWindow()
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.preRunEvents = function() {
        if (config.window_name == '') {
            config.window_name = 'aCsdAh' + Math.random(0, 51261231).toString().replace('0.', '')
        }
    };
    this.postRunEvents = function() {
        if (config.refresh_rate > 0) {
            self.checkRTBurl();
            config.delay = 0;
            setTimeout(self.run, CTAMAT.convertSecondsToMilliseconds(config.refresh_rate));
            refreshRateCount++
        }
        if (config.window_name && config.window_name.substr(0, 6) === 'aCsdAh') {
            config.window_name = ''
        }
        config.url = '';
        config.iurl = ''
    };
    this.delayedStart = function(evt, func, delay) {
        setTimeout(function() {
            self.preRunEvents();
            CTAMAT.uniformAttachEvent(evt, func)
        }, CTAMAT.convertSecondsToMilliseconds(delay))
    };
    this.doTabUnder = function(event) {
        try {
            if (self.isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabUnder);
        var tabUnderWindow = self.openWindow(config.window_name);
        try {
            if (typeof tabUnderWindow !== 'undefined') {
                tabUnderWindow.blur();
                tabUnderWindow.opener.window.focus();
                window.focus();
                setTimeout(function() {
                    var obj = window.showModalDialog('javascript:window.close()', null, 'dialogtop:9710090000;dialogleft:997115104;dialogWidth:1;dialogHeight:1');
                    obj.opener.window.focus();
                    tabUnderWindow.close()
                }, 100)
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.doTabSwap = function(event) {
        try {
            if (self.isClickAllowed(event) && typeof(event.changedTouches[0]) === 'undefined') {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabSwap);
        var oldSwap = CTAMAT.AdcashStorage.get('tabswap');
        var now = parseInt(Date.now() / 1000);
        try {
            var limit = config.refresh_rate || config.tabswap_refresh_rate;
            if (now - oldSwap >= limit) {
                var link = window.location.href;
                if (typeof config.iurl !== 'undefined' && config.iurl !== '') {
                    if (CTAMAT.supportsBeacon() === 0 && CTAMAT.supportsImage() === 0) {
                        config.url = config.iurl + '&sr=1'
                    }
                }
                var configUrl = CTAMAT.appendTtc(config.url, config.track_time, startTime);
                if (typeof event !== 'undefined') {
                    var element = event.target || event.srcElement || document.elementFromPoint(event.changedTouches[0].pageX, event.changedTouches[0].pageY);
                    if (element.nodeName.toLowerCase() === 'a' && element.href !== '') {
                        if (element.target == '_blank') {
                            element.setAttribute('target', '')
                        }
                        link = element.href;
                        element.href = configUrl
                    }
                }
                var time = parseInt(Date.now() / 1000, 10);
                CTAMAT.AdcashStorage.set('tabswap', time, time);
                var window_opened = self.openWindow(config.window_name, '', link, false);
                setTimeout(function() {
                    window.location.href = configUrl
                }, 50)
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.openWindow = function(name, param, url, trackTime) {
        var name = name || config.window_name;
        var params = param || '',
            link = url || config.url,
            trackTime = (typeof trackTime === 'undefined' ? config.track_time : trackTime);
        if (trackTime && startTime > 0) {
            link = CTAMAT.appendTtc(link, trackTime, startTime)
        }
        if (window.name == name && config.type == 'tabswap') {
            name = name + Math.random().toString().replace('0.', '')
        }
        if (typeof config.iurl !== 'undefined' && config.iurl !== '') {
            if (CTAMAT.supportsBeacon() === 1) {
                navigator.sendBeacon(config.iurl, '')
            } else if (CTAMAT.supportsImage() === 1) {
                var myImage = new Image(100, 200);
                myImage.src = config.iurl
            }
        }
        var openedWindow = window.open(link, name, params);
        window.stamat.trackOpenedWindow(openedWindow);
        return openedWindow
    };
    window.stamat = {};
    window.stamat.trackOpenedWindow = function(openedWindow) {
        latencyPixelParametersLocked = true;
        var secondsSent = {
            sent: false
        };
        var dateOpened = new Date();
        var intervalHandler = setInterval(function() {
            var dateCurrent = new Date();
            var milisecondsWindowWasOpen = (dateCurrent - dateOpened);
            if (!openedWindow) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 4, secondsSent);
                clearInterval(intervalHandler)
            } else if (openedWindow.closed !== false) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 1, secondsSent);
                clearInterval(intervalHandler)
            } else if (milisecondsWindowWasOpen > config['time_wait_seconds'] * 1000) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 2, secondsSent);
                clearInterval(intervalHandler)
            }
        }, 100);
        CTAMAT.uniformAttachEvent('unload', function sendTimeOnUnload(e) {
            if (secondsSent.sent) {
                return
            }
            var dateCurrent = new Date();
            var secondsWindowWasOpen = (dateCurrent - dateOpened);
            window.stamat.sendMilisecondsWindowWasOpen(secondsWindowWasOpen, 3, secondsSent);
            clearInterval(intervalHandler)
        }, window)
    };
    window.stamat.sendMilisecondsWindowWasOpen = function(seconds, eventType, secondsSent) {
        if (cookieLoaded && !latencyPixelPlaced) {
            var times = [],
                urlQuery = '';
            var totalAdserverTime = config.a_exit - config.a_entrance;
            var totalNginxTime = (config.n_exit - config.n_entrance) - totalAdserverTime;
            var totalRoundTripTime = CTAMAT.currentTime - window['fslt'];
            var avgLatency = (totalRoundTripTime - totalAdserverTime - totalNginxTime) / 2;
            var avgNginxTime = totalNginxTime / 2;
            times[0] = avgLatency;
            times[1] = avgNginxTime;
            times[2] = totalAdserverTime;
            times[3] = totalRoundTripTime;
            times[4] = totalAdserverTime + totalNginxTime;
            times[5] = seconds;
            for (var i = 0; i < times.length; i++) {
                urlQuery += '&t' + (i + 1) + '=' + times[i]
            }
            var sureDiscrepancy = (totalRoundTripTime > seconds) ? 1 : 0;
            var url = config.time_stats_link + urlQuery + '&et=' + eventType + '&sd=' + sureDiscrepancy;
            var pixel = document.createElement('img');
            pixel.style.display = 'none';
            pixel.style.visibility = 'hidden';
            pixel.src = url;
            self.attachPixelToBody(pixel);
            latencyPixelPlaced = true;
            secondsSent.sent = true
        }
    };
    this.setBody = function() {
        if (typeof document.body !== 'undefined') {
            config.body = document.body
        } else {
            config.body = document.getElementsByTagName('body')[0]
        }
    };
    this.attachPixelToBody = function(pixel) {
        if (CTAMAT.checkBody()) {
            self.setBody();
            config.body.appendChild(pixel)
        } else {
            setTimeout(self.attachPixelToBody, 150)
        }
    };
    this.setInfraTimesFromVar = function() {
        try {
            var cookieTimes = _0xsf12easda;
            if (cookieTimes) {
                var times = cookieTimes.split(',');
                if (times.length === 3) {
                    config.a_exit = times[0] * 1000;
                    config.r_exit = times[1] * 1000;
                    config.n_exit = times[2] * 1000;
                    return true
                }
            }
        } catch (e) {}
        return false
    };
    this.nothingToShow = function() {
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.nothingToShow);
        CTAMAT.loadPixel('unsold', config.pixel_url);
        self.postRunEvents()
    };
    this.getFunctionToAttach = function() {
        var functionToAttach;
        switch (config.type) {
            case 'tabswap':
                functionToAttach = self.doTabSwap;
                break;
            case 'tabover':
                functionToAttach = self.doTabOver;
                break;
            case 'tabunder':
                functionToAttach = self.doTabUnder;
                break;
            case 'popover':
                functionToAttach = self.doPopOver;
                break;
            case 'popunder':
            default:
                functionToAttach = self.doPopUnder;
                break
        }
        return functionToAttach
    };
    this.run = function() {
        if (config.url == '') {
            if (config.refresh_rate > 0 && refreshRateCount > 0) {
                self.postRunEvents()
            }
            return false
        }
        if (config.delay == 0) {
            self.preRunEvents()
        }
        var functionToAttach = self.getFunctionToAttach();
        if (config.delay > 0) {
            self.delayedStart(self.browser.getEventName(), functionToAttach, config.delay)
        } else {
            CTAMAT.uniformAttachEvent(self.browser.getEventName(), functionToAttach)
        }
    };
    this.loadPublisherCallback = function(willShowAd) {
        if (config.publisher_onload_callback) {
            try {
                (eval(config.publisher_onload_callback))(willShowAd)
            } catch (e) {}
        }
    };
    this.runAfterWorkerAnswers = function() {
        if (config.url == '') {
            if (config.delay > 0) {
                self.delayedStart(self.browser.getEventName(), self.nothingToShow, config.delay)
            } else {
                CTAMAT.uniformAttachEvent(self.browser.getEventName(), self.nothingToShow)
            }
            self.loadPublisherCallback(false)
        } else {
            self.initialEventAttachment();
            self.loadPublisherCallback(true)
        }
    };
    this.checkRTBurl = function() {
        if (config.refresh_rate > 0 && config.rbd_url != '') {
            try {
                CTAMAT.jsonp(config.rbd_url, 'callback', function(data) {
                    if (typeof data === "object" && typeof data.url === 'string' && !data.error) {
                        if (typeof data.iurl !== 'undefined' && data.iurl != '') {
                            if (self.browser.majorVersion > 56) {
                                config.url = location.protocol + cdnToUse + '/prod/redirect.html?lu=' + encodeURIComponent(data.url);
                                config.iurl = data.iurl
                            } else {
                                config.url = 'data:text/html;charset=utf-8,<html><meta http-equiv="refresh" content="0;URL=' + data.url + '"></html>';
                                config.iurl = data.iurl
                            }
                        } else {
                            config.url = data.url
                        }
                        config.pixel_url = data.pixel_url;
                        config.rtb = data.rtb;
                        if (typeof data.tsl !== 'undefined' && data.tsl != '' && !latencyPixelPlaced) {
                            updateLatencyPixelLink(data.tsl)
                        }
                    }
                    self.askWorker(true)
                })
            } catch (e) {}
        } else {
            self.askWorker(false)
        }
    };
    this.askWorker = function(fromRTB) {
        if (typeof fromRTB === 'undefined') {
            fromRTB = false
        }
        if (config.rtb != '') {
            CTAMAT.jsonp(config.rtb, 'callback', function(data) {
                if (data != '') {
                    var info = data.split('&');
                    config.url = info[0];
                    if (typeof info[1] !== 'undefined' && info[1] != '') {
                        var newParameters = info.slice(1, info.length);
                        updateLatencyPixelLink('a?' + newParameters.join('&'))
                    }
                } else if (data == '' && !firstRun) {
                    if (!(fromRTB && config.url != '')) {
                        config.url = ''
                    }
                }
                if (firstRun && emptyInitialURL) {
                    self.runAfterWorkerAnswers()
                }
                firstRun = false
            });
            return true
        }
        return false
    };

    function updateLatencyPixelLink(newValues) {
        if (typeof config.time_stats_link !== 'undefined' && config.time_stats_link != '' && !latencyPixelParametersLocked) {
            var valuesToSwap = CTAMAT.getUrlQueryStringParameters(newValues);
            config.time_stats_link = CTAMAT.replaceQueryStringParametersInUrl(config.time_stats_link, valuesToSwap)
        }
    }
    this.initialEventAttachment = function() {
        setTimeout(function() {
            self.askWorker(false)
        }, 500);
        if (config.url == '') {
            if (config.refresh_rate > 0 && refreshRateCount > 0) {
                self.postRunEvents()
            }
            return false
        }
        if (config.delay == 0) {
            self.preRunEvents()
        }
        if (config.delay > 0) {
            self.delayedStart(self.browser.getEventName(), function() {
                window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = self.initialEventHandler
            }, config.delay)
        } else {
            window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = self.initialEventHandler
        }
    };
    this.initialEventHandler = function(event) {
        self.getFunctionToAttach()(event);
        window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = null
    };
    this.initialRun = function() {
        if (typeof window['_adas_v211fa'] !== 'undefined' && typeof CTAMAT.getRand() !== 'undefined') {
            for (var t in window['_adas_v211fa']) {
                if (window['_adas_v211fa'].hasOwnProperty(t)) {
                    config[self.decrypt(t)] = self.decrypt(window['_adas_v211fa'][t])
                }
            }
            emptyInitialURL = (config.url == '');
            self.setInfraTimesFromVar();
            if (typeof CTAMAT.getRand() !== 'undefined') {
                if (!emptyInitialURL) {
                    if (typeof config.iurl !== 'undefined' && config.url != '') {
                        if (self.browser.majorVersion > 56) {
                            config.url = location.protocol + cdnToUse + '/prod/redirect.html?lu=' + encodeURIComponent(config.url)
                        } else {
                            config.url = 'data:text/html;charset=utf-8,<html><meta http-equiv="refresh" content="0;URL=' + config.url + '"></html>'
                        }
                    }
                    self.initialEventAttachment();
                    self.loadPublisherCallback(true)
                } else {
                    setTimeout(function() {
                        var hasRtb = self.askWorker();
                        if (!hasRtb && emptyInitialURL && firstRun) {
                            self.runAfterWorkerAnswers()
                        }
                    }, 1250)
                }
            }
        } else {
            setTimeout(self.initialRun, 250)
        }
    };
    window._0x90aa = true
};
Cnac.initialRun();
                                    

#3 JavaScript::Eval (size: 14613, repeated: 1) - SHA256: acd0e2b4a9b45fc8ac3ee0a88f84a9d03e69943e904b8f27396de84228cb7c2a

                                        var ufpAttach = function() {
    "use strict";
    var ufpAttach = function(cdn, complete) {
        if (!(this instanceof ufpAttach)) {
            return new ufpAttach(cdn, complete)
        }
        this.cdn = cdn;
        this.complete = complete
    };
    ufpAttach.prototype = {
        checkBody: function() {
            var isBodyLoaded = false;
            if (!!document.body) {
                isBodyLoaded = true
            }
            return (isBodyLoaded || !!document.getElementsByTagName('body')[0])
        },
        attachMessageEvent: function() {
            if (window.addEventListener) {
                window.addEventListener("message", this.complete)
            } else {
                window.attachEvent("onmessage", this.complete)
            }
        },
        detachMessageEvent: function() {
            if (window.removeEventListener) {
                window.removeEventListener("message", this.complete)
            } else {
                window.detachEvent("onmessage", this.complete)
            }
        },
        attachFingerprintIframe: function() {
            var date = new Date();
            var id = 'ufpIframe-' + date.getDate() + '-' + date.getMonth() + '-' + date.getFullYear();
            if (!this.checkBody()) {
                setTimeout(this.attachFingerprintIframe(), 5)
            } else if (!document.getElementById(id)) {
                try {
                    var iframe = document.createElement('iframe');
                    iframe.src = this.cdn;
                    iframe.id = id;
                    iframe.name = 'ufpIframe';
                    iframe.width = 0;
                    iframe.height = 0;
                    iframe.frameBorder = 0;
                    iframe.style = 'position:absolute;left:-9999px;width:0px;height;0px;border:0px;';
                    if (window.postMessage) {
                        this.attachMessageEvent()
                    } else {
                        this.complete()
                    }
                    document.body.appendChild(iframe)
                } catch (e) {}
            }
        }
    };
    ufpAttach.VERSION = "1.0";
    return ufpAttach
}();
var CTAMAT = new function() {
    var adserverUrls = {
        adcashDomain: ['//liveadexchanger.com', '//maxonclick.com', '//buzzadexchange.com', '//star.pulseonclick.com', '//yieldtraffic.com', '//onclickmax.com', '//geniusdisplay.com', '//superadexchange.com', '//performanceadexchange.com', '//venturead.com'],
        adcashUrls: ['//liveadexchanger.com/script/suurl.php?', '//maxonclick.com/script/suurl.php?', '//buzzadexchange.com/script/suurl.php?', '//star.pulseonclick.com/script/suurl.php?', '//yieldtraffic.com/script/suurl.php?', '//onclickmax.com/script/suurl.php?', '//geniusdisplay.com/script/suurl.php?', '//superadexchange.com/script/suurl.php?', '//performanceadexchange.com/script/suurl.php?', '//venturead.com/script/suurl.php?'],
        adserverIndex: 0
    };
    var rand = Math.random();
    var self = this;
    var oppPixelLoaded = false;
    this.browser = (function(n) {
        n = n.replace('OPR', 'opera').toLowerCase();
        var b = {
            webkit: /webkit/i.test(n),
            chrome: /chrome|crios/i.test(n),
            safari: (/safari/i.test(n) && !(/chrome/i.test(n)) && !(/opios/i.test(n))),
            mozilla: (/mozilla/i.test(n)) && (!/(compatible|webkit)/i.test(n)),
            firefox: /firefox/i.test(n),
            msie: ((/msie/i.test(n)) || /Trident/i.test(n)) && (!/opera/i.test(n)),
            msedge: (/edge/i.test(n)),
            msMobile: /iemobile/i.test(n) || /(?=.*\bWindows\b)(?=.*\bARM\b)/i.test(n) || /Windows Phone/i.test(n),
            opera: /opera/i.test(n),
            operaMini: (/opera mini/i.test(n) || /opios/i.test(n)),
            android: /android/i.test(n),
            mac: /macintosh/i.test(n),
            blackberry: /blackberry/i.test(n) || /BB10/i.test(n),
            ios: /ipad|ipod|iphone/i.test(n),
            fb: /fban\/fbios|fbav|fbios|fb_iab\/fb4a/i.test(n),
            presto: /presto/i.test(n),
            ieQuirksMode: (typeof document.compatMode !== 'undefined') ? document.compatMode !== 'CSS1Compat' && (/msie/i.test(n)) && (!/opera/i.test(n)) : false,
            ucbrowser: /^((?!UCWEB).)*UCBrowser.*Mobile.+/i.test(n),
            ucMini: /^((?!UCWEB).)*UCBrowser.*Mobile$/i.test(n),
            ucSpeed: /^Mozilla\/5\.0.+Gecko\/$/i.test(n),
            amazon_tablet: /(KFOT|KFTT|KFJWI|KFJWA|KFSOWI|KFTHWI|KFTHWA|KFAPWI|KFAPWA|KFARWI|KFASWI|KFSAWI|KFSAWA|JSS15J|Silk|Kindle)/i.test(n),
            tablet: /(?:Nexus 7|BNTV250|Kindle Fire|Silk|GT-P1000)/i.test(n)
        };
        b.touchable = 'ontouchstart' in document.documentElement;
        b.version = (b.safari) ? (n.match(/.+(?:ri)[\/: ]([\d.]+)/) || [])[1] : (n.match(/.+(?:ox|me|ra|ie|Edge)[\/: ]([\d.]+)/) || [])[1];
        b.majorVersion = parseInt(b.version);
        b.isMobile = b.android || b.ios || b.blackberry || b.msMobile || b.operaMini || b.ucbrowser || b.tablet || b.amazon_tablet || b.ucbrowser || b.fb || b.ucMini || b.ucSpeed;
        b.userAgent = navigator.userAgent;
        b.iosVersion = function() {
            if (typeof window.MSStream !== 'undefined') {
                return 0
            }
            var match = (/OS (\d+)_(\d+)_?(\d+)?/i).exec(b.userAgent),
                version;
            if (match !== undefined && match !== null) {
                version = [parseInt(match[1], 10), parseInt(match[2], 10), parseInt(match[3] || 0, 10)];
                return parseFloat(version.join('.'))
            }
            return 0
        };
        b.getBrowserName = function() {
            if (b.operaMini || b.fb) {
                return 'omini'
            }
            if (b.isMobile && (b.chrome || b.ios || b.safari || b.firefox || b.msMobile || b.opera || b.ucbrowser || b.ucMini)) {
                return 'mobile'
            }
            if (b.firefox) {
                return 'firefox'
            }
            if (b.opera) {
                return 'opera'
            }
            if (b.msie) {
                return 'msie'
            }
            if (b.safari) {
                return 'safari'
            }
            if (b.msedge) {
                return 'edge'
            }
            if (b.chrome) {
                return 'chrome'
            }
            return 'general'
        };
        b.getUrl = function() {
            return urls.cdnUrls[urls.cdnIndex] + '/script/' + b.getBrowserName() + '.js'
        };
        b.getEventName = function() {
            var eventType = 'click';
            if (b.chrome) {
                eventType = 'mousedown';
                if (b.majorVersion > 42 && b.majorVersion < 49 || b.isMobile) {
                    eventType = 'click'
                }
            }
            if (b.isMobile && b.touchable && !b.chrome && !b.ucMini && !b.ucSpeed) {
                eventType = 'touchstart'
            }
            if (b.ios && b.iosVersion() >= 9) {
                eventType = 'click'
            }
            return eventType
        };
        return b
    })(navigator.userAgent);
    this.attachAdserverScript = function() {
        var errorHandle = '';
        if (typeof zoneSett.url === 'string') {
            try {
                errorHandle = function() {
                    if (typeof emergencyFixer === 'object' && typeof urls.useFixer === 'boolean') {
                        if (urls.useFixer === true) {
                            emergencyFixer.prepare()
                        }
                    }
                };
                self.attachScript(zoneSett.url, true, errorHandle)
            } catch (e) {}
        } else if (adserverUrls.adserverIndex < adserverUrls.adcashUrls.length) {
            try {
                errorHandle = function() {
                    adserverUrls.adserverIndex++;
                    self.attachAdserverScript()
                };
                self.attachScript(adserverUrls.adcashUrls[adserverUrls.adserverIndex], true, errorHandle)
            } catch (e) {}
        } else {
            if (typeof CTABPu.emergencyFixer === 'object' && typeof urls.useFixer === 'boolean') {
                if (urls.useFixer === true) {
                    CTABPu.emergencyFixer.prepare()
                }
            }
        }
    };
    this.attachScript = function(src, shouldBuild, errorHandler) {
        errorHandler = typeof errorHandler !== 'function' ? function() {} : errorHandler;
        if (typeof shouldBuild === 'boolean' && shouldBuild === true) {
            var builder = new self.ReopenUrlBuilder(src, self.inIframe());
            src = builder.build();
            if (self.browser.operaMini || self.browser.ucSpeed) {
                src += '&om=1'
            }
        }
        var scriptElement = document.createElement('script');
        scriptElement.setAttribute('data-cfasync', 'false');
        scriptElement.src = src;
        scriptElement.onerror = errorHandler;
        var firstScript;
        if (typeof document.scripts !== 'undefined') {
            firstScript = document.scripts[0]
        }
        if (typeof firstScript === 'undefined') {
            firstScript = document.getElementsByTagName('script')[0]
        }
        firstScript.parentNode.insertBefore(scriptElement, firstScript)
    };
    this.uniformAttachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.addEventListener) {
            return object.attachEvent('on' + evt, callback)
        }
        return object.addEventListener(evt, callback, true)
    };
    this.uniformDetachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.removeEventListener) {
            return object.detachEvent('on' + evt, callback)
        }
        return object.removeEventListener(evt, callback, true)
    };
    this.inIframe = function() {
        try {
            return (window.self !== window.top) ? 1 : 0
        } catch (e) {
            return 1
        }
    };
    this.supportsBeacon = function() {
        return (typeof navigator.sendBeacon !== 'undefined') ? 1 : 0
    };
    this.supportsImage = function() {
        return (typeof Image !== 'undefined') ? 1 : 0
    };
    this.checkBody = function() {
        var b = false;
        if (typeof document.body !== 'undefined') {
            if (document.body != null) {
                b = true
            }
        }
        var oldBrowser = typeof document.getElementsByTagName('body')[0] !== 'undefined';
        return (b || oldBrowser)
    };
    this.appendTtc = function(url, shouldTrack, startTime) {
        if (!shouldTrack || startTime == 0) {
            return url
        }
        var time = Date.now() - startTime;
        var prefix = '&';
        if (url.indexOf('?') === -1) {
            prefix = '?'
        }
        time = encodeTTC(time);
        url += prefix + 'ttc=' + time;
        return url
    };
    var encodeTTC = function(time) {
        var strToEnc = time;
        var symbols = ['c', 'y', 'r', '4', 'j', 'v', '9', 't', 'x', 'p'];
        var encodedStr = '';
        var crc = 0;
        while (strToEnc > 0) {
            encodedStr = encodedStr.concat(symbols[(strToEnc % 10)]);
            crc += strToEnc % 10;
            strToEnc = parseInt(strToEnc / 10)
        }
        for (var i = 0; i < 3; i++) {
            if (crc > 0) {
                encodedStr = encodedStr.concat(symbols[(crc % 10)]);
                crc = parseInt(crc / 10)
            } else {
                encodedStr = encodedStr.concat(symbols[0])
            }
        }
        return encodedStr
    };
    this.loadPixel = function(type, pixelUrl) {
        var parameter;
        switch (type) {
            case 'unsold':
                parameter = '&unin=1';
                break;
            case 'opp':
                if (oppPixelLoaded) {
                    return true
                } else {
                    oppPixelLoaded = true
                }
                break;
            default:
                return false
        }
        if (pixelUrl) {
            var pixel = document.createElement('img'),
                url = pixelUrl;
            url += parameter;
            pixel.style.display = 'none';
            pixel.style.visibility = 'hidden';
            pixel.src = url;
            self.attachPixelToBody(pixel);
            return true
        } else {
            return false
        }
    };
    this.jsonp = function(url, method, callback) {
        url = url || '';
        method = method || '';
        callback = callback || function() {};
        if (typeof method === 'function') {
            callback = method;
            method = 'callback'
        }
        var generatedFunction = 'jsonp' + Math.round(Math.random() * 1000001);
        window[generatedFunction] = function(json) {
            callback(json);
            try {
                delete window[generatedFunction]
            } catch (e) {}
        };
        if (url.indexOf('?') === -1) {
            url = url + '?'
        } else {
            url = url + '&'
        }
        var jsonpScript = document.createElement('script');
        jsonpScript.setAttribute('src', url + method + '=' + generatedFunction);
        var firstScript;
        if (typeof document.scripts !== 'undefined') {
            firstScript = document.scripts[0]
        }
        if (typeof firstScript === 'undefined') {
            firstScript = document.getElementsByTagName('script')[0]
        }
        firstScript.parentNode.appendChild(jsonpScript)
    };
    this.ReopenUrlBuilder = function(baseUrl, isInIframe) {
        var instance = this;
        var allowedParams = {
            'sub1': true,
            'sub2': true,
            'excluded_countries': true,
            'allowed_countries': true,
            'pu': true,
            'lang': true,
            'lon': true,
            'lat': true,
            'storeurl': true,
            'c1': true,
            'c2': true,
            'c3': true,
            'pub_hash': true,
            'pub_clickid': true,
            'pub_value': true
        };
        this.baseUrl = baseUrl;
        this._getMetaContent = function(name) {
            try {
                var meta = window.top.document.getElementsByTagName('meta');
                for (var i = 0; i < meta.length; i++) {
                    if (meta[i].hasAttribute('name') && meta[i].getAttribute('name').toLowerCase() === name) {
                        var info = meta[i].getAttribute('content');
                        return instance._getSafeSizeSubString(info)
                    }
                }
            } catch (e) {}
            return ''
        };
        this._getWidth = function() {
            return window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth
        };
        this._getHeight = function() {
            return window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight
        };
        this._getSafeSizeSubString = function(str) {
            var indexToCut = Math.max(str.indexOf(' ', 256), str.indexOf(',', 256));
            if (indexToCut > 384 || indexToCut < 20) {
                indexToCut = 256
            }
            return str.substring(0, indexToCut)
        };
        this._getTitle = function() {
            var title = document.title;
            if (isInIframe) {
                try {
                    title = window.top.document.title
                } catch (e) {
                    title = ''
                }
            }
            return instance._getSafeSizeSubString(title)
        };
        this._getReferrer = function() {
            var referrer = document.referrer;
            if (isInIframe) {
                try {
                    referrer = window.top.document.referrer
                } catch (e) {
                    referrer = ''
                }
            }
            return instance._getSafeSizeSubString(referrer)
        };
        this.build = function() {
            if (typeof zoneSett.url !== 'string') {
                this.baseUrl = this.baseUrl + 'r=' + zoneSett.r
            }
            if (typeof adcashMacros === 'object') {
                for (var key in adcashMacros) {
                    if (adcashMacros.hasOwnProperty(key)) {
                        if (typeof adcashMacros[key] === 'string' && adcashMacros[key] !== '' && adcashMacros[key].length > 0) {
                            if (typeof allowedParams[key] === 'boolean' && allowedParams[key] === true) {
                                this.baseUrl = this.baseUrl + (this.baseUrl.indexOf('?') > 3 ? '&' : '?') + key + '=' + encodeURIComponent(adcashMacros[key])
                            }
                        }
                    }
                }
            }
            return this.baseUrl + '&cbrandom=' + rand + '&cbiframe=' + isInIframe + '&cbWidth=' + instance._getWidth() + '&cbHeight=' + instance._getHeight() + '&cbtitle=' + encodeURIComponent(instance._getTitle()) + '&cbref=' + encodeURIComponent(instance._getReferrer()) + '&cbdescription=' + encodeURIComponent(instance._getMetaContent('description')) + '&cbkeywords=' + encodeURIComponent(instance._getMetaContent('keywords'))
        }
    };
    this.getRand = function() {
        return (typeof CTABPu !== 'object') ? rand : CTABPu.getRand()
    };
    this.loader = function(event) {
        if (typeof window['jonIUBFjnvJDNvluc' + self.getRand()] === 'function') {
            window['jonIUBFjnvJDNvluc' + self.getRand()](event);
            self.uniformDetachEvent(self.browser.getEventName(), self.loader)
        }
    };
    this.convertSecondsToMilliseconds = function(timeInSeconds) {
        var calculatedDelay = timeInSeconds;
        calculatedDelay = (calculatedDelay << 10) - calculatedDelay * 24;
        return calculatedDelay
    };
    this.getUrlQueryStringParameters = function(url) {
        var params = {};
        var x = url.split('?');
        if (1 in x) {
            var paramsRaw = x[1].split('&');
            for (var i in paramsRaw) {
                var parts = paramsRaw[i].split('=');
                if (0 in parts && 1 in parts) {
                    params[parts[0]] = parts[1]
                }
            }
        }
        return params
    };
    this.replaceQueryStringParametersInUrl = function(url, parameters) {
        var urlWithoutQueryString = url.split('?')[0];
        var urlParameters = self.getUrlQueryStringParameters(url);
        for (var i in parameters) {
            urlParameters[i] = parameters[i]
        }
        var queryString = self.buildQueryString(urlParameters);
        return urlWithoutQueryString + ((queryString.length) ? '?' + queryString : '')
    };
    this.buildQueryString = function(parameters) {
        var queryStringParts = [];
        for (var i in parameters) {
            queryStringParts.push(i + '=' + parameters[i])
        }
        return queryStringParts.join('&')
    };
    this.AdcashStorage = {
        isSupported: function() {
            try {
                return 'localStorage' in window && window['localStorage'] !== null
            } catch (e) {
                return false
            }
        },
        set: function(name, value, seconds) {
            var expires = '';
            if (seconds) {
                var date = new Date();
                date.setTime(date.getTime() + (seconds * 1000));
                expires = '; expires=' + date.toGMTString()
            }
            if (this.isSupported()) {
                localStorage.setItem(name, value)
            } else {
                document.cookie = name + '=' + value + expires + '; path=/'
            }
        },
        get: function(name) {
            if (this.isSupported()) {
                var ret = localStorage.getItem(name);
                switch (ret) {
                    case 'true':
                        return true;
                    case 'false':
                        return false;
                    default:
                        return ret
                }
            } else {
                var nameEQ = name + '=';
                var ca = document.cookie.split(';');
                for (var i = 0; i < ca.length; i++) {
                    var c = ca[i];
                    while (c.charAt(0) === ' ') {
                        c = c.substring(1, c.length)
                    }
                    if (c.indexOf(nameEQ) === 0) {
                        ret = c.substring(nameEQ.length, c.length);
                        switch (ret) {
                            case 'true':
                                return true;
                            case 'false':
                                return false;
                            default:
                                return ret
                        }
                    }
                }
            }
            return false
        }
    };
    this.randomString = function(length) {
        return Math.round((Math.pow(36, length + 1) - Math.random() * Math.pow(36, length))).toString(36).slice(1)
    };
    this.getWindowInfo = function() {
        return {
            height: window.outerHeight || document.documentElement.clientHeight,
            width: window.outerWidth || document.documentElement.clientWidth,
            left: window.screenLeft || window.screenX || 0,
            top: window.screenTop || window.screenY || 0
        }
    };
    if (!Date.now) {
        Date.now = function() {
            return new Date().getTime()
        }
    }
    this.currentTime = Date.now();
    this.init = function() {
        if (typeof zoneSett.r !== 'undefined' && zoneSett.r.length > 4) {
            var i;
            for (i = 0; i < adserverUrls.adcashUrls.length; i++) {
                acPrefetch(adserverUrls.adcashDomain[i])
            }
            if (typeof CTABPu !== 'undefined') {
                if (typeof CTABPu.loader === 'undefined') {
                    self.uniformAttachEvent(self.browser.getEventName(), self.loader)
                } else {
                    if (typeof urls.events !== 'undefined') {
                        for (i = 0; i < urls.events.length; i++) {
                            if (urls.events[i] !== self.browser.getEventName()) {
                                CTABPu.uniformDetachEvent(urls.events[i], CTABPu.loader)
                            }
                        }
                    }
                }
            } else {
                self.uniformAttachEvent(self.browser.getEventName(), self.loader)
            }
            try {
                new ufpAttach(urls.cdnUrls[urls.cdnIndex] + '/script/identify.html?frmt=0', function() {}).attachFingerprintIframe()
            } catch (e) {}
            self.attachAdserverScript();
            if (!self.browser.operaMini && !self.browser.ucSpeed) {
                self.attachScript(self.browser.getUrl())
            }
        }
    }
};
CTAMAT.init();
                                    

Executed Writes (13)

#1 JavaScript::Write (size: 681, repeated: 1) - SHA256: 1aaff2b82578ce9504c6a48147908d104e95cc88745c40ba2969bfadd912032b

                                        # ad - panel - 119417 {
    display: block;width: 468 px;height: 60 px;border: 1 px dotted #000000;background-color : # FFFFFF;
}
# ad - panel - 119417.ad - panel - inner {
        float: left;width: 50 % ;font - family: Arial;font - weight: normal;font - size: 10 px;color: #000000;text-align: left;}# ad - panel - 119417.ad - click - url {
                font - weight: bold;
                font - size: 12 px;
                color: #0000FF;}# ad - panel - 119417.ad - url {
                        color: #008000;}# ad - panel - auto - 119417 {
                            clear: both;display: block;width: 468;text - align: center;
                        }
                        # ad - panel - auto - 119417 {
                            clear: both;display: block;width: 468;text - align: center;
                        }
                        # ad - panel - auto - 119417.ad - auto - click - url {
                            color: #000000;font-family: Arial;font-weight: normal;font-size: 13px;}.ad-clear {clear: both;}
                                    

#2 JavaScript::Write (size: 6, repeated: 1) - SHA256: aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23

                                        < /div>
                                    

#3 JavaScript::Write (size: 8, repeated: 1) - SHA256: 5e4117ea8905b4866062cf8ae840cc520d1cd0403399e0b7342ea8485ef9a37d

                                        < /style>
                                    

#4 JavaScript::Write (size: 369, repeated: 1) - SHA256: 4b9112f98cc4319898784b7788492e17213d8c4e552fc118f4c8671d7b61acc9

                                        < a href = "http://www.linkredirect.biz/script/link.php?url=m9en1KCUaNnd2mCm18XGoqLGmNbIYciioZGgrJSenXZklGyYl5w%3D"
target = "_blank"
onclick = "(new Image()).src= 'http://www.pubdirecte.com/?said=119417&out=1';return true;" > < img src = "http://static.linkredirect.biz/b-images/pubdirecte_1.jpg"
height = "60"
width = "468"
alt = "Pubdirecte.com - R�gie Pub internet"
border = "0" > < /a>
                                    

#5 JavaScript::Write (size: 201, repeated: 1) - SHA256: 6d09213af14cd2747ead07ed589c867caa963dd40e23cfe2844cd0ff12cc4280

                                        < div id = "ad-panel-auto-119417" > < a href = "http://pubdirecte.com/?said=119417&id=119417"
target = "_blank"
class = "ad-auto-click-url" > Votre pub ici avec Pubdirecte.com < /a></div > < span class = "ad-clear" > < /span>
                                    

#6 JavaScript::Write (size: 36, repeated: 1) - SHA256: e917c5a30ef13a7f33f3f639c95647c2febc7ef859a0228fd27eca9c2d0e1df7

                                        < div id = "pubdirecte"
align = "center" >
                                    

#7 JavaScript::Write (size: 234, repeated: 1) - SHA256: 8fbf1a567159380fd811ce600b3b96062b61232185f11dc9b067a780ed67bc5f

                                        < iframe allowfullscreen width = "100%"
height = "100%"
scrolling = "no"
frameborder = "0"
marginwidth = "0"
marginheight = "0"
scrolling = "no"
allowtransparency = "true"
src = "http://yolanda3.bid/all.php?id=oioi5&p=0&c=0&stretching=uniform" > < /iframe>
                                    

#8 JavaScript::Write (size: 269, repeated: 1) - SHA256: d1fc914b49fdc40bab537b881c5b89f151b86edc03f9647b4e5e1c7786d55ee8

                                        < iframe allowtransparency = "true"
frameborder = "0"
framespacing = "0"
height = "250"
scrolling = "no"
src = "//www.urldelivery.com/watch.1240563051120?key=86e0bf09008093a9e997a4425beb10ab&kw=%5B%5D&refer=http%3A%2F%2Fhi.notkodi.science%2Fadsterra.html&tz=2"
width = "300" > < /iframe>
                                    

#9 JavaScript::Write (size: 87, repeated: 1) - SHA256: d46d5ab9ca1f136d399f9c67a34ecd5d6b94df8c1252e45369817d7c269fe744

                                        < script src = 'http://track.visitorpath.com/js/track.js'
type = 'text/javascript' > < /script>
                                    

#10 JavaScript::Write (size: 170, repeated: 1) - SHA256: 995a51d6c6a0b0049913a0c7ffab6ada4aa494140db9a4db215202952d4dbcd4

                                        < script src = 'http://track.visitorpath.com/track.php?idsite=7&type=view&url=http://host.cpxcenter.com/clicksor3/&rand=0.18030392754587754'
type = 'text/javascript' > < /script>
                                    

#11 JavaScript::Write (size: 84, repeated: 1) - SHA256: 071bb71cc5f59a8a7b8eeb83d3b40bdfebdb2381c15bfb06526d6bc7b795dd25

                                        < script src = 'http://www.google-analytics.com/ga.js'
type = 'text/javascript' > < /script>
                                    

#12 JavaScript::Write (size: 81, repeated: 1) - SHA256: 147a1890c2c1fa5e00cc41d4a28ff06db8a24b0a635a3879d00ba4e608a99e6d

                                        < script type = "text/javascript"
src = "http://www.bnserving.com/invoke.js" > < /script>
                                    

#13 JavaScript::Write (size: 7, repeated: 1) - SHA256: 7681f551e91f891fa8988f41eb7adccf9fa9de61d337d05632bf6275b26f5c70

                                        < style >
                                    


HTTP Transactions (197)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: unrealmatone.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.22.161
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Location: http://unrealmatone.blogspot.no/
Content-Encoding: gzip
Date: Thu, 12 Oct 2017 21:26:07 GMT
Expires: Thu, 12 Oct 2017 21:26:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 179
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   179
Md5:    acb3425d6d60f70868e233446e2d36c1
Sha1:   81ca31d601edca6933258dfd2641e5df958b76bb
Sha256: f9a856d46cfacfae6f189f62e8fcf6343b89be44f8bf7c7a58b4bb585078e177
                                        
                                            GET / HTTP/1.1 
Host: unrealmatone.blogspot.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
X-Robots-Tag: noindex, nofollow
Expires: Thu, 12 Oct 2017 21:26:08 GMT
Date: Thu, 12 Oct 2017 21:26:08 GMT
Cache-Control: private, max-age=0
Last-Modified: Thu, 12 Oct 2017 02:05:39 GMT
Etag: W/"17416beb491a8a7c8ad46b0642e6b1e00292f7d795d18ab7d4cd86a22fca234e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 4300
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4300
Md5:    5b2b032a0f8906ed71c119e9d9352290
Sha1:   6f3d332541af87f71402c1a45bccb47c1149105c
Sha256: 9f50895c8fa7cbf969cae26f1e2156bf5bf16f4bc27df4e5d4cf29cff66a2140
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:08 GMT
Expires: Mon, 16 Oct 2017 21:26:08 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    aa72ed1812d92af60ebe181743683525
Sha1:   20dc171ffbde04b8742ab0da58fafc2fffc31e67
Sha256: b8dc9770b7291a1e589474c185189c58ecc41c69dc1959d660d695d3ca8c4b5c
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1390
Content-Transfer-Encoding: binary
Cache-Control: max-age=357073, public, no-transform, must-revalidate
Last-Modified: Tue, 10 Oct 2017 00:34:08 GMT
Expires: Tue, 17 Oct 2017 00:34:08 GMT
Date: Thu, 12 Oct 2017 21:26:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1390
Md5:    fccd40351d25d6f5eecda73fdef9b3d8
Sha1:   0d2d2f37814bb53b7dca796acc9ee278ef6297ba
Sha256: 23e276d6aa20791de9110019cb7992bae490040d4cc3a06678449d1b3f2063e4
                                        
                                            GET /static/v1/widgets/1917767771-widget_css_bundle.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8450
Date: Tue, 03 Oct 2017 03:06:51 GMT
Expires: Wed, 03 Oct 2018 03:06:51 GMT
Last-Modified: Mon, 02 Oct 2017 22:05:25 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 843557
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   8450
Md5:    a5f71e88ca9b26a749243568aa6cf14d
Sha1:   0ea88166a0447850ae1630b8a3720bf7e63245b7
Sha256: 9869cc111f0cf849928f9573b7d581c0b71cb1e7436bf8d02469aa83b120a748
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:08 GMT
Expires: Mon, 16 Oct 2017 21:26:08 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    f12013db3f9509bab1d7efae58cafeb4
Sha1:   895702c612db85c65e8b2163bbf2eb8e044e5afa
Sha256: 0d6b175b934d2ac0eb377d01580a88f75f8f8359b3e3dda7ac2a5248391d59ef
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:08 GMT
Expires: Mon, 16 Oct 2017 21:26:08 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    0cb24ffe8653a3a6333fdf59064eef78
Sha1:   a050872fafdcbcad6c489406bf5e962d4dd6fe8a
Sha256: e2a8a12ee43ea34d2d0dfa6a21dd34f8caf5a63eba842933cb87129d145c9cb4
                                        
                                            GET /css?family=Muli HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         172.217.22.170
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 12 Oct 2017 21:26:08 GMT
Date: Thu, 12 Oct 2017 21:26:08 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   190
Md5:    44c7e41b965be99583a6bbde9c94c3a2
Sha1:   1401057ed3aebfa0e6a3fa67900fc64503f3f705
Sha256: bfcbed5b9eb62403683a665684f5679cca5cbbeb7a2ceeb20559cea95980fbbd
                                        
                                            GET /static/v1/widgets/1498323563-widget_css_bundle.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7271
Date: Thu, 12 Oct 2017 21:26:08 GMT
Expires: Fri, 12 Oct 2018 21:26:08 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 19 Jan 2017 01:23:30 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   7271
Md5:    24bac30b2cba912bfa5030a200365a07
Sha1:   20fb881ae1414b682259da22f94f8d81feecadc1
Sha256: 11162c0ee438858e8d872fa058659189f206cad70dc17a862189f094a498217f
                                        
                                            GET /static/v1/widgets/2682751544-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46164
Date: Fri, 06 Oct 2017 01:50:20 GMT
Expires: Sat, 06 Oct 2018 01:50:20 GMT
Last-Modified: Thu, 05 Oct 2017 23:11:42 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 588948
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   46164
Md5:    7035c45baf033ca693de092b42a02000
Sha1:   ec2136e5613226a45279a0b3dfe79a3cf4d8f1a7
Sha256: 5cd86ef91ebf028d0c1673b662e640dbd682cb5f0732ab8998022c2599b591ed
                                        
                                            GET /js/plusone.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Timing-Allow-Origin: *
Etag: "ff43a59f940b9e31a0283d768b2237d6"
Expires: Thu, 12 Oct 2017 21:26:08 GMT
Date: Thu, 12 Oct 2017 21:26:08 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
Strict-Transport-Security: max-age=31536000
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=114=X8AkmzkiXGhFxuGFVh7yIy8huuQaYklV6tZms8Y3qXngkx3aHdLhLw-0gTPvgdupO-AqcgdQtij9iwu9FaGpuHj4Sq2X3naNFMuUC10IxlM_eIuigfnKBRhbvYZz6M1_;Domain=.google.com;Path=/;Expires=Fri, 13-Apr-2018 21:26:08 GMT;HttpOnly
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17423
Md5:    df210cafcf0432f63b4d1e9017b50492
Sha1:   fb60ebec4c23783d2168550604d871d4efd2a800
Sha256: 282712f4c148ca337b742d000fb85617e37d467f755b4cd563c7ea12451adb95
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=5352492049063384498&zx=5f1dee5b-8a78-4e4e-ba64-3c74031b1ce1 HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/css; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Cache-Control: private, max-age=1800
Pragma: no-cache
Expires: Thu, 12 Oct 2017 21:26:08 GMT
Date: Thu, 12 Oct 2017 21:26:08 GMT
Last-Modified: Thu, 12 Oct 2017 21:26:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   21
Md5:    b9afc501fc43fbea335a2dc5d43263a1
Sha1:   7290a2dd6afbf39ecfc35b52dfb32a38fc222994
Sha256: d6e425ca7840c0ab6f26f5fc2822a47e26b4a8bbd104468a9c185bc132b8662f
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=129261383127335873&zx=7838b926-112a-40bf-9b19-f82f3d5f2176 HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/css; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Cache-Control: private, max-age=1800
Pragma: no-cache
Expires: Thu, 12 Oct 2017 21:26:08 GMT
Date: Thu, 12 Oct 2017 21:26:08 GMT
Last-Modified: Thu, 12 Oct 2017 21:26:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   21
Md5:    b9afc501fc43fbea335a2dc5d43263a1
Sha1:   7290a2dd6afbf39ecfc35b52dfb32a38fc222994
Sha256: d6e425ca7840c0ab6f26f5fc2822a47e26b4a8bbd104468a9c185bc132b8662f
                                        
                                            GET /pop.js HTTP/1.1 
Host: c1.popads.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         185.76.9.13
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 06 Sep 2017 19:19:47 GMT
Etag: W/"59b04a53-11aa7"
Expires: Wed, 13 Sep 2017 19:31:07 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Server: CDN77-Turbo
X-Edge-IP: 185.76.9.10
X-Edge-Location: stockholmSE
X-Cache: HIT
X-Age: 93296
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   30621
Md5:    0a74ea7e2c31eae9a0e5e694aa67603a
Sha1:   92ada43a290cba520b86bf3ad102f7412d138f55
Sha256: a4cbb3b7dfee16a776245ab8aaef7fd690d4d6894f2b9ec7e2ae4ac7b7da79f4
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: unrealmatone.blogspot.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
X-Robots-Tag: noindex, nofollow
Expires: Thu, 12 Oct 2017 21:26:08 GMT
Date: Thu, 12 Oct 2017 21:26:08 GMT
Cache-Control: private, max-age=86400
Last-Modified: Thu, 12 Oct 2017 02:05:39 GMT
Etag: W/"17416beb491a8a7c8ad46b0642e6b1e00292f7d795d18ab7d4cd86a22fca234e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 712
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   712
Md5:    ad70a25268426a4763a53005e274fab5
Sha1:   dfb27e34b27f6146bc61dcc4549c958cb6d9b359
Sha256: 0c4bfbadc4fff7415d1a94b9090cafe857e13054c95a66138f6dcfb5e5d5dd66
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.no.m2rCJFJyJGQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMZGXZwD7bR521s-ul1oChzQaGabg/cb=gapi.loaded_0 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/
Cookie: NID=114=X8AkmzkiXGhFxuGFVh7yIy8huuQaYklV6tZms8Y3qXngkx3aHdLhLw-0gTPvgdupO-AqcgdQtij9iwu9FaGpuHj4Sq2X3naNFMuUC10IxlM_eIuigfnKBRhbvYZz6M1_

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46907
Date: Thu, 12 Oct 2017 19:31:29 GMT
Expires: Fri, 12 Oct 2018 19:31:29 GMT
Last-Modified: Thu, 12 Oct 2017 01:56:10 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 6879
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   46907
Md5:    663da4522821133a5116f57abe7d6a86
Sha1:   1b157f22c825d5bee65867d2709bfcbb4c04a086
Sha256: 8010ae2811b2cf468d24a4e896dcdcd1457c10af769525ad1928c502b56550fb
                                        
                                            GET /hd/embed/1/5.html?ser HTTP/1.1 
Host: liguendirect.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         104.31.9.176
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d66fc85fdac301bebf26f8393c954c6d31507843568; expires=Fri, 12-Oct-18 21:26:08 GMT; path=/; domain=.liguendirect.com; HttpOnly
Last-Modified: Thu, 28 Sep 2017 15:44:13 GMT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3acd22c2307d426d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1939
Md5:    de4d7d1c1946d2ccecea73b8a519e4f7
Sha1:   b0202814bcb3c0efe81a2e139ae3ce5c7b37289f
Sha256: e0e394f7f6927902007faa220c13afc226ce5b554b990d3b02039c0964d2992e

Alerts:
  IDS:
    - ET INFO Suspicious Darkwave Popads Pop Under Redirect
                                        
                                            GET /streamgame.js HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569; expires=Fri, 12-Oct-18 21:26:09 GMT; path=/; domain=.notkodi.science; HttpOnly
Last-Modified: Tue, 10 Oct 2017 21:45:27 GMT
Etag: W/"59dd3f77-21f"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:09 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22c4d6f0429d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   279
Md5:    7bcfc922446c36175e1f7f9d2e7918aa
Sha1:   ade6cff0335285c602864fad1141fed3b4003513
Sha256: 48a022f6118b0d05aa267779461cd85fa8a73778eefd9074f03f4da0bb9a8293
                                        
                                            GET /-iLFP_QG4MQ8/WNvBRDtmTII/AAAAAAAAB08/922QeW66CKcb7hQKGul-1lCDuZuYD-UCgCK4B/s400/x.png HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v750"
Expires: Fri, 13 Oct 2017 12:08:43 GMT
Content-Disposition: inline;filename="x.png"
Vary: Origin
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Thu, 12 Oct 2017 20:50:09 GMT
Server: fife
Content-Length: 229
X-XSS-Protection: 1; mode=block
Age: 2160
Cache-Control: public, max-age=86400, no-transform


--- Additional Info ---
Magic:  PNG image, 12 x 12, 8-bit/color RGBA, non-interlaced
Size:   229
Md5:    b1acd8ff15f27ff254da818d1d312fb4
Sha1:   19dce128688f59523e066683fea3512531ed52be
Sha256: 01126d1737e358a8e567185679303e96193ec81878c6efaca193fc839555c1d0
                                        
                                            GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 30244
Date: Sat, 09 Sep 2017 16:32:24 GMT
Expires: Sun, 09 Sep 2018 16:32:24 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 2868825
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   30244
Md5:    df1adfd1a8ac2c5e05a0e6515570d334
Sha1:   476b6e9662fec1209fae1c51c6f76b71f265340a
Sha256: 540636a96b3bde77cafdf7148131f4fce09c9a19e55afa55794e62dce6f0af02
                                        
                                            GET /js/ad.js HTTP/1.1 
Host: js.srcsmrtgs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         34.248.136.216
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Connection: close
Proof: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
Cache-Control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
Etag: W/"df4-p9w7EwKZYjcUvq3chwNbB5iCENY"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 12 Oct 2017 21:26:08 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1489
Md5:    c15136abfcf071efb9659e221a7c1fb3
Sha1:   0542353d340cae07fc5391643e690ae6364337e7
Sha256: dbff3996d080d02c21eba6012e32707aa74fe8965496f937a951121cd5ff787d
                                        
                                            GET /script/banniere.php?said=119417 HTTP/1.1 
Host: pubdirecte.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         192.230.77.234
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:09 GMT
Server: Apache
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: Thu, 12 Oct 2017 21:26:09 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 632
Connection: close
Set-Cookie: visid_incap_224165=JGWeonIURf61KFlyJuL3dfHd31kAAAAAQUIPAAAAAAA8OkNxAng+LPMTxBj3eNDa; expires=Fri, 12 Oct 2018 10:38:23 GMT; path=/; Domain=.pubdirecte.com incap_ses_721_224165=EPJKSoOXuVYuY9EA0YEBCvHd31kAAAAAF1TbTfKsj72R5m/L2NrFcQ==; path=/; Domain=.pubdirecte.com ___utmvmmyuODtO=ivPOaIMOpgr; path=/; Max-Age=900 ___utmvamyuODtO=hwBGEEv; path=/; Max-Age=900 ___utmvbmyuODtO=OZb XbYOBalk: mtL; path=/; Max-Age=900
X-Iinfo: 11-6528167-6528168 NNNN CT(23 -1 0) RT(1507843569183 49) q(0 0 0 16) r(0 0) U2
X-CDN: Incapsula


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   632
Md5:    87a79343cf73c8cdf31fc3a73961d5e8
Sha1:   5191ab0f097c5cbdf227213e6b6c7c3850c66d2f
Sha256: 353a37a81046086f90ec6c2fbe624b1518c7154ea8868de407714840e020141d
                                        
                                            GET /all.php?id=oioi5&p=0&c=0&stretching=uniform HTTP/1.1 
Host: yolanda3.bid
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         104.27.188.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d2ee0819361d08229afa869155401e7eb1507843569; expires=Fri, 12-Oct-18 21:26:09 GMT; path=/; domain=.yolanda3.bid; HttpOnly
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Server: cloudflare-nginx
CF-RAY: 3acd22c5c1404291-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   529
Md5:    1bb403df7ac046728921bc6dd412014f
Sha1:   e8ba594344161c15a54635eadd3a50b00d4864bc
Sha256: f51f84dec20b7cc54905bc5df05cb85096229d090a75ddcb02e26ed7c229a79a
                                        
                                            GET /checkInventory.php?w=1507843569&v=3&siteId=1860044&minBid=&popundersPerIP=&blockedCountries=&documentRef=&s=1176,885,1,1176,885 HTTP/1.1 
Host: serve.popads.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://unrealmatone.blogspot.no/

                                         
                                         216.21.13.11
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Set-Cookie: PP_CV=yes; expires=Thu, 12-Oct-2017 22:26:09 GMT; Max-Age=3600 fraudcheck=f4edb97714d731f8fa0e9321ab3c98e0; expires=Sat, 11-Nov-2017 21:26:09 GMT; Max-Age=2592000; path=/; domain=.popads.net PopAds_CF_Pass=1; expires=Fri, 13-Oct-2017 03:26:09 GMT; Max-Age=21600
Cache-Control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0
Pragma: no-cache
Content-Length: 908
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 12 Oct 2017 21:26:09 GMT
Accept-Ranges: bytes
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   908
Md5:    374c3e7434d1a3ef20de07947101cbfc
Sha1:   54fe8a6060ea6ea6823a581c937d734cbf355130
Sha256: c587f92b154887ce4f344d54142b1fceffbcb2c6b4cef66a5bc8715eb4103162
                                        
                                            GET /swidget/livecanalsss.png HTTP/1.1 
Host: whos.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         67.202.94.93
HTTP/1.1 307 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache, no-store, must-revalidate, private
Location: http://widgets.amung.us/small/00/48.png
Set-Cookie: uid=CgH9JFnf3fGSDgZmlxe3Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/


--- Additional Info ---
                                        
                                            GET /b-images/pubdirecte_1.jpg HTTP/1.1 
Host: static.linkredirect.biz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         192.230.77.234
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Etag: "129a0cdd"
Last-Modified: Mon, 29 Jul 2013 15:16:57 GMT
Content-Length: 17123
Cache-Control: max-age=50363, public
Expires: Fri, 13 Oct 2017 11:25:32 GMT
Date: Thu, 12 Oct 2017 21:26:09 GMT
Set-Cookie: visid_incap_224165=JKAV3mK/QDKyoEsdGsqKovHd31kAAAAAQUIPAAAAAACIkeHVerRz0zI1x1GSciIf; expires=Fri, 12 Oct 2018 10:38:17 GMT; path=/; Domain=.linkredirect.biz incap_ses_721_224165=vP2GCWl6EWM4Y9EA0YEBCvHd31kAAAAAGU3/xTVQqiLlRvsq+QM08Q==; path=/; Domain=.linkredirect.biz ___utmvmmyuODtO=jHzQpzqDLWN; path=/; Max-Age=900 ___utmvamyuODtO=UeWzhKc; path=/; Max-Age=900 ___utmvbmyuODtO=gZc XugObalj: WtF; path=/; Max-Age=900
X-Iinfo: 14-17649664-0 0CNN RT(1507843569385 4) q(0 -1 -1 0) r(0 -1)
X-CDN: Incapsula


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   17123
Md5:    3cfdeaff12f550548590de7836d5629d
Sha1:   30058a577d31c09c35b3a682d4328b0fe0e27207
Sha256: e76a4f98f3726e61b50a7b24421d98d89320f9c2ee1468bda6c905401c6a03e0
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yolanda3.bid/all.php?id=oioi5&p=0&c=0&stretching=uniform

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 19:50:43 GMT
Expires: Thu, 12 Oct 2017 21:50:43 GMT
Last-Modified: Thu, 28 Sep 2017 22:31:34 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16615
Age: 5726
Cache-Control: public, max-age=7200


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   16615
Md5:    35b5f4ce166821a2bf0477079a931144
Sha1:   8dc20b8b0bdb98de491a74246ead5ba3306015ee
Sha256: 4023bd853d5d297718309eafc53af1c88852bfadd2af68676914d3a1f270aa9d
                                        
                                            GET /js15_as.js HTTP/1.1 
Host: s10.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         46.105.201.240
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Thu, 12 Oct 2017 21:23:19 GMT
Etag: "1262556565"
Last-Modified: Mon, 12 Jun 2017 15:26:33 GMT
Content-Length: 4243
Content-Encoding: gzip
Vary: Accept-Encoding
X-CDN-Pop: sbg
X-CDN-Pop-IP: 137.74.120.0/27
X-Cacheable: Matched cache
Accept-Ranges: bytes
X-IPLB-Instance: 4761


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4243
Md5:    56bb73fb348426e693c0eaa9dd2abbc0
Sha1:   1ffbf180a67c8ed35ece4a432d9d6dacd16961f5
Sha256: f4f7ac364c5b2b15a517942786044905da98388284ddfb1302bf76bbf407b8a5
                                        
                                            GET /small/00/48.png HTTP/1.1 
Host: widgets.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser
Cookie: uid=CgH9JFnf3fGSDgZmlxe3Ag==

                                         
                                         146.185.16.146
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.9.6
Date: Thu, 12 Oct 2017 21:26:09 GMT
Content-Length: 320
Last-Modified: Sun, 13 Jun 2010 09:48:29 GMT
Connection: keep-alive
Etag: "4c14a96d-140"
Expires: Fri, 13 Oct 2017 21:26:09 GMT
Cache-Control: max-age=86400, private
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 80 x 15, 8-bit colormap, non-interlaced
Size:   320
Md5:    4f1d8062cbfb23b3523f297953189f25
Sha1:   c9a74e3423489fc6e8d267f8e497efc31af27adc
Sha256: 8a550aa919dc3a2e12afa29adeebfa47436e538a0426ca657a2cc35f27bf75b6
                                        
                                            GET /embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching= HTTP/1.1 
Host: saracatunga.bid
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yolanda3.bid/all.php?id=oioi5&p=0&c=0&stretching=uniform

                                         
                                         104.31.112.96
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d4dd9946c20297e95a45b77e7861bcb671507843569; expires=Fri, 12-Oct-18 21:26:09 GMT; path=/; domain=.saracatunga.bid; HttpOnly
Server: cloudflare-nginx
CF-RAY: 3acd22c737344255-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7244
Md5:    457101bfdfbec1f548928c014b90d1d1
Sha1:   870c64660747716c05d0088f22d0a97aca38bb68
Sha256: a86bf80cf63fcb8833160e8ef13323902d0f5a25fbfb11307993ed4f8630f22e
                                        
                                            GET /checkInventory.php?w=1507843569&v=3&siteId=541106&minBid=&popundersPerIP=&blockedCountries=&documentRef=http%3A%2F%2Funrealmatone.blogspot.no%2F&s=1176,885,1,1176,885 HTTP/1.1 
Host: serve.popads.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         216.21.13.11
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Set-Cookie: PP_CV=yes; expires=Thu, 12-Oct-2017 22:26:09 GMT; Max-Age=3600 fraudcheck=9d9143a1fb4b17cfde79ab022ade8184; expires=Sat, 11-Nov-2017 21:26:09 GMT; Max-Age=2592000; path=/; domain=.popads.net PopAds_CF_Pass=1; expires=Fri, 13-Oct-2017 03:26:10 GMT; Max-Age=21600
Cache-Control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0
Pragma: no-cache
Content-Length: 954
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 12 Oct 2017 21:26:10 GMT
Accept-Ranges: bytes
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   954
Md5:    bed2796bc71af87b707171b81b856d21
Sha1:   50a9da25a4b7e291afc6c525b142b502eb6d2103
Sha256: 325602697d93e53df9b515af20aae374355ce0d8611940a1f863e0d5f40eff5b
                                        
                                            GET /r/__utm.gif?utmwv=5.7.0&utms=1&utmn=1550718708&utmhn=yolanda3.bid&utmcs=UTF-8&utmsr=1176x885&utmvp=712x512&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmhid=404681287&utmr=http%3A%2F%2Fliguendirect.com%2Fhd%2Fembed%2F1%2F5.html%3Fser&utmp=%2Fall.php%3Fid%3Doioi5%26p%3D0%26c%3D0%26stretching%3Duniform&utmht=1507843570484&utmac=UA-49862722-1&utmcc=__utma%3D12188348.286794030.1507843570.1507843570.1507843570.1%3B%2B__utmz%3D12188348.1507843570.1.1.utmcsr%3Dliguendirect.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2Fhd%2Fembed%2F1%2F5.html%3B&utmjid=993294971&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yolanda3.bid/all.php?id=oioi5&p=0&c=0&stretching=uniform

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:10 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /peer5.clappr.plugin.js HTTP/1.1 
Host: api.peer5.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         104.20.241.6
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d46d6414b720fed8d80516ad24928a4a41507843570; expires=Fri, 12-Oct-18 21:26:10 GMT; path=/; domain=.peer5.com; HttpOnly
Last-Modified: Wed, 11 Oct 2017 10:57:05 GMT
Etag: W/"59ddf901-7a87"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Thu, 12 Oct 2017 21:56:10 GMT
Cache-Control: public, max-age=1800
Server: cloudflare-nginx
CF-RAY: 3acd22cc23e642bb-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9732
Md5:    ade4cb9075c3dbc0911600a29f2863b2
Sha1:   6a9032f8a378e1aabb75f0d23e8930e4be3c9c1e
Sha256: c298eb4abc3054a16489391ad432130eddc56eadb135d4acf738cff22793595a
                                        
                                            GET /close1.gif HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Content-Length: 2833
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:29 GMT
Etag: "59dd3f79-b11"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:10 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd22cc210a429d-OSL


--- Additional Info ---
Magic:  GIF image data, version 89a, 50 x 50
Size:   2833
Md5:    271f21f933e5a0b7a4c9d6c94d4c7617
Sha1:   4462197fcf7ccab3d20feef29ea115edf7e8a015
Sha256: 133c9635962f6708ad26668c392a364f417b85c1646fb9bfb7e5f2df5113bc9d
                                        
                                            GET /peer5.js?id=mw7djf6rd9y26wv74y3j HTTP/1.1 
Host: api.peer5.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         104.20.241.6
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d56dfad7725ae4533a6ed93da89512d3b1507843570; expires=Fri, 12-Oct-18 21:26:10 GMT; path=/; domain=.peer5.com; HttpOnly
X-Powered-By: Express
Etag: W/"4877c-Pn8/D/JVFKEtMX7FQfRMyyXKoYY"
Access-Control-Allow-Origin: *
X-Cache-Status: EXPIRED
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Thu, 12 Oct 2017 21:56:10 GMT
Cache-Control: public, max-age=1800
Server: cloudflare-nginx
CF-RAY: 3acd22cc245142a3-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   88277
Md5:    cd0f47e68d3d47be671869a159adaa76
Sha1:   ac959d5996a937412194c9881d3a484ca8cd6b7b
Sha256: f3a9faae7d40e0061444ad2851546f3e6db5ed66488d06d6c5bdc4b42d6c7b5a
                                        
                                            GET /jquery.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         198.232.125.113
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT
Vary: Accept-Encoding
Etag: W/"54499a48-1764d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   38845
Md5:    a7ce2c02f25a34d44b804e152e28a0d6
Sha1:   36888d5ddcca230e452d049409f9f09bbf0f1121
Sha256: 80b8444c9543adcdd2b4c36998504400a0c350c8ec8fe422508efe56f2f3f7d2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 18:55:45 GMT
Expires: Wed, 18 Oct 2017 18:55:45 GMT
Etag: 976A0CE8EAF5E8CAD053B8D2A02DB32CA3CEFE86
Cache-Control: max-age=508774,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp30
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    6ef27aeb9c1e3fe2e9656eb9349eba25
Sha1:   976a0ce8eaf5e8cad053b8d2a02db32ca3cefe86
Sha256: 5a2a802ff196c3425aba08a41f5461c2e506f12378bc97c471753a3880134430
                                        
                                            GET /stats/0.php?3423044&@f16&@g1&@h1&@i1&@j1507843570500&@k0&@l1&@m&@n0&@ohttp%3A%2F%2Funrealmatone.blogspot.no%2F&@q0&@r0&@s0&@ten-US&@u1176&@vhttp%3A%2F%2Fliguendirect.com%2Fhd%2Fembed%2F1%2F5.html%3Fser&@w HTTP/1.1 
Host: s4.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         208.43.241.178
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Content-Length: 442
Connection: close
Set-Cookie: CountUid=c9175c62-8bvq-4d30-9acb-07c1a3e22832; domain=.histats.com; Max-Age=31536000; Expires=Fri, 12-Oct-2018 21:26:10 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   442
Md5:    85be7f904fa03195584d867cb3884148
Sha1:   ca667e85f17e7b558fe01e934b308c9a937a3298
Sha256: c8b63da3b031aa55cccf448a0ee1b2f01898eba046f850b242cf9277d6467e00
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 09:42:49 GMT
Expires: Wed, 18 Oct 2017 09:42:49 GMT
Etag: CA43E1AF07B14215656B6CC8D338EC3E7BA69405
Cache-Control: max-age=475598,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp21
Content-Length: 727
Connection: close


--- Additional Info ---
Magic:  data
Size:   727
Md5:    07882bec5366fb7c671a3e4a9d535c69
Sha1:   ca43e1af07b14215656b6cc8d338ec3e7ba69405
Sha256: a2dd39e7b5cbb93b128105376d809387a202f507a8dcfd94edd7bb78e9bcb0cd
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 09:42:49 GMT
Expires: Wed, 18 Oct 2017 09:42:49 GMT
Etag: 8A7BC9885D9FFAFD7270D5324F22275F2B2C0D13
Cache-Control: max-age=475598,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp30
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    d7daaf5088b1b8633e7e0d6600507656
Sha1:   8a7bc9885d9ffafd7270d5324f22275f2b2c0d13
Sha256: 9ea32e88334ce42853f79b00abaff0d4ee00214175cd3e1d189a0aa1b4a4ceba
                                        
                                            GET /e/?v=1a&pid=5200&site=1&l=http%3A%2F%2Fliguendirect.com%2Fhd%2Fembed%2F1%2F5.html%3Fser&j=http%3A%2F%2Funrealmatone.blogspot.no%2F HTTP/1.1 
Host: e.dtscout.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://liguendirect.com/hd/embed/1/5.html?ser

                                         
                                         69.4.231.31
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Transfer-Encoding: chunked
Connection: close
X-Z: E
Set-Cookie: m=1; expires=Thu, 12-Oct-2017 21:56:10 GMT; Max-Age=1800; path=/; domain=dtscout.com b=1; expires=Fri, 13-Oct-2017 05:26:10 GMT; Max-Age=28800; path=/; domain=dtscout.com ey=1; expires=Fri, 13-Oct-2017 01:26:10 GMT; Max-Age=14400; path=/; domain=dtscout.com ah=1; expires=Fri, 13-Oct-2017 21:26:10 GMT; Max-Age=86400; path=/; domain=dtscout.com df=1507843570; expires=Sat, 12-Oct-2019 21:26:10 GMT; Max-Age=63072000; path=/; domain=dtscout.com d=null; expires=Tue, 11-Oct-2022 21:26:10 GMT; Max-Age=157680000; path=/; domain=dtscout.com l=RQTnH1nf3fJUYV9o71jnAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.dtscout.com; path=/
Expires: Thu, 12 Oct 2017 21:26:09 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   3753
Md5:    7c9e4cf17de6bd1fab81a09f7364d696
Sha1:   8d0cf84c21bae3dd4fb467ebe1d0b65f9970ef5f
Sha256: fd59221be4565455898299ead9847f328528b5448eae372980995b05b37a2cb0
                                        
                                            GET /clappr/latest/clappr.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         104.16.86.20
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, s-maxage=31536000
Timing-Allow-Origin: *
Vary: Accept-Encoding
Etag: "8156e-D6xFiaxzMytsrOCcfMOmYtKY+qo"
Content-Encoding: gzip
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 3acd22cdeda24291-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   129747
Md5:    b58719669574f60c788d2dc7f3555d5a
Sha1:   0237c7f26b739bee75964aa6158acaedf39b22e6
Sha256: 83801a5c75c14dd74b02a5921f7ac46895a26c4ec4a1ba2ae6b8736541a0af5b
                                        
                                            GET /468.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:29 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:11 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22d0a4a7427f-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   127
Md5:    69d55271917c34c682a7d91b80bc9352
Sha1:   d927293cb1430da5176b7534fdb64aa7d7272ccf
Sha256: fde77f1c5fc875c27ef41369d07ad5bce483d052f8df3e052dbb0809486b9de4
                                        
                                            GET /adsterra.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:27 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:11 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22d0923f429d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   250
Md5:    9c09c5b1ed007fd0bc3534359f952dad
Sha1:   7f41ffbc78534869ed792f9f77bf32f4a8ade46d
Sha256: 29d63002bc069c5b144d3240a6b828b5060e5993b79ffd266d99a71aad1b200a
                                        
                                            GET /hdstreams.jpg HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/468.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:11 GMT
Content-Length: 10759
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:30 GMT
Etag: "59dd3f7a-2a07"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:11 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd22d0b4ac427f-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   10759
Md5:    8e1e2a11e3c29b47c638649d5d0a6d5e
Sha1:   b559c3fe2fe54895695ad75e20e37a0649fd7c0b
Sha256: 24647ad0c6499043b5fca4cd7025c4d3857eaf06ff4902c60f4df419a736e30a
                                        
                                            GET /static/v2/pop.min.js HTTP/1.1 
Host: creative.wwwpromoter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         172.93.4.203
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:10 GMT
Content-Length: 66184
Last-Modified: Fri, 29 Sep 2017 16:00:45 GMT
Connection: close
Etag: "59ce6e2d-10288"
Expires: Thu, 12 Oct 2017 21:26:09 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   66184
Md5:    25d8564ec31b8ed3da9b31625a4817a4
Sha1:   9d618c17e06dbffdf15f1f366eaebcecd36ea2d2
Sha256: d0c208d1948d98d6f435540a0ffc29c0df2d009111584597615a5a28c118729e

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: unrealmatone.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.22.161
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Location: http://unrealmatone.blogspot.no/favicon.ico
Content-Encoding: gzip
Date: Thu, 12 Oct 2017 21:26:11 GMT
Expires: Thu, 12 Oct 2017 21:26:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 187
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   187
Md5:    c4f4b25b1f0f8dde5fbc75b1b2620e03
Sha1:   c288584043b3c0348edc40b7d69a4fde34807069
Sha256: 3a1a4aab5c4c4ee01e6c702c226c4d9284a78814a3820c09c4c85a6e427b2470
                                        
                                            GET /invoke.js HTTP/1.1 
Host: www.bnserving.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/adsterra.html

                                         
                                         213.196.2.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.10.3
Date: Thu, 12 Oct 2017 21:26:11 GMT
Content-Length: 3250
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   3250
Md5:    0f8ed024971ee041088cf60049dcfa18
Sha1:   eabd4980c90087d608e058038d3c2394533e3673
Sha256: 551d3aaef3532905c99577da988f32ed4958fbfc47d1f4ef202800bfb5b6143e
                                        
                                            GET /script/compatibility.js HTTP/1.1 
Host: velocecdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         104.16.117.230
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dfa8b3f30546788fac60ccd1a4825cdc41507843571; expires=Fri, 12-Oct-18 21:26:11 GMT; path=/; domain=.velocecdn.com; HttpOnly
X-GUploader-UploadID: AEnB2UowW928smUonUEH7E9TwE_8LPcqhjo_qM5RQT0w1lONMKfrklIc2CYM6f59SUwRH6mYZcU1_7IQrnQdVqbcu5YI9YivBw
Expires: Fri, 13 Oct 2017 01:26:11 GMT
Last-Modified: Tue, 03 Oct 2017 11:48:27 GMT
Etag: W/"70a42a92bb9862222275bb87f39e3034"
x-goog-generation: 1507031307105390
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10215
x-goog-hash: crc32c=bBi8SA==, md5=cKQqkruYYiIidbuH854wNA==
x-goog-storage-class: MULTI_REGIONAL
Cache-Control: public, max-age=14400
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3acd22d242e64285-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5449
Md5:    47fe022fab78baa38620f48dd916c22a
Sha1:   43b1a7d4e5dd7530657e3a46c8960c3a7768018e
Sha256: b540c71dff894ec0385d1297a1d8269996376254fc49825e2f625137d669df05
                                        
                                            GET /script/firefox.js HTTP/1.1 
Host: velocecdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=
Cookie: __cfduid=dfa8b3f30546788fac60ccd1a4825cdc41507843571

                                         
                                         104.16.117.230
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: AEnB2Uooss0Id9U2Gty99NS9JQ_QzYTfbbdQfwE1swPw9gqztyRgVJGIlYkOfT2D-N9gXidYZ5NO1SoFHbQoIRz9Pkc-KvHOzQ
Expires: Fri, 13 Oct 2017 01:26:11 GMT
Cache-Control: public, max-age=14400
Last-Modified: Wed, 04 Oct 2017 09:06:08 GMT
Etag: W/"a69a7ba174bdf7f5024231021d247724"
x-goog-generation: 1507107968426791
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8334
x-goog-hash: crc32c=ujViiA==, md5=ppp7oXS99/UCQjECHSR3JA==
x-goog-storage-class: MULTI_REGIONAL
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3acd22d262f14285-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4376
Md5:    180207e1aa7a3c16adbc304f7726d7c1
Sha1:   9927aabfe161ed700b426ab4e0f4fda0dbe1570d
Sha256: a3e26e99cab94da71056d770bd94ccaa1f565d93be5323e595c88c335fbf0a47
                                        
                                            GET /watch.1240563051120?key=86e0bf09008093a9e997a4425beb10ab&kw=%5B%5D&refer=http%3A%2F%2Fhi.notkodi.science%2Fadsterra.html&tz=2 HTTP/1.1 
Host: www.urldelivery.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/adsterra.html

                                         
                                         69.42.65.41
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.10.3
Date: Thu, 12 Oct 2017 21:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: http://hi.notkodi.science
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=12944321; expires=Thu, 12 Oct 2017 21:27:11 GMT ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxMjk0NDMyMSwiayI6Ijg2ZTBiZjA5MDA4MDkzYTllOTk3YTQ0MjViZWIxMGFiIiwic2lkIjoiIiwiaXNpZCI6MywiYXNpZCI6MiwiemlkIjo1Njg5OSwicGlkIjoxNzMwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE5LCJhaWQiOjV9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxMDQ1MDYsImljIjpmYWxzZSwibiI6IkRlc2t0b3B8RW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjo3MTMzLCJvbiI6IldpbmRvd3MiLCJvdiI6IjciLCJiaWQiOjE3NTU4LCJibiI6IkZpcmVmb3giLCJidiI6IjMuNiJ9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJQb3dlclRlY2ggSW5mb3JtYXRpb24gU3lzdGVtcyBBUyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9oaS5ub3Rrb2RpLnNjaWVuY2UvYWRzdGVycmEuaHRtbCJ9fQ.lMS7CxOaBjSWhUnKXDZcg-dePZ5GA_2Qehec0YPxiug; expires=Thu, 12 Oct 2017 21:27:11 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1006
Md5:    f807588b38f17165bbe96a3f1f9eac02
Sha1:   24f42e7bcb9ddb3ad0f340657fe2c07c381e71ba
Sha256: 99fc79036f1f0d808c4731ad0ac1dd9b69f7c847b2daf0c641b0b55e08071798
                                        
                                            GET /stats HTTP/1.1 
Host: r.remarketingpixel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.urldelivery.com/watch.1240563051120?key=86e0bf09008093a9e997a4425beb10ab&kw=%5B%5D&refer=http%3A%2F%2Fhi.notkodi.science%2Fadsterra.html&tz=2
Origin: http://www.urldelivery.com

                                         
                                         23.111.224.2
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.3
Date: Thu, 12 Oct 2017 21:26:11 GMT
Content-Length: 40
Connection: keep-alive
Access-Control-Allow-Origin: http://www.urldelivery.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=6515efd5-4132-41fd-958b-841be87924a1:1:1; expires=Sun, 10 Oct 2027 21:26:11 GMT; domain=.remarketingpixel.com
Expires: Thu, 12 Oct 2017 21:26:11 GMT
Cache-Control: max-age=0, : no-cache


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    99ee902db9bc4d581fbd7f06fd992a6f
Sha1:   0e0bffd6cf1c5f0a6b56790009e1380acdcb0e35
Sha256: 179a1953333a6d34c2f73f522ce828ed42c16ea7684d2037000524a73da7d38e
                                        
                                            GET /script/suurl.php?r=1779097&cbrandom=0.2906201902198372&cbiframe=1&cbWidth=712&cbHeight=512&cbtitle=&cbref=&cbdescription=&cbkeywords= HTTP/1.1 
Host: liveadexchanger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         104.17.91.42
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dba09ba058f22fdbe4470e6f6f6c3bbc91507843571; expires=Fri, 12-Oct-18 21:26:11 GMT; path=/; domain=.liveadexchanger.com; HttpOnly acnetwork=4d28817b59dfddf32664b2e580; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=637983229; path=/
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Link: <//www.adexchangegate.com>; rel=dns-prefetch,<//www.adexchangegate.com>; rel=preconnect
Referrer-Policy: no-referrer
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Via: 1.1 google
Server: cloudflare-nginx
CF-RAY: 3acd22d2b39a4267-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2414
Md5:    483c8452dc5d3e12d80e0d9f64c52dd7
Sha1:   8331191bf215d9336b645f06c28f9b9f6f1ad08e
Sha256: 448af00cc45e3c9eb25f59b970290f2182addd750680b42e24e29a1e5ef861b4
                                        
                                            GET /watch?shu=06ed7ae9454212f3436dbf7ab45fc219&pst=1507843631&rmtc=t&uuid=6515efd5-4132-41fd-958b-841be87924a1%3A1%3A1&pii=&in=false&refer=http%3A%2F%2Fhi.notkodi.science%2Fadsterra.html&key=86e0bf09008093a9e997a4425beb10ab&kw=%5B%5D&tz=2 HTTP/1.1 
Host: www.urldelivery.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.urldelivery.com/watch.1240563051120?key=86e0bf09008093a9e997a4425beb10ab&kw=%5B%5D&refer=http%3A%2F%2Fhi.notkodi.science%2Fadsterra.html&tz=2
Cookie: u_pl=12944321; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxMjk0NDMyMSwiayI6Ijg2ZTBiZjA5MDA4MDkzYTllOTk3YTQ0MjViZWIxMGFiIiwic2lkIjoiIiwiaXNpZCI6MywiYXNpZCI6MiwiemlkIjo1Njg5OSwicGlkIjoxNzMwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE5LCJhaWQiOjV9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxMDQ1MDYsImljIjpmYWxzZSwibiI6IkRlc2t0b3B8RW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjo3MTMzLCJvbiI6IldpbmRvd3MiLCJvdiI6IjciLCJiaWQiOjE3NTU4LCJibiI6IkZpcmVmb3giLCJidiI6IjMuNiJ9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJQb3dlclRlY2ggSW5mb3JtYXRpb24gU3lzdGVtcyBBUyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9oaS5ub3Rrb2RpLnNjaWVuY2UvYWRzdGVycmEuaHRtbCJ9fQ.lMS7CxOaBjSWhUnKXDZcg-dePZ5GA_2Qehec0YPxiug; cjs=t

                                         
                                         69.42.65.41
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.10.3
Date: Thu, 12 Oct 2017 21:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: http://www.urldelivery.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=6515efd5-4132-41fd-958b-841be87924a1:1:1; expires=Thu, 19 Oct 2017 21:26:11 GMT pdhtkv=true; expires=Fri, 13 Oct 2017 21:26:11 GMT uncs=1; expires=Fri, 13 Oct 2017 21:26:11 GMT pdhtkv5=true; expires=Fri, 13 Oct 2017 21:26:11 GMT uncs5=1; expires=Fri, 13 Oct 2017 21:26:11 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   822
Md5:    12c329083dbe822c0e8880a4e6fa0741
Sha1:   53733534a06288bd6bbb399a86cabe62fca60a5f
Sha256: e1c9a6141a6d37d463adafad1e715d256b1ffd1aa11e59e2de7bbfac7a4efd9a
                                        
                                            GET /pop-bid/38101 HTTP/1.1 
Host: creative.wwwpromoter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         172.93.4.203
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:12 GMT
Content-Length: 112
Connection: close
X-User-Agent: Device(type='Desktop', browser='Firefox', os='Windows', ip='77.40.129.123', connection_type='Wi-Fi')
X-ASN: 5381
Expires: Thu, 12 Oct 2017 21:26:11 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   112
Md5:    4b704686bee6952e869aa4cb6a7d467d
Sha1:   6e6c30de234f247b493f913112098b4d432e29ed
Sha256: 9b8cc8da4e333fc5099c9318bdc9a046a4a8f97eaebc8ffe490f414d92e8540f

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: gp.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1415
Content-Transfer-Encoding: binary
Cache-Control: max-age=541983, public, no-transform, must-revalidate
Last-Modified: Thu, 12 Oct 2017 03:59:15 GMT
Expires: Thu, 19 Oct 2017 03:59:15 GMT
Date: Thu, 12 Oct 2017 21:26:12 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1415
Md5:    bb6e860f63fed6be214dc70532688577
Sha1:   3345c728c33c3e7f52f9bec0832777859b7d085a
Sha256: 1fed2fbe603364fdce682b9b4cba155cb89f956920d7eb0aabdea4194ecfc8ad
                                        
                                            GET /script/wait.php?stamat=m%7C%2C%2CgidrYjJyoGU3BP9GH0dEdHP3xP.ca5%2CNDYcIGu8RHA8cmoO6z4QP5Cd8JWZa3_KUqZfLQqTAqF2nUyNhl9EqGdbisS6SQ5C_CTWP7nFQwhbISs-NcFi5UGv0ylXDOrgYMdrf8TdWnYW1SJxKfOetzKJ7u-kyISjhJoNlNQF5Vu0zN78bXZZ2u5V0EKFcrmOPQSu3pmjvIYw_q3ilChStNa6Z6PzkCCKuEx5gMSapMPBgRQVqJ_ftXbG87ilhY4gOKrXtC7YRf_Q7PU2OHAzmwcfM-pX4-_0BFa0s42FanDJaio5lzqFWE5e0jP8FcoTwGbCoUuDZE31OxL0lY2j_GKzm7LZiSrbKo_ktGpM6qGLa-_YXuJ7mxBh0PzowjJh5gbZiKAo9tjfsn7NoIWQfct7zsyfpBWb&callback=jsonp203813 HTTP/1.1 
Host: www.adexchangegate.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=

                                         
                                         35.190.9.171
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Thu, 12 Oct 2017 21:26:12 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
Via: 1.1 google


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   35
Md5:    af7aac278c82f246efb3c260c5dc8b4a
Sha1:   2e6a01f02cd8d5fd8b8fb8329a4bbc3a03aa81d2
Sha256: 0a16fb7fed0eec5b0d670cbbcb5b54f06e3f66225607b290162c3df19d7b54af
                                        
                                            GET /00000bn/069c037cf054a6af514547daad6b7dea/index.html?link=http%3A%2F%2Fsecurity-alert.nlhofqgnr.bid%2Fccleaner%2Fde810914b65f3782ca2a13b203eb73ed%2Findex.html%3Fp1%3Dhttps%253A%252F%252Fadmeditlinker.com%252Flink%252F%253Fsource%253D5511%2526id%253D97311%2526ptrack%253DVjN8MTI5NDQzMjF8MTA5MDEzMXwxMDQ1MDZ8MTUwNzg0MzU3MXw2NTE1ZWZkNS00MTMyLTQxZmQtOTU4Yi04NDFiZTg3OTI0YTF8NzcuNDAuMTI5LjEyM3wxfHRlc3RWPU5FV19PUFRfdF8xNHw5MDg3YmUyZmM3NDViOWYyNTM5ZjMxMGFiYWQ4NWRhNA%3D%3D&landing_id=1090131&placement_id=12944321&placement_key=86e0bf09008093a9e997a4425beb10ab&em=40f7527964720a2ec580164bc0c019f9&expires=1507854371&psid= HTTP/1.1 
Host: pickytime.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.urldelivery.com/watch?shu=06ed7ae9454212f3436dbf7ab45fc219&pst=1507843631&rmtc=t&uuid=6515efd5-4132-41fd-958b-841be87924a1%3A1%3A1&pii=&in=false&refer=http%3A%2F%2Fhi.notkodi.science%2Fadsterra.html&key=86e0bf09008093a9e997a4425beb10ab&kw=%5B%5D&tz=2

                                         
                                         204.155.159.38
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.11.9
Date: Thu, 12 Oct 2017 21:24:59 GMT
Last-Modified: Thu, 01 Dec 2016 10:15:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Etag: W/"583ff85b-82ae"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   25007
Md5:    10e9e6f46016928614cae9c97df3aa7c
Sha1:   87583d17eb426aaa4af1bc066dbd098103d92b80
Sha256: deef40e0333c6d5ecf9eda2a480b31bc4b22ef2d948022bbd2c4e710a4049f25
                                        
                                            GET /00000bn/069c037cf054a6af514547daad6b7dea/css/style.css HTTP/1.1 
Host: pickytime.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://pickytime.com/00000bn/069c037cf054a6af514547daad6b7dea/index.html?link=http%3A%2F%2Fsecurity-alert.nlhofqgnr.bid%2Fccleaner%2Fde810914b65f3782ca2a13b203eb73ed%2Findex.html%3Fp1%3Dhttps%253A%252F%252Fadmeditlinker.com%252Flink%252F%253Fsource%253D5511%2526id%253D97311%2526ptrack%253DVjN8MTI5NDQzMjF8MTA5MDEzMXwxMDQ1MDZ8MTUwNzg0MzU3MXw2NTE1ZWZkNS00MTMyLTQxZmQtOTU4Yi04NDFiZTg3OTI0YTF8NzcuNDAuMTI5LjEyM3wxfHRlc3RWPU5FV19PUFRfdF8xNHw5MDg3YmUyZmM3NDViOWYyNTM5ZjMxMGFiYWQ4NWRhNA%3D%3D&landing_id=1090131&placement_id=12944321&placement_key=86e0bf09008093a9e997a4425beb10ab&em=40f7527964720a2ec580164bc0c019f9&expires=1507854371&psid=

                                         
                                         204.155.159.38
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.11.9
Date: Thu, 12 Oct 2017 21:24:59 GMT
Content-Length: 162
Last-Modified: Thu, 01 Dec 2016 10:15:55 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Etag: "583ff85b-a2"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   162
Md5:    12ea6dc76ef386bfb8640fb75c7c3ee8
Sha1:   c8b5728ca2f331073504e2e65802e7cd27c6517e
Sha256: 9b49887cf9faa242880da38d53684348379cb75572a5cd5e17d574f3a6689c8e
                                        
                                            GET /00000bn/069c037cf054a6af514547daad6b7dea/img/alibaba_300x250.png HTTP/1.1 
Host: pickytime.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://pickytime.com/00000bn/069c037cf054a6af514547daad6b7dea/index.html?link=http%3A%2F%2Fsecurity-alert.nlhofqgnr.bid%2Fccleaner%2Fde810914b65f3782ca2a13b203eb73ed%2Findex.html%3Fp1%3Dhttps%253A%252F%252Fadmeditlinker.com%252Flink%252F%253Fsource%253D5511%2526id%253D97311%2526ptrack%253DVjN8MTI5NDQzMjF8MTA5MDEzMXwxMDQ1MDZ8MTUwNzg0MzU3MXw2NTE1ZWZkNS00MTMyLTQxZmQtOTU4Yi04NDFiZTg3OTI0YTF8NzcuNDAuMTI5LjEyM3wxfHRlc3RWPU5FV19PUFRfdF8xNHw5MDg3YmUyZmM3NDViOWYyNTM5ZjMxMGFiYWQ4NWRhNA%3D%3D&landing_id=1090131&placement_id=12944321&placement_key=86e0bf09008093a9e997a4425beb10ab&em=40f7527964720a2ec580164bc0c019f9&expires=1507854371&psid=

                                         
                                         204.155.159.38
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.11.9
Date: Thu, 12 Oct 2017 21:24:59 GMT
Content-Length: 20203
Last-Modified: Thu, 01 Dec 2016 10:15:56 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Etag: "583ff85c-4eeb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   20203
Md5:    2de61e03ea645b232ef08512337aad32
Sha1:   5a76f5ee239355dfe9b7072dba4a44f8e5fc3750
Sha256: 1ea29d988a1f8d737238c61220ad62d0ab4fe6be71be54d2e308eebd23ef5556
                                        
                                            GET /load1.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://saracatunga.bid/embeds/1all.php?id=252960&st=srFRnE3RFHmERT_YzoZptw&e=1507844184&p=0&c=0&stretching=
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 12 Oct 2017 02:01:09 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f263a1429d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   197
Md5:    1a104bb9bd563c94a6fbed2632194e97
Sha1:   c0b4813bc7f3309f3ff9400e3a133f1440dbbe44
Sha256: 721e8fd0e2ffbb44116d3f2d0f9a090c36e0fecc6df6e35f8a9620b5da7ef583
                                        
                                            GET /modescrips661875.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:29 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f2c63c427f-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   264
Md5:    6ee57c1bfa86e708f859cfb20a3c21e9
Sha1:   4b168e24c06fe4164563648ebcce9c983e7e5261
Sha256: 3b24493dbeb73a8a63d83f092c8c516a906da99f1581bb8129eebd6940f9acf5
                                        
                                            GET /runner.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:30 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f2c63b427f-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   259
Md5:    f6ef52285ebd3946740a943438d5ccc6
Sha1:   6b37b2bbab36791f9b52f9f3e3d9cd6cd33fbf64
Sha256: 5ce779e0f03595d9d4ac75645011ba8fa5ed2a37b8ee472b24695e4e9df703c3
                                        
                                            GET /modescrips661880.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:29 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f2d63e427f-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   264
Md5:    d59ad62f3dad48cb20a8e38a8fd10585
Sha1:   69186887b0339227c8ee39899232a2bab2edf49a
Sha256: e49650c14dbc27c9127445c3a94eb9a4b45f6e4dced68cb2a8a69d7c18d74480
                                        
                                            GET /modescrips674347.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f2d640427f-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   280
Md5:    eea0939721b9f40c07182d8b6c600b99
Sha1:   cbe2443150f9d8893f570dea82076ec4b2bfba07
Sha256: cab2488afc4ce1122ce10b0254cc85c2cb7217b02e82c016105efff392cc05eb
                                        
                                            GET /citrico.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:30 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f2c3bd429d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   259
Md5:    cea7af4ee0f0428f27b6af6f83ba1f2b
Sha1:   24e31af4994ed40f822e1ae516f954b45cf1d71d
Sha256: ce3af6b1e82c4198fa37a13bf3260b95a3e80a817e5ff7dd3634f1a51a18000a
                                        
                                            GET /guidoclick.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f2d641427f-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   328
Md5:    c6c6911eddc4e23323c5bde3d20f61e4
Sha1:   a59a280a6740b87f5fc7398233e749c59db72b9b
Sha256: 0af507237f64265cf3e09c597cf20b7ef11603df05b7ef7ec3072092436dd065

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /modescrips661876.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f2c3bf4273-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   264
Md5:    0693985d7752bdba533dacbf39d949a8
Sha1:   d4366648d8762c829c60a687012a5976011eceac
Sha256: 7879d0d09c0a730ddf9c4f1ea1f6a7a2364e4ec4753b67169bcadf813038a3dc
                                        
                                            GET /modescrips659882.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f393824255-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   264
Md5:    46b9c09c0314cd5ba50a827646901577
Sha1:   8ecb244a74a995290c16719689510c222d362a7d
Sha256: b5a4728afa501aeb2060baf3e97b16f176f84d52d9a8c774401cf76121d289f5
                                        
                                            GET /citrico2.html HTTP/1.1 
Host: hi.notkodi.science
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/load1.html
Cookie: __cfduid=dfb5f864599ba0aaa54e87a378df59ca61507843569

                                         
                                         104.31.114.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 21:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Oct 2017 21:45:26 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd22f436554291-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   332
Md5:    6a615a0e699aec006b31e907047d6d4e
Sha1:   657ae7f2306e368c1626ca32ff06eeb0ca1dbf98
Sha256: 3fcf2ff6ef2538283a64f122c3d79d1e03c87b62b6e4da6ebc6bd44b9cf363b7
                                        
                                            GET /?placement=402923&redirect HTTP/1.1 
Host: adrunnr.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/citrico.html

                                         
                                         83.140.162.230
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __wn_sess=fb682810-af93-11e7-867c-31fef4d6a1a3; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=.adrunnr.com
Location: http://go.afh78erlkj.xyz/traf?c=3650&n=53&z=402923&target=http%3A%2F%2Fadserving.unibet.com%2Fredirect.aspx%3Fbid%3D27900%26pid%3D2958368%26sref%3DFHS%26FHS%3D%7Bsite%7D&h=3db6592b
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /?placement=400574&redirect HTTP/1.1 
Host: adrunnr.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         83.140.162.230
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __wn_sess=fb682810-af93-11e7-892e-5d545436c89e; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=.adrunnr.com
Location: http://record.spinson.com/_2ZNFkxq16r_P2s46Cv8UUWNd7ZgqdRLk/34?payload=ZZZZ
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /?placement=400574&redirect HTTP/1.1 
Host: adrunnr.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         83.140.162.230
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __wn_sess=fb6ff040-af93-11e7-867c-31fef4d6a1a3; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=.adrunnr.com
Location: http://record.spinson.com/_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /traf?c=3650&n=53&z=402923&target=http%3A%2F%2Fadserving.unibet.com%2Fredirect.aspx%3Fbid%3D27900%26pid%3D2958368%26sref%3DFHS%26FHS%3D%7Bsite%7D&h=3db6592b HTTP/1.1 
Host: go.afh78erlkj.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/citrico.html

                                         
                                         52.28.43.142
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4242
Md5:    571afdbf02d8f32815a3ecadc9a24a38
Sha1:   2c332c5b0cd18f8df493962e5ba06822f64f6089
Sha256: 884bed287c86fbc85e5158dcdd44cfa6d0b0512aae0f7f954ccdb0f63b5af341
                                        
                                            GET /?placement=400574&redirect HTTP/1.1 
Host: adrunnr.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         83.140.162.230
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __wn_sess=fb787bc0-af93-11e7-93cb-99cfb3dd5d79; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=.adrunnr.com
Location: http://record.spinson.com/_2ZNFkxq16r_P2s46Cv8UUWNd7ZgqdRLk/34?payload=ZZZZ
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /redirect.aspx?bid=27900&pid=2958368&sref=FHS&FHS=Z53196862 HTTP/1.1 
Host: adserving.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://go.afh78erlkj.xyz/traf?c=3650&n=53&z=402923&target=http%3A%2F%2Fadserving.unibet.com%2Fredirect.aspx%3Fbid%3D27900%26pid%3D2958368%26sref%3DFHS%26FHS%3D%7Bsite%7D&h=3db6592b

                                         
                                         192.121.200.193
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://no.unibet.com/stan/campaign.do?cmpId=1494469&affiliateId=1&unibetTarget=/no/pop/sportsbook/general/index.html&targetDomain=https://welcome.unibet.com&bTag=81763824_4C8797AB3DBD43B69B7631CF13BDA3E4&sref=FHS&FHS=Z53196862&affiliateId=1&pid=3107905&bid=27900
P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
X-AspNet-Version: 4.0.30319
Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3107905%2c%22BID%22%3a27900%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1507843577163)%5c%2f%22%2c%22CookieTag%22%3a%22279003107905312921201C201710122326%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%223997199235%7c1%22%7d%5d; expires=Sat, 12-Oct-3016 21:26:17 GMT; path=/
X-Powered-By: ASP.NET


--- Additional Info ---
                                        
                                            GET /?placement=400574&redirect HTTP/1.1 
Host: adrunnr.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         83.140.162.230
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __wn_sess=fb7bfe30-af93-11e7-93cb-99cfb3dd5d79; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=.adrunnr.com
Location: http://record.spinson.com/_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /?placement=400574&redirect HTTP/1.1 
Host: adrunnr.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         83.140.162.230
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __wn_sess=fb7fcec0-af93-11e7-892e-5d545436c89e; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=.adrunnr.com
Location: http://record.spinson.com/_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /redirect?feed=82141&auth=iG2epi&subid=15884&url=http%3A%2F%2Fplaylive.pw%2F%3Fq%3Dbest%2Bdeals&query=sport&default_url= HTTP/1.1 
Host: xml.pdn-1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html

                                         
                                         174.137.155.139
HTTP/1.1 302 Found
                                        
Location: http://s.click.aliexpress.com/e/aUNFm62
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /?placement=400574&redirect HTTP/1.1 
Host: adrunnr.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         83.140.162.230
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __wn_sess=fb830310-af93-11e7-9df7-2b5299028182; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=.adrunnr.com
Location: http://record.spinson.com/_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /redirect?feed=65163&auth=XLpbGI&subid=15823&url=http%3A%2F%2Fwizhdsports.is%2F%3Fq%3Dbest%2Bdeals&query=sport&default_url= HTTP/1.1 
Host: xml.pdn-1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/citrico2.html

                                         
                                         174.137.155.139
HTTP/1.1 302 Found
                                        
Location: http://s.click.aliexpress.com/e/aUNFm62
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /redirect?tid=667332&&ref=playlive.pw HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661880.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://c.tmstrack.com/?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667332&s2=4029358938858416489
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 0c5e11348f181c6aeb0775770f4b4d39.cloudfront.net (CloudFront)
X-Amz-Cf-Id: rL_qiItgYqwQagL1qMQ2-dGjjmBAqF10AWP8Twr8erNpy_7oCk8LXQ==


--- Additional Info ---
                                        
                                            GET /_2ZNFkxq16r_P2s46Cv8UUWNd7ZgqdRLk/34?payload=ZZZZ HTTP/1.1 
Host: record.spinson.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         151.139.241.25
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Cache-Control: private, no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://spinson.com/no/register/?btag=15120|zuhXvFjP0WcPL3p8V-llw2Nd7ZgqdRLk
Pragma: no-cache
Set-Cookie: VID1=Jy0jLFYtQ0RYLmBgYApgCg%3D%3D; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; httponly ZBan=zuhXvFjP0WcPL3p8V-llw2Nd7ZgqdRLk; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; domain=.spinson.com
X-Powered-By: ZBan
Server: NetDNA-cache/2.2
X-Cache: MISS
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX HTTP/1.1 
Host: record.spinson.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         151.139.241.25
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Cache-Control: private, no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.spinson.com/no/?btag=15120|zuhXvFjP0WdnVS6IWGsTNGNd7ZgqdRLk
Pragma: no-cache
Set-Cookie: VID1=Jy0jLFYtQ0RYLjBgYApgCg%3D%3D; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; httponly ZBan=zuhXvFjP0WdnVS6IWGsTNGNd7ZgqdRLk; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; domain=.spinson.com
X-Powered-By: ZBan
Server: NetDNA-cache/2.2
X-Cache: MISS
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /redirect?tid=667340&&ref=tamoactivo.trade HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://a.yesadsrv.com/cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 3943e81340bd903a74d536bc9599c3f3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: YbnFjmTG0V1l5wExyl5l8j8ViPHGIx6xq7mDhgwJy_L5MbFe4d_hNA==


--- Additional Info ---
                                        
                                            GET /redirect?tid=667336&&ref=tamoactivo.trade HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661876.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://c.tmstrack.com/?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667336&s2=8766166970348858538
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 d4952a00c2233a7851cfa7e273245cd7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: _HelTd7jxP5g9l8NuDjb4oy4Z1uMR6jlJDyBXAP2j02rKDiIRwGbMQ==


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.trustwave.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         91.135.34.136
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 638
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   638
Md5:    454c5bb0f3e393c07034b67620c9820a
Sha1:   167b3d4a460796247c35f2a5886204e4bc6b88b5
Sha256: 10d59a5ae92466aba33800b659a9ef84819a13384707668f2023e667b6b44653
                                        
                                            POST / HTTP/1.1 
Host: ocsp.trustwave.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.136
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 1683
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1683
Md5:    531b78d88d1f10b4daf632b29c99ddc8
Sha1:   c6050dcf5a9df7cbd4840761201550747d59bfc1
Sha256: 6c067cb53fb6a63ba57934ca881b8dbd06dc51583456b2d3a76498d1f2b5e920
                                        
                                            GET /_2ZNFkxq16r_P2s46Cv8UUWNd7ZgqdRLk/34?payload=ZZZZ HTTP/1.1 
Host: record.spinson.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         151.139.241.25
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Cache-Control: private, no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://spinson.com/no/register/?btag=15120|zuhXvFjP0WeaiDwE7AUpxmNd7ZgqdRLk
Pragma: no-cache
Set-Cookie: VID1=Jy0jLFYtQ0RZLDBgYApgCg%3D%3D; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; httponly ZBan=zuhXvFjP0WeaiDwE7AUpxmNd7ZgqdRLk; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; domain=.spinson.com
X-Powered-By: ZBan
Server: NetDNA-cache/2.2
X-Cache: MISS
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /e/aUNFm62 HTTP/1.1 
Host: s.click.aliexpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html

                                         
                                         104.122.220.148
HTTP/1.1 302 Moved Temporarily
                                        
Content-Length: 0
X-Application-Context: affiliateclick:production:7001
P3P: CP="CAO PSA OUR"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Location: http://www.aliexpress.com?aff_platform=link-c-tool&cpt=1507843577371&sk=aUNFm62&aff_trace_key=a0fdaab27d874b72a11d431aff7ebce8-1507843577371-03661-aUNFm62&terminal_id=e4481219aba445cd845afb6ef7dd7366
Content-Language: en-US
Server: Tengine/Aserver
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive
Set-Cookie: ali_apache_id=10.182.251.131.1507843577369.659009.1; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577371%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577376%2C%22vd%22%3A%2230%22%7D; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/ acs_usuc_t=x_csrf=1as5t6yh5mm_w&acs_rt=e4481219aba445cd845afb6ef7dd7366; Domain=.aliexpress.com; Path=/ aeu_cid=a0fdaab27d874b72a11d431aff7ebce8-1507843577371-03661-aUNFm62; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/ xman_t=jeMEE1q7zVOjrKvcLNwjgtWzeyo52CNktPXKjDh2SWjXQJF/YisndQT2lQsH+yCB; Domain=.aliexpress.com; Path=/; HttpOnly xman_f=fJRKi8dyXIQhJ750HVBXwW7UHQGPEvfLnah8cABdmsvj0VhOt5HNXOM3/AH6gevINzucx8gCK4LC0IaHjGDPH72hzAfPoQ79xVZkRTYcdvriuVLxuS5NCQ==; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/; HttpOnly


--- Additional Info ---
                                        
                                            GET /_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX HTTP/1.1 
Host: record.spinson.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         151.139.241.25
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Cache-Control: private, no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.spinson.com/no/?btag=15120|zuhXvFjP0WdECZpB5omxQ2Nd7ZgqdRLk
Pragma: no-cache
Set-Cookie: VID1=Jy0jLFYtQ0RZLEBgYApgCg%3D%3D; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; httponly ZBan=zuhXvFjP0WdECZpB5omxQ2Nd7ZgqdRLk; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; domain=.spinson.com
X-Powered-By: ZBan
Server: NetDNA-cache/2.2
X-Cache: MISS
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /redirect?feed=82141&auth=iG2epi&subid=15884&url=http%3A%2F%2Fplaylive.pw%2F%3Fq%3Dbest%2Bdeals&query=sport&default_url= HTTP/1.1 
Host: xml.pdn-1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html

                                         
                                         174.137.155.139
HTTP/1.1 302 Found
                                        
Location: http://s.click.aliexpress.com/e/aUNFm62
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /redirect?tid=667336&&ref=tamoactivo.trade HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661876.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://search.vertoz.com/redirect?feed=93120&auth=W5TPk2&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips661876.html
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 d4952a00c2233a7851cfa7e273245cd7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: YVwHiDbFMNfJmBSW_7PsMRpT-J7vRmCxdIum1LpdOWOSHeGgKgBIiA==


--- Additional Info ---
                                        
                                            GET /redirect?tid=667340&&ref=tamoactivo.trade HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://search.vertoz.com/redirect?feed=93120&auth=W5TPk2&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 3943e81340bd903a74d536bc9599c3f3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: H4Z7q3RP87Tfy2rLIH7Jpn4aUD6eaY_vA4od09W8ah_l7OqrimCjnw==


--- Additional Info ---
                                        
                                            GET /cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2= HTTP/1.1 
Host: a.yesadsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         199.21.148.198
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Server: Apache/2.4.6 (Fedora)
X-Powered-By: PHP/5.5.7
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: http://tr4.tagsd.com/newServing/tracking_id.php?gtruid=1&r=http%3A%2F%2Fa.yesadsrv.com%2Fcpxcenter%2Fdpop.php%3Fnid%3D4%26pid%3D63197%26sid%3D65436%26zone%3D97038%26durl%3D%26subid%3D667340%26opt1%3D%26opt2%3D%26ref%3Dhttp%253A%252F%252Fhi.notkodi.science%252Fmodescrips659882.html%26
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX HTTP/1.1 
Host: record.spinson.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         151.139.241.25
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Cache-Control: private, no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.spinson.com/no/?btag=15120|zuhXvFjP0We_GUfGm3keGmNd7ZgqdRLk
Pragma: no-cache
Set-Cookie: VID1=Jy0jLFYtQ0RZLFBgYApgCg%3D%3D; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; httponly ZBan=zuhXvFjP0We_GUfGm3keGmNd7ZgqdRLk; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; domain=.spinson.com
X-Powered-By: ZBan
Server: NetDNA-cache/2.2
X-Cache: MISS
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /e/aUNFm62 HTTP/1.1 
Host: s.click.aliexpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/citrico2.html

                                         
                                         104.122.220.148
HTTP/1.1 302 Moved Temporarily
                                        
Content-Length: 0
X-Application-Context: affiliateclick:production:7001
P3P: CP="CAO PSA OUR"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Location: http://www.aliexpress.com?aff_platform=link-c-tool&cpt=1507843577560&sk=aUNFm62&aff_trace_key=a978ff69cb584922957f3cbe6e6abee2-1507843577560-02575-aUNFm62&terminal_id=755bfedd9d5447469362072df1e58348
Content-Language: en-US
Server: Tengine/Aserver
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive
Set-Cookie: ali_apache_id=10.182.250.123.1507843577558.852479.7; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577560%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577564%2C%22vd%22%3A%2230%22%7D; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/ acs_usuc_t=x_csrf=1deqmn7r7trxc&acs_rt=755bfedd9d5447469362072df1e58348; Domain=.aliexpress.com; Path=/ aeu_cid=a978ff69cb584922957f3cbe6e6abee2-1507843577560-02575-aUNFm62; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/ xman_t=Je3EQsE7vfsFWSMR/e5LcwfhedwcaZE0uzPYsXmNL0NyZGTFZOaG5+ZAFDpfXQNd; Domain=.aliexpress.com; Path=/; HttpOnly xman_f=+3YMH5CW2mn0Xo+VAOvgceTSQ2JnNtpaaO2oAZlCOF6wYQ+3MoEcXRVMbowKMQHgTFUIgTBe2LL3vKjFV5PlxkKMykP50yj0Rq/DCe3sSsyMQiSkgh3B8w==; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/; HttpOnly


--- Additional Info ---
                                        
                                            GET /?aff_platform=link-c-tool&cpt=1507843577371&sk=aUNFm62&aff_trace_key=a0fdaab27d874b72a11d431aff7ebce8-1507843577371-03661-aUNFm62&terminal_id=e4481219aba445cd845afb6ef7dd7366 HTTP/1.1 
Host: www.aliexpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html
Cookie: ali_apache_id=10.182.251.131.1507843577369.659009.1; xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577371%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577376%2C%22vd%22%3A%2230%22%7D; acs_usuc_t=x_csrf=1as5t6yh5mm_w&acs_rt=e4481219aba445cd845afb6ef7dd7366; aeu_cid=a0fdaab27d874b72a11d431aff7ebce8-1507843577371-03661-aUNFm62; xman_t=jeMEE1q7zVOjrKvcLNwjgtWzeyo52CNktPXKjDh2SWjXQJF/YisndQT2lQsH+yCB; xman_f=fJRKi8dyXIQhJ750HVBXwW7UHQGPEvfLnah8cABdmsvj0VhOt5HNXOM3/AH6gevINzucx8gCK4LC0IaHjGDPH72hzAfPoQ79xVZkRTYcdvriuVLxuS5NCQ==

                                         
                                         104.122.220.148
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Content-Length: 286
Location: https://www.aliexpress.com/?aff_platform=link-c-tool&cpt=1507843577371&sk=aUNFm62&aff_trace_key=a0fdaab27d874b72a11d431aff7ebce8-1507843577371-03661-aUNFm62&terminal_id=e4481219aba445cd845afb6ef7dd7366
Server: Tengine/Aserver
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   286
Md5:    22233f8939a7a0ffab23b4614172f693
Sha1:   4ea3b18bd694e41550cb8f0a6094277025019bd0
Sha256: 33b2237f3c033eb6a5ca8f7b1a33604f303eadc818a906d859cd7c44fd77f6b1
                                        
                                            GET /redirect?feed=82141&auth=iG2epi&subid=15884&url=http%3A%2F%2Fplaylive.pw%2F%3Fq%3Dbest%2Bdeals&query=sport&default_url= HTTP/1.1 
Host: xml.pdn-1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html

                                         
                                         174.137.155.139
HTTP/1.1 302 Found
                                        
Location: http://s.click.aliexpress.com/e/aUNFm62
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         72.167.239.239
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=120231, public, no-transform, must-revalidate
Last-Modified: Thu, 12 Oct 2017 20:35:36 GMT
Expires: Sat, 14 Oct 2017 08:35:36 GMT
Etag: "ee6025f22a1283b784a2f6f99fb4b184a8cb36b8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Content-Length: 1776
Connection: close


--- Additional Info ---
Magic:  data
Size:   1776
Md5:    6078905e12593221454b812f4fe49cc8
Sha1:   ee6025f22a1283b784a2f6f99fb4b184a8cb36b8
Sha256: 59f846fea54ca36b56572541fc23edd3a9cd094143f6058edc7908fbca5f1d30
                                        
                                            GET /?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667332&s2=4029358938858416489 HTTP/1.1 
Host: c.tmstrack.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661880.html

                                         
                                         52.40.29.139
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Location: https://c.gfstrck.com/?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667332&s2=4029358938858416489&ckmguid=9128decc-ff5a-4fb6-8827-7a3a2f4fbe57
Set-Cookie: sid=SbsSJ8W6/XVDLPOQ3ZaHGBzGgrntUy1SdwkxWHnva9PH7USVrKUxfyyNFZavzAkOzTyy1lkZ7wXtqc/dCzhRM7wI6AeanTMK; Domain=.tmstrack.com; HttpOnly trk=h1ZeYyBgxJkX19Zfe9fcCiMZFDnKLXA5SLRZMVFgrK6UVV/SkjHXKSyNFZavzAkOzTyy1lkZ7wXtqc/dCzhRM7wI6AeanTMK; Domain=.tmstrack.com; Expires=Tue, 11 Oct 2022 21:26:17 GMT; HttpOnly
Content-Length: 184


--- Additional Info ---
Magic:  ASCII text
Size:   184
Md5:    f5141ec8cfd8e132df7320eccb9930df
Sha1:   8759d98cf2e6a22ae8fa30f27f7129f4fb5a0f02
Sha256: dde12f7fbac6a3c093ba25a700d3d63dacfa5c14dad127b569eb24b8247337df
                                        
                                            GET /_2ZNFkxq16r9hg6WO2I1rgWNd7ZgqdRLk/35?payload=XXXXX HTTP/1.1 
Host: record.spinson.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/runner.html

                                         
                                         151.139.241.25
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Cache-Control: private, no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.spinson.com/no/?btag=15120|zuhXvFjP0WcXSkGbCpp2C2Nd7ZgqdRLk
Pragma: no-cache
Set-Cookie: VID1=Jy0jLFYtQ0RZLWBgYApgCg%3D%3D; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; httponly ZBan=zuhXvFjP0WcXSkGbCpp2C2Nd7ZgqdRLk; expires=Fri, 12-Oct-2018 21:26:17 GMT; Max-Age=31536000; path=/; domain=.spinson.com
X-Powered-By: ZBan
Server: NetDNA-cache/2.2
X-Cache: MISS
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667336&s2=8766166970348858538 HTTP/1.1 
Host: c.tmstrack.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661876.html

                                         
                                         52.40.29.139
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Location: https://c.gfstrck.com/?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667336&s2=8766166970348858538&ckmguid=5f875838-59f3-4335-8a49-a2881b539f59
Set-Cookie: sid=V6uXWog6TFzjCoQHGJIHAwcWpgM4r8sSyJ3/pbosW80fPllWSxpJMCyNFZavzAkOzTyy1lkZ7wX9eJGcy1erN7wI6AeanTMK; Domain=.tmstrack.com; HttpOnly trk=OP2flFn71kgVkbF9YI+fCzgXPnLNtPsXyj10wEMOnVicLXbUHOtAnSyNFZavzAkOzTyy1lkZ7wX9eJGcy1erN7wI6AeanTMK; Domain=.tmstrack.com; Expires=Tue, 11 Oct 2022 21:26:17 GMT; HttpOnly
Content-Length: 184


--- Additional Info ---
Magic:  ASCII text
Size:   184
Md5:    55a1234fd05d75b784a316a3032058cf
Sha1:   41bc86fc0d8800eab19970988e40df7e83a32f00
Sha256: b729ed4706ccc4f2a02a818eaa0ed186b7d3db1f7a3575882931af4c31828800
                                        
                                            POST / HTTP/1.1 
Host: ss.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1609
Content-Transfer-Encoding: binary
Cache-Control: max-age=312327, public, no-transform, must-revalidate
Last-Modified: Mon, 9 Oct 2017 12:10:56 GMT
Expires: Mon, 16 Oct 2017 12:10:56 GMT
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1609
Md5:    44c4b921637b0044543a84394613875f
Sha1:   089abd8df4dfda614283254b4337660a6f97d664
Sha256: 80e85db239c1237486b33d8954363c47ec1fd87a6d13931828cae0b52d7c9e3d
                                        
                                            GET /redirect?feed=93120&auth=W5TPk2&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html HTTP/1.1 
Host: search.vertoz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Location: http://search.vertoz.com/redirect?feed=73444&auth=hfDuBG&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /redirect?feed=93120&auth=W5TPk2&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips661876.html HTTP/1.1 
Host: search.vertoz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661876.html

                                         
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Location: http://search.vertoz.com/redirect?feed=73444&auth=hfDuBG&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips661876.html
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /redirect?tid=667340&&ref=tamoactivo.trade HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://a.yesadsrv.com/cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 3943e81340bd903a74d536bc9599c3f3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: PYQZ9HeiozYQaqKxFtNsfQzwHR_vtadumBZ_LT1hXgF3h4cCoTuHyw==


--- Additional Info ---
                                        
                                            GET /stan/campaign.do?cmpId=1494469&affiliateId=1&unibetTarget=/no/pop/sportsbook/general/index.html&targetDomain=https://welcome.unibet.com&bTag=81763824_4C8797AB3DBD43B69B7631CF13BDA3E4&sref=FHS&FHS=Z53196862&affiliateId=1&pid=3107905&bid=27900 HTTP/1.1 
Host: no.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://go.afh78erlkj.xyz/traf?c=3650&n=53&z=402923&target=http%3A%2F%2Fadserving.unibet.com%2Fredirect.aspx%3Fbid%3D27900%26pid%3D2958368%26sref%3DFHS%26FHS%3D%7Bsite%7D&h=3db6592b

                                         
                                         185.9.101.1
HTTP/1.1 301 Moved Permanently
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Java/Oracle Corporation/1.7)
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Set-Cookie: JSESSIONID=27b178e68e74a7222e43e99d8b5f; Path=/stan; Secure; HttpOnly __ucbt=27b178e68e74a7222e43e99d8b5f; Domain=.unibet.com; Expires=Sat, 12-Oct-2019 21:26:16 GMT; Path=/ uniattr=ST.0.T; Domain=.unibet.com; Expires=Sat, 12-Oct-2019 21:26:16 GMT; Path=/ UNIBET_REQUEST_URL=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ AFFILIATE_REQUEST_URL=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ UNIBET_INTERNAL_CAMPAIGN_ID=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ affid=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ netwid=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ CLAIM_CODE=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ REGISTRATION_CODE=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ campaignId=1494469; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ framework.forceBigLandingArea=""; Domain=.unibet.com; Expires=Thu, 12-Oct-2017 21:26:32 GMT; Path=/ affiliateId=1; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ B-TAG=81763824_4C8797AB3DBD43B69B7631CF13BDA3E4; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ REGISTRATION_CODE=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ BID=27900; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ PID=3107905; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ CHID=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ REFERER=http%3A%2F%2Fgo.afh78erlkj.xyz%2Ftraf%3Fc%3D3650%26n%3D53%26z%3D402923%26target%3Dhttp%253A%252F%252Fadserving.unibet.com%252Fredirect.aspx%253Fbid%253D27900%2526pid%253D2958368%2526sref%253DFHS%2526FHS%253D%257Bsite%257D%26h%3D3db6592b; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ UNIBET_INTERNAL_CAMPAIGN_ID=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ UNIBET_REQUEST_URL=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ AFFILIATE_REQUEST_URL=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ AFFILIATE_CAMPAIGN_ID=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ AMS_INVITE_CHAT_ACCEPTED=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ AMS_INVITE_CHAT_DECLINED=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ BOCAID=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ PRODUCT_ID=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ AFFID=""; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D1494469%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fsportsbook%2Fgeneral%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26bTag%3D81763824_4C8797AB3DBD43B69B7631CF13BDA3E4%26sref%3DFHS%26FHS%3DZ53196862%26affiliateId%3D1%26pid%3D3107905%26bid%3D27900; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ AFFILIATE_CAMPAIGN_ID=1494469; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ framework.forceBigLandingArea=""; Domain=.unibet.com; Expires=Thu, 12-Oct-2017 21:26:32 GMT; Path=/ campaignId=1494469; Domain=.unibet.com; Expires=Mon, 31-Dec-2018 09:38:59 GMT; Path=/ framework.forceBigLandingArea=""; Domain=.unibet.com; Expires=Thu, 12-Oct-2017 21:26:32 GMT; Path=/ BIGipServeraffiliates_PROD=2399422218.46155.0000; path=/
Referer: http://go.afh78erlkj.xyz/traf?c=3650&n=53&z=402923&target=http%3A%2F%2Fadserving.unibet.com%2Fredirect.aspx%3Fbid%3D27900%26pid%3D2958368%26sref%3DFHS%26FHS%3D%7Bsite%7D&h=3db6592b
Location: https://no.unibet.com:443/stan/redirecttocampaign.do?cmpId=1494469&affiliateId=1&unibetTarget=/no/pop/sportsbook/general/index.html&targetDomain=https://welcome.unibet.com&bTag=81763824_4C8797AB3DBD43B69B7631CF13BDA3E4&sref=FHS&FHS=Z53196862&affiliateId=1&pid=3107905&bid=27900&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fsportsbook%2Fgeneral%2Findex.html%3Fmktid%3D1%3A81763824%3A3107905-27900
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload


--- Additional Info ---
                                        
                                            GET /redirect?tid=667333&&ref=playlive.pw HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661875.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://c.tmstrack.com/?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667333&s2=3508590853542063797
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 d75d399a905c3cf58d63f6f850e709ca.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 4W0yYo5mffunXT28MA7KbBmg-for6fPaIe4yoC6sJi-tTWEh2MyUSA==


--- Additional Info ---
                                        
                                            GET /redirect?tid=674347&&ref=marialadelbarrio.info HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips674347.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://search.vertoz.com/redirect?feed=93120&auth=W5TPk2&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips674347.html
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 8425625428d0aaac9b420a3507d8ef76.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Ex8dow-IGoTIXtZP9Os-VPKV14L0CqPAtSqODsvhndOydoa4YDwoJg==


--- Additional Info ---
                                        
                                            GET /redirect?tid=667336&&ref=tamoactivo.trade HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661876.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:17 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://a.yesadsrv.com/cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667336&opt1=&opt2=
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 d4952a00c2233a7851cfa7e273245cd7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: JmESmQFTVqo0zwy_8cx_k8mrh-_zRRe0qzs0323HqizCmZs9jFohMA==


--- Additional Info ---
                                        
                                            GET /e/aUNFm62 HTTP/1.1 
Host: s.click.aliexpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html
Cookie: ali_apache_id=10.182.251.131.1507843577369.659009.1; xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577371%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577376%2C%22vd%22%3A%2230%22%7D; acs_usuc_t=x_csrf=1as5t6yh5mm_w&acs_rt=e4481219aba445cd845afb6ef7dd7366; aeu_cid=a0fdaab27d874b72a11d431aff7ebce8-1507843577371-03661-aUNFm62; xman_t=jeMEE1q7zVOjrKvcLNwjgtWzeyo52CNktPXKjDh2SWjXQJF/YisndQT2lQsH+yCB; xman_f=fJRKi8dyXIQhJ750HVBXwW7UHQGPEvfLnah8cABdmsvj0VhOt5HNXOM3/AH6gevINzucx8gCK4LC0IaHjGDPH72hzAfPoQ79xVZkRTYcdvriuVLxuS5NCQ==

                                         
                                         104.122.220.148
HTTP/1.1 302 Moved Temporarily
                                        
Content-Length: 0
P3P: CP="CAO PSA OUR"
X-Application-Context: affiliateclick:production:7001
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Location: http://www.aliexpress.com?aff_platform=link-c-tool&cpt=1507843577747&sk=aUNFm62&aff_trace_key=f2456bc860eb458ea1eed105e8b07fd5-1507843577747-04722-aUNFm62&terminal_id=e4481219aba445cd845afb6ef7dd7366
Content-Language: en-US
Server: Tengine/Aserver
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive
Set-Cookie: xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577747%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577752%2C%22vd%22%3A%2230%22%7D; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/ acs_usuc_t=x_csrf=1as5t6yh5mm_w&acs_rt=e4481219aba445cd845afb6ef7dd7366; Domain=.aliexpress.com; Path=/ aeu_cid=f2456bc860eb458ea1eed105e8b07fd5-1507843577747-04722-aUNFm62; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/


--- Additional Info ---
                                        
                                            GET /newServing/tracking_id.php?gtruid=1&r=http%3A%2F%2Fa.yesadsrv.com%2Fcpxcenter%2Fdpop.php%3Fnid%3D4%26pid%3D63197%26sid%3D65436%26zone%3D97038%26durl%3D%26subid%3D667340%26opt1%3D%26opt2%3D%26ref%3Dhttp%253A%252F%252Fhi.notkodi.science%252Fmodescrips659882.html%26 HTTP/1.1 
Host: tr4.tagsd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         199.21.148.123
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:17 GMT
Server: Apache/2.4.10 (Fedora)
X-Powered-By: Yesup/1.0
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=15078435771910; expires=Sat, 11-Nov-2017 21:26:17 GMT; Max-Age=2592000; path=/; domain=.tagsd.com
Location: http://a.yesadsrv.com/cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html&UID=15078435771910&TRSTR=1&RTID=
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 20
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
                                        
                                            GET /stan/redirecttocampaign.do?cmpId=1494469&affiliateId=1&unibetTarget=/no/pop/sportsbook/general/index.html&targetDomain=https://welcome.unibet.com&bTag=81763824_4C8797AB3DBD43B69B7631CF13BDA3E4&sref=FHS&FHS=Z53196862&affiliateId=1&pid=3107905&bid=27900&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fsportsbook%2Fgeneral%2Findex.html%3Fmktid%3D1%3A81763824%3A3107905-27900 HTTP/1.1 
Host: no.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://go.afh78erlkj.xyz/traf?c=3650&n=53&z=402923&target=http%3A%2F%2Fadserving.unibet.com%2Fredirect.aspx%3Fbid%3D27900%26pid%3D2958368%26sref%3DFHS%26FHS%3D%7Bsite%7D&h=3db6592b
Cookie: JSESSIONID=27b178e68e74a7222e43e99d8b5f; __ucbt=27b178e68e74a7222e43e99d8b5f; uniattr=ST.0.T; campaignId=1494469; framework.forceBigLandingArea=""; affiliateId=1; B-TAG=81763824_4C8797AB3DBD43B69B7631CF13BDA3E4; BID=27900; PID=3107905; REFERER=http%3A%2F%2Fgo.afh78erlkj.xyz%2Ftraf%3Fc%3D3650%26n%3D53%26z%3D402923%26target%3Dhttp%253A%252F%252Fadserving.unibet.com%252Fredirect.aspx%253Fbid%253D27900%2526pid%253D2958368%2526sref%253DFHS%2526FHS%253D%257Bsite%257D%26h%3D3db6592b; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D1494469%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fsportsbook%2Fgeneral%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26bTag%3D81763824_4C8797AB3DBD43B69B7631CF13BDA3E4%26sref%3DFHS%26FHS%3DZ53196862%26affiliateId%3D1%26pid%3D3107905%26bid%3D27900; AFFILIATE_CAMPAIGN_ID=1494469; BIGipServeraffiliates_PROD=2399422218.46155.0000

                                         
                                         185.9.101.1
HTTP/1.1 301 Moved Permanently
                                        
Server: nginx
Date: Thu, 12 Oct 2017 21:26:17 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Java/Oracle Corporation/1.7)
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Set-Cookie: __utmv="75389645.|1=Affiliate=81763824=1,"; Domain=.unibet.com; Expires=Sat, 12-Oct-2019 21:26:17 GMT; Path=/
Location: https://welcome.unibet.com/no/pop/sportsbook/general/index.html?mktid=1:81763824:3107905-27900
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload


--- Additional Info ---
                                        
                                            GET /redirect?feed=73444&auth=hfDuBG&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html HTTP/1.1 
Host: search.vertoz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Location: http://adskpak.com/?type=2&id=mandark&sid=9061
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /redirect?feed=82141&auth=iG2epi&subid=15884&url=http%3A%2F%2Fplaylive.pw%2F%3Fq%3Dbest%2Bdeals&query=sport&default_url= HTTP/1.1 
Host: xml.pdn-1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html

                                         
                                         174.137.155.139
HTTP/1.1 302 Found
                                        
Location: http://s.click.aliexpress.com/e/aUNFm62
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /redirect?feed=73444&auth=hfDuBG&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips661876.html HTTP/1.1 
Host: search.vertoz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661876.html

                                         
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Location: http://adskpak.com/?type=2&id=mandark&sid=9061
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.trustwave.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         91.135.34.136
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 638
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   638
Md5:    4a7bb13716b203a6f2b9e9708768a503
Sha1:   f31b103c72cdf1edd5a5a4e2173fc82ca77d0ef0
Sha256: a5c28e252cdaab710b0171444b2183b32a3996264763f1f887462f28b132b66a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.trustwave.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.136
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 1684
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1684
Md5:    30e233ac6d59d1b15591e57ee7ee6f46
Sha1:   360f9d70b1feb1d092e3b189588b012bf5eeb2b5
Sha256: 4a0fb32e8859c41467e6105f6bcbce4184307114aeb9003f1ce151ffaa662e42
                                        
                                            GET /?aff_platform=link-c-tool&cpt=1507843577560&sk=aUNFm62&aff_trace_key=a978ff69cb584922957f3cbe6e6abee2-1507843577560-02575-aUNFm62&terminal_id=755bfedd9d5447469362072df1e58348 HTTP/1.1 
Host: www.aliexpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/citrico2.html
Cookie: ali_apache_id=10.182.250.123.1507843577558.852479.7; xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577560%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577564%2C%22vd%22%3A%2230%22%7D; acs_usuc_t=x_csrf=1deqmn7r7trxc&acs_rt=755bfedd9d5447469362072df1e58348; aeu_cid=a978ff69cb584922957f3cbe6e6abee2-1507843577560-02575-aUNFm62; xman_t=Je3EQsE7vfsFWSMR/e5LcwfhedwcaZE0uzPYsXmNL0NyZGTFZOaG5+ZAFDpfXQNd; xman_f=+3YMH5CW2mn0Xo+VAOvgceTSQ2JnNtpaaO2oAZlCOF6wYQ+3MoEcXRVMbowKMQHgTFUIgTBe2LL3vKjFV5PlxkKMykP50yj0Rq/DCe3sSsyMQiSkgh3B8w==

                                         
                                         104.122.220.148
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Content-Length: 286
Location: https://www.aliexpress.com/?aff_platform=link-c-tool&cpt=1507843577560&sk=aUNFm62&aff_trace_key=a978ff69cb584922957f3cbe6e6abee2-1507843577560-02575-aUNFm62&terminal_id=755bfedd9d5447469362072df1e58348
Server: Tengine/Aserver
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:17 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   286
Md5:    22233f8939a7a0ffab23b4614172f693
Sha1:   4ea3b18bd694e41550cb8f0a6094277025019bd0
Sha256: 33b2237f3c033eb6a5ca8f7b1a33604f303eadc818a906d859cd7c44fd77f6b1
                                        
                                            GET /redirect?feed=82141&auth=iG2epi&subid=15884&url=http%3A%2F%2Fplaylive.pw%2F%3Fq%3Dbest%2Bdeals&query=sport&default_url= HTTP/1.1 
Host: xml.pdn-1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html

                                         
                                         174.137.155.139
HTTP/1.1 302 Found
                                        
Location: http://s.click.aliexpress.com/e/aUNFm62
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /redirect?tid=667332&&ref=playlive.pw HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661880.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:18 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://search.vertoz.com/redirect?feed=93120&auth=W5TPk2&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips661880.html
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:17 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 0c5e11348f181c6aeb0775770f4b4d39.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LItSlzIogptCoLelcfACOePEnL0_MOH8aFREic7-dPpB7Onpr4k2-w==


--- Additional Info ---
                                        
                                            GET /?aff_platform=link-c-tool&cpt=1507843577371&sk=aUNFm62&aff_trace_key=a0fdaab27d874b72a11d431aff7ebce8-1507843577371-03661-aUNFm62&terminal_id=e4481219aba445cd845afb6ef7dd7366 HTTP/1.1 
Host: www.aliexpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html
Cookie: ali_apache_id=10.182.250.123.1507843577558.852479.7; xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577560%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577564%2C%22vd%22%3A%2230%22%7D; acs_usuc_t=x_csrf=1deqmn7r7trxc&acs_rt=755bfedd9d5447469362072df1e58348; aeu_cid=a978ff69cb584922957f3cbe6e6abee2-1507843577560-02575-aUNFm62; xman_t=Je3EQsE7vfsFWSMR/e5LcwfhedwcaZE0uzPYsXmNL0NyZGTFZOaG5+ZAFDpfXQNd; xman_f=+3YMH5CW2mn0Xo+VAOvgceTSQ2JnNtpaaO2oAZlCOF6wYQ+3MoEcXRVMbowKMQHgTFUIgTBe2LL3vKjFV5PlxkKMykP50yj0Rq/DCe3sSsyMQiSkgh3B8w==

                                         
                                         104.122.220.148
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Vary: Accept-Encoding
P3P: CP="CAO PSA OUR"
X-Application-Context: ae-buyer-homepage-f:prod:7001
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000
Content-Language: en-US
Content-Security-Policy-Report-Only: default-src * 'unsafe-eval' 'unsafe-inline' data:;report-uri //pointman.alibaba.com/csp?app=ae_default
Content-Encoding: gzip
Access-Control-Allow-Origin: https://hz.aliexpress.com
Server: Tengine/Aserver
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:18 GMT
Content-Length: 12003
Connection: keep-alive
Set-Cookie: xman_us_f=x_locale=en_US&x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577560%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577564%2C%22vd%22%3A%2230%22%7D; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/ intl_locale=en_US; Domain=.aliexpress.com; Path=/ aep_usuc_f=site=glo&c_tp=USD&region=NO&b_locale=en_US; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/ intl_common_forever=GotZsmAPo9ADjq7HIOGe9MVMgWhOVwZqbP+ye1JhYhCJDxU8d/a27g==; Domain=.aliexpress.com; Expires=Wed, 31-Oct-2085 00:40:24 GMT; Path=/; HttpOnly JSESSIONID=C01421C5C5C761264093465A6E2BF645;path=/;HttpOnly


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   12003
Md5:    fe0d8c39e923306759b8a14d8c10d888
Sha1:   ba9b26118bfb2166377bd4afd8720a7f2bdcc0a8
Sha256: 4b879c7ee4d4022cc35cea93f50d2a83f3e07e15b660933675fc3c37f4d3f29b
                                        
                                            GET /redirect?feed=93120&auth=W5TPk2&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips674347.html HTTP/1.1 
Host: search.vertoz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips674347.html

                                         
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Location: http://search.vertoz.com/redirect?feed=73444&auth=hfDuBG&query=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips674347.html
Connection: keep-alive
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html&UID=15078435771910&TRSTR=1&RTID= HTTP/1.1 
Host: a.yesadsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips659882.html

                                         
                                         199.21.148.198
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:18 GMT
Server: Apache/2.4.23 (Fedora)
X-Powered-By: PHP/5.6.27
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=15078435771910; expires=Sat, 11-Nov-2017 21:26:18 GMT; Max-Age=2592000; path=/; domain=.yesadsrv.com CKTIME=1507843578; expires=Wed, 08-Aug-2018 21:26:18 GMT; Max-Age=25920000; path=/; domain=.yesadsrv.com
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 3304
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   3304
Md5:    c408f67de956af9e67b7cd9405c1a5f3
Sha1:   264dc7eeb37b1734d3aa146375060f2c42baee69
Sha256: abe577cc9662daa6d9bdebb8e22eda12f8faf1dc779bba4dcea0965448ce5ff9
                                        
                                            GET /redirect?tid=667333&&ref=playlive.pw HTTP/1.1 
Host: origer.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/modescrips661875.html

                                         
                                         52.222.227.52
HTTP/1.1 302 Found
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Thu, 12 Oct 2017 21:26:18 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Location: http://c.tmstrack.com/?a=38016&c=69742&p=r&E=3QTR7tcWEwY%3d&s1=667333&s2=6171087397096602320
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: fv=rjkEqHY9rHk6qGEFqja6pdnHqjC6vdw=; Expires=Fri, 12 Oct 2018 21:26:18 GMT; Max-Age=31536000; Domain=.origer.info; Path=/; Version=1
X-Cache: Miss from cloudfront
Via: 1.1 3943e81340bd903a74d536bc9599c3f3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: BTmWOT7ruy6c44JXd0K_xbTqz6PUi_4m3DJoTaUZ_Q1oM-k6aco0wA==


--- Additional Info ---
                                        
                                            GET /?aff_platform=link-c-tool&cpt=1507843577747&sk=aUNFm62&aff_trace_key=f2456bc860eb458ea1eed105e8b07fd5-1507843577747-04722-aUNFm62&terminal_id=e4481219aba445cd845afb6ef7dd7366 HTTP/1.1 
Host: www.aliexpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hi.notkodi.science/guidoclick.html
Cookie: ali_apache_id=10.182.250.123.1507843577558.852479.7; xman_us_f=x_l=0&x_as_i=%7B%22cv%22%3A%222%22%2C%22tp1%22%3A%22AdventureFeedsPOP%22%2C%22src%22%3A%22link-c-tool%22%2C%22af%22%3A755442634%2C%22cpt%22%3A1507843577747%2C%22channel%22%3A%22AFFILIATE%22%2C%22affiliateKey%22%3A%22aUNFm62%22%2C%22tagtime%22%3A1507843577752%2C%22vd%22%3A%2230%22%7D; acs_usuc_t=x_csrf=1as5t6yh5mm_w&acs_rt=e4481219aba445cd845afb6ef7dd7366; aeu_cid=f2456bc860eb458ea1eed105e8b07fd5-1507843577747-04722-aUNFm62; xman_t=Je3EQsE7vfsFWSMR/e5LcwfhedwcaZE0uzPYsXmNL0NyZGTFZOaG5+ZAFDpfXQNd; xman_f=+3YMH5CW2mn0Xo+VAOvgceTSQ2JnNtpaaO2oAZlCOF6wYQ+3MoEcXRVMbowKMQHgTFUIgTBe2LL3vKjFV5PlxkKMykP50yj0Rq/DCe3sSsyMQiSkgh3B8w==

                                         
                                         104.122.220.148
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Content-Length: 286
Location: https://www.aliexpress.com/?aff_platform=link-c-tool&cpt=1507843577747&sk=aUNFm62&aff_trace_key=f2456bc860eb458ea1eed105e8b07fd5-1507843577747-04722-aUNFm62&terminal_id=e4481219aba445cd845afb6ef7dd7366
Server: Tengine/Aserver
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 21:26:18 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   286
Md5:    22233f8939a7a0ffab23b4614172f693
Sha1:   4ea3b18bd694e41550cb8f0a6094277025019bd0
Sha256: 33b2237f3c033eb6a5ca8f7b1a33604f303eadc818a906d859cd7c44fd77f6b1
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.31.75.124
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 21:26:18 GMT
Content-Length: 1517
Connection: keep-alive
Set-Cookie: __cfduid=de76bff015ea064b1bb1710b173f11bd01507843578; expires=Fri, 12-Oct-18 21:26:18 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Thu, 12 Oct 2017 18:01:17 GMT
Expires: Mon, 16 Oct 2017 18:01:17 GMT
Etag: "3ed6f0abde799fc392f13229e9234ac8993f9b10"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3acd22fc30b64285-OSL


--- Additional Info ---
Magic:  data
Size:   1517
Md5:    5205c4415d047c16519fa9eeb71a0d2f
Sha1:   3ed6f0abde799fc392f13229e9234ac8993f9b10
Sha256: 49f3acfa5f28858229b8f5ad63c020f1acd96234b4b3c1b3ba9b957c682d73da
                                        
                                            GET /cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html&UID=15078435771910&TRSTR=1&RTID= HTTP/1.1 
Host: a.yesadsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a.yesadsrv.com/cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html&UID=15078435771910&TRSTR=1&RTID=
Cookie: TRUID=15078435771910; CKTIME=1507843578

                                         
                                         199.21.148.198
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:18 GMT
Server: Apache/2.4.23 (Fedora)
X-Powered-By: PHP/5.6.27
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=15078435771910; expires=Sat, 11-Nov-2017 21:26:18 GMT; Max-Age=2592000; path=/; domain=.yesadsrv.com CKTIME=1507843578; expires=Wed, 08-Aug-2018 21:26:18 GMT; Max-Age=25920000; path=/; domain=.yesadsrv.com
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 3304
Connection: close


--- Additional Info ---
Magic:  gzip compressed data
Size:   14514
Md5:    21fad59ca9b6d69e165303b9dfd36922
Sha1:   545342a8d1eea2f25ce98077cec966b9254fb522
Sha256: a2ff888de6e98e068147e5268bd43fb3cb5a3dd4c3096b345469f26dd08dda62
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: a.yesadsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: TRUID=15078435771910; CKTIME=1507843578

                                         
                                         199.21.148.198
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Thu, 12 Oct 2017 21:26:18 GMT
Server: Apache/2.4.23 (Fedora)
Last-Modified: Mon, 17 Oct 2016 20:53:58 GMT
Etag: "47e-53f15c656e580"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1150
Md5:    93caeb94218441dc8cbe845795e660d4
Sha1:   6eae8ebd4962b70b01b3f80a4b37e97fd7ee8c1f
Sha256: 7b1fcc9cccce514af6161a6d2cd69509c84bb5ada5fee9888a8d132bd3e304b6
                                        
                                            GET /cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html&UID=15078435771910&TRSTR=1&RTID=&jsctoken=Ul1pZCUh2M7gziAsJjTxW34l5dJ9MSwiXFzey93JITQqL3wg2cAuJiczLSp7_M_L2tL7LSgv HTTP/1.1 
Host: a.yesadsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a.yesadsrv.com/cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html&UID=15078435771910&TRSTR=1&RTID=
Cookie: TRUID=15078435771910; CKTIME=1507843578

                                         
                                         199.21.148.198
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:18 GMT
Server: Apache/2.4.23 (Fedora)
X-Powered-By: PHP/5.6.27
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=15078435771910; expires=Sat, 11-Nov-2017 21:26:18 GMT; Max-Age=2592000; path=/; domain=.yesadsrv.com CKTIME=1507843578; expires=Wed, 08-Aug-2018 21:26:18 GMT; Max-Age=25920000; path=/; domain=.yesadsrv.com
Location: http://b.yu0123456.com/newServing/dlink.php?nid=1&sid=87175&pid=8189&durl=http%3A%2F%2Fhost.cpxcenter.com%2Fclicksor3%2F&spid=4-65436&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /newServing/dlink.php?nid=1&sid=87175&pid=8189&durl=http%3A%2F%2Fhost.cpxcenter.com%2Fclicksor3%2F&spid=4-65436&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html HTTP/1.1 
Host: b.yu0123456.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://a.yesadsrv.com/cpxcenter/dpop.php?nid=4&pid=63197&sid=65436&zone=97038&durl=&subid=667340&opt1=&opt2=&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html&UID=15078435771910&TRSTR=1&RTID=

                                         
                                         199.21.148.98
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:22 GMT
Server: Apache/2.4.10 (Fedora)
X-Powered-By: PHP/5.5.25
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 241
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   241
Md5:    8b4f7cc36e19649ca4fbd2db78356709
Sha1:   c8e0a7ad5bc993bc81ccb126d0dcefc1912537fe
Sha256: 9509887d513295ba17563fddebe6a6488d10de1c04aee0b6e9e538d3b60bcc41
                                        
                                            GET /newServing/tracking_id.php?d=b.clicksor.net&r=http%3A%2F%2Fb.clicksor.net%2FnewServing%2Ftracking_id.php%3Fb%3D1%26&gtruid=1 HTTP/1.1 
Host: tr1.tagsd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://b.yu0123456.com/newServing/dlink.php?nid=1&sid=87175&pid=8189&durl=http%3A%2F%2Fhost.cpxcenter.com%2Fclicksor3%2F&spid=4-65436&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html
Cookie: TRUID=15078435771910

                                         
                                         199.21.148.123
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:22 GMT
Server: Apache/2.4.18 (Fedora)
X-Powered-By: Yesup/1.0
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=15078435771910; expires=Sat, 11-Nov-2017 21:26:22 GMT; Max-Age=2592000; path=/; domain=.tagsd.com
Location: http://b.clicksor.net/newServing/tracking_id.php?b=1&UID=15078435771910&TRSTR=1&RTID=
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 20
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
                                        
                                            GET /newServing/tracking_id.php?b=1&UID=15078435771910&TRSTR=1&RTID= HTTP/1.1 
Host: b.clicksor.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://b.yu0123456.com/newServing/dlink.php?nid=1&sid=87175&pid=8189&durl=http%3A%2F%2Fhost.cpxcenter.com%2Fclicksor3%2F&spid=4-65436&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html

                                         
                                         199.21.148.89
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:23 GMT
Server: Apache/2.4.23 (Fedora)
X-Powered-By: Yesup/1.0
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=15078435771910; expires=Wed, 08-Aug-2018 21:26:23 GMT; Max-Age=25920000; path=/; domain=b.clicksor.net CKTIME=1507843583; expires=Wed, 08-Aug-2018 21:26:23 GMT; Max-Age=25920000; path=/; domain=b.clicksor.net RTID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=b.clicksor.net
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 20
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: b.yu0123456.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         199.21.148.98
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Thu, 12 Oct 2017 21:26:23 GMT
Server: Apache/2.4.16 (Fedora)
Last-Modified: Mon, 17 Oct 2016 20:53:58 GMT
Etag: "47e-53f15c656e580"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1150
Md5:    93caeb94218441dc8cbe845795e660d4
Sha1:   6eae8ebd4962b70b01b3f80a4b37e97fd7ee8c1f
Sha256: 7b1fcc9cccce514af6161a6d2cd69509c84bb5ada5fee9888a8d132bd3e304b6
                                        
                                            GET /clicksor3/ HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://b.yu0123456.com/newServing/dlink.php?nid=1&sid=87175&pid=8189&durl=http%3A%2F%2Fhost.cpxcenter.com%2Fclicksor3%2F&spid=4-65436&ref=http%3A%2F%2Fhi.notkodi.science%2Fmodescrips659882.html

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583; expires=Fri, 12-Oct-18 21:26:23 GMT; path=/; domain=.cpxcenter.com; HttpOnly
X-Powered-By: PHP/5.3.8
Server: cloudflare-nginx
CF-RAY: 3acd231b254e42af-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3186
Md5:    41f193d6ea40a9f5d58b3a994f3b4af0
Sha1:   43c12d4eac4cc4699d3f181b31fa82847c71b747
Sha256: b61e62a931da656fe02860870e5babec52d1936ddf0fed5123a7aff6cc4af83e
                                        
                                            GET /clicksor3/js/modernizr.custom.48287.js HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 30 Oct 2013 19:30:14 GMT
Etag: W/"b40bb0-3b34-4e9fa5cbf9d80"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd2322878342af-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6156
Md5:    9597335d72c54f801bfb01b7de8fecf8
Sha1:   6cead6148672f5c571e318c7787c672acbaf4295
Sha256: 0175bd63d6a8c9beaae362317cb972703ab19198a490756235ece6b9d83b8640
                                        
                                            GET /clicksor3/images/clicksor_logo2.png HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 5602
Connection: keep-alive
Last-Modified: Tue, 26 May 2015 14:52:03 GMT
Etag: "b40b3a-15e2-516fd44f50ac0"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2322a79542af-OSL


--- Additional Info ---
Magic:  PNG image, 230 x 45, 8-bit/color RGBA, non-interlaced
Size:   5602
Md5:    fda31ce296756c5f9081e498e6cc699c
Sha1:   3d7b27b74f71859f1ede3051021da9b6170c6269
Sha256: 869ca8a41623348e3530a6988821c06a3fa8e83610d3aef95c549d5744762b49
                                        
                                            GET /clicksor3/animate.css HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 14 Feb 2014 18:25:12 GMT
Etag: W/"b40a6b-df06-4f261ed30f200"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd2322a1604279-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4315
Md5:    560c552a51d4742af3817ee99096ccbd
Sha1:   54d992f1c0737b21a8bf7679f588c288186d05c9
Sha256: a559ad4e827abd014efc4250584725599d7db6ab99fbceec46d42004df14d718
                                        
                                            GET /clicksor3/js/woothemes-FlexSlider-06b12f8/flexslider.css HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 30 Oct 2013 19:30:14 GMT
Etag: W/"b40c0b-ea2-4e9fa5cbf9d80"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd2322a76642bb-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1360
Md5:    428c0cb8cf4d23b9a28d694ff0d3803e
Sha1:   7092617944dff06065c332209ad25b6742eacf31
Sha256: 4288f8b9fe63dcc1bc915f0bd87ebd02217cf8b9c520698b3c5d2f4077c76836
                                        
                                            GET /clicksor3/js/prettyPhoto_3.1.5/prettyPhoto.css HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 30 Oct 2013 19:30:14 GMT
Etag: W/"b40c09-4d2d-4e9fa5cbf9d80"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd2322a6764297-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2743
Md5:    e1bcefaf802249ea05ab177536738a88
Sha1:   74cee4c545561defaf6bc15459cdb2b0110a9802
Sha256: f4958652fd51556d17ff9fad44c7ddcb98d0221e44986597e3c1f9b624b39d4e
                                        
                                            GET /clicksor3/images/contextual.png HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 35232
Connection: keep-alive
Last-Modified: Tue, 12 Jul 2016 14:10:11 GMT
Etag: "b40b3d-89a0-53770d3b7f669"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2322b79b42af-OSL


--- Additional Info ---
Magic:  PNG image, 370 x 465, 8-bit colormap, non-interlaced
Size:   35232
Md5:    272e31fe34b92fe45b9551d1b0826ce4
Sha1:   bde76938385f5ed84d5250bf7e52b06b7d943214
Sha256: 9ed3af87df5f1383604a511d2a48be9f2735dbf80a9e976bab1b472dc6aa8ec3
                                        
                                            GET /clicksor3/css/uikit.min.css HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 04 May 2015 20:01:08 GMT
Etag: W/"b40a74-16247-5154705d10900"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd2322a3f04285-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   16925
Md5:    4b66ca5633caa1e3635aad8e29d50323
Sha1:   3fcaa856c2874c751d6aa422e1c3196919e62740
Sha256: 9d93d9a65860c18f4a2ae51834ae8fd4f2c3a13665a0500fcac7846eb72cbde9
                                        
                                            GET /clicksor3/images/l1.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 4292
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:24:36 GMT
Etag: "b40b46-10c4-51620711c5500"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2322b1644279-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   4292
Md5:    3b40fb0c7a3f192df4fee481f7091f9b
Sha1:   1cc9220df2ee48f869206eb7eea77e11ec90aae6
Sha256: 0343c15f3f09cfd9c9721b17b3863bb30d195baae10479d8f8720828c51af15c
                                        
                                            GET /clicksor3/images/l2.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 4777
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:25:02 GMT
Etag: "b40b49-12a9-5162072a90f80"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2322b76a42bb-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   4777
Md5:    2cd6f17cf907722cacacd7c2daf706b1
Sha1:   88f1ad4f0202fea970a8dac47b1c76dd979b68d5
Sha256: 9d8e66e351afee15dfa81a0882fecb689be84abdfeee9d28561d398f9b53ba21
                                        
                                            GET /clicksor3/style2.css HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 14 Jul 2015 20:39:09 GMT
Etag: W/"b40a6d-2a874-51adbd481f540"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 3acd2322a6c1428b-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   26342
Md5:    72455c873347dbe2cab265e6995d77ec
Sha1:   4a9324c9ad88c8710f8f162ce2f36614356e2e69
Sha256: ac597e8e31b1a142f899b27c9650ef487b980a47c9f79a3fb0b038e320c02884
                                        
                                            GET /css?family=Open+Sans:400,300,400italic,600,600italic,700,700italic,300italic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/

                                         
                                         172.217.22.170
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 12 Oct 2017 21:26:24 GMT
Date: Thu, 12 Oct 2017 21:26:24 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   510
Md5:    b1fdb9df5ce883ae8fc6f7254d22740c
Sha1:   20210ec66dc8b25bcadd539a420e1e02149f5138
Sha256: a36bbe236b23709e51986f80fb4db4b3d2e5990a29b37050467bc87569950fe2
                                        
                                            GET /clicksor3/images/l4.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 2984
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:25:28 GMT
Etag: "b40b4b-ba8-516207435ca00"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2322d7ab42af-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   2984
Md5:    873d271bce215b54dfe68472c7d9bbe1
Sha1:   95b173c5b3c87ff41b7cd0fc567eaeb17e7bd1e5
Sha256: 9c6f371cab61306d020610b245036b7db876027721ccc9448e3745d0f1b37fa7
                                        
                                            GET /clicksor3/images/l3.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 2720
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:25:13 GMT
Etag: "b40b4a-aa0-516207350e840"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2322d6814297-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   2720
Md5:    f99a3a4d0605e9f058f992fde02dc8b9
Sha1:   d0ce44d06d11f8ca91c0d5d3f0c26bfb22eed2a0
Sha256: 7f5b05b169d453d120cb51606e17721b01733cbfd127de2a7e1e9f639a55c9c5
                                        
                                            GET /clicksor3/images/l5.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 5564
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:29:23 GMT
Etag: "b40b4c-15bc-5162082379ac0"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd232344224285-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   5564
Md5:    676254dc9ea48a5bec16ec644260c434
Sha1:   0da5092292327a70429d293200409fc00d36e103
Sha256: 9f5a0728eb8ab0b1b19149397757ddd7eb635510e0efd71a56c1d9643b6cca13
                                        
                                            GET /clicksor3/images/l6.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 2818
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:25:55 GMT
Etag: "b40b4d-b02-5162075d1c6c0"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2323419a4279-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   2818
Md5:    2c899beb45fef8a23a8f1b77b218e341
Sha1:   d6e5fe8bbdd17f5d0f4a94ae399fe075ccbc37ed
Sha256: 8e9735fcee47463d1cabea3fc29a346396a847fa9eae90362792181d8d550a0f
                                        
                                            GET /clicksor3/images/l7.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 3754
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:33:19 GMT
Etag: "b40b4e-eaa-516209048adc0"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2323479a42bb-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   3754
Md5:    4eb76ffc1c6d323fff99b0f7a9f04b14
Sha1:   047e7cdc94702479456c59834f58fe1fc7adbc1f
Sha256: 90a9c35b578ab755782ba839cca02830feac41ace0c97c6c24af31819f922d06
                                        
                                            GET /clicksor3/images/l8.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 3421
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:26:14 GMT
Etag: "b40b4f-d5d-5162076f3b180"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd232346ef428b-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   3421
Md5:    1d12b0562a4e5a615f2a52a0d5229712
Sha1:   f672e043b53ff47f704d1cc0ceb4b9a885f4829d
Sha256: b2f322b577f2936218274e43112e53196e8507dc22aa5fd8fc28f82cd143b137
                                        
                                            GET /clicksor3/images/l10.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 7085
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:26:40 GMT
Etag: "b40b47-1bad-5162078806c00"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd232346a64297-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   7085
Md5:    01ab2a509b9951f89c215dc274858fb0
Sha1:   e0d7acdb4ed75346bb8e9812481679b29cb60af6
Sha256: 9d65c9a3dc280e6723ce1131491f9f43f2b9f2431bbba0872162acad6ccf076a
                                        
                                            GET /clicksor3/images/q1.png HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 11752
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 14:15:29 GMT
Etag: "b40b59-2de8-5161f79ee2240"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd2323519f4279-OSL


--- Additional Info ---
Magic:  PNG image, 334 x 310, 8-bit/color RGBA, non-interlaced
Size:   11752
Md5:    e8500714dba789aaced2b5f54356cb9e
Sha1:   bb3595473ef70fab6f43022550644dfa0ddd1613
Sha256: 48561bfa934801e85bac6bc0cac5c328e050252ca3f98d25ccd51bbbd5b2456e
                                        
                                            GET /clicksor3/images/q2.png HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 19975
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 14:16:20 GMT
Etag: "b40b5a-4e07-5161f7cf85500"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd232357a142bb-OSL


--- Additional Info ---
Magic:  PNG image, 378 x 291, 8-bit/color RGBA, non-interlaced
Size:   19975
Md5:    41711fa852831870bb9758e71df02c2e
Sha1:   4ac165333a9bc62ec905ee10dab91f8dab8e62d9
Sha256: 8a65a7621d7f49a5c4a4313e78b62d0b69d09eba5245a71bad2679ec8c3a5d80
                                        
                                            GET /clicksor3/images/l9.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 3837
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:26:26 GMT
Etag: "b40b50-efd-5162077aacc80"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd232357d542af-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   3837
Md5:    4bf26e2634b6debe33985614a450c088
Sha1:   5f326ff78322bb7c9b5a8df3dfcf032d5dd840f1
Sha256: 64129dda24e9c2d2394e7e150cbed253b91a9a3a2b0fbcfcede5ad1f5b276449
                                        
                                            GET /clicksor3/images/l11.jpg HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 3285
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 15:26:49 GMT
Etag: "b40b48-cd5-516207909c040"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd232354244285-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   3285
Md5:    8c5bd2380d837b052d2149b299cc9e1b
Sha1:   b7d7bc6cb84ad507be7c508e942b9a81dd0b3448
Sha256: 2fc81921148d77ba61640ff2212aa0e442ca1a9a4af2e1d43854029a829b9611
                                        
                                            GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/

                                         
                                         108.161.189.121
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 22 Jan 2015 19:53:38 GMT
Etag: W/"04425bbdc6243fc6e54bf8984fe50330"
Server: NetDNA-cache/2.2
Expires: Sun, 07 Oct 2018 21:26:24 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5969
Md5:    ba373cbdaa527fa77147813bfde39b60
Sha1:   f9fd3e50cf868db4fecac96a74f808f47c81f0e4
Sha256: 1a16f82176c65ee75de3937bf1bcc897e8c41c346714157cf1c760c4d1bd0944
                                        
                                            GET /clicksor3/images/q3.png HTTP/1.1 
Host: host.cpxcenter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://host.cpxcenter.com/clicksor3/
Cookie: __cfduid=df830b2313656306667c404ec017f33b71507843583

                                         
                                         104.31.65.250
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 12 Oct 2017 21:26:24 GMT
Content-Length: 53136
Connection: keep-alive
Last-Modified: Fri, 15 May 2015 14:16:39 GMT
Etag: "b40b5b-cf90-5161f7e1a3fc0"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Fri, 13 Oct 2017 01:26:24 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 3acd232356f8428b-OSL


--- Additional Info ---
Magic:  PNG image, 292 x 292, 8-bit/color RGBA, non-interlaced
Size:   53136
Md5:    1a9b7f208ad849a60c2e80fd7deaa8e5
Sha1:   14503638d3a2f68380c5fb41970065ba62f30af2
Sha256: 2c8767fb7634450a2a4c70f83ef498bf1ff48a44013f8e5ff0d1ff4ab09ea62b