Overview

URL www2.megawebdeals.com/search.php?q=1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.104068
IP185.53.178.6
ASNAS61969 Team Internet AG
Location Germany
Report completed2018-08-10 11:17:54 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-10 2 parkingcrew.net/assets/scripts/js3.js Malware
2018-08-10 2 www2.megawebdeals.com/ls.php Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 185.53.178.6

Date UQ / IDS / BL URL IP
2018-12-11 10:40:34 +0100
0 - 0 - 4 inet-poisk.ru/got.php 185.53.178.6
2018-12-11 10:24:39 +0100
0 - 0 - 0 lt.si 185.53.178.6
2018-12-11 02:15:52 +0100
0 - 0 - 1 sikdokfa.com/896457a11d8253572dc521470a9be784 185.53.178.6
2018-12-10 23:45:53 +0100
0 - 1 - 0 www.shockteen.top/ 185.53.178.6
2018-12-10 13:07:02 +0100
0 - 0 - 3 photoscape.ch/Setup.exe 185.53.178.6
2018-12-10 07:16:57 +0100
0 - 0 - 1 admin.nezccindia.in/mxerbox.html 185.53.178.6
2018-12-10 01:51:44 +0100
0 - 0 - 1 mastersdegree.me/ 185.53.178.6
2018-12-09 22:09:56 +0100
0 - 1 - 0 sex-date-here1.top/ 185.53.178.6
2018-12-09 19:29:14 +0100
0 - 0 - 1 flv.onesappz.com/n/3.0.30/9461466/Setup.exe 185.53.178.6
2018-12-09 19:29:10 +0100
0 - 0 - 1 flv.onesappz.com/n/3.0.30.2/10081026/Setup.exe 185.53.178.6

Last 10 reports on ASN: AS61969 Team Internet AG

Date UQ / IDS / BL URL IP
2018-12-11 10:40:34 +0100
0 - 0 - 4 inet-poisk.ru/got.php 185.53.178.6
2018-12-11 10:39:44 +0100
0 - 0 - 2 tuncen.com/D3TNT.exe 185.53.179.6
2018-12-11 10:26:02 +0100
0 - 0 - 2 down.daweidian.com/1422543919_1.0.0.19/Setup_ (...) 185.53.179.8
2018-12-11 10:24:39 +0100
0 - 0 - 0 lt.si 185.53.178.6
2018-12-11 10:24:29 +0100
0 - 0 - 0 sk.no/ls.php 185.53.178.7
2018-12-11 10:13:17 +0100
0 - 0 - 2 down.daweidian.com/1422025880_1.0.0.9/Setup_v (...) 185.53.179.8
2018-12-11 10:13:01 +0100
0 - 0 - 2 down.daweidian.com/1422023466_1.0.0.9/Setup_v (...) 185.53.179.8
2018-12-11 10:05:48 +0100
0 - 0 - 2 down.daweidian.com/1423272968_1.0.0.33/Setup_ (...) 185.53.179.8
2018-12-11 10:03:40 +0100
0 - 0 - 2 down.daweidian.com/1422177134_1.0.0.9/Setup_v (...) 185.53.179.8
2018-12-11 09:36:34 +0100
0 - 0 - 2 down.daweidian.com/1422866482_1.0.0.21/Setup_ (...) 185.53.179.8

No other reports on domain: megawebdeals.com



JavaScript

Executed Scripts (31)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 995, repeated: 1) - SHA256: 84f5d235250ded7364640d5bd5d188acc9be9761a4aa3576841ccc92d0a2dd14

                                        < img height = "1"
width = "1"
border = "0"
alt = ""
src = "https://www.googleadservices.com/pagead/conversion/1038302480/?random=1533892643854&cv=9&fst=1533892643854&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ref=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef"
style = "display:none" / >
                                    


HTTP Transactions (48)


Request Response
                                        
                                            GET /search.php?q=1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.104068 HTTP/1.1 
Host: www2.megawebdeals.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.53.178.25
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 10 Aug 2018 09:17:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Check: 3c12dc4d54f8e22d666785b733b0052100c53444
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2076
Md5:    2bafdd9881f9a4d64e46951844cf68de
Sha1:   cb2b7bca54881f9996823364ea33510af5c89f66
Sha256: 77f52f7f69d1df215b6bae6b396d15b21e33fc5f4820f8b00e79ae7a677b4153
                                        
                                            GET /assets/scripts/js3.js HTTP/1.1 
Host: parkingcrew.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.104068

                                         
                                         185.53.179.29
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 10 Aug 2018 09:17:21 GMT
Content-Length: 17915
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2016 08:03:01 GMT
Etag: "57df9bb5-45fb"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C++ program text, with very long lines
Size:   17915
Md5:    db3cacfb57ba35d3fcfdbbcf7d46bd42
Sha1:   64034a7b579d0fb46cc71417ff038da23886d6c8
Sha256: a606134e35db97024d04789609660c94f87f660dc259d91db5180e32787d4dad

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTUzMzg5MjY0MC44MTI4OjE4ZTc2MmJmMTU3OWJkZmU1ZTljNTZiNTYxODIxMzFiZGY4MjJiM2I4ZDliNzRkMmY3MmEzM2RjMzc3OTM5YjQ6NWI2ZDU4MjBjNjc0OQ%3D%3D HTTP/1.1 
Host: www2.megawebdeals.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.104068

                                         
                                         185.53.178.25
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 10 Aug 2018 09:17:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Custom-Track: browserjs
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
                                        
                                            POST /ls.php HTTP/1.1 
Host: www2.megawebdeals.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://www2.megawebdeals.com/search.php?q=1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.104068
Content-Length: 1338
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         185.53.178.25
HTTP/1.1 201 Created
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Fri, 10 Aug 2018 09:17:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Log-Success: 5b6d58218e47eaba0d8b46c4 (Hit: 0)
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /track.php?click=1f674acfc827153533d83fec8788fe1cc6d67099&domain=megawebdeals.com&uid=MTUzMzg5MjY0MC44MTI4OjE4ZTc2MmJmMTU3OWJkZmU1ZTljNTZiNTYxODIxMzFiZGY4MjJiM2I4ZDliNzRkMmY3MmEzM2RjMzc3OTM5YjQ6NWI2ZDU4MjBjNjc0OQ%3D%3D&ts=fHx8ZDQxZDh8fHxidWNrZXQwNTB8fHx8NWI2ZDU4MjBjNjBlZXx8fDE1MzM4OTI2NDEuMTc5NXwyNDRjYmEyYTJiM2MzY2UyODk3ZDQ2OTVhZDEyMjA1YTkwODFjMmQyfHx8fHwxfHx8MHx8fHwwfHx8fHwwfDB8fHx8fHx8fHx8MHwxfHwwfDB8MXww&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1 
Host: www2.megawebdeals.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.104068

                                         
                                         185.53.178.25
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 10 Aug 2018 09:17:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Click-Track: '1f674acfc827153533d83fec8788fe1cc6d67099'
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www2.megawebdeals.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.53.178.25
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Fri, 10 Aug 2018 09:17:21 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2016 08:03:01 GMT
Etag: "57df9bb5-0"
Accept-Ranges: bytes


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         143.204.51.153
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=166481
Date: Fri, 10 Aug 2018 09:17:21 GMT
Etag: "5b6d30d7-1d7"
Expires: Sun, 12 Aug 2018 07:17:54 GMT
Last-Modified: Fri, 10 Aug 2018 06:29:43 GMT
Server: ECS (lga/1318)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 11APhXh9yiJ5ERWM8epe5os77bSr7eD2Pe-lz2y80g80vepXRORFJg==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    dd9ded6feebe705665f84dc8548eef79
Sha1:   3281a461bd90b3a2cd1df76cc065c2cf2a8fdf61
Sha256: 998db631fa0b581f1c8a3d7de0003aca1f7fd70de9e10cbcd1c8fe6d7e850ad4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.rootca1.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         143.204.51.149
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 1426
Connection: keep-alive
Date: Fri, 10 Aug 2018 09:17:22 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.7/2018-03-28)
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Id: wG6MUt4aTQUkNkTJ6d4ilP_IaI6y7nDTLs8wRCRL97acJAU-pZ4nSQ==


--- Additional Info ---
Magic:  data
Size:   1426
Md5:    942db22555cf90bacb104657686662e1
Sha1:   7cb8f3d76b622f7adc504f44a15d1da5f260464d
Sha256: 43989044c079ac670f1f11ce46faa35a3c8332289a2a77af0e5ca4b65aa04b9d
                                        
                                            GET /tr?id=015992422c55baeb4629ca0c0171e309b11eef23e2.r&tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MDVjNmI4MTcxMzIwNDAyNTc1YjFkNmUiLCJ0cyI6IjA4MTAwOTE3IiwiZCI6Im1lZ2F3ZWJkZWFscy5jb20ifQ.Iyb0-GoZQ7E_wEKzhdzAbHFIGZ-QeXL25JrdigTCc2s HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.104068

                                         
                                         52.72.197.104
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Fri, 10 Aug 2018 09:17:22 GMT
Content-Length: 2363
Connection: keep-alive
P3P: CP="CUR NOI NID STA STP"
X-Robots-Tag: noindex, nofollow
Set-Cookie: checkme=8c3c4caac5f8acc779b51b9142be44b2b789; Path=/


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   2363
Md5:    9100ddefe147c81c71d3195a69bd0079
Sha1:   8921ef75e620c71bf86886ff0e4878b79e72f078
Sha256: 2ca722082e0acc604f9af7f993b514e8fd29643ac574ecf5140f591b2483ced2
                                        
                                            GET /trx?id=015992422c55baeb4629ca0c0171e309b11eef23e2.r&confirm=8c3c4caac5f8acc779b51b9142be44b2&size=886704&noframe=1&tnc_ref=http%3A%2F%2Fwww2.megawebdeals.com%2Fsearch.php%3Fq%3D1234.2003.280.0.0.02fd2b751418daaeacdc803656d59d67c2cced56a6fb65c267f5fc67402180d6.1.&reftaken=feed&refEqual=true HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://katie.runtnc.net/tr?id=015992422c55baeb4629ca0c0171e309b11eef23e2.r&tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MDVjNmI4MTcxMzIwNDAyNTc1YjFkNmUiLCJ0cyI6IjA4MTAwOTE3IiwiZCI6Im1lZ2F3ZWJkZWFscy5jb20ifQ.Iyb0-GoZQ7E_wEKzhdzAbHFIGZ-QeXL25JrdigTCc2s
Cookie: checkme=8c3c4caac5f8acc779b51b9142be44b2b789

                                         
                                         52.72.197.104
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Fri, 10 Aug 2018 09:17:22 GMT
Content-Length: 233
Connection: keep-alive
P3P: CP="CUR NOI NID STA STP"
X-Robots-Tag: noindex, nofollow
Referrer-Policy: no-referrer


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   233
Md5:    6f3bc9b17cc31213f0b4e1dd45c5b4f2
Sha1:   380fe3b0a1c5f0463040a0bb4e48fbf212e5a3c4
Sha256: b8b755531718b8031e258610462d18cca4b253630ed98ae6d3a7e114bb707b0f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: checkme=8c3c4caac5f8acc779b51b9142be44b2b789

                                         
                                         52.72.197.104
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Fri, 10 Aug 2018 09:17:22 GMT
Content-Length: 150
Connection: keep-alive
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   150
Md5:    84241342d84ac29592a5d9516f8edf7f
Sha1:   03c53980e18e17625f439c20e7d438f066202428
Sha256: 6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
                                        
                                            GET /includes/router_land.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&keyword=519b2e10431a397271001c40&lpx=tef&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923 HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         161.47.7.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Date: Fri, 10 Aug 2018 09:08:12 GMT
Location: http://www.reimageplus.com/lp/teg/index.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; path=/ _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26keyword%3D519b2e10431a397271001c40%26lpx%3Dtef%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923; expires=Tue, 09-Oct-2018 09:08:12 GMT; path=/ _testcookie=test; expires=Fri, 10-Aug-2018 09:14:12 GMT; path=/ rmo=true; expires=Mon, 24-Sep-2018 09:08:12 GMT; path=/; domain=reimageplus.com marketnetwork_subid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=reimageplus.com
Content-Length: 22


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   22
Md5:    a0501a98ab1b294fd669c2ecd1b8c027
Sha1:   ecd8ceda437c617578af895ce922b9497f20938b
Sha256: cada81a8faf83daa504d843d0795ec58a6f77bd94a28345385cdb54cef383832
                                        
                                            GET /lp/teg/index.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26keyword%3D519b2e10431a397271001c40%26lpx%3Dtef%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923; _testcookie=test; rmo=true

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Date: Fri, 10 Aug 2018 09:08:12 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: PHPSESSID=5odb82e836ll67irv33u39b763; path=/ _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _testcookie=test; expires=Fri, 10-Aug-2018 09:14:12 GMT; path=/
Content-Length: 4006


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4006
Md5:    227eb6c053ebd1b2f7078d5d8e5d302b
Sha1:   28018b9ead0a8981d7c73d1c167041086a62fcc7
Sha256: a9176f1016f748cf59c28a159dd99417093dd12dffb5716b0714c43c80819f4b
                                        
                                            GET /ajax/libs/jquery/1.5.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         216.58.211.10
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 29839
Date: Fri, 13 Jul 2018 08:53:39 GMT
Expires: Sat, 13 Jul 2019 08:53:39 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 2420624


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   29839
Md5:    9a9b2acb8c0cf46985e07996f688b43d
Sha1:   341c927be8f8344f30afb46d49ce6b5e3da62c7d
Sha256: 0b1e12a7712d7b092fd5e1b2724d6e248670ff82620ec75e24105b6b127e3ca8
                                        
                                            GET /lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26keyword%3D519b2e10431a397271001c40%26lpx%3Dtef%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Date: Fri, 10 Aug 2018 09:08:12 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef; expires=Tue, 09-Oct-2018 09:08:12 GMT; path=/ _testcookie=test; expires=Fri, 10-Aug-2018 09:14:12 GMT; path=/
Content-Length: 10239


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10239
Md5:    6a8edc753130c3270b6cdc3cbc7bdee2
Sha1:   c91e423adacf5894f22fa19f96f5a738466f25f9
Sha256: a5c1ec20f9ad240af78bc8729f73cc63e92157c268dde11f20c0d80e5f447814
                                        
                                            GET /website/newwebsite/lp/tef/Win7.gif HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef
Cookie: rmo=true

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 10 Aug 2018 09:17:23 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501926"
Cache-Control: max-age=86400
Content-Length: 3059
Last-Modified: Thu, 14 Jul 2016 13:12:06 GMT
X-HW: 1533892643.dop015.sk1.t,1533892643.cds013.sk1.c


--- Additional Info ---
Magic:  GIF image data, version 89a, 60 x 62
Size:   3059
Md5:    72edefcd39d81e6d207b19834e6941ef
Sha1:   03e824da65cf1fbb8849c06df5fee4f753d3d8ce
Sha256: 41e53e6880391a2ffdcecfc04969e62ade0e3383c54aed8c281a3c5c122a5f3c
                                        
                                            GET /lp/teg/css/style.css HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26keyword%3D519b2e10431a397271001c40%26lpx%3Dtef%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 10 Aug 2018 09:08:12 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Mon, 30 Apr 2018 09:28:27 GMT
Content-Length: 2236


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2236
Md5:    402e8750b1727e1189633549832e0ea2
Sha1:   63d1c8cd2166c77c67418b5d5a71575e42471a3f
Sha256: 01ed7642b7830a4cf0761b7de9444407c2298e386d333c3097d5f75519751ca4
                                        
                                            GET /meter/www.reimageplus.com/23.gif HTTP/1.1 
Host: images.scanalert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         143.204.47.60
HTTP/1.1 200 OK
Content-Type: image/png; charset=UTF-8
                                        
Content-Length: 3005
Connection: keep-alive
Date: Fri, 10 Aug 2018 08:27:34 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: public
Expires: Fri, 10 Aug 2018 09:27:34 GMT
Content-Encoding: gzip
Age: 2989
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fbb.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2ShV-cfIozOzt_q47rQM9Puwd4PqUWEVJLHE7vv5Bp7I6tDqAaG9pg==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   3005
Md5:    102539419ea49058a5fd78365f742469
Sha1:   e4e891e5dc0d2c41eabf5dd8b497c191c287560a
Sha256: 7d59d63d95e75cf20757455fb4c3cc5333a2aacbf0424fc92a7a01ad3b694370
                                        
                                            GET /pagead/conversion.js HTTP/1.1 
Host: www.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         216.58.211.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Fri, 10 Aug 2018 09:17:23 GMT
Expires: Fri, 10 Aug 2018 09:17:23 GMT
Cache-Control: private, max-age=3600
Etag: 16812389122905504706
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 7124
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   7124
Md5:    da4dafa862c398443f74d65ddb42bbcb
Sha1:   7edb98784e9f749c06068312fa22e2d3abd3a9fb
Sha256: 2d8395220b069f48514663336b676a7195138bc16d25650be2181e6f490709e9
                                        
                                            GET /website/newwebsite/lp/tef/plus.png HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/css/style.css
Cookie: rmo=true

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 10 Aug 2018 09:17:23 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501922"
Cache-Control: max-age=86400
Content-Length: 624
Last-Modified: Thu, 14 Jul 2016 13:12:02 GMT
X-HW: 1533892643.dop015.sk1.t,1533892643.cds058.sk1.c


--- Additional Info ---
Magic:  PNG image, 25 x 25, 8-bit/color RGB, non-interlaced
Size:   624
Md5:    47c1d3ee311e193de0cdd6e5b1a2eb4d
Sha1:   7f9d1d0cc1ffb72d64a75a088e8e9a1f105065c0
Sha256: 8c075719560b586b0c32318f5e963c3fea585c32a88cb874495c931e28f77ef9
                                        
                                            GET /website/newwebsite/lp/tef/download.png HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/css/style.css
Cookie: rmo=true

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 10 Aug 2018 09:17:23 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501926"
Cache-Control: max-age=86400
Content-Length: 368
Last-Modified: Thu, 14 Jul 2016 13:12:06 GMT
X-HW: 1533892643.dop003.sk1.t,1533892643.cds058.sk1.c


--- Additional Info ---
Magic:  PNG image, 21 x 20, 8-bit/color RGB, non-interlaced
Size:   368
Md5:    3158e13e8184dbb60eada6725e897a95
Sha1:   9ee305bdd713bde36a49f580962cc83658b71f55
Sha256: da30e4140b53e29b452d18fdbe53efa3068e586f9d00f68da0ed2a68cbfab310
                                        
                                            GET /tracker/track.php?&tracking=Ton&campaign=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&lpx=tef HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26keyword%3D519b2e10431a397271001c40%26lpx%3Dtef%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
P3P: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml"
Date: Fri, 10 Aug 2018 09:08:13 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _trackid=5392161047; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _trackid_5392161047=5392161047; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _tracking=Ton; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _tracking_Ton=Ton; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _campaign=RON-NO-DESKTOP-Zero_tef; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _campaign_RON-NO-DESKTOP-Zero_tef=RON-NO-DESKTOP-Zero_tef; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _adgroup=direct; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _adgroup_direct=direct; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _keyword=519b2e10431a397271001c40; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _keyword_519b2e10431a397271001c40=519b2e10431a397271001c40; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _ads=direct; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _ads_direct=direct; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _browser=Firefox; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _browser_Firefox=Firefox; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _country=Norway; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com _country_Norway=Norway; expires=Tue, 09-Oct-2018 09:08:13 GMT; path=/; domain=reimageplus.com
Content-Length: 20


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
                                        
                                            GET /assets/styles/jquery.fancybox/jquery.fancybox-2.css HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26keyword%3D519b2e10431a397271001c40%26lpx%3Dtef%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 10 Aug 2018 09:08:13 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Connection: Keep-Alive
Content-Length: 1606


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1606
Md5:    39c87544233ef0fafef3816c7dc083d1
Sha1:   b5a214c16e29bb922d7dd247c8cd4ab32a48ec15
Sha256: e39857dbe26db2b9569d4ee2d3246135a51f76684c0caa76a4b7ba1d63f0b8ea
                                        
                                            GET /dc.js HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         64.233.164.156
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Fri, 10 Aug 2018 08:17:31 GMT
Expires: Fri, 10 Aug 2018 10:17:31 GMT
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17093
Cache-Control: public, max-age=7200
Age: 3592


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17093
Md5:    5f65521f6c6223e1e18cb161832bea2a
Sha1:   f03800023e7bbe2579cd24e122cdf8c6ecf8b4c6
Sha256: 787b69b93681cf41784dfa8655cbdafe8a56ecc62f0112a6ea2241a284a0e3c9
                                        
                                            GET /assets/scripts/jquery.fancybox/jquery.fancybox-2.js HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26keyword%3D519b2e10431a397271001c40%26lpx%3Dtef%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: Apache/2.2.15 (CentOS)
Date: Fri, 10 Aug 2018 09:08:13 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Sun, 07 Jun 2015 06:06:18 GMT
Content-Length: 48716


--- Additional Info ---
Magic:  ASCII C++ program text
Size:   48716
Md5:    932c065e6c0658681ca19a34d45981f4
Sha1:   7e10f6aba5d7bc1b21e0c62ba107ac5593c039d8
Sha256: 1a2da275a2f66503da340a4b38a064c5329d8b3f03eb057dee553786482c4874
                                        
                                            GET /js/1.js HTTP/1.1 
Host: cdn.ywxi.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         143.204.47.51
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Length: 2696
Connection: keep-alive
Date: Fri, 10 Aug 2018 08:24:25 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Expires: Fri, 10 Aug 2018 09:24:25 GMT
Content-Encoding: gzip
Age: 3179
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Id: zkokLP1aSSsMxRDWbuU1qrY5X1IOQ3-euVK0oEQYbEMWjM_vyyRG7A==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   2696
Md5:    3eafe519059af71bc86a9b676bfdc0f3
Sha1:   ba59cd49eff1ca3819039d572c7c1ea4e9985411
Sha256: 4123e09602011805daf9147754bc0397e5392d3e0de698c1557aef51b37d2e62
                                        
                                            GET /website/newwebsite/lp/tef/minus.png HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/css/style.css
Cookie: rmo=true; _trackid=5392161047; _trackid_5392161047=5392161047; _tracking=Ton; _tracking_Ton=Ton; _campaign=RON-NO-DESKTOP-Zero_tef; _campaign_RON-NO-DESKTOP-Zero_tef=RON-NO-DESKTOP-Zero_tef; _adgroup=direct; _adgroup_direct=direct; _keyword=519b2e10431a397271001c40; _keyword_519b2e10431a397271001c40=519b2e10431a397271001c40; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway; __utma=141870001.1772243185.1533892645.1533892645.1533892645.1; __utmb=141870001.1.10.1533892645; __utmc=141870001; __utmz=141870001.1533892645.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 10 Aug 2018 09:17:24 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501925"
Cache-Control: max-age=86400
Content-Length: 580
Last-Modified: Thu, 14 Jul 2016 13:12:05 GMT
X-HW: 1533892644.dop015.sk1.t,1533892644.cds008.sk1.c


--- Additional Info ---
Magic:  PNG image, 25 x 25, 8-bit/color RGB, non-interlaced
Size:   580
Md5:    27e624f58dfbc7e0b9d4d475181fc2dd
Sha1:   844b10905ee3fe43aa080ed9c48e379e82cca94b
Sha256: c5edda2dd802c5d9d437729d83c888306918e94262111bd24e3dc78560b7c6bd
                                        
                                            GET /r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=562686682&utmhn=www.reimageplus.com&utmcs=UTF-8&utmsr=1176x885&utmvp=1159x754&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmhid=1170111479&utmr=0&utmp=%2Flp%2Fteg%2Findex_src.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&utmht=1533892644563&utmac=UA-24411584-1&utmcc=__utma%3D141870001.1772243185.1533892645.1533892645.1533892645.1%3B%2B__utmz%3D141870001.1533892645.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=610093507&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         64.233.164.156
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Fri, 10 Aug 2018 09:17:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Aug 2018 09:17:24 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    9344538c8f09938f300b88724c932870
Sha1:   6d350b9ba12c8f30a1f4787599c93d12963ebe33
Sha256: 0074efcb8cc6e68fd3faadaa4eb55c16e44a22c6167b9bfe99f54d1e89714d9d
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Aug 2018 09:17:24 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: katie.runtnc.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: checkme=8c3c4caac5f8acc779b51b9142be44b2b789

                                         
                                         52.72.197.104
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Fri, 10 Aug 2018 09:17:24 GMT
Content-Length: 150
Connection: keep-alive
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   150
Md5:    84241342d84ac29592a5d9516f8edf7f
Sha1:   03c53980e18e17625f439c20e7d438f066202428
Sha256: 6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
                                        
                                            GET /pagead/conversion/1038302480/?random=1533892643854&cv=9&fst=1533892643854&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ref=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef HTTP/1.1 
Host: www.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         216.58.211.130
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Fri, 10 Aug 2018 09:17:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1038302480/?random=453273566&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=JFhtW9-ONJq66wT5xbGwCw&crd=CKrPGw&gtd=
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Aug 2018 09:17:24 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    e7795d4d249c214c0cb279e4c553c7ce
Sha1:   3093ff316ab53529930840ee26473e1ff08efbfa
Sha256: 1a790e905b23e120310e51027b760fa54779157eba6237a6057fa6c859005dcd
                                        
                                            GET /pagead/viewthroughconversion/1038302480/?random=453273566&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=JFhtW9-ONJq66wT5xbGwCw&crd=CKrPGw&gtd= HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         216.58.211.130
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Fri, 10 Aug 2018 09:17:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://www.google.com/ads/user-lists/1038302480/?random=453273566&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=CKrPGw&cdct=2&is_vtc=1&random=464925404&resp=GooglemKTybQhCsO
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 10-Aug-2018 09:32:24 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Aug 2018 09:17:25 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    1d15c8ee695c6991b696252547d5e4ee
Sha1:   1b73c4c83091696e293dc74964e8bbd49fee6a6b
Sha256: cb4f51ee0eb75823ddb1baa27684c36cafac186fc8996d58d4309355b5b659b5
                                        
                                            GET /mfesecure-public/host/reimageplus.com/client.js HTTP/1.1 
Host: s3-us-west-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         52.218.201.136
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: eoU2+A1o0S4llFwP4PsNgfoVWkGA6DeNkrNg/wzIOb7jYKGlKYbotjpIz8ooFDRVUFRfLm80yrQ=
x-amz-request-id: A16D57954906A32F
Date: Fri, 10 Aug 2018 09:17:26 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 08 Aug 2018 10:19:52 GMT
Etag: "b59090b7bbb33a367b6eb82bfd4c2069"
Cache-Control: public, max-age=60
Content-Encoding: gzip
x-amz-version-id: fVmmA5nwoVafDhZ8PQf07_qcbD7Hm5We
Accept-Ranges: bytes
Content-Length: 160
Server: AmazonS3


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   160
Md5:    b59090b7bbb33a367b6eb82bfd4c2069
Sha1:   0c53207950f764fbf55faa604139faf5c8158c18
Sha256: 434367e7c517a675611a8756bae9e5d007efd2336c1ce6af3fc1b80bc6673fa1
                                        
                                            GET /static/img/tm-float.png HTTP/1.1 
Host: cdn.ywxi.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         143.204.47.51
HTTP/1.1 200 OK
Content-Type: image/png; charset=UTF-8
                                        
Content-Length: 9330
Connection: keep-alive
Date: Thu, 26 Apr 2018 23:59:53 GMT
Expires: Fri, 27 Apr 2018 23:59:53 GMT
Cache-Control: public, max-age=86400
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Etag: "HioVbLUyInv"
Last-Modified: Thu, 26 Apr 2018 22:02:54 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Age: 33308
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2GA1Jt3vXgkD6uWLzGLVpQz6UVcZSYebgo4X7QWF3uXcLrXg1mUBFA==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   9330
Md5:    c4c9391d05918c1a7045dff82c1391b2
Sha1:   be2ec6556d902ae0d78fa62cf2cb2751f357e8c0
Sha256: ec706c9c38eb71c40deb0d3deb2abe51058dc256910bfde4ef76d2a2bae24f61
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Aug 2018 09:17:25 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   526
Md5:    6bdcde55d0ada9460339c3b4c7a02b43
Sha1:   ccb6d383b3cad90d442f4bfb708b88219b7acfd5
Sha256: a8e4bfed5dcf46744c9eb1680adb477ddca8260fe6ff18b50e90e537de1798e6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         143.204.51.153
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170696
Date: Fri, 10 Aug 2018 09:17:25 GMT
Etag: "5b6d1079-1d7"
Expires: Sun, 12 Aug 2018 08:23:20 GMT
Last-Modified: Fri, 10 Aug 2018 04:11:37 GMT
Server: ECS (lga/1378)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 8gWX_XwMLuRHv2xBsNkq6vEw-x11RvQNsXMGyeVVnNaTtPXuUePTCw==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    adcd6cb51e1ef03309fadda2b6150d55
Sha1:   92126b6ebfaf2a07877edcde364065c299e029b9
Sha256: 773a672a3375bf04863520357fc8e694afe737d0077a05917156a7f7317122fd
                                        
                                            GET /ads/user-lists/1038302480/?random=453273566&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DTon%26banner%3DRON-NO-DESKTOP-Zero_tef%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3D519b2e10431a397271001c40%26context%3D015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=CKrPGw&cdct=2&is_vtc=1&random=464925404&resp=GooglemKTybQhCsO&ipr=y&ulfeg=n HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 10 Aug 2018 09:17:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /js/1.js HTTP/1.1 
Host: cdn.trustedsite.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         143.204.47.52
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Length: 1866
Connection: keep-alive
Date: Fri, 10 Aug 2018 08:20:18 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Expires: Fri, 10 Aug 2018 09:20:18 GMT
Content-Encoding: gzip
Age: 3427
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Id: M210dJ_lFM3dsBBRIh6fmO-VEAIdokdtAcpzLJzpBrQpV63fNrvcUw==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   1866
Md5:    6a035d94e5cca842cab515c18c64d469
Sha1:   c979634980ab8dc86bc4e38e88e0887f986915fd
Sha256: b9ba17cc33276d17fc51c7e18f64043e3ee35b38d42fb841d92833049b312ef3
                                        
                                            GET /trustedsite-public/host/reimageplus.com/client.js HTTP/1.1 
Host: s3-us-west-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         52.218.201.136
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: vruVlETKpbuhOjpXpWJKkvYZUyN3Qqqk3x4t3pw2893ssamIMr7Eh3GDG0MaJg7/eluhYClmdr4=
x-amz-request-id: 70505D77EE7084C9
Date: Fri, 10 Aug 2018 09:17:26 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 04 Jul 2018 23:05:38 GMT
Etag: "99a45cba3096b08317048a968af70cbd"
Cache-Control: public, max-age=60
Content-Encoding: gzip
x-amz-version-id: Otnbc0GHkBiRt7w2FfDBHNevvLnNWi3E
Accept-Ranges: bytes
Content-Length: 148
Server: AmazonS3


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   148
Md5:    99a45cba3096b08317048a968af70cbd
Sha1:   cdb50d86e5f776a679bd516f54f9b87eaee8938d
Sha256: bb45e632cbf9940c1180c70ff511fcd962b7fd2bc9c107f36a1c05850ca40582
                                        
                                            POST / HTTP/1.1 
Host: gp.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.12.2
Content-Length: 1415
Content-Transfer-Encoding: binary
Cache-Control: max-age=474251, public, no-transform, must-revalidate
Last-Modified: Wed, 8 Aug 2018 21:01:36 GMT
Expires: Wed, 15 Aug 2018 21:01:36 GMT
Date: Fri, 10 Aug 2018 09:17:25 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1415
Md5:    19a6933e85af0a8ef19dab32d04c3495
Sha1:   02173eb60e39e7405df272cd5d1fa88b70818c34
Sha256: faac8e51b0b98d8cc01820053dd03797213bb7746ea7e268546d9212e0263254
                                        
                                            GET /rpc/ajax?do=tmjs-visit&host=reimageplus.com&rand=1533892645143 HTTP/1.1 
Host: www.mcafeesecure.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         54.187.107.242
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Date: Fri, 10 Aug 2018 09:17:26 GMT
Content-Length: 40
Connection: keep-alive
Set-Cookie: AWSALB=GYGcN4OolNYZNLlynNxAN54gTeIVocOtrljlGtckrzNpM0EwIRsuhtbpPK1vl1/+8pdQU/X7w/PBpRn2TdsYBeOehZiUguue1zm8KqXNyETK8z8nlywLnFHU/CZi; Expires=Fri, 17 Aug 2018 09:17:26 GMT; Path=/
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   40
Md5:    36689ead67b3c86cba884ea4d28a5086
Sha1:   868bf871cb9c94759d04bc4e36020e08d1357904
Sha256: 3e855a47f9e07d11b56fa1f63a1ebc23eda22587a23c53fcc89d1daa640aa319
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763; _trackid=5392161047; _trackid_5392161047=5392161047; _tracking=Ton; _tracking_Ton=Ton; _campaign=RON-NO-DESKTOP-Zero_tef; _campaign_RON-NO-DESKTOP-Zero_tef=RON-NO-DESKTOP-Zero_tef; _adgroup=direct; _adgroup_direct=direct; _keyword=519b2e10431a397271001c40; _keyword_519b2e10431a397271001c40=519b2e10431a397271001c40; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway; __utma=141870001.1772243185.1533892645.1533892645.1533892645.1; __utmb=141870001.1.10.1533892645; __utmc=141870001; __utmz=141870001.1533892645.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; mfesecure_visit=1

                                         
                                         161.47.7.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 10 Aug 2018 09:08:15 GMT
Location: http://www.reimageplus.com/images/reimage.ico
Connection: Keep-Alive
Content-Length: 253


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   253
Md5:    89fbda29cd4758e3ab1f35468df805c2
Sha1:   337a11ad7f3201d716eafe475be4744c14579cb1
Sha256: aa3c8a7d131750c62a273230a83039796256fc9b9f7cb160de4b7e97a39af71d
                                        
                                            GET /images/reimage.ico HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763; _trackid=5392161047; _trackid_5392161047=5392161047; _tracking=Ton; _tracking_Ton=Ton; _campaign=RON-NO-DESKTOP-Zero_tef; _campaign_RON-NO-DESKTOP-Zero_tef=RON-NO-DESKTOP-Zero_tef; _adgroup=direct; _adgroup_direct=direct; _keyword=519b2e10431a397271001c40; _keyword_519b2e10431a397271001c40=519b2e10431a397271001c40; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway; __utma=141870001.1772243185.1533892645.1533892645.1533892645.1; __utmb=141870001.1.10.1533892645; __utmc=141870001; __utmz=141870001.1533892645.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; mfesecure_visit=1

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: Apache/2.2.15 (CentOS)
Date: Fri, 10 Aug 2018 09:08:16 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Mon, 30 Apr 2012 13:14:46 GMT
Content-Length: 894


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   894
Md5:    d0c2bd29933d303826e58db070e10832
Sha1:   1a6f18c55c3cd9ea9ff9485afc30c213a6aeefef
Sha256: 3af4842e79f2e783c9a73e19493a10164df5cf27e7e2fb67fb51b2f99d3b4d84
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: X-Mapping-fjhppofk=BDD4F95D0EC1280658811116EEE9790B; _testcookie=test; rmo=true; PHPSESSID=5odb82e836ll67irv33u39b763; _trackid=5392161047; _trackid_5392161047=5392161047; _tracking=Ton; _tracking_Ton=Ton; _campaign=RON-NO-DESKTOP-Zero_tef; _campaign_RON-NO-DESKTOP-Zero_tef=RON-NO-DESKTOP-Zero_tef; _adgroup=direct; _adgroup_direct=direct; _keyword=519b2e10431a397271001c40; _keyword_519b2e10431a397271001c40=519b2e10431a397271001c40; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway; __utma=141870001.1772243185.1533892645.1533892645.1533892645.1; __utmb=141870001.1.10.1533892645; __utmc=141870001; __utmz=141870001.1533892645.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; mfesecure_visit=1

                                         
                                         161.47.7.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 10 Aug 2018 09:08:18 GMT
Location: http://www.reimageplus.com/images/reimage.ico
Connection: Keep-Alive
Content-Length: 253


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   253
Md5:    89fbda29cd4758e3ab1f35468df805c2
Sha1:   337a11ad7f3201d716eafe475be4744c14579cb1
Sha256: aa3c8a7d131750c62a273230a83039796256fc9b9f7cb160de4b7e97a39af71d
                                        
                                            GET /getseal?host_name=www.reimageplus.com&size=XS&use_flash=NO&use_transparent=YES&lang=en HTTP/1.1 
Host: seal.websecurity.norton.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Ton&banner=RON-NO-DESKTOP-Zero_tef&adgroup=direct&ads_name=direct&keyword=519b2e10431a397271001c40&context=015992422c55baeb4629ca0c0171e309b11eef23e2.r.1533892640.9ee105b1ab441f4b6ab0c4ad7412f923&nms=1&lpx=tef

                                         
                                         0.0.0.0
                                        


--- Additional Info ---