Overview

URL bestadbid.com/afu.php?zoneid=1543567
IP88.85.82.180
ASNAS35415 Webzilla B.V.
Location Netherlands
Report completed2018-09-20 23:51:39 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-09-20 2 bestadbid.com/afu.php?zoneid=1543567 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 88.85.82.180

Date UQ / IDS / BL URL IP
2018-10-01 18:33:35 +0200
0 - 0 - 0 bestadbid.com/afu.php?zoneid=1748446&var=1084 (...) 88.85.82.180
2018-09-26 03:03:02 +0200
0 - 0 - 1 https://bestadbid.com/ 88.85.82.180
2018-09-08 00:58:37 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-08 00:32:44 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-08 00:29:20 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-07 21:12:10 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-03 13:34:15 +0200
0 - 0 - 1 bestadbid.com 88.85.82.180
2018-09-02 14:42:27 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1748446 88.85.82.180
2018-09-01 21:22:17 +0200
0 - 0 - 2 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-01 16:49:07 +0200
0 - 0 - 1 bestadbid.com 88.85.82.180

Last 10 reports on ASN: AS35415 Webzilla B.V.

Date UQ / IDS / BL URL IP
2019-01-19 18:33:07 +0100
0 - 0 - 1 https://contions.pro/ 88.85.94.227
2019-01-19 18:32:38 +0100
0 - 0 - 1 https://brells.pro/ 88.85.94.227
2019-01-19 14:58:50 +0100
0 - 4 - 0 apscmew.pw/ 78.140.165.10
2019-01-19 09:00:38 +0100
0 - 1 - 0 lpwre.top/ 88.85.93.34
2019-01-19 07:56:47 +0100
0 - 4 - 0 qiownc.pw/ 78.140.165.25
2019-01-19 07:37:55 +0100
0 - 3 - 0 apscmew.pw/ 78.140.165.10
2019-01-19 07:33:25 +0100
0 - 0 - 1 striticumber.pro/ 88.85.94.227
2019-01-19 07:08:52 +0100
0 - 1 - 0 paosmcwe.pw/ 78.140.165.25
2019-01-19 06:56:54 +0100
0 - 3 - 0 powrnv.pw/ 78.140.165.10
2019-01-19 04:01:00 +0100
0 - 0 - 11 wanted-money.ru/ 46.30.45.136

Last 10 reports on domain: bestadbid.com

Date UQ / IDS / BL URL IP
2019-01-06 19:35:48 +0100
0 - 0 - 0 bestadbid.com 188.42.162.193
2018-10-12 16:37:19 +0200
0 - 0 - 0 https://bestadbid.com 188.42.162.193
2018-10-09 12:07:19 +0200
0 - 0 - 0 bestadbid.com 194.187.98.176
2018-10-01 18:33:35 +0200
0 - 0 - 0 bestadbid.com/afu.php?zoneid=1748446&var=1084 (...) 88.85.82.180
2018-09-26 22:40:38 +0200
0 - 0 - 0 https://bestadbid.com/afu.php?zoneid=1850667& (...) 194.187.98.176
2018-09-26 03:03:02 +0200
0 - 0 - 1 https://bestadbid.com/ 88.85.82.180
2018-09-26 02:37:00 +0200
0 - 0 - 1 bestadbid.com 188.42.162.193
2018-09-24 20:38:06 +0200
0 - 0 - 1 bestadbid.com 194.187.98.176
2018-09-24 14:46:14 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1409812 194.187.98.176
2018-09-21 00:01:52 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 188.42.162.193


JavaScript

Executed Scripts (5)


Executed Evals (2)

#1 JavaScript::Eval (size: 5318, repeated: 1) - SHA256: a6a76a343c867c0e8b0ef6339c7fec48580bc2c1e6c0ce80cd805151f90ad6f4

                                        function QCDone(d) {
    try {
        document.getElementById('ci_SW').value = d.SW
    } catch (e) {}
    try {
        document.getElementById('ci_SH').value = d.SH
    } catch (e) {}
    try {
        document.getElementById('ci_SAH').value = d.SAH
    } catch (e) {}
    try {
        document.getElementById('ci_WX').value = d.WX
    } catch (e) {}
    try {
        document.getElementById('ci_WY').value = d.WY
    } catch (e) {}
    try {
        document.getElementById('ci_WW').value = d.WW
    } catch (e) {}
    try {
        document.getElementById('ci_WH').value = d.WH
    } catch (e) {}
    try {
        document.getElementById('ci_CW').value = d.CW
    } catch (e) {}
    try {
        document.getElementById('ci_WIW').value = d.WIW
    } catch (e) {}
    try {
        document.getElementById('ci_WIH').value = d.WIH
    } catch (e) {}
    try {
        document.getElementById('ci_WFC').value = d.WFC
    } catch (e) {}
    try {
        document.getElementById('ci_PL').value = d.PL
    } catch (e) {}
    try {
        document.getElementById('ci_DRF').value = d.DRF
    } catch (e) {}
    try {
        document.getElementById('ci_NP').value = d.NP
    } catch (e) {}
    try {
        document.getElementById('ci_PT').value = d.PT
    } catch (e) {}
    try {
        document.getElementById('ci_NB').value = d.NB
    } catch (e) {}
    try {
        document.getElementById('ci_NG').value = d.NG
    } catch (e) {}
    try {
        document.getElementById('ci_DM').value = d.DM
    } catch (e) {}
    try {
        document.getElementById('ci_CF').value = d.CF
    } catch (e) {}
    try {
        document.getElementById('ci_NW').value = d.NW
    } catch (e) {}
    try {
        document.getElementById('ci_HIL').value = d.HIL
    } catch (e) {}
}
var QC = {};
try {
    QC.SW = window.screen.width;
    QC.SH = window.screen.height
} catch (e) {
    QC.SW = -1;
    QC.SH = -1
}
try {
    QC.SAH = window.screen.availHeight
} catch (e) {
    QC.SAH = -1
}
try {
    QC.WX = window.screenX;
    QC.WY = window.screenY
} catch (e) {
    QC.WX = -1;
    QC.WY = -1
}
try {
    QC.WW = window.outerWidth;
    QC.WH = window.outerHeight
} catch (e) {
    QC.WW = -1;
    QC.WH = -1
}
try {
    QC.WIW = window.innerWidth;
    QC.WIH = window.innerHeight
} catch (e) {
    QC.WIW = -1;
    QC.WIH = -1
}
try {
    QC.CW = document.documentElement.clientWidth
} catch (e) {
    QC.CW = -1
}
try {
    QC.WFC = window.top.frames.length
} catch (e) {
    QC.WFC = -1
}
try {
    QC.PL = document.location.href
} catch (e) {
    QC.PL = ''
}
try {
    QC.DRF = document.referrer
} catch (e) {
    QC.DRF = ''
}
try {
    QC.NP = (!(navigator.plugins instanceof PluginArray) || navigator.plugins.length == 0) ? 0 : 1
} catch (e) {
    QC.NP = -1
}
try {
    QC.PT = window.callPhantom !== undefined || window._phantom !== undefined ? 1 : 0
} catch (e) {
    QC.PT = -1
}
try {
    QC.NB = typeof navigator.sendBeacon === "function" ? 1 : 0
} catch (e) {
    QC.NB = -1
}
try {
    QC.NG = navigator.geolocation !== undefined ? 1 : 0
} catch (e) {
    QC.NG = -1
}
try {
    QC.NW = 'webdriver' in navigator ? 1 : 0
} catch (e) {
    QC.NW = -1
}
QC.CF = 0;
try {
    var FlashDetect = new function() {
        var self = this;
        self.installed = false;
        self.raw = "";
        self.major = -1;
        self.minor = -1;
        self.revision = -1;
        self.revisionStr = "";
        var activeXDetectRules = [{
            "name": "ShockwaveFlash.ShockwaveFlash.7",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash.6",
            "version": function(obj) {
                var version = "6,0,21";
                try {
                    obj.AllowScriptAccess = "always";
                    version = getActiveXVersion(obj)
                } catch (err) {}
                return version
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }];
        var getActiveXVersion = function(activeXObj) {
            var version = -1;
            try {
                version = activeXObj.GetVariable("\$version")
            } catch (err) {}
            return version
        };
        var getActiveXObject = function(name) {
            var obj = -1;
            try {
                obj = new ActiveXObject(name)
            } catch (err) {
                obj = {
                    activeXError: true
                }
            }
            return obj
        };
        var parseActiveXVersion = function(str) {
            var versionArray = str.split(",");
            return {
                "raw": str,
                "major": parseInt(versionArray[0].split(" ")[1], 10),
                "minor": parseInt(versionArray[1], 10),
                "revision": parseInt(versionArray[2], 10),
                "revisionStr": versionArray[2]
            }
        };
        var parseStandardVersion = function(str) {
            var descParts = str.split(/ +/);
            var majorMinor = descParts[2].split(/\./);
            var revisionStr = descParts[3];
            return {
                "raw": str,
                "major": parseInt(majorMinor[0], 10),
                "minor": parseInt(majorMinor[1], 10),
                "revisionStr": revisionStr,
                "revision": parseRevisionStrToInt(revisionStr)
            }
        };
        var parseRevisionStrToInt = function(str) {
            return parseInt(str.replace(/[a-zA-Z]/g, ""), 10) || self.revision
        };
        self.majorAtLeast = function(version) {
            return self.major >= version
        };
        self.minorAtLeast = function(version) {
            return self.minor >= version
        };
        self.revisionAtLeast = function(version) {
            return self.revision >= version
        };
        self.versionAtLeast = function(major) {
            var properties = [self.major, self.minor, self.revision];
            var len = Math.min(properties.length, arguments.length);
            for (i = 0; i < len; i++) {
                if (properties[i] >= arguments[i]) {
                    if (i + 1 < len && properties[i] == arguments[i]) {
                        continue
                    } else {
                        return true
                    }
                } else {
                    return false
                }
            }
        };
        self.FlashDetect = function() {
            if (navigator.plugins && navigator.plugins.length > 0) {
                var type = 'application/x-shockwave-flash';
                var mimeTypes = navigator.mimeTypes;
                if (mimeTypes && mimeTypes[type] && mimeTypes[type].enabledPlugin && mimeTypes[type].enabledPlugin.description) {
                    var version = mimeTypes[type].enabledPlugin.description;
                    var versionObj = parseStandardVersion(version);
                    self.raw = versionObj.raw;
                    self.major = versionObj.major;
                    self.minor = versionObj.minor;
                    self.revisionStr = versionObj.revisionStr;
                    self.revision = versionObj.revision;
                    self.installed = true
                }
            } else if (navigator.appVersion.indexOf("Mac") == -1 && window.execScript) {
                var version = -1;
                for (var i = 0; i < activeXDetectRules.length && version == -1; i++) {
                    var obj = getActiveXObject(activeXDetectRules[i].name);
                    if (!obj.activeXError) {
                        self.installed = true;
                        version = activeXDetectRules[i].version(obj);
                        if (version != -1) {
                            var versionObj = parseActiveXVersion(version);
                            self.raw = versionObj.raw;
                            self.major = versionObj.major;
                            self.minor = versionObj.minor;
                            self.revision = versionObj.revision;
                            self.revisionStr = versionObj.revisionStr
                        }
                    }
                }
            }
        }()
    };
    if (FlashDetect.major > 0) {
        QC.CF = 1
    }
} catch (e) {
    QC.CF = 2
}
try {
    QCDone(QC)
} catch (e) {
    console.log(e)
}
                                    

#2 JavaScript::Eval (size: 613, repeated: 1) - SHA256: 7d79d7f17504a461320f713188b82fa5a1fdfd154969db17892e75294035c861

                                        var a;
var b;
var ix;
if (typeof window.innerWidth != 'undefined') {
    a = window.innerWidth;
    b = window.innerHeight
} else if (typeof document.documentElement != 'undefined' && typeof document.documentElement.clientWidth != 'undefined' && document.documentElement.clientWidth != 0) {
    a = document.documentElement.clientWidth;
    b = document.documentElement.clientHeight
} else {
    a = document.getElementsByTagName('body')[0].clientWidth;
    b = document.getElementsByTagName('body')[0].clientHeight
}
try {
    ix = window.self !== window.top ? 1 : 0
} catch (e) {
    ix = 2
}
document.getElementById('a').value = a;
document.getElementById('b').value = b;
document.getElementById('ix').value = ix;
                                    

Executed Writes (0)



HTTP Transactions (13)


Request Response
                                        
                                            GET /afu.php?zoneid=1543567 HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         194.187.98.176
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 20 Sep 2018 21:51:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: SeenToday=1; expires=Fri, 21-Sep-2018 21:51:05 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; expires=Fri, 21-Sep-2018 21:51:05 GMT; Max-Age=86400; path=/ oaidts=1537480265; expires=Fri, 20-Sep-2019 21:51:05 GMT; Max-Age=31536000; path=/ OAID=021c5763b1b2556b249207a686b6c2d1; expires=Fri, 20-Sep-2019 21:51:05 GMT; Max-Age=31536000; path=/ OAID=021c5763b1b2556b249207a686b6c2d1; expires=Fri, 20-Sep-2019 21:51:05 GMT; Max-Age=31536000; path=/ OFR=%7B%2230265%22%3A1%7D; expires=Sun, 15-Sep-2019 21:51:05 GMT; Max-Age=31104000; path=/ exsdsf=1537480265 pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490; expires=Thu, 20-Sep-2018 22:01:05 GMT; Max-Age=600 ltm_afu=1; expires=Fri, 21-Sep-2018 21:51:05 GMT; Max-Age=86400; path=/
X-FRAME-OPTIONS: DENY
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5112
Md5:    b63443d8bc0a4c89cab55f4f51c94302
Sha1:   ad0373877e322f037597d61d2c381ad919269941
Sha256: 5273425e4949a405be34a9cbaebb0dc7e421caad0fe00cb76c46f4cb6ad82113

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /sc.php?zoneid=1543567&bannerid=1986351&OXLCA=1&clickid=66759679568515072 HTTP/1.1 
Host: mygtmn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1543567

                                         
                                         194.187.98.186
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 20 Sep 2018 21:51:06 GMT
Content-Length: 43
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: SeenToday=1; expires=Fri, 21-Sep-2018 21:51:06 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; expires=Fri, 21-Sep-2018 21:51:06 GMT; Max-Age=86400; path=/ oaidts=1537480266; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/ OAID=b209dac77225da7e7a88471abd71ab39; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/ _OXLCA[1986351]=pfdjd6-1543567; expires=Sat, 20-Oct-2018 21:51:06 GMT; Max-Age=2592000; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1537480265; OAID=021c5763b1b2556b249207a686b6c2d1; OFR=%7B%2230265%22%3A1%7D; exsdsf=1537480265; pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490; ltm_afu=1

                                         
                                         194.187.98.176
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Thu, 20 Sep 2018 21:51:06 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---
                                        
                                            GET /?r=%2Fmb%2Fhan&pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490&empty=0&uuid=c9421438-3921-4f32-a12d-5ad42e629fab&ad_scheme=1&rotation_type=13&ppucounter=0&first_visit=0&on_test=0&offer_views=1&ab_test=1477&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&zoneid=1543567&x=1176&y=754&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=754&wfc=0&pl=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1543567&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&hil=undefined&id=71a9cc71879dea89391ceed5a85f8a90&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=1&sf_type=1&timeout=0 HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1543567
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1537480265; OAID=021c5763b1b2556b249207a686b6c2d1; OFR=%7B%2230265%22%3A1%7D; exsdsf=1537480265; pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490; ltm_afu=1

                                         
                                         194.187.98.176
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 20 Sep 2018 21:51:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: f3d5bb63c9dbdcfb475795d659c65a4e=jkUM9c6bw__uAGtY1Bis2uT4xzXHHTdU1E98JKIeyZI; expires=Thu, 27-Sep-2018 21:51:06 GMT; Max-Age=604800 OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; expires=Fri, 21-Sep-2018 21:51:06 GMT; Max-Age=86400; path=/ ppucnt=1; expires=Fri, 21-Sep-2018 21:51:06 GMT; Max-Age=86400; path=/ ppucntstart=1537480266; expires=Fri, 21-Sep-2018 21:51:06 GMT; Max-Age=86400; path=/ allcnt=1; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/ OAID=021c5763b1b2556b249207a686b6c2d1; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/ OFR=%7B%2230265%22%3A2%7D; expires=Sun, 15-Sep-2019 21:51:06 GMT; Max-Age=31104000; path=/ _OACCAP[1283126]=1; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/ _OACBLOCK[1283126]=1537480266; expires=Sat, 20-Oct-2018 21:51:06 GMT; Max-Age=2592000; path=/ _OXCCLK[1283126]=1; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/ _OXPCLK[136588]=1; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   508
Md5:    100f835e9de49fff552ecb96175c0561
Sha1:   a1bec974d055e2139a28efb3cc8723a68948da3d
Sha256: 40b8a83e91a437e8da6ab10e894e254174ec00495b86d8c6ef730f3c64aef1bb
                                        
                                            GET /sc.php?zoneid=1543567&bannerid=1986351&OXLCA=1&clickid=66759683431477248 HTTP/1.1 
Host: mygtmn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/?r=%2Fmb%2Fhan&pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490&empty=0&uuid=c9421438-3921-4f32-a12d-5ad42e629fab&ad_scheme=1&rotation_type=13&ppucounter=0&first_visit=0&on_test=0&offer_views=1&ab_test=1477&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&zoneid=1543567&x=1176&y=754&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=754&wfc=0&pl=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1543567&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&hil=undefined&id=71a9cc71879dea89391ceed5a85f8a90&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=1&sf_type=1&timeout=0
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1537480266; OAID=b209dac77225da7e7a88471abd71ab39; _OXLCA[1986351]=pfdjd6-1543567

                                         
                                         194.187.98.186
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 20 Sep 2018 21:51:06 GMT
Content-Length: 43
Connection: keep-alive
Timing-Allow-Origin: *, *
Set-Cookie: _OXLCA[1986351]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ %5FOXLCA%5B1986351%5D=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; expires=Fri, 21-Sep-2018 21:51:06 GMT; Max-Age=86400; path=/ OAID=b209dac77225da7e7a88471abd71ab39; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/ _OXLCA[1986351]=pfdjd6-1543567; expires=Sat, 20-Oct-2018 21:51:06 GMT; Max-Age=2592000; path=/ OXLCA=1986351.pfdjd6-1543567; expires=Fri, 20-Sep-2019 21:51:06 GMT; Max-Age=31536000; path=/
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 18 Sep 2018 18:39:46 GMT
Etag: D35C8CF5E35A8351DAC1FFC05B85CCFCCAC894B6
X-OCSP-Responder-ID: rmdccaocsp20
Content-Length: 280
Cache-Control: public, no-transform, must-revalidate, max-age=419901
Expires: Tue, 25 Sep 2018 18:29:28 GMT
Date: Thu, 20 Sep 2018 21:51:07 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   280
Md5:    81599fa3670c7fc41da55b992baf4405
Sha1:   d35c8cf5e35a8351dac1ffc05b85ccfccac894b6
Sha256: ce397017c42a93e1423b433e7c288b1a78b3ad3f5d2eddeca798b06aaa211111
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 16 Sep 2018 23:00:19 GMT
Etag: FDAE9D52003E0E3D941202E2E58EA20996AB6637
X-OCSP-Responder-ID: rmdccaocsp17
Content-Length: 313
Cache-Control: public, no-transform, must-revalidate, max-age=262721
Expires: Sun, 23 Sep 2018 22:49:48 GMT
Date: Thu, 20 Sep 2018 21:51:07 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   313
Md5:    15df68a782f92390d86d8e82c4ecf935
Sha1:   fdae9d52003e0e3d941202e2e58ea20996ab6637
Sha256: 60a165f0da0d2fcdd92a985078b28ee56b7ff0b84d6534c0a1568d0898b484a9
                                        
                                            GET /dgt5HD/?source=1543567&external_id=66759683431477248&sf_type=1 HTTP/1.1 
Host: briefext.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/?r=%2Fmb%2Fhan&pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490&empty=0&uuid=c9421438-3921-4f32-a12d-5ad42e629fab&ad_scheme=1&rotation_type=13&ppucounter=0&first_visit=0&on_test=0&offer_views=1&ab_test=1477&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&zoneid=1543567&x=1176&y=754&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=754&wfc=0&pl=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1543567&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&hil=undefined&id=71a9cc71879dea89391ceed5a85f8a90&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=1&sf_type=1&timeout=0

                                         
                                         104.24.108.18
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 20 Sep 2018 21:51:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd14754dd792b05d2b570b85ecbab68941537480267; expires=Fri, 20-Sep-19 21:51:07 GMT; path=/; domain=.briefext.com; HttpOnly _token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiXCJ1dWlkXzM4NjQwZmYxYWxocTUwcTNkM3Z2XzM4NjQwZmYxYWxocTUwcTNkM3Z2NWJhNDE2NGI1ZmY2MjAuMTM3MjU3NDFcIiJ9.a4vCo_Eb4p3B-kTTY4A3MaWhDRwdf4qD62f3FZUbJAM; expires=Sun, 21-Oct-2018 21:51:07 GMT; Max-Age=2678400; path=/; domain=.briefext.com 5e9ed=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc5MlwiOjE1Mzc0ODAyNjd9LFwiY2FtcGFpZ25zXCI6e1wiNTQ2XCI6MTUzNzQ4MDI2N30sXCJ0aW1lXCI6MTUzNzQ4MDI2N30ifQ.MgvCLqvtKfM7IwEzlE0nZ0oHB_v0JD_9Dc9sy_vwm-E; expires=Sun, 21-Oct-2018 21:51:07 GMT; Max-Age=2678400; path=/; domain=.briefext.com
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Thu, 20 Sep 2018 21:51:07 GMT
Cache-Control: max-age=0
Pragma: no-cache
Location: http://proxappdom.cool/1/?source=1543567&csum=dRb5tSPJxapzeNPFb7n17xkBOpTeYHcF3_9vfb_1i1uQWcVuPq-PNEHANEQ9X9B_SJRinckOSjhBM2hm5pojyQ%2C%2C&_subid=38640ff1alhq50q3d3vv&_token=uuid_38640ff1alhq50q3d3vv_38640ff1alhq50q3d3vv5ba4164b5ff620.13725741
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 45d782f62ab84255-OSL


--- Additional Info ---
                                        
                                            GET /1/?source=1543567&csum=dRb5tSPJxapzeNPFb7n17xkBOpTeYHcF3_9vfb_1i1uQWcVuPq-PNEHANEQ9X9B_SJRinckOSjhBM2hm5pojyQ%2C%2C&_subid=38640ff1alhq50q3d3vv&_token=uuid_38640ff1alhq50q3d3vv_38640ff1alhq50q3d3vv5ba4164b5ff620.13725741 HTTP/1.1 
Host: proxappdom.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/?r=%2Fmb%2Fhan&pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490&empty=0&uuid=c9421438-3921-4f32-a12d-5ad42e629fab&ad_scheme=1&rotation_type=13&ppucounter=0&first_visit=0&on_test=0&offer_views=1&ab_test=1477&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&zoneid=1543567&x=1176&y=754&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=754&wfc=0&pl=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1543567&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&hil=undefined&id=71a9cc71879dea89391ceed5a85f8a90&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=1&sf_type=1&timeout=0

                                         
                                         138.201.55.199
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 20 Sep 2018 21:51:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, private, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Expires: 0
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6388
Md5:    0d2fdcb435d873d3e2208af47bffe08b
Sha1:   67c508017013224937518b74ee0cb2bdef4a9088
Sha256: 4a72f6ed9dc2529ebd4fbd11c494a925276c020b5e3593fd8cd3024251a6dd22
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: proxappdom.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         138.201.55.199
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 20 Sep 2018 21:51:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   36
Md5:    6a83fd075b3bf9a252aec307795c05b4
Sha1:   993d53f565edcb12f46eaa6a9e8b4c1639ef7185
Sha256: 4722dc6df5613dc5eaf3fb32338c0aa8b2d4f811b926453790272c1a0a117e26
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1537480265; OAID=021c5763b1b2556b249207a686b6c2d1; OFR=%7B%2230265%22%3A2%7D; exsdsf=1537480265; pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490; ltm_afu=1; f3d5bb63c9dbdcfb475795d659c65a4e=jkUM9c6bw__uAGtY1Bis2uT4xzXHHTdU1E98JKIeyZI; ppucnt=1; ppucntstart=1537480266; allcnt=1; _OACCAP[1283126]=1; _OACBLOCK[1283126]=1537480266; _OXCCLK[1283126]=1; _OXPCLK[136588]=1

                                         
                                         194.187.98.176
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Thu, 20 Sep 2018 21:51:09 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: proxappdom.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         138.201.55.199
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 20 Sep 2018 21:51:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   36
Md5:    6a83fd075b3bf9a252aec307795c05b4
Sha1:   993d53f565edcb12f46eaa6a9e8b4c1639ef7185
Sha256: 4722dc6df5613dc5eaf3fb32338c0aa8b2d4f811b926453790272c1a0a117e26
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1537480265; OAID=021c5763b1b2556b249207a686b6c2d1; OFR=%7B%2230265%22%3A2%7D; exsdsf=1537480265; pbk3=23639bb4e634667d6ea285e683e06a2b6603427458298560490; ltm_afu=1; f3d5bb63c9dbdcfb475795d659c65a4e=jkUM9c6bw__uAGtY1Bis2uT4xzXHHTdU1E98JKIeyZI; ppucnt=1; ppucntstart=1537480266; allcnt=1; _OACCAP[1283126]=1; _OACBLOCK[1283126]=1537480266; _OXCCLK[1283126]=1; _OXPCLK[136588]=1

                                         
                                         194.187.98.176
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Thu, 20 Sep 2018 21:51:09 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---