Overview

URL muzon-podarok.ru/z-rizdvom-xristovim
IP138.201.131.130
ASNAS24940 Hetzner Online GmbH
Location Germany
Report completed2018-01-08 15:54:23 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-01-08 2 sync.teamrtb.net/x/adteam_sync.php?uid= Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 138.201.131.130

Date UQ / IDS / BL URL IP
2019-06-12 01:00:26 +0200
0 - 0 - 0 ru.wp-vote.net 138.201.131.130
2019-06-12 01:00:26 +0200
0 - 0 - 0 ru.wp-vote.net 138.201.131.130
2018-07-10 10:49:59 +0200
0 - 0 - 0 sic-global.kz/txpzni/lvypwzh.php 138.201.131.130
2018-06-26 23:09:51 +0200
3 - 1 - 2 home-help.com.ua/category/obzory 138.201.131.130
2018-04-04 05:36:04 +0200
0 - 0 - 1 muzon-podarok.ru/s-dobrym-utrom 138.201.131.130
2018-03-30 09:39:00 +0200
0 - 0 - 1 archivarius.org.ua/sat/index2.php 138.201.131.130
2017-12-27 10:30:51 +0100
0 - 1 - 0 www.softopirat.com/muzzzon/1519-top-100-luchs (...) 138.201.131.130
2017-11-25 00:50:54 +0100
0 - 0 - 1 muzon-podarok.ru/den-buxgaltera 138.201.131.130
2017-10-11 16:42:43 +0200
0 - 0 - 0 archivarius.org.ua/ 138.201.131.130
2017-08-30 17:39:27 +0200
0 - 0 - 1 chronos-journal.ru/styles/file/baza-dannyh-v- (...) 138.201.131.130

Last 10 reports on ASN: AS24940 Hetzner Online GmbH

Date UQ / IDS / BL URL IP
2019-07-01 11:15:49 +0200
0 - 0 - 0 morskiemile.pl/ 88.198.46.46
2019-07-01 11:05:39 +0200
0 - 0 - 0 https://piranshop.ir/ 144.76.241.226
2019-07-01 06:10:34 +0200
0 - 5 - 0 ua.bizorg.su 136.243.18.232
2019-07-01 04:06:07 +0200
0 - 0 - 0 https://ofness.com/login/ 78.46.102.215
2019-07-01 03:01:20 +0200
0 - 0 - 0 onlinetvi.bloggersdelight.dk/2019/07/01/freeu (...) 138.201.204.196
2019-06-30 17:02:47 +0200
0 - 0 - 0 138.201.66.111 138.201.66.111
2019-06-30 14:17:39 +0200
0 - 0 - 0 https://www.oosterbaan-living.nl/ 78.46.99.89
2019-06-30 10:44:01 +0200
0 - 0 - 0 yu21uy.com 136.243.218.221
2019-06-30 08:38:29 +0200
0 - 0 - 0 https://blog.elcomsoft.com/2019/06/unusual-ip (...) 88.198.215.58
2019-06-30 01:33:48 +0200
0 - 0 - 0 https://ethnics.ru/Parker-vs-Alex-Leap-Fight- (...) 144.76.117.254

Last 2 reports on domain: muzon-podarok.ru

Date UQ / IDS / BL URL IP
2018-04-04 05:36:04 +0200
0 - 0 - 1 muzon-podarok.ru/s-dobrym-utrom 138.201.131.130
2017-11-25 00:50:54 +0100
0 - 0 - 1 muzon-podarok.ru/den-buxgaltera 138.201.131.130


JavaScript

Executed Scripts (55)


Executed Evals (0)


Executed Writes (25)

#1 JavaScript::Write (size: 1877, repeated: 1) - SHA256: f4c2ad4b882ce03ee4f8f412e1c70290372779d7a938b26598046825693742ba

                                        < !doctype html > < html > < body > < iframe style = "display:none"
data - ad - client = "ca-pub-8696655009354586"
id = "google_esf"
name = "google_esf"
src = "https://googleads.g.doubleclick.net/pagead/html/r20180102/r20170110/zrt_lookup.html#" > < /iframe><script>google_ad_slot="6324202954";google_ad_client="ca-pub-8696655009354586";google_adsbygoogle_status="done";google_ad_width=300;google_ad_height=250;google_available_width=285;google_ad_modifications={"plle":true,"eids":["4089042","38893302","21061122","191880502"],"loeids":["38893312"]};google_loader_used="aa";google_reactive_tag_first=false;google_ad_format="300x250";google_ad_unit_key="3795495575";google_ad_dom_fingerprint="807048394";google_sailm=false;google_unique_id=1;google_async_iframe_id="aswift_0";google_start_time=1515423624912;google_pub_vars="JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjI2MzI0MjAyOTU0JTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi04Njk2NjU1MDA5MzU0NTg2JTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EzMDAlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBMjUwJTJDJTIyZ29vZ2xlX2F2YWlsYWJsZV93aWR0aCUyMiUzQTI4NSUyQyUyMmdvb2dsZV9hZF9tb2RpZmljYXRpb25zJTIyJTNBJTdCJTIycGxsZSUyMiUzQXRydWUlMkMlMjJlaWRzJTIyJTNBJTVCJTIyNDA4OTA0MiUyMiUyQyUyMjM4ODkzMzAyJTIyJTJDJTIyMjEwNjExMjIlMjIlMkMlMjIxOTE4ODA1MDIlMjIlNUQlMkMlMjJsb2VpZHMlMjIlM0ElNUIlMjIzODg5MzMxMiUyMiU1RCU3RCUyQyUyMmdvb2dsZV9sb2FkZXJfdXNlZCUyMiUzQSUyMmFhJTIyJTJDJTIyZ29vZ2xlX3JlYWN0aXZlX3RhZ19maXJzdCUyMiUzQWZhbHNlJTJDJTIyZ29vZ2xlX2FkX2Zvcm1hdCUyMiUzQSUyMjMwMHgyNTAlMjIlMkMlMjJnb29nbGVfYWRfdW5pdF9rZXklMjIlM0ElMjIzNzk1NDk1NTc1JTIyJTJDJTIyZ29vZ2xlX2FkX2RvbV9maW5nZXJwcmludCUyMiUzQSUyMjgwNzA0ODM5NCUyMiU3RA==";google_bpp=14;google_async_rrc=0;google_iframe_start_time=new Date().getTime();</script > < script src = "http://pagead2.googlesyndication.com/pagead/js/r20180102/r20170110/show_ads_impl.js" > < /script></body > < /html>
                                    

#2 JavaScript::Write (size: 2200, repeated: 1) - SHA256: 8cb43a43d40ce7784d0103feafa45f3fec924ab9b16cc15bfca2d3af6e5ef61f

                                        < !doctype html > < html > < body > < script > google_ad_format = "287x600";
google_ad_slot = "9893907758";
google_ad_client = "ca-pub-8696655009354586";
google_adsbygoogle_status = "done";
google_full_width_responsive_allowed = false;
google_fwr_non_expansion_reason = 4;
google_responsive_formats = 4;
google_ad_width = 287;
google_ad_height = 600;
google_ad_resizable = true;
google_override_format = 1;
google_responsive_auto_format = 1;
google_loader_features_used = 128;
google_ad_modifications = {
    "plle": true,
    "eids": ["4089042", "38893302", "21061122", "191880502"],
    "loeids": ["38893312"]
};
google_loader_used = "aa";
google_reactive_tag_first = false;
google_ad_unit_key = "1733166768";
google_ad_dom_fingerprint = "807048394";
google_sailm = false;
google_unique_id = 5;
google_async_iframe_id = "aswift_4";
google_start_time = 1515423624952;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX2Zvcm1hdCUyMiUzQSUyMjI4N3g2MDAlMjIlMkMlMjJnb29nbGVfYWRfc2xvdCUyMiUzQSUyMjk4OTM5MDc3NTglMjIlMkMlMjJnb29nbGVfYWRfY2xpZW50JTIyJTNBJTIyY2EtcHViLTg2OTY2NTUwMDkzNTQ1ODYlMjIlMkMlMjJnb29nbGVfYWRzYnlnb29nbGVfc3RhdHVzJTIyJTNBJTIyZG9uZSUyMiUyQyUyMmdvb2dsZV9mdWxsX3dpZHRoX3Jlc3BvbnNpdmVfYWxsb3dlZCUyMiUzQWZhbHNlJTJDJTIyZ29vZ2xlX2Z3cl9ub25fZXhwYW5zaW9uX3JlYXNvbiUyMiUzQTQlMkMlMjJnb29nbGVfcmVzcG9uc2l2ZV9mb3JtYXRzJTIyJTNBNCUyQyUyMmdvb2dsZV9hZF93aWR0aCUyMiUzQTI4NyUyQyUyMmdvb2dsZV9hZF9oZWlnaHQlMjIlM0E2MDAlMkMlMjJnb29nbGVfYWRfcmVzaXphYmxlJTIyJTNBdHJ1ZSUyQyUyMmdvb2dsZV9vdmVycmlkZV9mb3JtYXQlMjIlM0ExJTJDJTIyZ29vZ2xlX3Jlc3BvbnNpdmVfYXV0b19mb3JtYXQlMjIlM0ExJTJDJTIyZ29vZ2xlX2xvYWRlcl9mZWF0dXJlc191c2VkJTIyJTNBMTI4JTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlMjI0MDg5MDQyJTIyJTJDJTIyMzg4OTMzMDIlMjIlMkMlMjIyMTA2MTEyMiUyMiUyQyUyMjE5MTg4MDUwMiUyMiU1RCUyQyUyMmxvZWlkcyUyMiUzQSU1QiUyMjM4ODkzMzEyJTIyJTVEJTdEJTJDJTIyZ29vZ2xlX2xvYWRlcl91c2VkJTIyJTNBJTIyYWElMjIlMkMlMjJnb29nbGVfcmVhY3RpdmVfdGFnX2ZpcnN0JTIyJTNBZmFsc2UlMkMlMjJnb29nbGVfYWRfdW5pdF9rZXklMjIlM0ElMjIxNzMzMTY2NzY4JTIyJTJDJTIyZ29vZ2xlX2FkX2RvbV9maW5nZXJwcmludCUyMiUzQSUyMjgwNzA0ODM5NCUyMiU3RA==";
google_bpp = 6;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20180102 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#3 JavaScript::Write (size: 2200, repeated: 1) - SHA256: a28542ebe0067fae280940d1e427ed47385badac11f8bda85e6b2a71fc611819

                                        < !doctype html > < html > < body > < script > google_ad_format = "297x250";
google_ad_slot = "5463708150";
google_ad_client = "ca-pub-8696655009354586";
google_adsbygoogle_status = "done";
google_full_width_responsive_allowed = false;
google_fwr_non_expansion_reason = 4;
google_responsive_formats = 3;
google_ad_width = 297;
google_ad_height = 250;
google_ad_resizable = true;
google_override_format = 1;
google_responsive_auto_format = 1;
google_loader_features_used = 128;
google_ad_modifications = {
    "plle": true,
    "eids": ["4089042", "38893302", "21061122", "191880502"],
    "loeids": ["38893312"]
};
google_loader_used = "aa";
google_reactive_tag_first = false;
google_ad_unit_key = "1270688880";
google_ad_dom_fingerprint = "807048394";
google_sailm = false;
google_unique_id = 3;
google_async_iframe_id = "aswift_2";
google_start_time = 1515423624941;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX2Zvcm1hdCUyMiUzQSUyMjI5N3gyNTAlMjIlMkMlMjJnb29nbGVfYWRfc2xvdCUyMiUzQSUyMjU0NjM3MDgxNTAlMjIlMkMlMjJnb29nbGVfYWRfY2xpZW50JTIyJTNBJTIyY2EtcHViLTg2OTY2NTUwMDkzNTQ1ODYlMjIlMkMlMjJnb29nbGVfYWRzYnlnb29nbGVfc3RhdHVzJTIyJTNBJTIyZG9uZSUyMiUyQyUyMmdvb2dsZV9mdWxsX3dpZHRoX3Jlc3BvbnNpdmVfYWxsb3dlZCUyMiUzQWZhbHNlJTJDJTIyZ29vZ2xlX2Z3cl9ub25fZXhwYW5zaW9uX3JlYXNvbiUyMiUzQTQlMkMlMjJnb29nbGVfcmVzcG9uc2l2ZV9mb3JtYXRzJTIyJTNBMyUyQyUyMmdvb2dsZV9hZF93aWR0aCUyMiUzQTI5NyUyQyUyMmdvb2dsZV9hZF9oZWlnaHQlMjIlM0EyNTAlMkMlMjJnb29nbGVfYWRfcmVzaXphYmxlJTIyJTNBdHJ1ZSUyQyUyMmdvb2dsZV9vdmVycmlkZV9mb3JtYXQlMjIlM0ExJTJDJTIyZ29vZ2xlX3Jlc3BvbnNpdmVfYXV0b19mb3JtYXQlMjIlM0ExJTJDJTIyZ29vZ2xlX2xvYWRlcl9mZWF0dXJlc191c2VkJTIyJTNBMTI4JTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlMjI0MDg5MDQyJTIyJTJDJTIyMzg4OTMzMDIlMjIlMkMlMjIyMTA2MTEyMiUyMiUyQyUyMjE5MTg4MDUwMiUyMiU1RCUyQyUyMmxvZWlkcyUyMiUzQSU1QiUyMjM4ODkzMzEyJTIyJTVEJTdEJTJDJTIyZ29vZ2xlX2xvYWRlcl91c2VkJTIyJTNBJTIyYWElMjIlMkMlMjJnb29nbGVfcmVhY3RpdmVfdGFnX2ZpcnN0JTIyJTNBZmFsc2UlMkMlMjJnb29nbGVfYWRfdW5pdF9rZXklMjIlM0ElMjIxMjcwNjg4ODgwJTIyJTJDJTIyZ29vZ2xlX2FkX2RvbV9maW5nZXJwcmludCUyMiUzQSUyMjgwNzA0ODM5NCUyMiU3RA==";
google_bpp = 6;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20180102 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#4 JavaScript::Write (size: 1936, repeated: 1) - SHA256: b53db8a9361ed49c9d8713d249be321aa4195f7bd6e3357172b7625f337d99af

                                        < !doctype html > < html > < body > < script > google_ad_format = "306x250_0ads_al";
google_ad_slot = "8417174550";
google_ad_client = "ca-pub-8696655009354586";
google_adsbygoogle_status = "done";
google_ad_width = 306;
google_ad_height = 250;
google_ad_resizable = true;
google_override_format = 1;
google_responsive_auto_format = 10;
google_loader_features_used = 128;
google_ad_modifications = {
    "plle": true,
    "eids": ["4089042", "38893302", "21061122", "191880502"],
    "loeids": ["38893312"]
};
google_loader_used = "aa";
google_reactive_tag_first = false;
google_ad_unit_key = "1200011802";
google_ad_dom_fingerprint = "807048394";
google_sailm = false;
google_unique_id = 4;
google_async_iframe_id = "aswift_3";
google_start_time = 1515423624947;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX2Zvcm1hdCUyMiUzQSUyMjMwNngyNTBfMGFkc19hbCUyMiUyQyUyMmdvb2dsZV9hZF9zbG90JTIyJTNBJTIyODQxNzE3NDU1MCUyMiUyQyUyMmdvb2dsZV9hZF9jbGllbnQlMjIlM0ElMjJjYS1wdWItODY5NjY1NTAwOTM1NDU4NiUyMiUyQyUyMmdvb2dsZV9hZHNieWdvb2dsZV9zdGF0dXMlMjIlM0ElMjJkb25lJTIyJTJDJTIyZ29vZ2xlX2FkX3dpZHRoJTIyJTNBMzA2JTJDJTIyZ29vZ2xlX2FkX2hlaWdodCUyMiUzQTI1MCUyQyUyMmdvb2dsZV9hZF9yZXNpemFibGUlMjIlM0F0cnVlJTJDJTIyZ29vZ2xlX292ZXJyaWRlX2Zvcm1hdCUyMiUzQTElMkMlMjJnb29nbGVfcmVzcG9uc2l2ZV9hdXRvX2Zvcm1hdCUyMiUzQTEwJTJDJTIyZ29vZ2xlX2xvYWRlcl9mZWF0dXJlc191c2VkJTIyJTNBMTI4JTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlMjI0MDg5MDQyJTIyJTJDJTIyMzg4OTMzMDIlMjIlMkMlMjIyMTA2MTEyMiUyMiUyQyUyMjE5MTg4MDUwMiUyMiU1RCUyQyUyMmxvZWlkcyUyMiUzQSU1QiUyMjM4ODkzMzEyJTIyJTVEJTdEJTJDJTIyZ29vZ2xlX2xvYWRlcl91c2VkJTIyJTNBJTIyYWElMjIlMkMlMjJnb29nbGVfcmVhY3RpdmVfdGFnX2ZpcnN0JTIyJTNBZmFsc2UlMkMlMjJnb29nbGVfYWRfdW5pdF9rZXklMjIlM0ElMjIxMjAwMDExODAyJTIyJTJDJTIyZ29vZ2xlX2FkX2RvbV9maW5nZXJwcmludCUyMiUzQSUyMjgwNzA0ODM5NCUyMiU3RA==";
google_bpp = 5;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20180102 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#5 JavaScript::Write (size: 1593, repeated: 1) - SHA256: 024932492318a8bdb921d9d99db003111b188a634190e6675a396d186d5aa484

                                        < !doctype html > < html > < body > < script > google_ad_slot = "3986974959";
google_ad_client = "ca-pub-8696655009354586";
google_adsbygoogle_status = "done";
google_ad_width = 320;
google_ad_height = 100;
google_ad_modifications = {
    "plle": true,
    "eids": ["4089042", "38893302", "21061122", "191880502"],
    "loeids": ["38893312"]
};
google_loader_used = "aa";
google_reactive_tag_first = false;
google_ad_format = "320x100";
google_ad_unit_key = "3464819608";
google_ad_dom_fingerprint = "807048394";
google_sailm = false;
google_unique_id = 2;
google_async_iframe_id = "aswift_1";
google_start_time = 1515423624935;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjIzOTg2OTc0OTU5JTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi04Njk2NjU1MDA5MzU0NTg2JTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EzMjAlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBMTAwJTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlMjI0MDg5MDQyJTIyJTJDJTIyMzg4OTMzMDIlMjIlMkMlMjIyMTA2MTEyMiUyMiUyQyUyMjE5MTg4MDUwMiUyMiU1RCUyQyUyMmxvZWlkcyUyMiUzQSU1QiUyMjM4ODkzMzEyJTIyJTVEJTdEJTJDJTIyZ29vZ2xlX2xvYWRlcl91c2VkJTIyJTNBJTIyYWElMjIlMkMlMjJnb29nbGVfcmVhY3RpdmVfdGFnX2ZpcnN0JTIyJTNBZmFsc2UlMkMlMjJnb29nbGVfYWRfZm9ybWF0JTIyJTNBJTIyMzIweDEwMCUyMiUyQyUyMmdvb2dsZV9hZF91bml0X2tleSUyMiUzQSUyMjM0NjQ4MTk2MDglMjIlMkMlMjJnb29nbGVfYWRfZG9tX2ZpbmdlcnByaW50JTIyJTNBJTIyODA3MDQ4Mzk0JTIyJTdE";
google_bpp = 6;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20180102 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#6 JavaScript::Write (size: 1335, repeated: 1) - SHA256: a6857bd07b200391e7184997242e9cfc86768b77fc8de6c2452ecf9e539c9c0a

                                        < iframe id = "google_ads_frame1"
name = "google_ads_frame1"
width = "300"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&amp;output=html&amp;h=250&amp;slotname=6324202954&amp;adk=3795495575&amp;adf=807048394&amp;w=300&amp;lmt=1515423623&amp;loeid=38893312&amp;format=300x250&amp;url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&amp;ea=0&amp;flash=10.0.45&amp;avail_w=285&amp;wgl=0&amp;dt=1515423624912&amp;bpp=14&amp;fdt=170&amp;idt=426&amp;shv=r20180102&amp;cbv=r20170110&amp;saldr=aa&amp;correlator=3521135059913&amp;frm=20&amp;ga_vid=303066757.1515423626&amp;ga_sid=1515423626&amp;ga_hid=1324658643&amp;ga_fc=0&amp;pv=2&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=105&amp;ady=25&amp;biw=1159&amp;bih=737&amp;abxe=1&amp;eid=4089042%2C38893302%2C21061122%2C191880502&amp;oid=3&amp;nmo=1&amp;zm=1.02&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1040&amp;bc=1&amp;ifi=1&amp;dtd=900"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#7 JavaScript::Write (size: 1341, repeated: 1) - SHA256: 58a331f3dbc73425ab94dca208d2ed229a1275b9f4f81b433d75f4bcb5b6289e

                                        < iframe id = "google_ads_frame2"
name = "google_ads_frame2"
width = "320"
height = "100"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&amp;output=html&amp;h=100&amp;slotname=3986974959&amp;adk=3464819608&amp;adf=807048394&amp;w=320&amp;lmt=1515423623&amp;loeid=38893312&amp;format=320x100&amp;url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;dt=1515423624935&amp;bpp=6&amp;fdt=900&amp;idt=989&amp;shv=r20180102&amp;cbv=r20170110&amp;saldr=aa&amp;prev_fmts=300x250&amp;correlator=3521135059913&amp;frm=20&amp;ga_vid=303066757.1515423626&amp;ga_sid=1515423626&amp;ga_hid=1324658643&amp;ga_fc=0&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=423&amp;ady=24&amp;biw=1159&amp;bih=737&amp;abxe=1&amp;eid=4089042%2C38893302%2C21061122%2C191880502&amp;oid=3&amp;nmo=1&amp;zm=1.02&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1040&amp;bc=1&amp;ifi=2&amp;dtd=1026"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#8 JavaScript::Write (size: 1402, repeated: 1) - SHA256: bf9acc24eb7d7a3d489c20de3626b85efba7c7176b431dd814697a4723c7caa8

                                        < iframe id = "google_ads_frame3"
name = "google_ads_frame3"
width = "297"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&amp;output=html&amp;h=250&amp;slotname=5463708150&amp;adk=1270688880&amp;adf=807048394&amp;w=297&amp;fwrn=4&amp;lmt=1515423623&amp;loeid=38893312&amp;rafmt=1&amp;format=297x250&amp;url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&amp;ea=0&amp;flash=10.0.45&amp;fwr=0&amp;resp_fmts=3&amp;wgl=0&amp;dt=1515423624941&amp;bpp=6&amp;fdt=1032&amp;idt=1124&amp;shv=r20180102&amp;cbv=r20170110&amp;saldr=aa&amp;prev_fmts=300x250%2C320x100&amp;correlator=3521135059913&amp;frm=20&amp;ga_vid=303066757.1515423626&amp;ga_sid=1515423626&amp;ga_hid=1324658643&amp;ga_fc=0&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=745&amp;ady=24&amp;biw=1159&amp;bih=737&amp;abxe=1&amp;eid=4089042%2C38893302%2C21061122%2C191880502&amp;oid=3&amp;nmo=1&amp;zm=1.02&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1168&amp;bc=1&amp;ifi=3&amp;dtd=1151"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#9 JavaScript::Write (size: 1387, repeated: 1) - SHA256: 9fc6f7b14c08b157d55e5a524f39a405f0741a9a76fa316517f93eb0b2b013c6

                                        < iframe id = "google_ads_frame4"
name = "google_ads_frame4"
width = "306"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&amp;output=html&amp;h=250&amp;slotname=8417174550&amp;adk=1200011802&amp;adf=807048394&amp;w=306&amp;lmt=1515423623&amp;loeid=38893312&amp;rafmt=10&amp;format=306x250_0ads_al&amp;url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;dt=1515423624947&amp;bpp=5&amp;fdt=1177&amp;idt=1273&amp;shv=r20180102&amp;cbv=r20170110&amp;saldr=aa&amp;prev_fmts=300x250%2C320x100%2C297x250&amp;correlator=3521135059913&amp;frm=20&amp;ga_vid=303066757.1515423626&amp;ga_sid=1515423626&amp;ga_hid=1324658643&amp;ga_fc=0&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=428&amp;ady=821&amp;biw=1159&amp;bih=737&amp;abxe=1&amp;eid=4089042%2C38893302%2C21061122%2C191880502&amp;oid=3&amp;nmo=1&amp;zm=1.02&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1168&amp;bc=1&amp;ifi=4&amp;dtd=1316"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#10 JavaScript::Write (size: 1433, repeated: 1) - SHA256: 4a2aba9b94c2edfccf59083783a069b1326bbd1e29ece2e7a355ceb2080ffea3

                                        < iframe id = "google_ads_frame5"
name = "google_ads_frame5"
width = "287"
height = "600"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&amp;output=html&amp;h=600&amp;slotname=9893907758&amp;adk=1733166768&amp;adf=807048394&amp;w=287&amp;fwrn=4&amp;lmt=1515423623&amp;loeid=38893312&amp;rafmt=1&amp;format=287x600&amp;url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&amp;ea=0&amp;flash=10.0.45&amp;fwr=0&amp;resp_fmts=4&amp;wgl=0&amp;dt=1515423624952&amp;bpp=6&amp;fdt=1326&amp;idt=1432&amp;shv=r20180102&amp;cbv=r20170110&amp;saldr=aa&amp;prev_fmts=300x250%2C320x100%2C297x250%2C306x250_0ads_al&amp;correlator=3521135059913&amp;frm=20&amp;ga_vid=303066757.1515423626&amp;ga_sid=1515423626&amp;ga_hid=1324658643&amp;ga_fc=0&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=750&amp;ady=821&amp;biw=1159&amp;bih=737&amp;abxe=1&amp;eid=4089042%2C38893302%2C21061122%2C191880502&amp;oid=3&amp;nmo=1&amp;zm=1.02&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1168&amp;bc=1&amp;ifi=5&amp;dtd=1463"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#11 JavaScript::Write (size: 151, repeated: 1) - SHA256: 467b14bce3d014f3622054c9a7d3659c5967b027451a575f480e75d54a7f6121

                                        < iframe src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=506274"
width = 1 height = 1 frameborder = 0 style = "border:0px" > < /iframe>
                                    

#12 JavaScript::Write (size: 161, repeated: 1) - SHA256: c08ec19978b56890433647d7f14285da64fb33f70537b163fc12627a512560d5

                                        < iframe src = "http://aimfar.solution.weborama.fr/fcgi-bin/external_tracking.fcgi?country=FR&r=506274"
width = 1 height = 1 frameborder = 0 style = "border:0px" > < /iframe>
                                    

#13 JavaScript::Write (size: 266, repeated: 1) - SHA256: 37b40b65f6b019a94c695590eadee7016fd467b49604cc40b2c20877f83d61b3

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=appnexus_id&d.u=http%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttp%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dtp%26d.k%3Dappnexus_id%26d.v%3D%24UID"
width = 1 height = 1 / >
                                    

#14 JavaScript::Write (size: 327, repeated: 1) - SHA256: 17b27b042b84282ebabbc90eb04a42957d645c160241689d678c7b7e9687ea5f

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=criteov2_id&d.u=http%3A%2F%2Fgum.criteo.com%2Fsync%3Fc%3D13%26a%3D1%26r%3D1%26u%3Dhttp%253A%252F%252Faimfar.solution.weborama.fr%252Ffcgi-bin%252Fdispatch.fcgi%253Fd.A%253Dtp%2526d.k%253Dcriteov2_id%2526d.v%253D%2540USERID%2540"
width = 1 height = 1 / >
                                    

#15 JavaScript::Write (size: 195, repeated: 1) - SHA256: edb4cbb5996d3b3c6c7a97edad66873d910c8ec6d9af83629f3692ffe7ccd3f3

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=google_id&d.u=http%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dweborama_dmp%26google_cm"
width = 1 height = 1 / >
                                    

#16 JavaScript::Write (size: 336, repeated: 1) - SHA256: 5da3aba210c634d984dce5515f7421ff309b12351088250544a4fd3d5fde8217

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=mediamath_id&d.u=http%3A%2F%2Fpixel.mathtag.com%2Fsync%2Fimg%3Fmt_exid%3D10014%26redir%3Dhttp%253A%252F%252Faimfar.solution.weborama.fr%252Ffcgi-bin%252Fdispatch.fcgi%253Fd.A%253Dtp%2526d.k%253Dmediamath_id%2526d.v%253D%255BMM_UUID%255D"
width = 1 height = 1 / >
                                    

#17 JavaScript::Write (size: 174, repeated: 1) - SHA256: 57aee4e1de5c261ee72b545563aa31694fcb555357e708d395a0536619afcea3

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=radiumone_id&d.u=http%3A%2F%2Frp.gwallet.com%2Fr1%2Fcm%2Fp79r1515423632884"
width = 1 height = 1 / >
                                    

#18 JavaScript::Write (size: 325, repeated: 1) - SHA256: bff6c756ed153887fd6de780aa35db854b4e9101fd1d8a6a944e22326f5c776e

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=smartadserver_id&d.u=http%3a%2f%2fsync.smartadserver.com%2fgetuid%3furl%3dhttp%253a%252f%252faimfar.solution.weborama.fr%252ffcgi-bin%252fdispatch.fcgi%253fd.A%253dtp%2526d.k%253dsmartadserver_id%2526d.v%253d%255bsas_uid%255d"
width = 1 height = 1 / >
                                    

#19 JavaScript::Write (size: 204, repeated: 1) - SHA256: 99dc215a92c4bb14d0728615459e8ea9e5d100f5bbbff812a96ab89369710e94

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=tradedesk_id&d.u=http%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3D44004e2%26ttd_tpi%3D1"
width = 1 height = 1 / >
                                    

#20 JavaScript::Write (size: 175, repeated: 1) - SHA256: de25a7fa6dd9dc13906d85b7f432cc047c8a7d31c3b87aae9bb428857cf9d300

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=videology_id&d.u=http%3A//sync.tidaltv.com/genericusersync.ashx%3Fdpid%3D29"
width = 1 height = 1 / >
                                    

#21 JavaScript::Write (size: 184, repeated: 1) - SHA256: 40ba6b4363376e04ae4db9921b683ab6d6459fa28b3b42db802a34f0e7af0216

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=rd&d.k=acxiom&d.u=http%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d"
width = 1 height = 1 / >
                                    

#22 JavaScript::Write (size: 191, repeated: 1) - SHA256: 1a371ed60ead3c6e55eb60f03f70960a700c941f0e28525ef13b2e67463609d2

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=rd&d.k=bigsea&d.u=http%3A%2F%2Fdx.bigsea.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D"
width = 1 height = 1 / >
                                    

#23 JavaScript::Write (size: 224, repeated: 1) - SHA256: fc3633df48bc14d40a1455f491e91168c38378fdeac20b2246ac623872f59ab5

                                        < img src = "http://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=rd&d.k=rubicon&d.u=http%3a%2f%2ftap.rubiconproject.com%2foz%2ffeeds%2fweborama%2ftokens%3fpk%3dJQXH-IBB29RJW%26afu%3d%7bWEBO_CID%7d"
width = 1 height = 1 / >
                                    

#24 JavaScript::Write (size: 72, repeated: 1) - SHA256: 8c91a5e2f75311839a34e718ff160cbc0187800c48d33aa98d4bd2bf5c53894e

                                        < img src = "http://geosync.solution.weborama.fr/sync/"
width = 1 height = 1 / >
                                    

#25 JavaScript::Write (size: 174, repeated: 1) - SHA256: 7863e01145799728e182f6c2f76ae7f2e20e66e7f5780b066db23b3b840aacc8

                                        < img src = "http://wam-yahoo.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cr&d.k=yahoo_id&d.u=https%3A//cms.analytics.yahoo.com/cms%3Fpartner_id%3DWEBMA"
width = 1 height = 1 / >
                                    


HTTP Transactions (176)


Request Response
                                        
                                            GET /z-rizdvom-xristovim HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Pingback: http://muzon-podarok.ru/xmlrpc.php
Link: <http://muzon-podarok.ru/?p=977>; rel=shortlink
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13947
Md5:    b3764f2b659d7c925f5de2b6c4a1bb23
Sha1:   0917e6331af5da7841334e6896c7cedd23736f6b
Sha256: 5a490d7b0fc6ab74c948420c1ad2d9438492a6b5bc9d9b19030f6cc91842dd22
                                        
                                            GET /wp-includes/js/jquery/jquery.js?ver=1.11.1 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:23 GMT
Last-Modified: Tue, 28 Jul 2015 09:53:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"55b75124-1763f"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33489
Md5:    f8c69d29f080fc59042cf6bd86530483
Sha1:   505f5c961ff54951fe0ed8beecd724340de85060
Sha256: 4c722e1914e90773664e7ebc2a28493deae27ee0643e5684f666ac0e7323b678
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:23 GMT
Last-Modified: Tue, 28 Jul 2015 09:53:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"55b75122-1c1f"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3064
Md5:    6089ed7742f31d1ea824bce7993da4bd
Sha1:   4c4b9e8d7426beafbdbae365cd8ec11f06ed2e58
Sha256: 72832c487042a86033392bc98e7d0cfdc2c956be2b29fb47bc9cc165b2e819bc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:24 GMT
Server: Apache
Last-Modified: Fri, 05 Jan 2018 20:37:52 GMT
Expires: Fri, 12 Jan 2018 20:37:52 GMT
Etag: 60232E3878B58B9D5B09F8C9A25C72EF4ADCDAC1
Cache-Control: max-age=365247,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp19
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    93ca4e2f9c8997d35abf657db9277694
Sha1:   60232e3878b58b9d5b09f8c9a25c72ef4adcdac1
Sha256: 078c5c9126d96e37f1ff623146c1284a9d63bf46b3050fddb70a590f32f03b8d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:24 GMT
Server: Apache
Last-Modified: Mon, 08 Jan 2018 10:44:51 GMT
Expires: Mon, 15 Jan 2018 10:44:51 GMT
Etag: 0FF2910BAB8E92EE9AC07C976C1907B5D21997D6
Cache-Control: max-age=588866,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp19
Content-Length: 727
Connection: close


--- Additional Info ---
Magic:  data
Size:   727
Md5:    7018dd5c88d4c2295736d6c4115b1beb
Sha1:   0ff2910bab8e92ee9ac07c976c1907b5d21997d6
Sha256: 3aa273ff2aecc179f6f42b4ca9ba07ef21e044a7e75fc733575b0793a9298a9f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:24 GMT
Server: Apache
Last-Modified: Mon, 08 Jan 2018 10:44:51 GMT
Expires: Mon, 15 Jan 2018 10:44:51 GMT
Etag: DFE9FFCA3E15692D2E8A4969FACFD8006F82675D
Cache-Control: max-age=588866,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp19
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    8011e0cc6799fbc1069f1d0f415e97ab
Sha1:   dfe9ffca3e15692d2e8a4969facfd8006f82675d
Sha256: 8b9313ecbd2bdd08196f87fc44544e9a0fc94e047616e798a2b8f9518c276480
                                        
                                            GET /bootstrap/3.3.5/css/bootstrap.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         94.31.29.16
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 08 Jan 2018 15:00:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 16 Jun 2015 16:29:49 GMT
Etag: W/"5d5357cb3704e1f43a1f5bfed2aebf42"
Server: NetDNA-cache/2.2
Expires: Thu, 03 Jan 2019 15:00:24 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   23315
Md5:    c07d2b9a24b7841ca98292428419138c
Sha1:   e3cbef6237a15b2dd77bdbb8241c0b76682a928d
Sha256: b1067cef5daafa29e4d7ef4a3912a7933c94ce2ed9b9e74e3e0c2a5fb0297136
                                        
                                            GET /bootstrap/3.3.5/js/bootstrap.min.js HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         94.31.29.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 08 Jan 2018 15:00:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 01 Dec 2015 17:30:52 GMT
Etag: W/"4becdc9104623e891fbb9d38bba01be4"
Server: NetDNA-cache/2.2
Expires: Thu, 03 Jan 2019 15:00:24 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   11010
Md5:    2b42bf584f138190cffa244c5db19ef5
Sha1:   6d638a8ad8101a3d2d12742077fcce65556030d8
Sha256: aa3fab9f26d088de33db930f96f86bac2b99fda9f9fc38bef230f62548eb90d6
                                        
                                            GET /bootstrap/3.3.5/css/bootstrap-theme.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         94.31.29.16
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 08 Jan 2018 15:00:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 16 Jun 2015 16:29:47 GMT
Etag: W/"bf3499da1c31113720e9e395691730ba"
Server: NetDNA-cache/2.2
Expires: Thu, 03 Jan 2019 15:00:24 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3043
Md5:    03ec227f028379694726390035a97392
Sha1:   90568f48ba98e91a0796cf0529176aecea4315e7
Sha256: 27e164501decd8b2c5a798a3a990179d344303007db995a55e04336940552632
                                        
                                            GET /wp-content/themes/atahualpa.3.7.24/images/expand-down.gif HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 57
Last-Modified: Thu, 23 Jul 2015 03:47:19 GMT
Connection: keep-alive
Etag: "55b063c7-39"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 11 x 8
Size:   57
Md5:    00b13221242b69fe296335e35743ac74
Sha1:   1064f00d9dc6c1cccdd16a40802aa45d355921ef
Sha256: f78db0e8b844a2def884e1bd1e9780d2d56646a4aeb81cd5956a8f477ff369ee
                                        
                                            GET /wp-content/uploads/muzon-podarok-5581-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 8344
Last-Modified: Sat, 14 Dec 2013 21:15:19 GMT
Connection: keep-alive
Etag: "52acca67-2098"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8344
Md5:    27cc0d9ee690efa0ca85a7ea65816cd6
Sha1:   74b82b5cc9bbfb23ed9156e6f30df4d1668caaea
Sha256: 0b12d66224f89591dd2cc678afcca65c2707b7014361c9597a83b0e747dcc1a3
                                        
                                            GET /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Mon, 08 Jan 2018 15:00:24 GMT
Expires: Mon, 08 Jan 2018 15:00:24 GMT
Cache-Control: private, max-age=3600
Etag: 15209151888466683271
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 25526
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   25526
Md5:    95e1bf36f1d6fb2a06f5e5ec7839d94d
Sha1:   25ed033462b396ff05793f7cfc46fef486b61864
Sha256: 2ede46b2c0f86fc8eb823d1e05b8c73618f9fffa165450b685d9743f5fb5d9a6
                                        
                                            GET /wp-content/plugins/muzon_podarok/fancy/jquery.fancybox.css?ver=4.1.21 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Last-Modified: Wed, 29 Jul 2015 09:55:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"55b8a324-133f"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1463
Md5:    27854f10c08178bf94cc00f03747ccfe
Sha1:   d3e6088eed9488ce12d9e9868e296127a4a300b4
Sha256: c26e7be3056245fcaf7ca15eafa2d338ebfa1a08a98358b927625cf6401f4be0
                                        
                                            GET /wp-content/plugins/muzon_podarok/main_category.css?ver=4.1.21 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Last-Modified: Wed, 29 Jul 2015 09:55:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"55b8a320-f8a"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1305
Md5:    e9777544f285c63fa9c910193fae56ca
Sha1:   0a166470185772e6a717bf1a625ec5625a1cdd53
Sha256: b5ed3916575e9b2e9a7f4775c804292af7bfcefee3d6a2f5514c75580b42b6de
                                        
                                            GET /wp-content/uploads/muzon-podarok-6220-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 8442
Last-Modified: Sat, 14 Dec 2013 21:13:20 GMT
Connection: keep-alive
Etag: "52acc9f0-20fa"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8442
Md5:    82959ba718ee8490918d30a12db69985
Sha1:   6f7685a1200fdb0e30e801b734bbb6b7f2135c56
Sha256: baf9b7a83972dcf42b5533f634c6532fc46d4ce2706b62b58f5d9e9b4fdd1c8c
                                        
                                            GET /wp-content/uploads/muzon-podarok-32701-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 8093
Last-Modified: Sat, 14 Dec 2013 21:04:13 GMT
Connection: keep-alive
Etag: "52acc7cd-1f9d"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8093
Md5:    86ff1b6e376c0bc933122f29d4f53ca3
Sha1:   0c3817c8c538b9c1a8f1cda4d0210ed6602f219c
Sha256: 8b565a0c13f9f14db3f22c38a4b17e2cdac0a5355d3401638286844d35b58210
                                        
                                            GET /wp-content/uploads/muzon-podarok-dd769-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 9454
Last-Modified: Sat, 14 Dec 2013 21:10:30 GMT
Connection: keep-alive
Etag: "52acc946-24ee"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   9454
Md5:    34d0d3c0fb2ed65e028da6701706765d
Sha1:   10d0b9fc12acf5ea78f5d6a149c744cd915a08e6
Sha256: 18ac772106fcd156012866581fe0f9e28f3b653da2c12cbb61236bf4656f81c5
                                        
                                            GET /wp-content/uploads/muzon-podarok-ddmc-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 6462
Last-Modified: Sat, 14 Dec 2013 21:07:25 GMT
Connection: keep-alive
Etag: "52acc88d-193e"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6462
Md5:    039d14bf12e969c60392b95349622237
Sha1:   24f41fbcbbc9cf07bd25183c451595b114a7172e
Sha256: 29769b42c1f2f22a5a909d902ab41116f0e2bc29825e5a8799209746f2205f0f
                                        
                                            GET /wp-includes/js/comment-reply.min.js?ver=4.1.21 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 757
Last-Modified: Tue, 28 Jul 2015 09:52:49 GMT
Connection: keep-alive
Etag: "55b750f1-2f5"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   757
Md5:    1b1e9d1d12fcc51a151e7e0688bc695f
Sha1:   bfde5fdc87cd0e19b10aa46fcd628c44f4e07f82
Sha256: b02ab5446d4dd91bc73183089db613f7cd4c954bc79a21dff4785c9280af45a0
                                        
                                            GET /wp-content/uploads/muzon-podarok-nkae-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 8859
Last-Modified: Sat, 14 Dec 2013 21:00:43 GMT
Connection: keep-alive
Etag: "52acc6fb-229b"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8859
Md5:    ea18763c99c8f8a72f5d1c07d99b71b9
Sha1:   26ee01f859dd797a18d4b86aaa00bae204a7ab4c
Sha256: c2d21e67939ac5beac798e165384a15826c0a9f91610a8df2a6008950c1ff379
                                        
                                            GET /wp-content/uploads/muzon-podarok-vbbty-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 10815
Last-Modified: Sat, 14 Dec 2013 20:58:13 GMT
Connection: keep-alive
Etag: "52acc665-2a3f"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   10815
Md5:    1b6352494f3c9f481ae92a0f947fa2fb
Sha1:   e4d18e71c77118c3d6818a043564c83515803849
Sha256: c4a3b7ca5a60f101dac5622fdd3f1c22bcc1cd4b46b9c351bcd303d336db3dac
                                        
                                            GET /wp-content/uploads/muzon-podarok-d5331-160x98.jpg HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:24 GMT
Content-Length: 8566
Last-Modified: Sat, 14 Dec 2013 20:49:27 GMT
Connection: keep-alive
Etag: "52acc457-2176"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8566
Md5:    50bf0ac69d038a2aee4304e87145c747
Sha1:   ae624d4da77356fe3c1a57b92b1049d2bbfa8e40
Sha256: e5a723b1c71ff501425c63eca646a66170dcdb95592b98e41a4b2808fde67799
                                        
                                            GET /pagead/js/r20180102/r20170110/show_ads_impl.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Mon, 08 Jan 2018 15:00:25 GMT
Expires: Mon, 08 Jan 2018 15:00:25 GMT
Cache-Control: private, max-age=1209600
Etag: 16680098071007668847
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67974
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   67974
Md5:    ff087ef3c57b762ef17497dfa4b5a0f9
Sha1:   aa669f9d82a46e1f461c0139f91cc715b5c34bef
Sha256: 3a3ea03c0bc1bb961cca734c9298717b4a35e0597b9d1452070956abf0ec03a6
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:25 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    eebb1b182455fd3604af735b6a1e453b
Sha1:   c6fa471a16983951444deea270bcaa5e6b43ec78
Sha256: f10c931e8ee86e77db3e2bdc6e271a18b465cfc8d0d89197bc6f23e3b844a37d
                                        
                                            GET /wp-content/plugins/muzon_podarok/js/jquery-1.11.1.js?ver=4.1.21 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:25 GMT
Last-Modified: Wed, 29 Jul 2015 09:55:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"55b8a328-4508e"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   85686
Md5:    facfdf2fe9efe5b581fdc68bcb2a6afd
Sha1:   871e1d9eec586d6f2261064de0f3a542684d90b1
Sha256: 591144f3957ea1c2126a95ea872274d7cdf978d180a7546c8546d810dd6a9573
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:25 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    6bf50ec404fb4a8b4a94be8390d11938
Sha1:   0caaab7704d6221abc5e0342909a4928cee50b1c
Sha256: 63b592179b1e9a528344ce1d430b9479fc55f43420a468ec35aaeaa9dff911cf
                                        
                                            GET /pub-config/r20160913/ca-pub-8696655009354586.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 125
Date: Mon, 08 Jan 2018 09:54:07 GMT
Expires: Mon, 08 Jan 2018 21:54:07 GMT
Last-Modified: Sun, 07 Jan 2018 22:10:38 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=43200
Age: 18379
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   125
Md5:    f80120281945bc2ccdaebc64cbad921d
Sha1:   b5c7ef140888ede182fcac94921a4eb502f07a5c
Sha256: 4cb4b9970ec5cedababe29f9a4ab00d00194bbebd2063cb117dec008b8c6982a
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:26 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    a7a7df4a4ae4131b98fac6fdfbf53131
Sha1:   7617bb518044a46b3d0b88be95325c3a3b479f89
Sha256: c62f598241d1a1df74116540389a2db24384fcf17ca565da264e989a4088b360
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:26 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    648dab9de2ee94520069ab482141d5f0
Sha1:   bd6ddd1204c45d2dff0623a700e2364857ad7c5d
Sha256: 26158c8b431745af349e158f5d45423a5da6fbbffb44a5876d8f5fe7a1003f95
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1391
Content-Transfer-Encoding: binary
Cache-Control: max-age=330495, public, no-transform, must-revalidate
Last-Modified: Fri, 5 Jan 2018 10:45:27 GMT
Expires: Fri, 12 Jan 2018 10:45:27 GMT
Date: Mon, 08 Jan 2018 15:00:26 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1391
Md5:    9d7d94e2c280df31473748a039755f1a
Sha1:   a3dab33b0ee3e52c27766e3ae6cd7d4097977792
Sha256: bb92e95822e4561ebb83270c483772ab9b4a4732d8ea2c00a34feb7c62357dd9
                                        
                                            GET /adsid/integrator.js?domain=muzon-podarok.ru HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Mon, 08 Jan 2018 15:00:26 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   107
Md5:    5432a558d422eaeaa6f7e8a15c0c1134
Sha1:   252ee6dbb502fd998fbdc5721da5986b877f1c73
Sha256: e61d268069b171358cb5d545e31856cbc3ac2b995cff5e4f7043ae988dc44c6d
                                        
                                            GET /adsid/integrator.js?domain=muzon-podarok.ru HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Mon, 08 Jan 2018 15:00:26 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   107
Md5:    5432a558d422eaeaa6f7e8a15c0c1134
Sha1:   252ee6dbb502fd998fbdc5721da5986b877f1c73
Sha256: e61d268069b171358cb5d545e31856cbc3ac2b995cff5e4f7043ae988dc44c6d
                                        
                                            GET /pagead/ads?client=ca-pub-8696655009354586&output=html&h=100&slotname=3986974959&adk=3464819608&adf=807048394&w=320&lmt=1515423623&loeid=38893312&format=320x100&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&wgl=0&dt=1515423624935&bpp=6&fdt=900&idt=989&shv=r20180102&cbv=r20170110&saldr=aa&prev_fmts=300x250&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=423&ady=24&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=1026 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 08 Jan 2018 15:00:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 08-Jan-2018 15:15:26 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Expires: Mon, 08 Jan 2018 15:00:26 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   366
Md5:    27ae7fd6e55f2de8a9abb24b587596eb
Sha1:   54ed7c5c4862e232ca223414e16e0efde8f6cfe0
Sha256: fd542ea8bb070d1e569331679ec13e0ac83cf0685d44bb93e80b904251325828
                                        
                                            GET /wp-content/plugins/muzon_podarok/js/new.js?ver=4.1.21 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:26 GMT
Last-Modified: Wed, 29 Jul 2015 09:55:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"55b8a32a-2e9b"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3175
Md5:    d6033708ad5781ba859d31fdbbd15400
Sha1:   234e25bc23f488130a514195ad5b5498596a5bfd
Sha256: bed126c3ce312a10d64103d26662a5f13add8a63ea5ada1d07b45a3fb6f12839
                                        
                                            GET /pagead/ads?client=ca-pub-8696655009354586&output=html&h=600&slotname=9893907758&adk=1733166768&adf=807048394&w=287&fwrn=4&lmt=1515423623&loeid=38893312&rafmt=1&format=287x600&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&fwr=0&resp_fmts=4&wgl=0&dt=1515423624952&bpp=6&fdt=1326&idt=1432&shv=r20180102&cbv=r20170110&saldr=aa&prev_fmts=300x250%2C320x100%2C297x250%2C306x250_0ads_al&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=750&ady=821&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1168&bc=1&ifi=5&dtd=1463 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 08 Jan 2018 15:00:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 08-Jan-2018 15:15:26 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Expires: Mon, 08 Jan 2018 15:00:26 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   368
Md5:    f092a8e57271a9e7198bf2db227d6007
Sha1:   74cc071a2f66ef64a9e9212db560a7367a2420fd
Sha256: 82697c0ce2ef358ed18a871fae9cbcc53183ccbceb32ef21616c8edeaa32a554
                                        
                                            GET /wp-content/plugins/muzon_podarok/fancy/jquery.fancybox.js?ver=4.1.21 HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:26 GMT
Last-Modified: Wed, 29 Jul 2015 09:55:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"55b8a324-c0f5"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   14370
Md5:    24dc00bdd58292df26bd2e766cab6857
Sha1:   a85089704bd000c53b0343660501c34908bbc17e
Sha256: 87094d4fea063752ec575c40b008c605ce1bbc0755fa83f929c70c21668361ca
                                        
                                            GET /pagead/js/r20180102/r20170110/osd.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Thu, 04 Jan 2018 01:31:17 GMT
Expires: Thu, 18 Jan 2018 01:31:17 GMT
Etag: 13856620469708125589
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 30575
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 394149
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   30575
Md5:    192292c70e98469ad29567bd0c4fd9be
Sha1:   362e5527d1f1546ab3bf2f602a544337887e1a06
Sha256: 20fc12be22256be6db4576a2581e358657aaa21a93edf2107e1bde6092a87aee
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim
If-Modified-Since: Fri, 03 Oct 2014 00:48:42 GMT

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Mon, 08 Jan 2018 14:36:43 GMT
Expires: Mon, 08 Jan 2018 16:36:43 GMT
Last-Modified: Mon, 13 Nov 2017 20:19:12 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 14597
Cache-Control: public, max-age=7200
Age: 1423


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14597
Md5:    6199bd5ef36ff16dd8c35a2abdb5991c
Sha1:   beb16561dd55ab5896b230c5a116a5d819e86b34
Sha256: a3d61ef9e80a01a794fd7c2769720f2fd0e15d0458236e8e0edd411560171879
                                        
                                            GET /pagead/html/r20180102/r20170110/zrt_lookup.html HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Wed, 03 Jan 2018 08:36:54 GMT
Expires: Wed, 17 Jan 2018 08:36:54 GMT
Etag: 4309064655944538791
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 6824
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 455012
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6824
Md5:    7a711d629f9508f5dfe8b4b451f2973e
Sha1:   ac005fd4df756dfd30128b40c72d0fcbffac36b9
Sha256: 73a51c99e4d8dd5ffd00544e5be1844c894dbb94f42255ef916d32d1c465a769
                                        
                                            GET /pagead/ads?client=ca-pub-8696655009354586&output=html&h=250&slotname=5463708150&adk=1270688880&adf=807048394&w=297&fwrn=4&lmt=1515423623&loeid=38893312&rafmt=1&format=297x250&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&fwr=0&resp_fmts=3&wgl=0&dt=1515423624941&bpp=6&fdt=1032&idt=1124&shv=r20180102&cbv=r20170110&saldr=aa&prev_fmts=300x250%2C320x100&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=745&ady=24&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1168&bc=1&ifi=3&dtd=1151 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 08 Jan 2018 15:00:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 08-Jan-2018 15:15:26 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Expires: Mon, 08 Jan 2018 15:00:26 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   367
Md5:    548802ae028f54117acc0250210ea0f8
Sha1:   cf498cb447f2673d813effff36ea70355c170d19
Sha256: beca5e30658170707c2fc08ae572aaddc80d6e8aa777c6d1e110101e2c5dfef2
                                        
                                            GET /r/collect?v=1&_v=j66&a=1324658643&t=pageview&_s=1&dl=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ul=en-us&de=UTF-8&dt=%D0%93%D0%B0%D1%80%D0%BD%D1%96%20%D0%BC%D1%83%D0%B7%D0%B8%D1%87%D0%BD%D1%96%20%D0%BB%D0%B8%D1%81%D1%82%D1%96%D0%B2%D0%BA%D0%B8%20%D0%B7%20%D0%A0%D1%96%D0%B7%D0%B4%D0%B2%D0%BE%D0%BC%20%D0%A5%D1%80%D0%B8%D1%81%D1%82%D0%BE%D0%B2%D0%B8%D0%BC!%20%7C%20%D0%A0%D1%96%D0%B7%D0%B4%D0%B2%D0%BE%20%D0%A5%D1%80%D0%B8%D1%81%D1%82%D0%BE%D0%B2%D0%B5%20%D0%BB%D0%B8%D1%81%D1%82%D1%96%D0%B2%D0%BA%D0%B8%20%C2%AB%20%D0%9C%D1%83%D0%B7%D1%8B%D0%BA%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5%20%D0%BE%D1%82%D0%BA%D1%80%D1%8B%D1%82%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D0%BA%D0%B0%D0%B6%D0%B4%D1%8B%D0%B9%20%D0%BF%D1%80%D0%B0%D0%B7%D0%B4%D0%BD%D0%B8%D0%BA&sd=24-bit&sr=1176x885&vp=1159x737&je=1&fl=10.0%20r45&_u=IAhAAAQ~&jid=1745870761&gjid=649375679&cid=303066757.1515423626&tid=UA-46045039-1&_gid=1156182243.1515423627&_r=1&z=633833481 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.20.46
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-46045039-1&cid=303066757.1515423626&jid=1745870761&_gid=1156182243.1515423627&gjid=649375679&_v=j66&z=633833481
Access-Control-Allow-Origin: *
Date: Mon, 08 Jan 2018 15:00:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 417


--- Additional Info ---
Magic:  HTML document text
Size:   417
Md5:    0ae3bb3b6dd32dedd428f1023d2a3858
Sha1:   ce716d9af8ab3d1273cdab382dbc29c64be52b40
Sha256: a9ac2af94045c0f361d7c9842358613782861b34e55d1d2ba6162a35471e0ca6
                                        
                                            GET /pagead/ads?client=ca-pub-8696655009354586&output=html&h=250&slotname=8417174550&adk=1200011802&adf=807048394&w=306&lmt=1515423623&loeid=38893312&rafmt=10&format=306x250_0ads_al&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&wgl=0&dt=1515423624947&bpp=5&fdt=1177&idt=1273&shv=r20180102&cbv=r20170110&saldr=aa&prev_fmts=300x250%2C320x100%2C297x250&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=428&ady=821&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1168&bc=1&ifi=4&dtd=1316 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 08 Jan 2018 15:00:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 08-Jan-2018 15:15:26 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Expires: Mon, 08 Jan 2018 15:00:26 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   2694
Md5:    35d7b95020aab15021bd6636155a7705
Sha1:   9fb65dc4b55f08951522a5d9a2f06dd9696609ca
Sha256: 72304a7ff58a27bb3d64e3f4f2580962783e1a814e2096aa3e10ce54e251a93e
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:27 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    af3be87b532c52de71e40cf324221934
Sha1:   a5feca1c8378d5a3eecafa204f4eeaa0220b63f5
Sha256: 48f4f1db1d2b92f558b4a07c1ffcf724faa3662342e7ceae93c9690bc1d1f33e
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:27 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    3c48a63133348bfda7c919a937855b8b
Sha1:   d51be52a9b621dedae2c9c7d3e67f1e0742b84c5
Sha256: 10759210a416f9130d290a6b9a79813b1cb80ce1d7d4b4b9011b8cfdc5dbed63
                                        
                                            GET /pagead/ads?client=ca-pub-8696655009354586&output=html&h=250&slotname=6324202954&adk=3795495575&adf=807048394&w=300&lmt=1515423623&loeid=38893312&format=300x250&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&avail_w=285&wgl=0&dt=1515423624912&bpp=14&fdt=170&idt=426&shv=r20180102&cbv=r20170110&saldr=aa&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=105&ady=25&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=900 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 08 Jan 2018 15:00:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 08-Jan-2018 15:15:27 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Expires: Mon, 08 Jan 2018 15:00:27 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   369
Md5:    8c80ef4583d29df493859c18d4de87fd
Sha1:   e00b2685ee9c144d76504c467ca1214dafbd1b64
Sha256: 422b2ed70a19f90e85fb2ba91be74ad0705f6238edc383c5a820b16b5cfd1a4e
                                        
                                            GET /pagead/js/r20180102/r20110914/abg.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&output=html&h=250&slotname=8417174550&adk=1200011802&adf=807048394&w=306&lmt=1515423623&loeid=38893312&rafmt=10&format=306x250_0ads_al&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&wgl=0&dt=1515423624947&bpp=5&fdt=1177&idt=1273&shv=r20180102&cbv=r20170110&saldr=aa&prev_fmts=300x250%2C320x100%2C297x250&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=428&ady=821&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1168&bc=1&ifi=4&dtd=1316

                                         
                                         172.217.20.33
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 03 Jan 2018 03:15:52 GMT
Expires: Wed, 17 Jan 2018 03:15:52 GMT
Etag: 12555164094812895799
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 20677
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 474275
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   20677
Md5:    d4daa4b4be72f873edb4df4ba0c1f9e2
Sha1:   bf1b517ce4eaadc05b05716fe14c3bc46aebb621
Sha256: 9cc11448fbc25b99c82ab00a42dde5557cfdf94ed5596455ff9edf2d7f623c43
                                        
                                            GET /pagead/js/r20180102/r20180102/activeview/osd_listener.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&output=html&h=250&slotname=8417174550&adk=1200011802&adf=807048394&w=306&lmt=1515423623&loeid=38893312&rafmt=10&format=306x250_0ads_al&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&wgl=0&dt=1515423624947&bpp=5&fdt=1177&idt=1273&shv=r20180102&cbv=r20170110&saldr=aa&prev_fmts=300x250%2C320x100%2C297x250&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=428&ady=821&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1168&bc=1&ifi=4&dtd=1316

                                         
                                         172.217.20.33
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Sat, 06 Jan 2018 02:27:24 GMT
Expires: Sat, 20 Jan 2018 02:27:24 GMT
Etag: 10544324171629224810
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 13023
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 217983
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   13023
Md5:    563523a35a10c17e821c3ba2fa3b7b5d
Sha1:   ef0a45f60de8e0e71ef679aa7bfb0473e8adb915
Sha256: a2ffdc1783d95c8096c0f56de0e63d40bad4ceb53271353feb0319d07e458e28
                                        
                                            GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-46045039-1&cid=303066757.1515423626&jid=1745870761&_gid=1156182243.1515423627&gjid=649375679&_v=j66&z=633833481 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim
Cookie: test_cookie=CheckForPermission

                                         
                                         173.194.222.154
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Mon, 08 Jan 2018 15:00:27 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /activeview?avi=B30z5iodTWqbNMZW06wTXlIKwCQCduoH00wEAADgByAEByAMCoAZL0ggFCIBhEAE&id=osdim&ti=1&r=pv&uc=0&tgt=nf&cl=0&v=r20180102 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8696655009354586&output=html&h=250&slotname=8417174550&adk=1200011802&adf=807048394&w=306&lmt=1515423623&loeid=38893312&rafmt=10&format=306x250_0ads_al&url=http%3A%2F%2Fmuzon-podarok.ru%2Fz-rizdvom-xristovim&ea=0&flash=10.0.45&wgl=0&dt=1515423624947&bpp=5&fdt=1177&idt=1273&shv=r20180102&cbv=r20170110&saldr=aa&prev_fmts=300x250%2C320x100%2C297x250&correlator=3521135059913&frm=20&ga_vid=303066757.1515423626&ga_sid=1515423626&ga_hid=1324658643&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=428&ady=821&biw=1159&bih=737&abxe=1&eid=4089042%2C38893302%2C21061122%2C191880502&oid=3&nmo=1&zm=1.02&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1168&bc=1&ifi=4&dtd=1316

                                         
                                         172.217.21.162
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Date: Mon, 08 Jan 2018 15:00:27 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /bn-wrapper/bn-wrapper.min.js?s=65915&f=1&r=65779&p=right&q=3&t=5000 HTTP/1.1 
Host: c.am15.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         37.48.89.11
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: openresty
Date: Mon, 08 Jan 2018 15:00:27 GMT
Last-Modified: Mon, 03 Apr 2017 08:58:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"58e20e9e-321"
Expires: Wed, 07 Feb 2018 15:00:27 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   421
Md5:    e317431bfa799603cef451efb3b67afb
Sha1:   721671d080eb2000b207bdba4630ca4ad45ac532
Sha256: c51d98b15bf9f456e0b124fdd66c73fdbc911d0e6c7c8757ea196f388ef0d312
                                        
                                            GET /bn.php?s=65915&rot=1&f=1&d=65779 HTTP/1.1 
Host: am15.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim

                                         
                                         144.76.168.9
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=windows-1251
                                        
Server: openresty
Date: Mon, 08 Jan 2018 15:00:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.3-3+deb.sury.org~trusty+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Mon, 08 Jan 2018 15:00:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: wbn=200; expires=Tue, 09-Jan-2018 01:00:27 GMT; Max-Age=36000; path=/; domain=.am15.net unic_vc=yhjT28JT1BSDNC_Fd7Fn; expires=Mon, 08-Jan-2018 20:59:59 GMT; Max-Age=21572; path=/; domain=.am15.net
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2116
Md5:    edfeaf93791dbfc6b4d57944e9ad70e2
Sha1:   b222a4d2be3456dc669ba6c720f0f2f69e414ee9
Sha256: f5feaf97e53ba4a568dff51f9bf14116bcb232ab06052f383b24f78da2ddc3b8
                                        
                                            GET /x/uid.php?rand=221723475&uid=pARtmq6 HTTP/1.1 
Host: am15.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim
Cookie: wbn=200; unic_vc=yhjT28JT1BSDNC_Fd7Fn

                                         
                                         144.76.168.9
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Server: openresty
Date: Mon, 08 Jan 2018 15:00:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.3-3+deb.sury.org~trusty+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Mon, 08 Jan 2018 15:00:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   864
Md5:    088adc950b3fc7419269234b580ba453
Sha1:   0355efad6cfc8338bc30fef736d760aa11334e52
Sha256: dd099ccf6eacab239e89da1e00729bec83ee4a3cb54dad7ba4fbc7eed49fb477
                                        
                                            GET /x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827 HTTP/1.1 
Host: am15.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim
Cookie: wbn=200; unic_vc=yhjT28JT1BSDNC_Fd7Fn

                                         
                                         144.76.168.9
HTTP/1.1 200 OK
Content-Type: text/html; charset=windows-1251
                                        
Server: openresty
Date: Mon, 08 Jan 2018 15:00:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.3-3+deb.sury.org~trusty+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Mon, 08 Jan 2018 15:00:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Set-Cookie: e8cef=1; expires=Mon, 08-Jan-2018 15:30:27 GMT; Max-Age=1800; path=/; domain=.am15.net
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1297
Md5:    694b556310e39b661c565d2fd513f87f
Sha1:   828b9262905dfc5a7116f2bd68a2b218203dd20d
Sha256: 40087277d828beddcbbeb9397e64306402466a267e862b7ce848d3d9f18669d1
                                        
                                            GET /tmp/r8893.php?s=65915 HTTP/1.1 
Host: am15.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://muzon-podarok.ru/z-rizdvom-xristovim
Cookie: wbn=200; unic_vc=yhjT28JT1BSDNC_Fd7Fn

                                         
                                         144.76.168.9
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Date: Mon, 08 Jan 2018 15:00:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.3-3+deb.sury.org~trusty+1
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
                                        
                                            GET /advmaker HTTP/1.1 
Host: sync2.audtd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         78.155.222.211
HTTP/1.1 302 Found
Content-Type: text/plain; charset=utf-8
                                        
Set-Cookie: chk=OK; Max-Age=6; Domain=.audtd.com; Path=/; Expires=Mon, 08 Jan 2018 15:00:34 GMT
Location: http://sync2.audtd.com/match/advmaker?checked=true&rst=1515423628957&rf=http%3A%2F%2Fam15.net%2Fx%2Ffpx.php%3Fupst%3Dy93_sBbTyJ_X293uy9yz%26s%3D65915%26t%3Dbn%26rand%3D1130291827&type=gif
Vary: Accept
Content-Length: 209
Date: Mon, 08 Jan 2018 15:00:28 GMT
Connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   209
Md5:    246003a3f528bd6be4ec51bac1046f69
Sha1:   3e0c239e25d2d69e5d3ab7d31436a1b65f77059c
Sha256: a37ec2f9bbfcce7327cf64554d7580d0f18653fb17eea35fd3982f0fb6c05a8b
                                        
                                            GET /match/aotm.js HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         94.130.164.241
HTTP/1.1 302 Found
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: chk=1; path=/ chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ; path=/
Location: /match/aotm.js?chk=1


--- Additional Info ---
                                        
                                            GET /match/advmaker?type=js&uid= HTTP/1.1 
Host: sync.audtd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         78.155.222.210
HTTP/1.1 302 Found
Content-Type: text/plain; charset=utf-8
                                        
Set-Cookie: chk=OK; Max-Age=6; Domain=.audtd.com; Path=/; Expires=Mon, 08 Jan 2018 15:00:34 GMT
Location: http://sync.audtd.com/match/advmaker?type=js&uid=&checked=true&rst=1515423628971&rf=http%3A%2F%2Fam15.net%2Fx%2Ffpx.php%3Fupst%3Dy93_sBbTyJ_X293uy9yz%26s%3D65915%26t%3Dbn%26rand%3D1130291827
Vary: Accept
Content-Length: 212
Date: Mon, 08 Jan 2018 15:00:28 GMT
Connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   212
Md5:    8721352cdc2f9e234c92fe67cd6e375f
Sha1:   24331b070b59a0b95c6f2ac2461d364ba741144b
Sha256: 78b182706cfbf5da7b0eee5a664b89d0e7b70586daadcdfbf607185a130e54f9
                                        
                                            GET /match/aotm.js?chk=1 HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=1; chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ

                                         
                                         94.130.164.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:28 GMT
Content-Length: 995
Connection: keep-alive
Set-Cookie: mpid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid.sig=hRZNCnn47BrAjrybFz-xwmjpj1A; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid=ZWJkZjVlY2U=; path=/; expires=Mon, 08 Jul 2019 15:00:28 GMT; domain=.otm-r.com mpid.sig=M8f64LghVw31-7kz7hXKSU6iJxs; path=/; expires=Mon, 08 Jul 2019 15:00:28 GMT; domain=.otm-r.com


--- Additional Info ---
Magic:  ASCII text
Size:   995
Md5:    cc5ec18e26939f2254c01af9e39a5cda
Sha1:   fd73c94c737fbf9feed22c1d75c4ee9c8d9a6a41
Sha256: 5c9ca946baa2336d2da925fb2ab5f04bdd30b4a8198a4581ee19b25757185980
                                        
                                            GET /match/advmaker?checked=true&rst=1515423628957&rf=http%3A%2F%2Fam15.net%2Fx%2Ffpx.php%3Fupst%3Dy93_sBbTyJ_X293uy9yz%26s%3D65915%26t%3Dbn%26rand%3D1130291827&type=gif HTTP/1.1 
Host: sync2.audtd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=OK

                                         
                                         78.155.222.211
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Set-Cookie: pid=AU00C0311DA77; Max-Age=62899200; Domain=.audtd.com; Path=/; Expires=Mon, 06 Jan 2020 15:00:29 GMT
Location: https://sync.audsp.com/friggin-meguc/renegade?id=AU00C0311DA77&fpd=advmaker
Vary: Accept
Content-Length: 202
Date: Mon, 08 Jan 2018 15:00:29 GMT
Connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   202
Md5:    6730d0728c42e2fb184276a029cf3527
Sha1:   023aa87e6c681fce31fa44ff517a0a522d4f0f76
Sha256: 2ce97d2095b5ac577e9c63c27590e736a1f9eb033e457f952152c16e38a8ef4c
                                        
                                            GET /match/advmaker?type=js&uid=&checked=true&rst=1515423628971&rf=http%3A%2F%2Fam15.net%2Fx%2Ffpx.php%3Fupst%3Dy93_sBbTyJ_X293uy9yz%26s%3D65915%26t%3Dbn%26rand%3D1130291827 HTTP/1.1 
Host: sync.audtd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=OK

                                         
                                         78.155.222.210
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Set-Cookie: pid=AU00FEC3F27B1; Max-Age=62899200; Domain=.audtd.com; Path=/; Expires=Mon, 06 Jan 2020 15:00:29 GMT
Content-Length: 1766
Etag: W/"6e6-0EQHkgauTSPiibJpKjn1M/Lo7aE"
Date: Mon, 08 Jan 2018 15:00:29 GMT
Connection: close


--- Additional Info ---
Magic:  ASCII text
Size:   1766
Md5:    0966f92c23c06a053b25ec8b1d24bef5
Sha1:   d044079206ae4d23e289b2692a39f533f2e8eda1
Sha256: 8418499954650453bec7760cc9f3eb0bf0f39c255d36b9c28bb30434f44dda44
                                        
                                            GET /rsc.php?mode=bu&pkey=1c8ebe51c670dccc186c19900e2d957b&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=65915 HTTP/1.1 
Host: t02.rbnt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         148.251.159.22
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 08 Jan 2018 15:00:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: csc=1; expires=Mon, 08-Jan-2018 15:01:29 GMT; Max-Age=60; path=/; domain=.rbnt.org bu=CndabP17Csii9aRs1iL4U1; expires=Thu, 08-Jan-2043 15:00:29 GMT; Max-Age=788918400; path=/; domain=.rbnt.org
Location: /rsc.php?mode=bu&pkey=1c8ebe51c670dccc186c19900e2d957b&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=65915&csc=1
Strict-Transport-Security: max-age=0


--- Additional Info ---
                                        
                                            GET /x/adteam_sync.php?uid= HTTP/1.1 
Host: sync.teamrtb.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         148.251.136.163
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Mon, 08 Jan 2018 15:00:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.3-3+deb.sury.org~trusty+1


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    57f187c7a868faeac558007a8eb6cb2e
Sha1:   11ab10ab109fdb53d91d444ac781101f5a6360c6
Sha256: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /rsc.php?mode=bu&pkey=1c8ebe51c670dccc186c19900e2d957b&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=65915&csc=1 HTTP/1.1 
Host: t02.rbnt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: csc=1; bu=CndabP17Csii9aRs1iL4U1

                                         
                                         148.251.159.22
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 08 Jan 2018 15:00:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=0
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   40
Md5:    734384178802406bac1e39ec9365482e
Sha1:   26d0f8a8f8da3bbb8f3486fd24b16717324e7339
Sha256: a005f11188398d6b72eaa82b3a12d028c2694f98c43e3922cb75d534988c7502
                                        
                                            GET /v2/mark/787.gif HTTP/1.1 
Host: x.instreamatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         138.201.36.215
HTTP/1.1 302 FOUND
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: close
Location: http://ad.mail.ru/cm.gif?p=66&id=4fb01280b6fc6bd806300bfe07344dad
Set-Cookie: uns=MWDHAYGKVTEG; Domain=.instreamatic.com; Expires=Thu, 06 Jan 2028 18:00:29 GMT; Path=/
Expires: Mon, 08 Jan 2018 15:00:28 GMT
Cache-Control: no-cache
Access-Control-Allow-Credentials: true


--- Additional Info ---
                                        
                                            GET /pixel?google_nid=otmr&google_hm=ZWJkZjVlY2U%3D&google_cs=&google_cm=&fp=2119983428 HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: test_cookie=CheckForPermission

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 08 Jan 2018 15:00:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 170
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  PNG image, 1 x 1, 8-bit/color RGBA, non-interlaced
Size:   170
Md5:    e7673c60af825466f83d46da72ca1635
Sha1:   fc0fcbee0835709ba2d28798a612bfd687903fb5
Sha256: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:29 GMT
Server: Apache
Last-Modified: Sun, 07 Jan 2018 16:09:06 GMT
Expires: Sun, 14 Jan 2018 16:09:06 GMT
Etag: CF7AA1200F6C3766AF0B830B255F106C831549D5
Cache-Control: max-age=521916,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp19
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    badc9aa5d2bf987eb4edc918a33f97ec
Sha1:   cf7aa1200f6c3766af0b830b255f106c831549d5
Sha256: fb891d324b1c84ce6c4a975c3ac38bfa2c9177dabba6b91327295c6d9879931a
                                        
                                            GET /pixel?google_nid=mobin_ltd&google_hm=ZWJkZjVlY2U%3D&google_sc=&google_cm=&fp=2119983428 HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: test_cookie=CheckForPermission

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://sync.dmp.otm-r.com/match/google2?fp=2119983428&google_gid=CAESEGwcUVxSylJHm8bFfpOpYTw&google_cver=1
Date: Mon, 08 Jan 2018 15:00:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 311
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT IDE=AHWqTUkrNbhy3GN4puypqdvns04DwY7mXKoSENc4u3o4i9fYIs9k2E5MXw; expires=Wed, 08-Jan-2020 15:00:29 GMT; path=/; domain=.doubleclick.net; HttpOnly


--- Additional Info ---
Magic:  HTML document text
Size:   311
Md5:    7f40988454cb6dff101dabcd5495067c
Sha1:   9eca96c95737a34c6a4673b1807b2560f0a9078e
Sha256: bf0932ca259251b8a625620afb1b5c3075e5832870818f772f6b6a80fb6a8755
                                        
                                            GET /m?cdsp=319529&c=ZWJkZjVlY2U%3D&adu=http%3A%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fmirs%3Fid%3D%7Bmuidn%7D%26fp%3D2119983428 HTTP/1.1 
Host: cm.marketgid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         87.242.88.91
HTTP/1.1 301 Moved Permanently
Content-Type: image/gif
                                        
Server: nginx/1.11.10
Date: Mon, 08 Jan 2018 15:00:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://sync.dmp.otm-r.com/match/mirs?id=i08tXnSx6G0h&fp=2119983428
Set-Cookie: mg_sync={"319529":1515423629}; expires=Wed, 07 Feb 2018 15:00:29 GMT muidn=i08tXnSx6G0h;Domain=.marketgid.com;Path=/;Expires=Tue, 19-Jan-2038 03:14:08 GMT;
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    57f187c7a868faeac558007a8eb6cb2e
Sha1:   11ab10ab109fdb53d91d444ac781101f5a6360c6
Sha256: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
                                        
                                            POST /gsextendvalsha2g3r3 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.31.75.124
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 1562
Connection: keep-alive
Set-Cookie: __cfduid=db28b1f7c1eda3b1ccca41d58509287cd1515423629; expires=Tue, 08-Jan-19 15:00:29 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Mon, 08 Jan 2018 11:29:57 GMT
Expires: Fri, 12 Jan 2018 11:29:57 GMT
Etag: "c8668964473a12eca0fb4658e7dc632877a4f1e0"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3da006d2f6de4297-OSL


--- Additional Info ---
Magic:  data
Size:   1562
Md5:    b711a66707caba2ae7a3449a74dd27f3
Sha1:   c8668964473a12eca0fb4658e7dc632877a4f1e0
Sha256: 77bd9dbcd5d5c37477b63ae22f8ba21fe466383a082921cb51f95680143d22ba
                                        
                                            GET /p/cm/otm?fp=2119983428 HTTP/1.1 
Host: px.adhigh.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         136.243.75.6
HTTP/1.1 302 Found
                                        
Server: nginx/1.12.2
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: keep-alive
X-Backend-id: f28-de
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Set-Cookie: gi_u=g96X8hNRLmW;Path=/;Domain=.adhigh.net;Expires=Tue, 08-Jan-2019 15:00:29 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Location: http://px.adhigh.net/p/cm/otm?fp=2119983428&bounced=1


--- Additional Info ---
                                        
                                            GET /otmrtb-sync?uid=ZWJkZjVlY2U%3D&fp=2119983428 HTTP/1.1 
Host: rtb.com.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         83.222.104.102
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.10.2
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 114
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Location: /sync?isNewID=true&otmrtb_fp=2119983428&sspName=otmrtb&sspUserID=ZWJkZjVlY2U%3D
P3P: CP="rtb.com.ru does not have a P3P policy"
Set-Cookie: as-user=5a53878d98657b4149bca5c5; Path=/; Domain=rtb.com.ru; Max-Age=31536000; HttpOnly


--- Additional Info ---
Magic:  ASCII text
Size:   114
Md5:    aeb00f15cce6c7555c6f0d696de48f68
Sha1:   4635dbad87a397d182d1c0bc676ff4a79898431d
Sha256: 970205239985c27af3d7921e2f70cd3d28c357f2c1400d79b6f3f917b710b013
                                        
                                            GET /match/google2?fp=2119983428&google_gid=CAESEGwcUVxSylJHm8bFfpOpYTw&google_cver=1 HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=1; chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ; mpid=ZWJkZjVlY2U=; mpid.sig=M8f64LghVw31-7kz7hXKSU6iJxs

                                         
                                         94.130.164.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 995
Connection: keep-alive
Set-Cookie: mpid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid.sig=hRZNCnn47BrAjrybFz-xwmjpj1A; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid=ZWJjNDk5Y2U=; path=/; expires=Mon, 08 Jul 2019 15:00:29 GMT; domain=.otm-r.com mpid.sig=AOEWo-lHVZgjKx8e8-Zp9BYauMc; path=/; expires=Mon, 08 Jul 2019 15:00:29 GMT; domain=.otm-r.com


--- Additional Info ---
Magic:  ASCII text
Size:   995
Md5:    06892c38693bd95217bb89dbe966aefe
Sha1:   010cfdb99770830b723ce061955f953c55e90391
Sha256: 8f3fbcb5be09298eb602a924e57e205d5ee4f39916c1ba9df9d4e253f505cfb9
                                        
                                            GET /sync?isNewID=true&otmrtb_fp=2119983428&sspName=otmrtb&sspUserID=ZWJkZjVlY2U%3D HTTP/1.1 
Host: rtb.com.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: as-user=5a53878d98657b4149bca5c5

                                         
                                         83.222.104.102
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.10.2
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 642
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Location: //cm.g.doubleclick.net/pixel?google_nid=adspend&google_cm&google_hm=5a53878d98657b4149bca5c5&id=5a53878d98657b4149bca5c5&r=%2F%2Fx01.aidata.io%2F0.gif%3Fpid%3D6472613%26id%3D5a53878d98657b4149bca5c5%26dest%3D%252F%252Fdmp.adx.com.ru%252Fadspend%253Fuid%253D5a53878d98657b4149bca5c5%2526r%253D%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D5a53878d98657b4149bca5c5%252526i%25253D8378514801823016139%252526r%25253D%2525252F%2525252Fsync.dmp.otm-r.com%2525252Fmatch%2525252Fbbdo%2525253Fid%2525253D5a53878d98657b4149bca5c5%25252526fp%2525253D2119983428
P3P: CP="rtb.com.ru does not have a P3P policy"


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   642
Md5:    59ab296d5b08335f101b94c563f02b7e
Sha1:   48307a6554262f8f9db92b5917dad8902e7e6b6e
Sha256: 1670a837680bf8c2d07e10cdc2081076d0510ad477d2dd8fc6faf13214dbc24a
                                        
                                            GET /cm.gif?p=66&id=4fb01280b6fc6bd806300bfe07344dad HTTP/1.1 
Host: ad.mail.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         217.69.139.42
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 43
Connection: keep-alive
Set-Cookie: VID=07rSX-3m7ZHf0000080G541f:::; path=/; expires=Sun, 10-Jan-21 15:00:29 GMT; domain=.mail.ru; HttpOnly
Expires: Mon, 08 Jan 2018 21:00:29 GMT
Cache-Control: max-age=21600
Last-Modified: Mon, 08 Jan 2018 15:00:29 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /p/cm/otm?fp=2119983428&bounced=1 HTTP/1.1 
Host: px.adhigh.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: gi_u=g96X8hNRLmW

                                         
                                         136.243.75.6
HTTP/1.1 302 Found
                                        
Server: nginx/1.12.2
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: keep-alive
X-Backend-id: f28-de
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Cache-Control: no-cache, no-store
Set-Cookie: otm_sync=EA4;Path=/;Domain=.adhigh.net;Expires=Tue, 08-Jan-2019 15:00:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://sync.dmp.otm-r.com/match/getintent?id=g96X8hNRLmW


--- Additional Info ---
                                        
                                            GET /friggin-meguc/renegade?id=AU00C0311DA77&fpd=advmaker HTTP/1.1 
Host: sync.audsp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         78.155.222.215
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Location: //cm.g.doubleclick.net/pixel?google_nid=auditorius&google_cm&google_hm=QVUwMEMwMzExREE3Nw&fpd=advmaker&google_ula=383167865
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 162


--- Additional Info ---
Magic:  ASCII text
Size:   162
Md5:    6a7b00d4efa4caf1be7e993549e18342
Sha1:   e71ebe827baca1bc3f085f825f24063daa143808
Sha256: f92a8c4dde20da6e41f3a8b88d65310ce02063442801d761bb4c115384962eb1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         195.159.219.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "4B92EAAF6EA7A8C7C6E86BCEA51A40D6A2372F0C5BFBB67078417CC0314D5225"
Last-Modified: Sat, 06 Jan 2018 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17619
Expires: Mon, 08 Jan 2018 19:54:08 GMT
Date: Mon, 08 Jan 2018 15:00:29 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    3a186f1aeaf690525ac20fde2290b989
Sha1:   83a27b03921dddda1a81ada2bd51fdf0ca2aeff5
Sha256: 4b92eaaf6ea7a8c7c6e86bcea51a40d6a2372f0c5bfbb67078417cc0314d5225
                                        
                                            GET /pixel?google_nid=adspend&google_cm&google_hm=5a53878d98657b4149bca5c5&id=5a53878d98657b4149bca5c5&r=%2F%2Fx01.aidata.io%2F0.gif%3Fpid%3D6472613%26id%3D5a53878d98657b4149bca5c5%26dest%3D%252F%252Fdmp.adx.com.ru%252Fadspend%253Fuid%253D5a53878d98657b4149bca5c5%2526r%253D%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D5a53878d98657b4149bca5c5%252526i%25253D8378514801823016139%252526r%25253D%2525252F%2525252Fsync.dmp.otm-r.com%2525252Fmatch%2525252Fbbdo%2525253Fid%2525253D5a53878d98657b4149bca5c5%25252526fp%2525253D2119983428 HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: IDE=AHWqTUkrNbhy3GN4puypqdvns04DwY7mXKoSENc4u3o4i9fYIs9k2E5MXw

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://rtb.com.ru/adx-sync?id=5a53878d98657b4149bca5c5&r=%2F%2Fx01.aidata.io%2F0.gif%3Fpid%3D6472613%26id%3D5a53878d98657b4149bca5c5%26dest%3D%252F%252Fdmp.adx.com.ru%252Fadspend%253Fuid%253D5a53878d98657b4149bca5c5%2526r%253D%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D5a53878d98657b4149bca5c5%252526i%25253D8378514801823016139%252526r%25253D%2525252F%2525252Fsync.dmp.otm-r.com%2525252Fmatch%2525252Fbbdo%2525253Fid%2525253D5a53878d98657b4149bca5c5%25252526fp%2525253D2119983428&google_gid=CAESEFqYyAe3zXkUsfumg0c2Jmw&google_cver=1
Date: Mon, 08 Jan 2018 15:00:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 799
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  HTML document text
Size:   799
Md5:    1096e7b34a63845bd39d1c447294c6a5
Sha1:   087acb2e93acc571b1b3adc2f830143f434c7b2e
Sha256: f06f446ae9b14e9c7e02a09583b2a9528898c880ff010c7562b885792cf74b61
                                        
                                            GET /match/mirs?id=i08tXnSx6G0h&fp=2119983428 HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=1; chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ; mpid=ZWJkZjVlY2U=; mpid.sig=M8f64LghVw31-7kz7hXKSU6iJxs

                                         
                                         94.130.164.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 995
Connection: keep-alive
Set-Cookie: mpid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid.sig=hRZNCnn47BrAjrybFz-xwmjpj1A; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid=ZWI5YmU5YjM=; path=/; expires=Mon, 08 Jul 2019 15:00:29 GMT; domain=.otm-r.com mpid.sig=RXvFICtBtYcrlGR5vydgduULLNM; path=/; expires=Mon, 08 Jul 2019 15:00:29 GMT; domain=.otm-r.com


--- Additional Info ---
Magic:  ASCII text
Size:   995
Md5:    7ea7ef425efeac0551b72c950e373a60
Sha1:   1e7d07f55bff9f5b216a46d9554165f5a0a73d9a
Sha256: d80c437aba2f6da28186284f24b9c567fb954e55800fa2259592d63f1fcbb59d
                                        
                                            GET /adx-sync?id=5a53878d98657b4149bca5c5&r=%2F%2Fx01.aidata.io%2F0.gif%3Fpid%3D6472613%26id%3D5a53878d98657b4149bca5c5%26dest%3D%252F%252Fdmp.adx.com.ru%252Fadspend%253Fuid%253D5a53878d98657b4149bca5c5%2526r%253D%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D5a53878d98657b4149bca5c5%252526i%25253D8378514801823016139%252526r%25253D%2525252F%2525252Fsync.dmp.otm-r.com%2525252Fmatch%2525252Fbbdo%2525253Fid%2525253D5a53878d98657b4149bca5c5%25252526fp%2525253D2119983428&google_gid=CAESEFqYyAe3zXkUsfumg0c2Jmw&google_cver=1 HTTP/1.1 
Host: rtb.com.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: as-user=5a53878d98657b4149bca5c5

                                         
                                         83.222.104.102
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.10.2
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 435
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Location: //x01.aidata.io/0.gif?pid=6472613&id=5a53878d98657b4149bca5c5&dest=%2F%2Fdmp.adx.com.ru%2Fadspend%3Fuid%3D5a53878d98657b4149bca5c5%26r%3D%252F%252Fdmg.digitaltarget.ru%252F1%252F224%252Fi%252Fi%253Fa%253D224%2526e%253D5a53878d98657b4149bca5c5%2526i%253D8378514801823016139%2526r%253D%25252F%25252Fsync.dmp.otm-r.com%25252Fmatch%25252Fbbdo%25253Fid%25253D5a53878d98657b4149bca5c5%252526fp%25253D2119983428
P3P: CP="rtb.com.ru does not have a P3P policy"


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   435
Md5:    c6a2dda227edb54c08fa33d47e4ba0ec
Sha1:   c0e9882ba9f0a1f7f3323d106462ddef6d091f2c
Sha256: a43868c00dddc0644372bd07f54d31129b5f24dfce4723c01d1714816aa82706
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         195.159.219.8
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Fri, 05 Jan 2018 10:25:40 GMT
Etag: "d13aa320ceff37d34074536e18b9e07fec3066e2"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=12062
Expires: Mon, 08 Jan 2018 18:21:31 GMT
Date: Mon, 08 Jan 2018 15:00:29 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    b145856c928a35a478b401703b612885
Sha1:   d13aa320ceff37d34074536e18b9e07fec3066e2
Sha256: 4b941290cacac862f9aa6cd06eae225d94ee317e6bbf4a697aa60376a8b5a7ca
                                        
                                            GET /0.gif?pid=6472613&id=5a53878d98657b4149bca5c5&dest=%2F%2Fdmp.adx.com.ru%2Fadspend%3Fuid%3D5a53878d98657b4149bca5c5%26r%3D%252F%252Fdmg.digitaltarget.ru%252F1%252F224%252Fi%252Fi%253Fa%253D224%2526e%253D5a53878d98657b4149bca5c5%2526i%253D8378514801823016139%2526r%253D%25252F%25252Fsync.dmp.otm-r.com%25252Fmatch%25252Fbbdo%25253Fid%25253D5a53878d98657b4149bca5c5%252526fp%25253D2119983428 HTTP/1.1 
Host: x01.aidata.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         138.201.130.116
HTTP/1.1 302 Found
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: keep-alive
Location: http://x01.aidata.io/0.gif?pid=6472613&id=5a53878d98657b4149bca5c5&dest=%2F%2Fdmp.adx.com.ru%2Fadspend%3Fuid%3D5a53878d98657b4149bca5c5%26r%3D%252F%252Fdmg.digitaltarget.ru%252F1%252F224%252Fi%252Fi%253Fa%253D224%2526e%253D5a53878d98657b4149bca5c5%2526i%253D8378514801823016139%2526r%253D%25252F%25252Fsync.dmp.otm-r.com%25252Fmatch%25252Fbbdo%25253Fid%25253D5a53878d98657b4149bca5c5%252526fp%25253D2119983428&bounce=1
Expires: Mon, 08 Jan 2018 15:00:28 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Mon, 08 Jan 2018 15:00:28 GMT
Set-Cookie: __upin=N0pZMeBH35Qq/vmoKIUCRA;domain=.x01.aidata.io;path=/;max-age=63072000 __upints=1515423629;domain=.x01.aidata.io;path=/;max-age=63072000
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: tj.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1414
Content-Transfer-Encoding: binary
Cache-Control: max-age=416600, public, no-transform, must-revalidate
Last-Modified: Sat, 6 Jan 2018 10:40:14 GMT
Expires: Sat, 13 Jan 2018 10:40:14 GMT
Date: Mon, 08 Jan 2018 15:00:29 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    ba6c1210660fd0f7751f13f97f13a141
Sha1:   2d15bfea01d7f59adefb74c578f6cb97e39250eb
Sha256: ec340d1a266bcd661146d5c5ddb8ecdd1be8d3cd8d6763dbf0772cdcea272194
                                        
                                            GET /0.gif?pid=6472613&id=5a53878d98657b4149bca5c5&dest=%2F%2Fdmp.adx.com.ru%2Fadspend%3Fuid%3D5a53878d98657b4149bca5c5%26r%3D%252F%252Fdmg.digitaltarget.ru%252F1%252F224%252Fi%252Fi%253Fa%253D224%2526e%253D5a53878d98657b4149bca5c5%2526i%253D8378514801823016139%2526r%253D%25252F%25252Fsync.dmp.otm-r.com%25252Fmatch%25252Fbbdo%25253Fid%25253D5a53878d98657b4149bca5c5%252526fp%25253D2119983428&bounce=1 HTTP/1.1 
Host: x01.aidata.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: __upin=N0pZMeBH35Qq/vmoKIUCRA; __upints=1515423629

                                         
                                         138.201.130.116
HTTP/1.1 302 Found
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: keep-alive
Location: http://dmp.adx.com.ru/adspend?uid=5a53878d98657b4149bca5c5&r=%2F%2Fdmg.digitaltarget.ru%2F1%2F224%2Fi%2Fi%3Fa%3D224%26e%3D5a53878d98657b4149bca5c5%26i%3D8378514801823016139%26r%3D%252F%252Fsync.dmp.otm-r.com%252Fmatch%252Fbbdo%253Fid%253D5a53878d98657b4149bca5c5%2526fp%253D2119983428
Set-Cookie: adsp=1;path=/;expires=Mon, 8 Jan 2018 15:00:30 GMT;max-age=1 __upin=N0pZMeBH35Qq/vmoKIUCRA;domain=.x01.aidata.io;path=/;max-age=63072000 __upints=1515423629;domain=.x01.aidata.io;path=/;max-age=63072000
Expires: Mon, 08 Jan 2018 15:00:28 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Mon, 08 Jan 2018 15:00:28 GMT
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'


--- Additional Info ---
                                        
                                            GET /partners/otmrcs?uid=ZWJkZjVlY2U%3D&fp=2119983428 HTTP/1.1 
Host: relap.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         185.99.9.123
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Content-Length: 43
Connection: keep-alive
Set-Cookie: unique=cOEPTt1p; expires=Thu, 06 Jan 2028 15:00:29 GMT; domain=relap.io; path=/; secure; HttpOnly suid=060308feee63c913fa15b40f775544128d4c7b73--ec873bd2eb3021ed430140373a4d85ccbad550e6; domain=relap.io; path=/; secure; HttpOnly hllc=1; expires=Tue, 09 Jan 2018 15:00:29 GMT; domain=relap.io; path=/; secure; HttpOnly rlpotmrcs=eyJ0cyI6MTUxNTQyMzYyOSwidWlkIjoiWldKa1pqVmxZMlU9In0--05fc19217067c7f249b3102025c640be35a44082; expires=Tue, 08 Jan 2019 15:00:29 GMT; domain=relap.io; path=/; secure; HttpOnly
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Date: Mon, 08 Jan 2018 15:00:29 GMT
Strict-Transport-Security: max-age=5184000; includeSubdomains;
Public-Key-Pins: pin-sha256="zrlhGvqKdTwhZXT7o4euzUObogdWdXYWM3wDES66k94="; pin-sha256="spG5gvmcKQU/gsG3RS2F+HNDhJd/1viOj04CbPwrilw="; max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    325472601571f31e1bf00674c368d335
Sha1:   2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
Sha256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:29 GMT
Server: Apache
Last-Modified: Mon, 08 Jan 2018 10:25:16 GMT
Expires: Mon, 15 Jan 2018 10:25:16 GMT
Etag: 563C0DC91464351F9AA0462C50991E812FCF89BF
Cache-Control: max-age=587686,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp35
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    2563556f638f25e06a34881fec8a9d64
Sha1:   563c0dc91464351f9aa0462c50991e812fcf89bf
Sha256: a02f9cc9cfb03c5f05834bbc9cbae95339b6c2258ed4097733dcfc1c63df9097
                                        
                                            POST / HTTP/1.1 
Host: gn.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1416
Content-Transfer-Encoding: binary
Cache-Control: max-age=592597, public, no-transform, must-revalidate
Last-Modified: Mon, 8 Jan 2018 11:35:19 GMT
Expires: Mon, 15 Jan 2018 11:35:19 GMT
Date: Mon, 08 Jan 2018 15:00:29 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1416
Md5:    bec5c3eb77829f24b58bf6ae4226cb49
Sha1:   9f6e016f27c1d142164e5094274272c914bc6bdc
Sha256: 3c106e867854b76e365c66632c93ff0df1520b5cf087a55dd4ad58fe6c7b4a25
                                        
                                            GET /pixel?google_nid=auditorius&google_cm&google_hm=QVUwMEMwMzExREE3Nw&fpd=advmaker&google_ula=383167865 HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: IDE=AHWqTUkrNbhy3GN4puypqdvns04DwY7mXKoSENc4u3o4i9fYIs9k2E5MXw

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://sync.audsp.com/match/google?uid=CAESEO1dG4DFJFo6izMrUdQ9zzI&fpd=advmaker&google_cver=1&google_ula=383167865,0
Date: Mon, 08 Jan 2018 15:00:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 326
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   326
Md5:    95dea1c6e01ca3f33da1c7ed16d9f67a
Sha1:   0375762fed77aa9aa7f60a4c22b24a68e247f994
Sha256: 81b9c85d641f52d51e6b0c8ffb7394dc37b9f5ac0d7b75179c92941d4f17caaa
                                        
                                            GET /ads/ HTTP/1.1 
Host: livestatisc.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         88.85.73.126
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Date: Mon, 08 Jan 2018 15:00:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Access-Control-Request-Method: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Set-Cookie
Etag: W/"8e5c8c8c6ce6d248248203aa122e599b"
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Server: Microsoft-HTTPAPI/2.0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   47
Md5:    b3414476cd5d1a22a2db6a0ece3589b7
Sha1:   491bd90aca4677f160e56c34ccf9d77230e1aee5
Sha256: 5d139b6a5b93bdfd4f4d03e6e0df65b6333133a90ced005fc882fe00daa8b927
                                        
                                            GET /sync?fp=2119983428 HTTP/1.1 
Host: videotarget-sync.rutarget.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         138.201.8.34
HTTP/1.1 302 Moved Temporarily
                                        
Server: nginx/1.12.1
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: close
Location: https://sync.dmp.otm-r.com/match/segmento?id=PyCm-vJBKCaJ
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
Set-Cookie: userId=PyCm-vJBKCaJ; Path=/; Domain=.rutarget.ru; Expires=Sat, 07 Jul 2018 15:00:29 GMT


--- Additional Info ---
                                        
                                            GET /match/google?uid=CAESEO1dG4DFJFo6izMrUdQ9zzI&fpd=advmaker&google_cver=1&google_ula=383167865,0 HTTP/1.1 
Host: sync.audsp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         78.155.222.215
HTTP/1.1 302 Found
                                        
Cache-Control: no-cache
Content-Length: 0
Location: https://sync.audtd.com/match/google_dsp?uid=CAESEO1dG4DFJFo6izMrUdQ9zzI&fpd=advmaker&google_cver=1&google_ula=383167865,0
Connection: close


--- Additional Info ---
                                        
                                            GET /image?source=otm&id=ZWJkZjVlY2U%3D&return_url=%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fmgcomm%3Fid%3D%7BUID%7D%26fp%3D2119983428 HTTP/1.1 
Host: sync.upravel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         148.251.236.115
HTTP/1.1 302 Found
Content-Type: image/png
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: close
Location: https://sync.upravel.com/image?source=otm&id=ZWJkZjVlY2U%3D&return_url=%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fmgcomm%3Fid%3D%7BUID%7D%26fp%3D2119983428&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cDovL2FtMTUubmV0L3gvZnB4LnBocD91cHN0XHUwMDNkeTkzX3NCYlR5Sl9YMjkzdXk5eXpcdTAwMjZzXHUwMDNkNjU5MTVcdTAwMjZ0XHUwMDNkYm5cdTAwMjZyYW5kXHUwMDNkMTEzMDI5MTgyNyJdfX0
Set-Cookie: session_tptc=1515423629768;Version=1;Comment=;Domain=.upravel.com;Path=/;Max-Age=180
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"


--- Additional Info ---
                                        
                                            GET /userbind?src=otm_pull&pbf=1&fid=otm/ZWJkZjVlY2U%3D&fp=2119983428 HTTP/1.1 
Host: ssp1.rtb.beeline.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         217.118.87.139
HTTP/1.1 302 Found
                                        
Server: nginx/1.10.2
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 0
Connection: close
Location: https://sync.dmp.otm-r.com/match/beeline.img?id=&fp=2119983428


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         195.159.219.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "F14621F0252E285946375268834187AD39A8E82E678A622E40163085F97DE57D"
Last-Modified: Fri, 05 Jan 2018 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9846
Expires: Mon, 08 Jan 2018 17:44:35 GMT
Date: Mon, 08 Jan 2018 15:00:29 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    2a9ad3674294b3a2daf02677c315a61e
Sha1:   05edcbfddfd75cfd77a12d2fff4173fd0cd4de63
Sha256: f14621f0252e285946375268834187ad39a8e82e678a622e40163085f97de57d
                                        
                                            GET /smart/_pub/advmaker/dist/smartPixel.min.js HTTP/1.1 
Host: pixel.vihub.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         136.243.149.224
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.8.0
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 9006
Last-Modified: Wed, 26 Jul 2017 10:56:15 GMT
Connection: keep-alive
Etag: "5978754f-232e"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   9006
Md5:    84e23e901174a8cf57ffb581e7cbf2ec
Sha1:   693248e84945f8a495e0686cbf8833066793749e
Sha256: a72f6e287ccbd8e44f5f415148688ca4cc0abddd57e0b14e62560eb7e3152397
                                        
                                            GET /556d807310823b694772f699.js HTTP/1.1 
Host: static.weborama.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         207.154.204.189
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.6.2
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 9019
Last-Modified: Tue, 27 Dec 2016 15:33:29 GMT
Connection: keep-alive
Etag: "586289c9-233b"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C program text, with very long lines
Size:   9019
Md5:    0d376b7e2e88c5828da6d4165cff3e0d
Sha1:   191ade4581873eefe6ad753c60e0a1e1b10df2ad
Sha256: d22f3bebb926a603525fe11e87bde207fc9d948a582c227be9405e3b05302d65
                                        
                                            GET /pixeljs?sa=17 HTTP/1.1 
Host: dmp.vihub.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         136.243.149.224
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 08 Jan 2018 15:00:29 GMT
Content-Length: 1481
Connection: keep-alive
Server: fasthttp
Set-Cookie: uid=35a5cc77-de1f-4f80-a185-3bda537e27b5; expires=Sun, 30 Dec 2018 15:00:29 GMT; domain=.vihub.ru; path=/


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   1481
Md5:    bb4e8201661a4fd22f3118e649bb4041
Sha1:   e264150f29f8ab3d24b761f0dc1210ef096b22a3
Sha256: da0cd56f3e90b85a70baa86c30bc482a5e65e425bd65aec7285cfe467e3de330
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 08 Jan 2018 15:00:29 GMT
Server: Apache
Last-Modified: Mon, 08 Jan 2018 03:14:10 GMT
Expires: Mon, 15 Jan 2018 03:14:10 GMT
Etag: D60DD4F32B29629EC1CBE096C44244EA226FBFED
Cache-Control: max-age=561820,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp35
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    04beac414cd5e2f5c81a41fcf76ea87a
Sha1:   d60dd4f32b29629ec1cbe096c44244ea226fbfed
Sha256: f09dbf2e5b0e789b809189caf54cdbc1444a9e4383323a3157da75335240f39e
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=prd&d.format=jsonp&d.key=uAzzwE627eck&d.callback=jsonp_kfwnko1b06qhpcl HTTP/1.1 
Host: wam.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:30 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:30 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=649310&d.A=prd&d.format=jsonp&d.key=uAzzwE627eck&d.callback=jsonp_kfwnko1b06qhpcl
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /0.gif?pid=VIHUB&id=35a5cc77-de1f-4f80-a185-3bda537e27b5 HTTP/1.1 
Host: x01.aidata.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: __upin=N0pZMeBH35Qq/vmoKIUCRA; __upints=1515423629; adsp=1

                                         
                                         138.201.130.116
HTTP/1.1 302 Found
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 0
Connection: keep-alive
Location: http://dmp.vihub.ru/match?sysid=ai&redir=no&uid=N0pZMeBH35Qq%2FvmoKIUCRA
Set-Cookie: vihub=1;path=/;expires=Mon, 8 Jan 2018 15:00:31 GMT;max-age=1 __upin=N0pZMeBH35Qq/vmoKIUCRA;domain=.x01.aidata.io;path=/;max-age=63072000 __upints=1515423629;domain=.x01.aidata.io;path=/;max-age=63072000
Expires: Mon, 08 Jan 2018 15:00:29 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Mon, 08 Jan 2018 15:00:29 GMT
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'


--- Additional Info ---
                                        
                                            GET /core/match.gif?s=8&id=35a5cc77-de1f-4f80-a185-3bda537e27b5&reference=%2F%2Fdmp.vihub.ru%2Fmatch%3Fsysid%3Dmt%26redir%3Dno%26uid%3D%23%7BUID%7D HTTP/1.1 
Host: mediatoday.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         195.161.34.114
HTTP/1.1 302 Moved Temporarily
                                        
Server: nginx/1.12.0
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 124
Connection: keep-alive
P3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: Thursday, 01-Jan-1970 00:00:00 GMT
Location: http://idntfy.ru/token?e=base64&u=aHR0cDovL21lZGlhdG9kYXkucnUvY29yZS9tYXRjaC5naWY/cz04JmlkPTM1YTVjYzc3LWRlMWYtNGY4MC1hMTg1LTNiZGE1MzdlMjdiNSZyZWZlcmVuY2U9JTJGJTJGZG1wLnZpaHViLnJ1JTJGbWF0Y2glM0ZzeXNpZCUzRG10JTI2cmVkaXIlM0RubyUyNnVpZCUzRCUyMyU3QlVJRCU3RCZ2aWRzZXR1cD0x&p=idntfy&n=otclick


--- Additional Info ---
Magic:  HTML document text
Size:   124
Md5:    c73e35f73ed5c795c70cf66e99088b7c
Sha1:   63a9ffe5d0e5b4070819b95ef564a58d8a3a3a1c
Sha256: 80034a9712f07e6b0577c7e5bf6d5d718736593e7d21c81dd1a3cbdb4eb860de
                                        
                                            GET /pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=35a5cc77-de1f-4f80-a185-3bda537e27b5 HTTP/1.1 
Host: sync.1dmp.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         136.243.44.222
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: 0
Cache-Control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
Set-Cookie: uid=ab1044c0-f484-11e7-a960-d43d7eece3f6; Version=1; Path=/; Domain=.1dmp.io; Expires=Thu, 06 Jan 2028 15:00:30 GMT
Location: /pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=35a5cc77-de1f-4f80-a185-3bda537e27b5&cs=1


--- Additional Info ---
                                        
                                            GET /match/segmento?id=PyCm-vJBKCaJ HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=1; chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ; mpid=ZWJjNDk5ZGI=; mpid.sig=YDj5-InpJnazaufkwx7YylixqXU

                                         
                                         94.130.164.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 927
Connection: keep-alive
Set-Cookie: mpid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid.sig=hRZNCnn47BrAjrybFz-xwmjpj1A; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid=ZWJlYzliOGE=; path=/; expires=Mon, 08 Jul 2019 15:00:30 GMT; domain=.otm-r.com mpid.sig=-Iq4ULmP3CNRbEka7HpWnXnA3FA; path=/; expires=Mon, 08 Jul 2019 15:00:30 GMT; domain=.otm-r.com


--- Additional Info ---
Magic:  ASCII text
Size:   927
Md5:    00b868315cb2f1b672cffbb2a39a1519
Sha1:   c88e0da5e1ed4b6b6d3f981d0ce699f5524e7a80
Sha256: 25f40a6162824403cc9e7887721fa51c504b9062284978aa2ffb7330aff5e1a8
                                        
                                            GET /match/google_dsp?uid=CAESEO1dG4DFJFo6izMrUdQ9zzI&fpd=advmaker&google_cver=1&google_ula=383167865,0 HTTP/1.1 
Host: sync.audtd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=OK; pid=AU00FEC3F27B1

                                         
                                         78.155.222.210
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Set-Cookie: pid=AU00FEC3F27B1; Max-Age=62899200; Domain=.audtd.com; Path=/; Expires=Mon, 06 Jan 2020 15:00:30 GMT
Content-Length: 0
Etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Date: Mon, 08 Jan 2018 15:00:30 GMT
Connection: close


--- Additional Info ---
                                        
                                            GET /pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=35a5cc77-de1f-4f80-a185-3bda537e27b5&cs=1 HTTP/1.1 
Host: sync.1dmp.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: uid=ab1044c0-f484-11e7-a960-d43d7eece3f6

                                         
                                         136.243.44.222
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: 0, 0
Cache-Control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate, private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
Set-Cookie: ru-seq=5cf84683-2e0c-42f6-ad4f-7502fc73b092|https://sync.1dmp.io/pixel.gif?cid=3cbc2ec8-1421-4677-89fe-2ac6fc52a09a&pid=w&uid=ab1044c0-f484-11e7-a960-d43d7eece3f6&ru=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpcleverdata%2Fab1044c0-f484-11e7-a960-d43d7eece3f6%3Fsign%3D428230302|https://sync.1dmp.io/pixel.gif?cid=e8610170-b6a0-4a0d-ab5f-68d104af7a7e&pid=w&uid=ab1044c0-f484-11e7-a960-d43d7eece3f6&ru=https%3A%2F%2Fad.mail.ru%2Fcm.gif%3Fp%3D77%26id%3Dab1044c0-f484-11e7-a960-d43d7eece3f6; path=/; domain=.1dmp.io; Expires=Mon, 08-Jan-2018 15:05:30 GMT
Location: https://cm.g.doubleclick.net/pixel?google_nid=cleverdata_dmp&google_cm


--- Additional Info ---
                                        
                                            GET /match?sysid=ai&redir=no&uid=N0pZMeBH35Qq%2FvmoKIUCRA HTTP/1.1 
Host: dmp.vihub.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: uid=35a5cc77-de1f-4f80-a185-3bda537e27b5

                                         
                                         136.243.149.224
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 35
Connection: keep-alive
Server: fasthttp


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /match?sysid=vh&uid=35a5cc77-de1f-4f80-a185-3bda537e27b5 HTTP/1.1 
Host: cs.digitalbox.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         88.212.243.52
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.10.1
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 35
Connection: keep-alive
Set-Cookie: uid=0164fb97-7fda-4172-b868-c86ea1dc1394; expires=Sun, 30 Dec 2018 15:00:30 GMT; domain=.digitalbox.ru; path=/
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /match/beeline.img?id=&fp=2119983428 HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=1; chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ; mpid=ZWJjNDk5ZGI=; mpid.sig=YDj5-InpJnazaufkwx7YylixqXU

                                         
                                         94.130.164.241
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: mpid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid.sig=hRZNCnn47BrAjrybFz-xwmjpj1A; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid=ZWJkZjYwMTc=; path=/; expires=Mon, 08 Jul 2019 15:00:30 GMT; domain=.otm-r.com mpid.sig=rYm4h5JM0ZB4EKjbUe4uDI35BI0; path=/; expires=Mon, 08 Jul 2019 15:00:30 GMT; domain=.otm-r.com
Location: //cm.g.doubleclick.net/pixel?google_nid=otmr&google_hm=ZWJkZjYwMTc%3D&google_cs=&google_cm=&fp=2119983428


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=649310&d.A=prd&d.format=jsonp&d.key=uAzzwE627eck&d.callback=jsonp_kfwnko1b06qhpcl HTTP/1.1 
Host: wam.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Mon, 08 Jan 2018 15:00:30 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:30 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   119
Md5:    ac148850871f8b00b951077a056e60d1
Sha1:   10f062dc7d107ea529d702bcb190ba6c7042c1c5
Sha256: 6d5db8bdd681272c1aa4d85cc848c21267fd887d48e2a4d64ad5cb1b4a2cdc60
                                        
                                            GET /image?source=otm&id=ZWJkZjVlY2U%3D&return_url=%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fmgcomm%3Fid%3D%7BUID%7D%26fp%3D2119983428&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cDovL2FtMTUubmV0L3gvZnB4LnBocD91cHN0XHUwMDNkeTkzX3NCYlR5Sl9YMjkzdXk5eXpcdTAwMjZzXHUwMDNkNjU5MTVcdTAwMjZ0XHUwMDNkYm5cdTAwMjZyYW5kXHUwMDNkMTEzMDI5MTgyNyJdfX0 HTTP/1.1 
Host: sync.upravel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: session_tptc=1515423629768

                                         
                                         148.251.236.115
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 0
Connection: close
Location: https://sync.dmp.otm-r.com/match/mgcomm?id=8ebef67e-571e-4ae3-bf07-d3aa96371c81&fp=2119983428
Set-Cookie: user_id=8ebef67e-571e-4ae3-bf07-d3aa96371c81;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"


--- Additional Info ---
                                        
                                            GET /token?e=base64&u=aHR0cDovL21lZGlhdG9kYXkucnUvY29yZS9tYXRjaC5naWY/cz04JmlkPTM1YTVjYzc3LWRlMWYtNGY4MC1hMTg1LTNiZGE1MzdlMjdiNSZyZWZlcmVuY2U9JTJGJTJGZG1wLnZpaHViLnJ1JTJGbWF0Y2glM0ZzeXNpZCUzRG10JTI2cmVkaXIlM0RubyUyNnVpZCUzRCUyMyU3QlVJRCU3RCZ2aWRzZXR1cD0x&p=idntfy&n=otclick HTTP/1.1 
Host: idntfy.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         195.161.34.118
HTTP/1.1 302 Moved Temporarily
                                        
Server: nginx/1.12.0
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 108
Connection: keep-alive
P3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Set-Cookie: idntfy=VOl272MPBU17lDz; expires=Thu, 06-Jan-2028 15:00:30 GMT; domain=idntfy.ru; path=/
Location: http://mediatoday.ru/core/match.gif?s=8&id=35a5cc77-de1f-4f80-a185-3bda537e27b5&reference=%2F%2Fdmp.vihub.ru%2Fmatch%3Fsysid%3Dmt%26redir%3Dno%26uid%3D%23%7BUID%7D&vidsetup=1&idntfy=VOl272MPBU17lDz


--- Additional Info ---
Magic:  HTML document text
Size:   108
Md5:    21cf36b3a0af866ec97ea31d1ed14f5d
Sha1:   0b5a2eb2835b0df7d054f95ffb52776495bc922c
Sha256: 79c45b59f61a0b2635e88e8122ceaebd87f0c767a63ec7de52ca93be1eb0f05c
                                        
                                            GET /match?sysid=adr&redir=no&uid=AoR88Hil8tbQr09BiQu8k4w HTTP/1.1 
Host: dmp.vihub.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: uid=35a5cc77-de1f-4f80-a185-3bda537e27b5

                                         
                                         136.243.149.224
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 35
Connection: keep-alive
Server: fasthttp


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /core/match.gif?s=8&id=35a5cc77-de1f-4f80-a185-3bda537e27b5&reference=%2F%2Fdmp.vihub.ru%2Fmatch%3Fsysid%3Dmt%26redir%3Dno%26uid%3D%23%7BUID%7D&vidsetup=1&idntfy=VOl272MPBU17lDz HTTP/1.1 
Host: mediatoday.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         195.161.34.114
HTTP/1.1 302 Moved Temporarily
                                        
Server: nginx/1.12.0
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 124
Connection: keep-alive
P3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: Thursday, 01-Jan-1970 00:00:00 GMT
Set-Cookie: idntfy=VOl272MPBU17lDz; expires=Thu, 06-Jan-2028 15:00:30 GMT; domain=mediatoday.ru; path=/core
Location: //dmp.vihub.ru/match?sysid=mt&redir=no&uid=VOl272MPBU17lDz


--- Additional Info ---
Magic:  HTML document text
Size:   124
Md5:    c73e35f73ed5c795c70cf66e99088b7c
Sha1:   63a9ffe5d0e5b4070819b95ef564a58d8a3a3a1c
Sha256: 80034a9712f07e6b0577c7e5bf6d5d718736593e7d21c81dd1a3cbdb4eb860de
                                        
                                            GET /match/mgcomm?id=8ebef67e-571e-4ae3-bf07-d3aa96371c81&fp=2119983428 HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=1; chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ; mpid=ZWJkZjYwMTc=; mpid.sig=rYm4h5JM0ZB4EKjbUe4uDI35BI0

                                         
                                         94.130.164.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 996
Connection: keep-alive
Set-Cookie: mpid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid.sig=hRZNCnn47BrAjrybFz-xwmjpj1A; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid=ZWJlYzliYTI=; path=/; expires=Mon, 08 Jul 2019 15:00:30 GMT; domain=.otm-r.com mpid.sig=iKt8orkD6excNezjaDLXVBlQ0aE; path=/; expires=Mon, 08 Jul 2019 15:00:30 GMT; domain=.otm-r.com


--- Additional Info ---
Magic:  ASCII text
Size:   996
Md5:    be8301e8f1c006263fc77aa70e7ba591
Sha1:   d6a0f8f13973786f48cbafce4d9154941059490b
Sha256: 01c25298059a453fa7cd5ed21a32a68e1e29b7cad8c9cbb220865a2abaefeaa9
                                        
                                            GET /pixel?google_nid=otmr&google_hm=ZWJkZjYwMTc%3D&google_cs=&google_cm=&fp=2119983428 HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: IDE=AHWqTUkrNbhy3GN4puypqdvns04DwY7mXKoSENc4u3o4i9fYIs9k2E5MXw

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 08 Jan 2018 15:00:30 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 170
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  PNG image, 1 x 1, 8-bit/color RGBA, non-interlaced
Size:   170
Md5:    e7673c60af825466f83d46da72ca1635
Sha1:   fc0fcbee0835709ba2d28798a612bfd687903fb5
Sha256: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
                                        
                                            GET /pixel?google_nid=cleverdata_dmp&google_cm HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: IDE=AHWqTUkrNbhy3GN4puypqdvns04DwY7mXKoSENc4u3o4i9fYIs9k2E5MXw

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://sync.1dmp.io/pixel.gif?cid=ea2e91f7-8a00-4c54-b3fa-ab0f3dcf1585&pid=w&uid=CAESEN4wQln6k5twv46P4fjjR1Q&google_gid=CAESEN4wQln6k5twv46P4fjjR1Q&google_cver=1
Date: Mon, 08 Jan 2018 15:00:30 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 375
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   375
Md5:    ec5ac18f565fa153079e4d95bfbcfa17
Sha1:   79f2bda5b630f734defb99eadbe802db2f514f5d
Sha256: d0c1a31495d2d88dec0c74dfa6123f7920a0af77c57c46bd77b2b70c13518d6b
                                        
                                            GET /match?sysid=mt&redir=no&uid=VOl272MPBU17lDz HTTP/1.1 
Host: dmp.vihub.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: uid=35a5cc77-de1f-4f80-a185-3bda537e27b5

                                         
                                         136.243.149.224
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 35
Connection: keep-alive
Server: fasthttp


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /?key=556d807310823b694772f699&mode=new HTTP/1.1 
Host: stats.weborama.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         62.113.208.140
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Connection: keep-alive


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         195.159.219.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "DE88F4DE50CB6561F9143FF730AEB02832DFA58A02C74EBFFBC1A0C8C50A927E"
Last-Modified: Fri, 05 Jan 2018 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17103
Expires: Mon, 08 Jan 2018 19:45:33 GMT
Date: Mon, 08 Jan 2018 15:00:30 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    9722f21bf1ecb98a9b672a6ffb3b987b
Sha1:   d59d28d1ce23b1b2ba62009d06eeefac217e83eb
Sha256: de88f4de50cb6561f9143ff730aeb02832dfa58a02c74ebffbc1a0c8c50a927e
                                        
                                            GET /pixel.gif?cid=ea2e91f7-8a00-4c54-b3fa-ab0f3dcf1585&pid=w&uid=CAESEN4wQln6k5twv46P4fjjR1Q&google_gid=CAESEN4wQln6k5twv46P4fjjR1Q&google_cver=1 HTTP/1.1 
Host: sync.1dmp.io
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: uid=ab1044c0-f484-11e7-a960-d43d7eece3f6; ru-seq=5cf84683-2e0c-42f6-ad4f-7502fc73b092|https://sync.1dmp.io/pixel.gif?cid=3cbc2ec8-1421-4677-89fe-2ac6fc52a09a&pid=w&uid=ab1044c0-f484-11e7-a960-d43d7eece3f6&ru=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpcleverdata%2Fab1044c0-f484-11e7-a960-d43d7eece3f6%3Fsign%3D428230302|https://sync.1dmp.io/pixel.gif?cid=e8610170-b6a0-4a0d-ab5f-68d104af7a7e&pid=w&uid=ab1044c0-f484-11e7-a960-d43d7eece3f6&ru=https%3A%2F%2Fad.mail.ru%2Fcm.gif%3Fp%3D77%26id%3Dab1044c0-f484-11e7-a960-d43d7eece3f6

                                         
                                         136.243.44.222
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:30 GMT
Content-Length: 35
Connection: keep-alive
Expires: 0
Cache-Control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
Set-Cookie: ea2e91f7-8a00-4c54-b3fa-ab0f3dcf1585=null; path=/; domain=.1dmp.io; Max-Age=1209600; Expires=Mon, 22-Jan-2018 15:00:30 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /adspend?uid=5a53878d98657b4149bca5c5&r=%2F%2Fdmg.digitaltarget.ru%2F1%2F224%2Fi%2Fi%3Fa%3D224%26e%3D5a53878d98657b4149bca5c5%26i%3D8378514801823016139%26r%3D%252F%252Fsync.dmp.otm-r.com%252Fmatch%252Fbbdo%253Fid%253D5a53878d98657b4149bca5c5%2526fp%253D2119983428 HTTP/1.1 
Host: dmp.adx.com.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         82.202.192.114
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.12.1
Date: Mon, 08 Jan 2018 15:00:32 GMT
Content-Length: 302
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Location: /adspend?uid=5a53878d98657b4149bca5c5&check=1&r=%2F%2Fdmg.digitaltarget.ru%2F1%2F224%2Fi%2Fi%3Fa%3D224%26e%3D5a53878d98657b4149bca5c5%26i%3D8378514801823016139%26r%3D%252F%252Fsync.dmp.otm-r.com%252Fmatch%252Fbbdo%253Fid%253D5a53878d98657b4149bca5c5%2526fp%253D2119983428
P3P: CP="rtb.com.ru does not have a P3P policy"
Set-Cookie: ym-id=0; Path=/; Domain=dmp.adx.com.ru; Max-Age=2592000


--- Additional Info ---
Magic:  ASCII text
Size:   302
Md5:    5e1bfb7fdde16968236dfc68bfc100ea
Sha1:   994db365ecc8947488844787f6eabac67066963b
Sha256: a4d43713e92dfb751f2591add57201d94d530095c5d5d63272ce46a276214b5a
                                        
                                            GET /adspend?uid=5a53878d98657b4149bca5c5&check=1&r=%2F%2Fdmg.digitaltarget.ru%2F1%2F224%2Fi%2Fi%3Fa%3D224%26e%3D5a53878d98657b4149bca5c5%26i%3D8378514801823016139%26r%3D%252F%252Fsync.dmp.otm-r.com%252Fmatch%252Fbbdo%253Fid%253D5a53878d98657b4149bca5c5%2526fp%253D2119983428 HTTP/1.1 
Host: dmp.adx.com.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: ym-id=0

                                         
                                         82.202.192.114
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.12.1
Date: Mon, 08 Jan 2018 15:00:32 GMT
Content-Length: 214
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Location: //dmg.digitaltarget.ru/1/224/i/i?a=224&e=5a53878d98657b4149bca5c5&i=8378514801823016139&r=%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fbbdo%3Fid%3D5a53878d98657b4149bca5c5%26fp%3D2119983428
P3P: CP="rtb.com.ru does not have a P3P policy"


--- Additional Info ---
Magic:  ASCII text
Size:   214
Md5:    2cd385d356b40d7ae26ba749c7ae925a
Sha1:   d60fb2196d0efd368edbd57eafe7b09d54d8a7ba
Sha256: 8289604aeda6354b9904eae492424582f8d396491099ce67a70bd98e96830b9c
                                        
                                            GET /1/224/i/i?a=224&e=5a53878d98657b4149bca5c5&i=8378514801823016139&r=%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fbbdo%3Fid%3D5a53878d98657b4149bca5c5%26fp%3D2119983428 HTTP/1.1 
Host: dmg.digitaltarget.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827

                                         
                                         185.15.175.133
HTTP/1.1 302 Found
                                        
Server: nginx/1.6.2
Date: Mon, 08 Jan 2018 15:00:35 GMT
Content-Length: 0
Location: /1/224/i/i?a=224&e=5a53878d98657b4149bca5c5&i=8378514801823016139&r=%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fbbdo%3Fid%3D5a53878d98657b4149bca5c5%26fp%3D2119983428&q=scc
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"
Set-Cookie: viuserid=n9sMbYRre53Y55u5i_Za; Max-Age=93312000; Expires=Wed, 23 Dec 2020 15:00:32 GMT; Path=/; Domain=dmg.digitaltarget.ru visessid=0707fdb9_1605a3a255f_00000000019c2fea; Path=/; Domain=dmg.digitaltarget.ru


--- Additional Info ---
                                        
                                            GET /1/224/i/i?a=224&e=5a53878d98657b4149bca5c5&i=8378514801823016139&r=%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fbbdo%3Fid%3D5a53878d98657b4149bca5c5%26fp%3D2119983428&q=scc HTTP/1.1 
Host: dmg.digitaltarget.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: viuserid=n9sMbYRre53Y55u5i_Za; visessid=0707fdb9_1605a3a255f_00000000019c2fea

                                         
                                         185.15.175.133
HTTP/1.1 302 Found
                                        
Server: nginx/1.6.2
Date: Mon, 08 Jan 2018 15:00:35 GMT
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"
Location: //sync.dmp.otm-r.com/match/bbdo?id=5a53878d98657b4149bca5c5&fp=2119983428
Set-Cookie: viuserid=n9sMbYRre53Y55u5i_Za; Max-Age=93312000; Expires=Wed, 23 Dec 2020 15:00:32 GMT; Path=/; Domain=dmg.digitaltarget.ru


--- Additional Info ---
                                        
                                            GET /match/bbdo?id=5a53878d98657b4149bca5c5&fp=2119983428 HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: chk=1; chk.sig=7vJRiWlrUwYlIgR3pwpXlJwlSGQ; mpid=ZWJlYzliYTI=; mpid.sig=iKt8orkD6excNezjaDLXVBlQ0aE

                                         
                                         94.130.164.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:32 GMT
Content-Length: 995
Connection: keep-alive
Set-Cookie: mpid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid.sig=hRZNCnn47BrAjrybFz-xwmjpj1A; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT mpid=ZWJkZjYyMTg=; path=/; expires=Mon, 08 Jul 2019 15:00:32 GMT; domain=.otm-r.com mpid.sig=22B567Nu0S56ry9gs8mIN_1ppN8; path=/; expires=Mon, 08 Jul 2019 15:00:32 GMT; domain=.otm-r.com


--- Additional Info ---
Magic:  ASCII text
Size:   995
Md5:    ccf418ea1dc253e45e0ed8733383cace
Sha1:   07b98176390458f2def1d7afd2eed2d163429e65
Sha256: 0ccfacd44ea63696ba55b48f6bb1b44d0640204d9580616f7b42818ea8e571c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: muzon-podarok.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ga=GA1.2.303066757.1515423626; _gid=GA1.2.1156182243.1515423627; _gat=1

                                         
                                         138.201.131.130
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:32 GMT
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /iframe/external_all.html HTTP/1.1 
Host: cstatic.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://am15.net/x/fpx.php?upst=y93_sBbTyJ_X293uy9yz&s=65915&t=bn&rand=1130291827
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         93.184.221.133
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Date: Mon, 08 Jan 2018 15:00:32 GMT
Etag: "1491181553"
Expires: Mon, 15 Jan 2018 15:00:32 GMT
Last-Modified: Thu, 30 Nov 2017 13:32:48 GMT
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Server: ECAcc (arn/4590)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1375


--- Additional Info ---
Magic:  gzip compressed data
Size:   1375
Md5:    20f024d0385622b1bf9bbc2966f952a3
Sha1:   f7c16d433bc0dd17badd21504b1b09fb312ddcdd
Sha256: 9d343c7532074d2f294326c3f9f0d252663e985d39620d99ba2d92381b1cc42e
                                        
                                            GET /iframe/external_libs.js HTTP/1.1 
Host: cstatic.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         93.184.221.133
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Date: Mon, 08 Jan 2018 15:00:32 GMT
Etag: "3816986270"
Expires: Mon, 15 Jan 2018 15:00:32 GMT
Last-Modified: Mon, 16 Oct 2017 14:30:33 GMT
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Server: ECAcc (arn/458B)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1744


--- Additional Info ---
Magic:  gzip compressed data
Size:   1744
Md5:    4b3970f27fd63872858e2a78a76a9620
Sha1:   dbfdf04c5873c0c1e30cd1d22bd6b4dd0e675bc2
Sha256: 1990694c0126c2a2ee214f191ea4393f30a13cb943c1fc9afd21db1e3f1494b6
                                        
                                            GET /sync/ HTTP/1.1 
Host: geosync.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         130.211.22.38
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.6.2
Date: Mon, 08 Jan 2018 15:00:32 GMT
Content-Length: 0
Location: https://cstatic.weborama.fr/transp.gif
Via: 1.1 google


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=yahoo_id&d.u=https%3A//cms.analytics.yahoo.com/cms%3Fpartner_id%3DWEBMA HTTP/1.1 
Host: wam-yahoo.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.228
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   40
Md5:    251630b588179b239e8fab1ac9ef6d3a
Sha1:   91b91a97bc481dd2bbd5e0f3fea6ba1c4e843882
Sha256: c95661e0ef6975b1df5361695a439f71a021d72c345023c3e668e84f35b3c38b
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium HTTP/1.1 
Host: wam.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   276
Md5:    9d7763f666e8c32033f42db077272beb
Sha1:   92423592688df0d681555d9c1b2ee6d7cc74de1a
Sha256: e717c87d896b9e6b465befcb4ca96a8139bbcc5744103040dfc75bc6eea3f1ca
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=radiumone_id&d.u=http%3A%2F%2Frp.gwallet.com%2Fr1%2Fcm%2Fp79r1515423632884 HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=mediamath_id&d.u=http%3A%2F%2Fpixel.mathtag.com%2Fsync%2Fimg%3Fmt_exid%3D10014%26redir%3Dhttp%253A%252F%252Faimfar.solution.weborama.fr%252Ffcgi-bin%252Fdispatch.fcgi%253Fd.A%253Dtp%2526d.k%253Dmediamath_id%2526d.v%253D%255BMM_UUID%255D HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=google_id&d.u=http%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dweborama_dmp%26google_cm HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=appnexus_id&d.u=http%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttp%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dtp%26d.k%3Dappnexus_id%26d.v%3D%24UID HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=videology_id&d.u=http%3A//sync.tidaltv.com/genericusersync.ashx%3Fdpid%3D29 HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=criteov2_id&d.u=http%3A%2F%2Fgum.criteo.com%2Fsync%3Fc%3D13%26a%3D1%26r%3D1%26u%3Dhttp%253A%252F%252Faimfar.solution.weborama.fr%252Ffcgi-bin%252Fdispatch.fcgi%253Fd.A%253Dtp%2526d.k%253Dcriteov2_id%2526d.v%253D%2540USERID%2540 HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:32 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:32 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /weborama/images/transp.gif HTTP/1.1 
Host: cstatic.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78; _xttrk_all=1; _xttrk=1; _xttrk_ids=1; _xttrk_mpub=1

                                         
                                         93.184.221.133
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Date: Mon, 08 Jan 2018 15:00:33 GMT
Etag: "1649713041"
Expires: Mon, 15 Jan 2018 15:00:33 GMT
Last-Modified: Thu, 19 Oct 2006 12:25:53 GMT
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Server: ECAcc (arn/45BE)
X-Cache: HIT
Content-Length: 67


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   67
Md5:    c2db45a8f494c4b40095f4fd38d613fd
Sha1:   211639854b03d88502835b2649d42066016fa452
Sha256: 09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Mon, 08 Jan 2018 15:00:33 GMT
Etag: "5a532e7b-1d7"
Expires: Wed, 10 Jan 2018 15:00:33 GMT
Last-Modified: Mon, 08 Jan 2018 08:40:27 GMT
Server: ECS (arn/467B)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    f32abf58996272c10794ebfd5a76400d
Sha1:   94cd3be9f0ce2dcb0fce388f6ac07274383e849a
Sha256: c56c107d63f71216dc08a74b20b065998169dcc599efdaddb4203c81867cd37e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Mon, 08 Jan 2018 15:00:33 GMT
Etag: "5a532087-1d7"
Expires: Wed, 10 Jan 2018 15:00:33 GMT
Last-Modified: Mon, 08 Jan 2018 07:40:55 GMT
Server: ECS (arn/4598)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    6812fc841e17fa96048f8cc2a04a03b2
Sha1:   da079ae6ceafb4f1d4807905c2db921edb7299a4
Sha256: a825f768987fd780b02a0c7d1d407a78cefe30e9d378514888ee3c90fc85a150
                                        
                                            GET /transp.gif HTTP/1.1 
Host: cstatic.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78; _xttrk_all=1; _xttrk=1; _xttrk_ids=1; _xttrk_mpub=1

                                         
                                         93.184.221.133
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Date: Mon, 08 Jan 2018 15:00:33 GMT
Etag: "974915895"
Expires: Mon, 15 Jan 2018 15:00:33 GMT
Last-Modified: Wed, 28 Mar 2007 16:51:29 GMT
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Server: ECAcc (arn/4686)
X-Cache: HIT
Content-Length: 67


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   67
Md5:    c2db45a8f494c4b40095f4fd38d613fd
Sha1:   211639854b03d88502835b2649d42066016fa452
Sha256: 09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
                                        
                                            GET /sync/weborama.js?r=0.8278828537857418 HTTP/1.1 
Host: p.crm4d.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         176.31.227.157
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: c4d=rQOwBJIMGFpjd6qKVmu20bdJNtqqmwkb7xiP8dCA9SOC9L4N6mfNjrFg7k; Max-Age=25920000; Expires=Sun, 04 Nov 2018 15:00:33 GMT; Path=/; HTTPOnly ls=1515423633; Max-Age=86400; Expires=Tue, 09 Jan 2018 15:00:33 GMT; Path=/; HTTPOnly
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1157
Md5:    bf0ca01bc06c625fa7ba1f2327098e4d
Sha1:   f2363994f082ee03303fad600e1e1db3597d70bc
Sha256: 9a9b6efa41ad2b4ebbfa3fd7161a4012eed7438e7a9e71af64bf33a570bae417
                                        
                                            GET /fcgi-bin/external_tracking.fcgi?country=FR&r=506274 HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:33 GMT; domain=.weborama.fr wousq=|_1515423633; path=/; expires=Thu, 08-Feb-2018 15:00:33 GMT; domain=.weborama.fr; HttpOnly wousq_sess=1; path=/; domain=.weborama.fr; HttpOnly
Pragma: no-cache
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   156
Md5:    542eafcfb58b270b29fb7a0dc96ba6e1
Sha1:   3991ac07a3942f7d0d62745b05b65fdf196db8de
Sha256: 216d6149f93ea0a02cfb9ea9f1f592e5490fb89c1cdc40acf4625d79da848749
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=rd&d.k=acxiom&d.u=http%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:33 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://idsync.rlcdn.com/401736.gif?partner_uid=FB0FcVHk9u8loii9eWF5TO
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=rd&d.k=bigsea&d.u=http%3A%2F%2Fdx.bigsea.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:33 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://dx.bigsea.weborama.com/collect?dsp_id=0&eid=gR@5g7Pg1ACB
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=prx&g.r=506274 HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:33 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   56
Md5:    b74e3eb8c2a1e2b860adb68f21a43bb0
Sha1:   3a60e73d2db56935594271156b5c5ef7279ed8e9
Sha256: 9d5691b66c1981565896d57efc8feced193ee0b2ed97028431b375d4179912ec
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=rd&d.k=rubicon&d.u=http%3a%2f%2ftap.rubiconproject.com%2foz%2ffeeds%2fweborama%2ftokens%3fpk%3dJQXH-IBB29RJW%26afu%3d%7bWEBO_CID%7d HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:33 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://tap.rubiconproject.com/oz/feeds/weborama/tokens?pk=JQXH-IBB29RJW&afu=FB0FcVHk9u8loii9eWF5TO
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=smartadserver_id&d.u=http%3a%2f%2fsync.smartadserver.com%2fgetuid%3furl%3dhttp%253a%252f%252faimfar.solution.weborama.fr%252ffcgi-bin%252fdispatch.fcgi%253fd.A%253dtp%2526d.k%253dsmartadserver_id%2526d.v%253d%255bsas_uid%255d HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:33 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /sync/weborama/match?uid=FB0FcVHk9u8loii9eWF5TO HTTP/1.1 
Host: p.crm4d.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: c4d=rQOwBJIMGFpjd6qKVmu20bdJNtqqmwkb7xiP8dCA9SOC9L4N6mfNjrFg7k; ls=1515423633

                                         
                                         176.31.227.157
HTTP/1.1 204 No Content
Content-Type: image/gif
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: css=weborama:420951; Max-Age=25920000; Expires=Sun, 04 Nov 2018 15:00:33 GMT; Path=/; HTTPOnly c4d=rQOwBJIMGFpjd6qKVmu20bdJNtqqmwkb7xiP8dCA9SOC9L4N6mfNjrFg7k; Max-Age=25920000; Expires=Sun, 04 Nov 2018 15:00:33 GMT; Path=/; HTTPOnly
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"


--- Additional Info ---
                                        
                                            GET /js/adperf_publisher_api/13071801.js HTTP/1.1 
Host: cstatic.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://aimfar.solution.weborama.fr/fcgi-bin/external_tracking.fcgi?country=FR&r=506274
Cookie: AFFICHE_W=gR@5g7Pg1ACB78; _xttrk_all=1; _xttrk=1; _xttrk_ids=1; _xttrk_mpub=1; wousq=|_1515423633; wousq_sess=1

                                         
                                         93.184.221.133
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Date: Mon, 08 Jan 2018 15:00:33 GMT
Etag: "1836031769+gzip"
Expires: Mon, 15 Jan 2018 15:00:33 GMT
Last-Modified: Thu, 18 Jul 2013 15:09:12 GMT
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Server: ECAcc (arn/45CC)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5127


--- Additional Info ---
Magic:  gzip compressed data, from Unix, last modified: Thu Jul 18 17:09:12 2013
Size:   5127
Md5:    5db01bf157998c312e772149e6fe72e0
Sha1:   826c4ef80e19c2284bb5f6bd638b7b4504818927
Sha256: 36ebc206a721bdbc5d6bb4b992e75077c36e4f092df43381e041ff299e87a20a
                                        
                                            GET /fcgi-bin/dispatch.fcgi?d.A=cr&d.k=tradedesk_id&d.u=http%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3D44004e2%26ttd_tpi%3D1 HTTP/1.1 
Host: aimfar.solution.weborama.fr
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: AFFICHE_W=gR@5g7Pg1ACB78

                                         
                                         195.54.48.9
HTTP/1.1 302 Found
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Set-Cookie: AFFICHE_W=gR@5g7Pg1ACB78; path=/; expires=Wed, 11-Apr-2018 15:00:33 GMT; domain=.weborama.fr
Pragma: no-cache
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Location: http://cstatic.weborama.fr/weborama/images/transp.gif
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /getuidnb?http%3A%2F%2Fp.crm4d.com%2Fsync%2Fappnexus%2Fs.gif%3Fbounce%3D1%26uid%3D%24UID HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         185.33.223.198
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.13.4
Date: Mon, 08 Jan 2018 15:00:35 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: 92956a82-eed9-4b64-a2e3-7a0303a66fe1
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Tue, 09-Jan-2018 15:00:35 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 310.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.13:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /tags/graphinium_match.php HTTP/1.1 
Host: dmp.email-reflex.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         80.70.210.158
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.10.2
X-Server-IP: 80.70.210.158
Content-Length: 43
Accept-Ranges: bytes
Date: Mon, 08 Jan 2018 15:00:33 GMT
X-Varnish: 483982200
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    325472601571f31e1bf00674c368d335
Sha1:   2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
Sha256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
                                        
                                            GET /collect?dsp_id=0&eid=gR@5g7Pg1ACB HTTP/1.1 
Host: dx.bigsea.weborama.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         34.252.122.55
HTTP/1.1 302 Found
                                        
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Date: Mon, 08 Jan 2018 15:00:33 GMT
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
Location: http://dx.bigsea.weborama.com/collect?dsp_id=0&eid=gR%405g7Pg1ACB&bounced=1&rn=59575
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Pragma: no-cache
Server: nginx
Set-Cookie: wui=72CE2A74-6C71-32F5-A2D5-7748AC00BFD3; domain=weborama.com; path=/; expires=Sun, 08-Apr-2018 15:00:33 GMT
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /js/dn_iframe.js HTTP/1.1 
Host: asset.easydmp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         137.74.127.227
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Location: https://asset.easydmp.net/js/dn_iframe.js
Content-Length: 318
X-IPLB-Instance: 11620


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   318
Md5:    4b0439eeeb66502302ba16faf7acbb8c
Sha1:   927f22605e12e20b97213737ad68959399d4567e
Sha256: d391c7c3f59cd1ff89b866d4370c1eaf3218bad2b2f447c00885f2bc968b4175
                                        
                                            GET /cookie/get?pid=24 HTTP/1.1 
Host: track.effitarget.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         185.44.142.4
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Transfer-Encoding: chunked
Cache-Control: cache-control, expires, gmt, must-revalidate, no-cache, nov, wed, private
Date: Mon, 08 Jan 2018 15:00:33 GMT


--- Additional Info ---
Magic:  PNG image, 1 x 1, 1-bit colormap, non-interlaced
Size:   95
Md5:    71a50dbba44c78128b221b7df7bb51f1
Sha1:   0ec63b140374ba704a58fa0c743cb357683313dd
Sha256: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
                                        
                                            POST / HTTP/1.1 
Host: tg.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1449
Content-Transfer-Encoding: binary
Cache-Control: max-age=401930, public, no-transform, must-revalidate
Last-Modified: Sat, 6 Jan 2018 06:36:08 GMT
Expires: Sat, 13 Jan 2018 06:36:08 GMT
Date: Mon, 08 Jan 2018 15:00:33 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1449
Md5:    5af812ee27f8cdbb54caeb15a25d2fb4
Sha1:   546100e21dc5429141bc0a08b62ff191e844201f
Sha256: 1d00006a5e51dd3620edceb7820cc652732fae5054add494838ae8ff10c4c478
                                        
                                            GET /collect?dsp_id=0&eid=gR%405g7Pg1ACB&bounced=1&rn=59575 HTTP/1.1 
Host: dx.bigsea.weborama.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: wui=72CE2A74-6C71-32F5-A2D5-7748AC00BFD3

                                         
                                         34.252.122.55
HTTP/1.1 204 No Content
                                        
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Date: Mon, 08 Jan 2018 15:00:33 GMT
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: Mon, 08 Jan 2018 15:00:33 GMT
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Pragma: no-cache
Server: nginx
Set-Cookie: wui=72CE2A74-6C71-32F5-A2D5-7748AC00BFD3; domain=weborama.com; path=/; expires=Sun, 08-Apr-2018 15:00:33 GMT wam-sync=ok; domain=weborama.com; path=/; expires=Mon, 15-Jan-2018 15:00:33 GMT
Connection: keep-alive


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         195.159.219.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "CDEDE49CA046D585FE1929CD0964CC883B8591276D086F62E725E5B2A5AC6EBF"
Last-Modified: Sun, 07 Jan 2018 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=22961
Expires: Mon, 08 Jan 2018 21:23:14 GMT
Date: Mon, 08 Jan 2018 15:00:33 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    5c52ff1cf536fba94fba8d2445854e36
Sha1:   72c419f912cd2dda32fbfaadb896e2c522052bc0
Sha256: cdede49ca046d585fe1929cd0964cc883b8591276d086f62e725e5b2a5ac6ebf
                                        
                                            GET /401736.gif?partner_uid=FB0FcVHk9u8loii9eWF5TO HTTP/1.1 
Host: idsync.rlcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         52.4.17.72
HTTP/1.1 302 Found
Content-Type: image/gif; charset=ISO-8859-1
                                        
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://idsync.rlcdn.com/401736.gif?partner_uid=FB0FcVHk9u8loii9eWF5TO&redirect=1
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
Set-Cookie: ck1=ck1;Domain=.rlcdn.com;Expires=Sat, 07-Jul-2018 15:00:30 GMT
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /oz/feeds/weborama/tokens?pk=JQXH-IBB29RJW&afu=FB0FcVHk9u8loii9eWF5TO HTTP/1.1 
Host: tap.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         107.22.238.227
HTTP/1.1 302 Found
Content-Type: text/plain; charset=UTF-8
                                        
Cache-Control: private
Date: Mon, 08 Jan 2018 15:00:32 GMT
Location: https://token.rubiconproject.com/token?pid=33528&puid=FB0FcVHk9u8loii9eWF5TO&p=1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: tRP
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Tue, 08-Jan-2019 15:00:33 GMT; Path=/ au=JC6C3R36-HWXB-10.41.131.170; Domain=.rubiconproject.com; Expires=Tue, 08-Jan-2019 15:00:33 GMT; Path=/ dq=1|1|0|0; Expires=Tue, 08-Jan-2019 15:00:33 GMT; Path=/
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /getuid?url=http%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D HTTP/1.1 
Host: sync.smartadserver.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         185.86.139.29
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Location: https://sync.smartadserver.com:443/getuid?url=http%3a%2f%2fp.crm4d.com%2fsync%2fsas%2fs.gif%3fbounce%3d1%26uid%3d%5bsas_uid%5d&cklb=1
Set-Cookie: TestIfCookie=ok; domain=smartadserver.com; path=/ TestIfCookieP=ok; domain=smartadserver.com; expires=Fri, 08-Feb-2019 15:00:33 GMT; path=/ pbw=%24b%3d12036%3b%24o%3d11061; domain=smartadserver.com; expires=Fri, 08-Feb-2019 15:00:33 GMT; path=/
Date: Mon, 08 Jan 2018 15:00:33 GMT
Content-Length: 254


--- Additional Info ---
Magic:  HTML document text
Size:   254
Md5:    f822f5831197c831b1fcc7fc2b7b2db7
Sha1:   d6ab1b27b3cabb5a1d85d84b84a7f739835abbe1
Sha256: a104187d578df4fc74241f0b6eff7f35b3565fdd82935d759322385acce10282
                                        
                                            GET /401736.gif?partner_uid=FB0FcVHk9u8loii9eWF5TO&redirect=1 HTTP/1.1 
Host: idsync.rlcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: ck1=ck1

                                         
                                         52.4.17.72
HTTP/1.1 200 OK
Content-Type: image/gif; charset=ISO-8859-1
                                        
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
Set-Cookie: rlas3=0JuDEpvBdsoLElcF675Ub1jH0u/IZvLlQBXhLrz53Q4=;Domain=.rlcdn.com;Expires=Sat, 07-Jul-2018 15:00:32 GMT rtn1-z=IaPVs8VHz+To6d/1fHHeiBnqdU8E0GPtW0HmgKLwSrI=;Domain=.rlcdn.com;Expires=Sat, 07-Jul-2018 15:00:33 GMT
Content-Length: 43
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    6d22e4f2d2057c6e8d6fab098e76e80f
Sha1:   b80b11203d97fe01c5597ca3be70406ea48f5709
Sha256: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Mon, 08 Jan 2018 15:00:33 GMT
Etag: "5a532e66-1d7"
Expires: Wed, 10 Jan 2018 15:00:33 GMT
Last-Modified: Mon, 08 Jan 2018 08:40:06 GMT
Server: ECS (arn/4692)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    4b4546191d03215f2c5cb59cb632f502
Sha1:   fea9984cf92439622c274f06145d41a9a99a9aa5
Sha256: f8d91f30ab49c779dbb409cd419bbb2eda729f190c4dcf24cd62e61e7875b39d
                                        
                                            GET /js/dn_iframe.js HTTP/1.1 
Host: asset.easydmp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         137.74.127.227
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 08 Jan 2018 08:45:48 GMT
Etag: "206a-5623fd31e6700-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,P3P
Content-Encoding: gzip
P3P: CP="ALL DSP COR CURa ADMa PSAa PSDa OUR NOR UNI"
Cache-Control: max-age=900, s-maxage=900, public
Content-Length: 3356
X-IPLB-Instance: 11621


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3356
Md5:    6c5d25cb7e0ed3b3d9384b49c7330111
Sha1:   b3478d2e86de32abc9c2624bfd742297adf1f2a8
Sha256: 5efe8ad1fbd52c6119cd5689501e821fa54871954b93b22ce7331eb0600dbafe
                                        
                                            GET /getuid?url=http%3a%2f%2fp.crm4d.com%2fsync%2fsas%2fs.gif%3fbounce%3d1%26uid%3d%5bsas_uid%5d&cklb=1 HTTP/1.1 
Host: sync.smartadserver.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: TestIfCookie=ok; TestIfCookieP=ok; pbw=%24b%3d12036%3b%24o%3d11061

                                         
                                         185.86.139.29
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Location: http://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=6429869859851470357
Set-Cookie: pid=6429869859851470357; domain=smartadserver.com; expires=Fri, 08-Feb-2019 15:00:33 GMT; path=/ pdomid=21; domain=smartadserver.com; expires=Fri, 08-Feb-2019 15:00:33 GMT; path=/
Date: Mon, 08 Jan 2018 15:00:33 GMT
Content-Length: 187


--- Additional Info ---
Magic:  HTML document text
Size:   187
Md5:    677394b135500242b3a51795fbd362a4
Sha1:   30bcd653bbe00c5bf7105b89b24808b6e34ff548
Sha256: c43ae1d6fadb52fee88bd866ba2d6bee98f2f16eee96b244b7e6b7a9c68cdfde
                                        
                                            GET /client_iframe.html?t=210476 HTTP/1.1 
Host: asset.easydmp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html

                                         
                                         137.74.127.227
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 08 Jan 2018 08:45:48 GMT
Etag: "519d-5623fd31e6700-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,P3P
Content-Encoding: gzip
P3P: CP="ALL DSP COR CURa ADMa PSAa PSDa OUR NOR UNI"
Cache-Control: max-age=900, s-maxage=900, public
Content-Length: 6553
X-IPLB-Instance: 11621


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6553
Md5:    d7a83c394a81f185e58de918e4b16658
Sha1:   6ac47215c089761988c74f8390dd5a78e0a35d7b
Sha256: 0d4de47785b9989dd9a2b38d237ba5eb5c7ce3d9ba8c4c137883d85f14cae53b
                                        
                                            GET /sync/sas/s.gif?bounce=1&uid=6429869859851470357 HTTP/1.1 
Host: p.crm4d.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: c4d=rQOwBJIMGFpjd6qKVmu20bdJNtqqmwkb7xiP8dCA9SOC9L4N6mfNjrFg7k; ls=1515423633; css=weborama:420951

                                         
                                         176.31.227.157
HTTP/1.1 204 No Content
Content-Type: image/gif
                                        
Server: nginx
Date: Mon, 08 Jan 2018 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: css=weborama:420951,sas:420951; Max-Age=25920000; Expires=Sun, 04 Nov 2018 15:00:33 GMT; Path=/; HTTPOnly c4d=rQOwBJIMGFpjd6qKVmu20bdJNtqqmwkb7xiP8dCA9SOC9L4N6mfNjrFg7k; Max-Age=25920000; Expires=Sun, 04 Nov 2018 15:00:33 GMT; Path=/; HTTPOnly
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"


--- Additional Info ---
                                        
                                            GET /token?pid=33528&puid=FB0FcVHk9u8loii9eWF5TO&p=1 HTTP/1.1 
Host: token.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cstatic.weborama.fr/iframe/external_all.html
Cookie: cd=false; au=JC6C3R36-HWXB-10.41.131.170

                                         
                                         213.19.162.36
HTTP/1.1 204
                                        
P3P: P="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: ad716e830d655696ea6ad4c6d97f9d00
Set-Cookie: khaos=JC6C3RIU-L-F1P6; Domain=.rubiconproject.com; Expires=Tue, 08-Jan-2019 15:00:33 GMT; Path=/
Date: Mon, 08 Jan 2018 15:00:33 GMT
Server: Rubicon Project


--- Additional Info ---
                                        
                                            GET /etag.php HTTP/1.1 
Host: asset.easydmp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cache-Control: only-if-cached
Referer: https://asset.easydmp.net/client_iframe.html?t=210476