Overview

URL www.401xd.download/
IP173.194.222.121
ASNAS15169 Google Inc.
Location United States
Report completed2017-08-13 08:10:57 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-08-13 2 www.401xd.download/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 173.194.222.121

Date UQ / IDS / BL URL IP
2017-08-20 22:08:12 +0200
0 - 0 - 2 www.phongthuyviet.com.vn/2015/10/nha-bep-tu-b (...) 173.194.222.121
2017-08-20 22:07:45 +0200
0 - 0 - 1 www.pecintaalam.org/search/label/Goa?updated- (...) 173.194.222.121
2017-08-20 21:47:02 +0200
0 - 0 - 4 www.deutschfuraraber.com/2016/04/glossar-berl (...) 173.194.222.121
2017-08-20 20:40:41 +0200
0 - 0 - 3 www.bordaymascomplementosinfantiles.com/2015_ (...) 173.194.222.121
2017-08-20 19:07:38 +0200
0 - 0 - 2 www.reommark.com/2017/06 173.194.222.121
2017-08-20 18:23:01 +0200
0 - 0 - 1 www.halenze.com/2013/03/fellah-koftesi.html 173.194.222.121
2017-08-20 17:56:03 +0200
0 - 0 - 5 www.jiujitsuesportivo.com/2012/08/tattoo-de-j (...) 173.194.222.121
2017-08-20 17:47:19 +0200
0 - 1 - 0 www.seputarinstagram.top/ 173.194.222.121
2017-08-20 17:44:17 +0200
0 - 0 - 3 www.ajirampya.com/2017/03/nafasi-za-kazi-air- (...) 173.194.222.121
2017-08-18 20:53:40 +0200
0 - 0 - 3 www.botapratocar.com/2015/02/marcelo-perdido- (...) 173.194.222.121

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2017-08-23 01:02:24 +0200
0 - 2 - 1 health.rawangpost.com/2015/06/15-cara-menggal (...) 216.58.209.147
2017-08-23 00:56:20 +0200
0 - 0 - 1 onlinewebappvalidationupdate.sitey.me/ 107.178.211.45
2017-08-23 00:51:06 +0200
0 - 0 - 0 https://www.google.com/appserve/mkt/p/ANyC23K (...) 216.58.209.132
2017-08-23 00:50:03 +0200
0 - 0 - 2 muchacreatividad.com/ 216.239.34.21
2017-08-23 00:39:01 +0200
0 - 0 - 4 www.xoxotaspeludinhas.blogspot.com/search/lab (...) 216.58.209.129
2017-08-23 00:38:27 +0200
0 - 1 - 2 girlteenmovs.blogspot.no/search/label/Del 216.58.209.129
2017-08-23 00:38:16 +0200
0 - 0 - 3 www.berita-mediasemasa.blogspot.kr/2014/12/ti (...) 216.58.209.129
2017-08-23 00:38:16 +0200
0 - 0 - 5 www.furrymenlover.blogspot.com/search/label/2 (...) 216.58.209.129
2017-08-23 00:38:10 +0200
0 - 0 - 3 www.overshadowoversight2110.blogspot.it/searc (...) 216.58.209.129
2017-08-23 00:38:05 +0200
0 - 0 - 3 www.littlemoonn.blogspot.com/search/label/lau (...) 216.58.209.129

No other reports on domain: .



JavaScript

Executed Scripts (61)


Executed Evals (3)

#1 JavaScript::Eval (size: 365, repeated: 2) - SHA256: 7fabfdc682f8cbf7fa5c2809f318d4543dd8490da5034f035f0f74da22f09ddd

                                        (function v(a, d) {

    function b() {
        d ? c.open() : c.open("text/html", "replace");
        c.write(f);
        e.__rendered__ = true;
    }

    var f = a.getAttribute("data-contents"),
        e = a.contentWindow,
        c = e.document,
        k = e.setTimeout; - 1 == a.offsetHeight ||
        e.__rendered__ || (e.__rendered__ = true, d ? b() : k(b, 0));
})(this, false)
                                    

#2 JavaScript::Eval (size: 25, repeated: 16) - SHA256: c18bd34dd263b8b79523392ddeb354cbf33324348b758ad6ff0f7f28036a99d8

                                        ({
    "googMsgType": "adpnt"
})
                                    

#3 JavaScript::Eval (size: 138, repeated: 16) - SHA256: 754357005e990934545a1b8d5a28a1c5373bde7557bcd036afb5acfafe28846f

                                        ({
    "msg_type": "resize-me",
    "key_value": [{
        "key": "r_nh",
        "value": "0"
    }, {
        "key": "qid",
        "value": "CLnk_bfG09UCFZRIGAodRvkMrw"
    }],
    "googMsgType": "sth"
})
                                    

Executed Writes (15)

#1 JavaScript::Write (size: 0, repeated: 1) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    

#2 JavaScript::Write (size: 3663, repeated: 1) - SHA256: efbe3037cf2e6f0c5dc13c1f99a8dca88ec0641606278bcad5eb18f8da92bf09

                                        < !DOCTYPE html >
    < head >
    < title > Adform Toolkit Ad < /title>

<!-- Adform API Script -->
< script type = "text/javascript" > /*#import:common/import*/
    (window.components = window.components || [])
    /*#video.import:video/import.1*/
components.push('VideoPlayer')
    /*#/#*/
;
/*#/#*/
document.write('<script src="' + (window.API_URL || 'https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=' + Math.random()) + '"><\/script>'); < /script>

< style >
    body {
        background: # fff;
    } < /style>

<!--#css:common/css-->
< style >
    /*#video.css:video/globalcss.1*/
    .adform - video - container {
        background: #000;
    position: static;
}

.adform-video-container video,
.adform-video-container .adform-video-poster {
    position: absolute;
    top: 0;
    left: 0;
    width: 100%;
    height: 100%;
    background: # 000 no - repeat 50 % 50 % ;
    }

.no - other.adform - video - seek - bar,
    .no - other.adform - video - full - screen,
    .no - other.adform - video - rewind,
    .no - other.adform - video - stop {
        display: none;
    }
    .no - other.adform - video - sound {
        right: 0;
    }
    .no - other.adform - video - play - pause {
        right: 30 px;
        left: auto;
    }
    .no - play.adform - video - play - pause {
        display: none;
    }
    /*#/#*/
    /*#i2.i3.positioning.css:positioning/base/css.1*/
# i2 {
    position: absolute;top: 0 % ;left: 0 % ;overflow: hidden;width: 720 px;height: 600 px; - ms - transform: translate(0, 0) translate(-210 px, 0 px) rotate(0 deg); - webkit - transform: translate(0, 0) translate(-210 px, 0 px) rotate(0 deg); - moz - transform: translate(0, 0) translate(-210 px, 0 px) rotate(0 deg);
    transform: translate(0, 0) translate(-210 px, 0 px) rotate(0 deg);
}
/*#/#*/
< /style>
<!--#/#--></head>
< body >
    <!--#html:common/html--><!--#i1.core.html:core/html--><!--#/#--><!--#i2.video.html:video/html.1-->
    < div id = "i2" > < /div>
    <!--#/#--><!--#/#--><!--#js:common/js-->
    < script >
    /*#i2.video.js:video/js.1*/
    (function() {
        var source = [{
            "file": dhtml.getAsset(1)
        }, {
            "file": ""
        }, {
            "file": ""
        }];

        var player = Adform.Component.VideoPlayer.create({
            sources: source,
            loop: true,
            muted: false,
            autoPlay: true,
            poster: "",
            clicktag: dhtml.getVar("backupClickURL", "https://www.polarnopyret.no/"),
            inview: false,
            theme: 'v2'
        });

        var videoContainer = document.getElementById("i2");

        if (player) {
            player.addClass("");
            player.appendTo(videoContainer);
        }

        function playVideo() {
            if (player.video.state !== 'playing') player.video.play();
        }

        function pauseVideo() {
            if (player.video.state === 'playing') player.video.pause();
        }

        function stopVideo() {
            if (player.video.state === 'playing') player.video.stop();
        }

        videoContainer.addEventListener('playVideo', playVideo);

        videoContainer.addEventListener('pauseVideo', pauseVideo);

        videoContainer.addEventListener('stopVideo', stopVideo);

        videoContainer.addEventListener('replayVideo', function() {
            player.video.seek(0);
            playVideo();
        });

        videoContainer.addEventListener('muteVideo', function() {
            player.video.mute(true);
        });

        videoContainer.addEventListener('unmuteVideo', function() {
            player.video.mute(false);
        });
    })();
/*#/#*/
< /script>
<!--#/#--><!--#meta:common/meta--><!--/*#i1.core.meta:core/meta*/version: 2;/*#/#*//*#i2.video.meta:video/meta.1*/
name: Video 1;
fileId_MP4: 1;
fileId_WEBM: ;
fileId_OGV: ;
clicktag: backupClickURL;
posterSourceType: ;
posterFileId: ;
/*#/#*/
/*#i2.i3.positioning.meta:positioning/meta.1*/
data: /*!*/ {
    "keepAspectRatio": true
} /*!*/ ;
/*#/#*/ --> <!--#/#--><script>document._finish();</script>
                                    

#3 JavaScript::Write (size: 500, repeated: 1) - SHA256: 168ee622538ea36731bcde776b41afe54fcaef0e124754251c16366268a9af1c

                                        < !DOCTYPE html > < title > ad < /title><base href='https:/ / s1.adformdsp.net / Banners / Elements / Files / 100490 / 2150438 / 0 - 6 Kampanj 300 x600 NO_main_asset / bvpath_1280 / '><script>try{parent.AdformWin33sjkunx8vw(window)}catch(ex){new Image().src='
https: //track.adform.net/jslog/?src=htmlcb&msg='+encodeURIComponent(''+(ex.stack||ex))}</script><script src='https://s1.adformdsp.net/Banners/Elements/Files/100490/2150438/0-6 Kampanj 300x600 NO_main_asset/2150438.js?ADFassetID=2150438&bv=1280' charset='UTF-8'></script>
                                    

#4 JavaScript::Write (size: 1627, repeated: 1) - SHA256: 0aa682067dbbca273d6d635f4662beedf9248a39fb1a78210070a05692d2fc0f

                                        < !doctype html > < html > < body > < iframe style = "display:none"
data - ad - client = "ca-pub-5607029690380960"
id = "google_esf"
name = "google_esf"
src = "https://googleads.g.doubleclick.net/pagead/html/r20170807/r20170110/zrt_lookup.html#" > < /iframe><script>google_ad_slot="5015538334";google_ad_client="ca-pub-5607029690380960";google_adsbygoogle_status="done";google_ad_width=200;google_ad_height=90;google_ad_modifications={"plle":true,"eids":[],"loeids":[]};google_loader_used="aa";google_reactive_tag_first=true;google_ad_format="";google_ad_unit_key="2073358624";google_ad_dom_fingerprint="807048394";google_show_ads_impl=true;google_unique_id=1;google_async_iframe_id="aswift_0";google_start_time=1502604625002;google_pub_vars="JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjI1MDE1NTM4MzM0JTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi01NjA3MDI5NjkwMzgwOTYwJTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EyMDAlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBOTAlMkMlMjJnb29nbGVfYWRfbW9kaWZpY2F0aW9ucyUyMiUzQSU3QiUyMnBsbGUlMjIlM0F0cnVlJTJDJTIyZWlkcyUyMiUzQSU1QiU1RCUyQyUyMmxvZWlkcyUyMiUzQSU1QiU1RCU3RCUyQyUyMmdvb2dsZV9sb2FkZXJfdXNlZCUyMiUzQSUyMmFhJTIyJTJDJTIyZ29vZ2xlX3JlYWN0aXZlX3RhZ19maXJzdCUyMiUzQXRydWUlMkMlMjJnb29nbGVfYWRfZm9ybWF0JTIyJTNBJTIyJTIyJTJDJTIyZ29vZ2xlX2FkX3VuaXRfa2V5JTIyJTNBJTIyMjA3MzM1ODYyNCUyMiUyQyUyMmdvb2dsZV9hZF9kb21fZmluZ2VycHJpbnQlMjIlM0ElMjI4MDcwNDgzOTQlMjIlN0Q=";google_bpp=21;google_async_rrc=0;google_iframe_start_time=new Date().getTime();</script > < script src = "http://pagead2.googlesyndication.com/pagead/js/r20170807/r20170110/show_ads_impl.js" > < /script></body > < /html>
                                    

#5 JavaScript::Write (size: 1437, repeated: 1) - SHA256: b7d0615f0170a2117f85fa540756289a14dd7ce8b12dbe162d1d5b0a3e7957a5

                                        < !doctype html > < html > < body > < script > google_ad_slot = "2129214331";
google_ad_client = "ca-pub-5607029690380960";
google_adsbygoogle_status = "done";
google_ad_width = 300;
google_ad_height = 600;
google_ad_modifications = {
    "plle": true,
    "eids": [],
    "loeids": []
};
google_loader_used = "aa";
google_reactive_tag_first = true;
google_ad_format = "300x600";
google_ad_unit_key = "99256137";
google_ad_dom_fingerprint = "807048394";
google_show_ads_impl = true;
google_unique_id = 2;
google_async_iframe_id = "aswift_1";
google_start_time = 1502604625701;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjIyMTI5MjE0MzMxJTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi01NjA3MDI5NjkwMzgwOTYwJTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EzMDAlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBNjAwJTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlNUQlMkMlMjJsb2VpZHMlMjIlM0ElNUIlNUQlN0QlMkMlMjJnb29nbGVfbG9hZGVyX3VzZWQlMjIlM0ElMjJhYSUyMiUyQyUyMmdvb2dsZV9yZWFjdGl2ZV90YWdfZmlyc3QlMjIlM0F0cnVlJTJDJTIyZ29vZ2xlX2FkX2Zvcm1hdCUyMiUzQSUyMjMwMHg2MDAlMjIlMkMlMjJnb29nbGVfYWRfdW5pdF9rZXklMjIlM0ElMjI5OTI1NjEzNyUyMiUyQyUyMmdvb2dsZV9hZF9kb21fZmluZ2VycHJpbnQlMjIlM0ElMjI4MDcwNDgzOTQlMjIlN0Q=";
google_bpp = 41;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20170807 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#6 JavaScript::Write (size: 1437, repeated: 1) - SHA256: 5d5fceae4f86f85a2a63fbeebc5d07b48c0f789e532d676ee0a2f6f9ff2fbc42

                                        < !doctype html > < html > < body > < script > google_ad_slot = "6559413933";
google_ad_client = "ca-pub-5607029690380960";
google_adsbygoogle_status = "done";
google_ad_width = 300;
google_ad_height = 600;
google_ad_modifications = {
    "plle": true,
    "eids": [],
    "loeids": []
};
google_loader_used = "aa";
google_reactive_tag_first = true;
google_ad_format = "300x600";
google_ad_unit_key = "483251890";
google_ad_dom_fingerprint = "807048394";
google_show_ads_impl = true;
google_unique_id = 3;
google_async_iframe_id = "aswift_2";
google_start_time = 1502604625749;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjI2NTU5NDEzOTMzJTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi01NjA3MDI5NjkwMzgwOTYwJTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EzMDAlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBNjAwJTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlNUQlMkMlMjJsb2VpZHMlMjIlM0ElNUIlNUQlN0QlMkMlMjJnb29nbGVfbG9hZGVyX3VzZWQlMjIlM0ElMjJhYSUyMiUyQyUyMmdvb2dsZV9yZWFjdGl2ZV90YWdfZmlyc3QlMjIlM0F0cnVlJTJDJTIyZ29vZ2xlX2FkX2Zvcm1hdCUyMiUzQSUyMjMwMHg2MDAlMjIlMkMlMjJnb29nbGVfYWRfdW5pdF9rZXklMjIlM0ElMjI0ODMyNTE4OTAlMjIlMkMlMjJnb29nbGVfYWRfZG9tX2ZpbmdlcnByaW50JTIyJTNBJTIyODA3MDQ4Mzk0JTIyJTdE";
google_bpp = 4;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20170807 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#7 JavaScript::Write (size: 1519, repeated: 1) - SHA256: 1a4fb684df240dbedf7ec148c4b3a66258fe06dc01e3505f790e947055d891f8

                                        < !doctype html > < html > < body > < script > google_reactive_ads_config = {};
google_ad_client = "ca-pub-5607029690380960";
google_adsbygoogle_status = "done";
google_ad_width = 0;
google_ad_height = 0;
google_loader_features_used = 256;
google_ad_modifications = {
    "plle": true,
    "eids": [],
    "loeids": []
};
google_loader_used = "aa";
google_reactive_tag_first = true;
google_ad_format = "0x0";
google_ad_unit_key = "1223701170";
google_ad_dom_fingerprint = "807048394";
google_show_ads_impl = true;
google_unique_id = 3;
google_async_iframe_id = "aswift_3";
google_start_time = 1502604625749;
google_pub_vars = "JTdCJTIyZ29vZ2xlX3JlYWN0aXZlX2Fkc19jb25maWclMjIlM0ElN0IlN0QlMkMlMjJnb29nbGVfYWRfY2xpZW50JTIyJTNBJTIyY2EtcHViLTU2MDcwMjk2OTAzODA5NjAlMjIlMkMlMjJnb29nbGVfYWRzYnlnb29nbGVfc3RhdHVzJTIyJTNBJTIyZG9uZSUyMiUyQyUyMmdvb2dsZV9hZF93aWR0aCUyMiUzQTAlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBMCUyQyUyMmdvb2dsZV9sb2FkZXJfZmVhdHVyZXNfdXNlZCUyMiUzQTI1NiUyQyUyMmdvb2dsZV9hZF9tb2RpZmljYXRpb25zJTIyJTNBJTdCJTIycGxsZSUyMiUzQXRydWUlMkMlMjJlaWRzJTIyJTNBJTVCJTVEJTJDJTIybG9laWRzJTIyJTNBJTVCJTVEJTdEJTJDJTIyZ29vZ2xlX2xvYWRlcl91c2VkJTIyJTNBJTIyYWElMjIlMkMlMjJnb29nbGVfcmVhY3RpdmVfdGFnX2ZpcnN0JTIyJTNBdHJ1ZSUyQyUyMmdvb2dsZV9hZF9mb3JtYXQlMjIlM0ElMjIweDAlMjIlMkMlMjJnb29nbGVfYWRfdW5pdF9rZXklMjIlM0ElMjIxMjIzNzAxMTcwJTIyJTJDJTIyZ29vZ2xlX2FkX2RvbV9maW5nZXJwcmludCUyMiUzQSUyMjgwNzA0ODM5NCUyMiU3RA==";
google_bpp = 2134;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20170807 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#8 JavaScript::Write (size: 86, repeated: 1) - SHA256: be0c0d86345c40de83790ea4461047c1327efd0907b14d2af9f41634ceb6678e

                                        < div id = "+ADFP1x"
style = "width:300px;height:600px;" > < /div><i style="display:none"></i >
                                    

#9 JavaScript::Write (size: 1207, repeated: 1) - SHA256: c2c55b2d31fea7f068495fda9c873995be0ddfa21a2d713d03e02a3c4d357e90

                                        < iframe id = "google_ads_frame1"
name = "google_ads_frame1"
width = "200"
height = "90"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&amp;output=html&amp;h=90&amp;slotname=5015538334&amp;adk=2073358624&amp;adf=807048394&amp;w=200&amp;lmt=1502474015&amp;ea=0&amp;flash=10.0.45&amp;url=http%3A%2F%2Fwww.401xd.download%2F&amp;wgl=0&amp;dt=1502604625002&amp;bpp=21&amp;fdt=39&amp;idt=231&amp;shv=r20170807&amp;cbv=r20170110&amp;saldr=aa&amp;correlator=8271961973463&amp;frm=20&amp;ga_vid=1886313333.1502604624&amp;ga_sid=1502604625&amp;ga_hid=1848356223&amp;ga_fc=0&amp;pv=2&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=131&amp;ady=88&amp;biw=1159&amp;bih=754&amp;abxe=1&amp;eid=575144605&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=784&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=1&amp;dtd=265"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#10 JavaScript::Write (size: 1254, repeated: 1) - SHA256: 06f1f938a9d2458fc30ab18db87a3fe139b90bb2dd92f6ea72942ab2e32989f8

                                        < iframe id = "google_ads_frame2"
name = "google_ads_frame2"
width = "300"
height = "600"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&amp;format=300x600&amp;output=html&amp;h=600&amp;slotname=2129214331&amp;adk=99256137&amp;adf=807048394&amp;w=300&amp;lmt=1502474015&amp;ea=0&amp;flash=10.0.45&amp;url=http%3A%2F%2Fwww.401xd.download%2F&amp;wgl=0&amp;dt=1502604625701&amp;bpp=41&amp;fdt=46&amp;idt=217&amp;shv=r20170807&amp;cbv=r20170110&amp;saldr=aa&amp;prev_slotnames=5015538334&amp;correlator=8271961973463&amp;frm=20&amp;ga_vid=1886313333.1502604624&amp;ga_sid=1502604625&amp;ga_hid=1848356223&amp;ga_fc=0&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=0&amp;ady=18&amp;biw=1159&amp;bih=754&amp;abxe=1&amp;eid=575144605&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=784&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=2&amp;dtd=264"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#11 JavaScript::Write (size: 1279, repeated: 1) - SHA256: cd8857912d47ec00f1558ac8dcb9032f8db37078a2b58e71b5cf8c06bc88b496

                                        < iframe id = "google_ads_frame3"
name = "google_ads_frame3"
width = "300"
height = "600"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&amp;format=300x600&amp;output=html&amp;h=600&amp;slotname=6559413933&amp;adk=483251890&amp;adf=807048394&amp;w=300&amp;lmt=1502474015&amp;ea=0&amp;flash=10.0.45&amp;url=http%3A%2F%2Fwww.401xd.download%2F&amp;wgl=0&amp;dt=1502604625749&amp;bpp=4&amp;fdt=251&amp;idt=337&amp;shv=r20170807&amp;cbv=r20170110&amp;saldr=aa&amp;prev_fmts=300x600&amp;prev_slotnames=5015538334&amp;correlator=8271961973463&amp;frm=20&amp;ga_vid=1886313333.1502604624&amp;ga_sid=1502604625&amp;ga_hid=1848356223&amp;ga_fc=0&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=859&amp;ady=18&amp;biw=1159&amp;bih=754&amp;abxe=1&amp;eid=575144605&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=784&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=3&amp;dtd=379"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#12 JavaScript::Write (size: 141, repeated: 1) - SHA256: c2137ffe08aeaf74be9066e24baaf52bd4090c97760954cab7619dc2afc0b1ed

                                        < script src = "https://s1.adformdsp.net/banners/scripts/components/Adform.VideoPlayer.js?bv=1280" > < /script><script>document._finish();</script >
                                    

#13 JavaScript::Write (size: 127, repeated: 1) - SHA256: ac286a24bdb98a0c8b8a9d70166cb41e000b3c9aea9315d81e18afcba2c95283

                                        < script src = "https://s1.adformdsp.net/banners/scripts/rmb/Adform.DHTML.js?bv=599" > < /script><script>document._finish();</script >
                                    

#14 JavaScript::Write (size: 111, repeated: 1) - SHA256: d903bdb88b19efc82505eb5864c559540b01cb6333ad67ed0efa11b092289a96

                                        < script type = "text/javascript"
src = "https://s1.adformdsp.net/stoat/599/s1.adformdsp.net/bootstrap.js" > < /script>
                                    

#15 JavaScript::Write (size: 905, repeated: 1) - SHA256: f41171d0c5b0f4b46d0f26396442e5a3bc926531467428ff23c42c4a61be5c08

                                        < script type = "text/javascript"
src = "https://server.adformdsp.net/adfserve/?CC=1&bn=18977408;rtbwp=WY_tUgAEdDQKGFlFAAvnjcW-7sM4gV6Hee-SSA;rtbdata=sFfkCKowzueRAt-YSIKxyt6LA-OUo2ByEr7Il-60QdaQIIUbGKfEoXGSX0P4P2FHeItKGCx4vxP7PqGXWDqE7eHcswNYOsjho0Wt9eNT4AW0wRpAucJuSimJ_IU6mQ8yoaWiyEmAAY2BzD27YP3AzsN4iOtIBxgX0;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ0CGUu2PWbToEcWyYY3Pr4AP4t6Cw0S-0LiF5QLAjbcBEAEgAGDD3KSFmBiCARdjYS1wdWItNTYwNzAyOTY5MDM4MDk2MMgBCakCvGttycVVhT6oAwGqBH9P0Mn8vb9pBqGW3xL2WR9TSf1yzrCNJLq7MCWp-nsdnxA6JjSRNdGZVqSklLZjsv2GiICqkcl1tqRfkRw3jMf1ORyIGDDSBOVr2GSaXkrkF8Q2QtelBQlQa3SYg6ms2DSUfoULQB3Vtcd-fFbeArrc5RiZvU15J8bib6LnLVG6gAaRk9Siic_7k2OgBiGoB6a-G9gHANIIBQiAYRAB&num=1&sig=AOD64_3wx5speO6_uZw-PvhdS9_Rw5NPGQ&client=ca-pub-5607029690380960&adurl=;js=1;adfxid=1x;8013;set=en-US|en-US|1176X885|10.0452|300|600|24|8|3|7|1&CREFURL=http%3A%2F%2Fwww.401xd.download%2F" > < /script>
                                    


HTTP Transactions (71)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: www.401xd.download
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.211.147
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Sun, 13 Aug 2017 06:10:23 GMT
Date: Sun, 13 Aug 2017 06:10:23 GMT
Cache-Control: private, max-age=0
Last-Modified: Fri, 11 Aug 2017 17:53:35 GMT
Etag: W/"229f2bc2628d625d8ee1364386be06b7e963c4e5b601235140c5b1f3a715adac"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 18016
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   18016
Md5:    7f4ef716ef2fcc3db79203478b0c2311
Sha1:   381ec57f2f51f435ff770e486a2762c3a3d3a900
Sha256: 6ea761aefab9d8136f649855eb218f72e77b43c7d8b6049b669b7f3e87d6b0ec

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 4901655252853110298
Date: Sun, 13 Aug 2017 05:39:02 GMT
Expires: Sun, 13 Aug 2017 06:39:02 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 21600
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 1881


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   21600
Md5:    5a04ff9702bd2b9ed2b39daa05ffcabc
Sha1:   57f0c4433f839434629eeec48d7771a2d13380c5
Sha256: cc37c8b1bd124fe3cbd93b0695e8bca1b046d72bc7e3986a23e9c41936362c9e
                                        
                                            GET /-9MWyoN5VsJM/TivTpPyUuhI/AAAAAAAABL0/ldO739MTRBg/s1600/close3.png HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.129
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v4bd"
Expires: Sun, 13 Aug 2017 02:34:12 GMT
Content-Disposition: inline;filename="close3.png"
Vary: Origin
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sun, 13 Aug 2017 06:10:23 GMT
Server: fife
Content-Length: 444
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 0


--- Additional Info ---
Magic:  PNG image, 49 x 13, 8-bit colormap, non-interlaced
Size:   444
Md5:    736da427214c62c2e92fc72331ad249c
Sha1:   69a835f61eec16aa65ac45d31269598024a40f2d
Sha256: 8e1d0d3cad5635719f9d77ca01f78147bff9d1900ba68e3e1fcab0af351fee17
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:23 GMT
Expires: Thu, 17 Aug 2017 06:10:23 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    690d4e950aabcc1ce6ccaff7622cbb0e
Sha1:   94507398aac6f045332e508e0b0fa621758dab09
Sha256: ff8180fa9dcf71fc32f770d6630a914224c7e281e48e71c03efda843aa729272
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1390
Content-Transfer-Encoding: binary
Cache-Control: max-age=442590, public, no-transform, must-revalidate
Last-Modified: Fri, 11 Aug 2017 09:05:56 GMT
Expires: Fri, 18 Aug 2017 09:05:56 GMT
Date: Sun, 13 Aug 2017 06:10:23 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1390
Md5:    6e41d8ae633c12ff014b571741af0fe1
Sha1:   b83f29a7f1d6c0cf9fb0b92adf8b42d085e0c43a
Sha256: 4f40467a73a3f4f41b3750ff9414f5bc4cc834b4dd7ea1f2627f30f45b21f84f
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:24 GMT
Expires: Thu, 17 Aug 2017 06:10:24 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    c5acda912fe025e227833c05483194d1
Sha1:   f0e780cd151ac0a6a5542bfc568bf7b88a58a29a
Sha256: ba4a78f5ee76331c2b82980ff17dae2006c811f600cd9eac3cba44db0c8a9644
                                        
                                            GET /static/v1/widgets/2258130529-css_bundle_v2.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.137
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9576
Date: Fri, 04 Aug 2017 13:24:01 GMT
Expires: Sat, 04 Aug 2018 13:24:01 GMT
Last-Modified: Fri, 04 Aug 2017 10:41:42 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 751583
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   9576
Md5:    536b70e38642be9c6ef5d4202483b9c2
Sha1:   e16985cd997f303890b8545a7e498faf3d6f5c76
Sha256: ab9f49ccdf7cab89a21166df91deb2172e9c1d9b11ce4e8fa2e7446da12360b1
                                        
                                            GET /static/v1/widgets/2582377541-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.137
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 42897
Date: Tue, 08 Aug 2017 01:00:28 GMT
Expires: Wed, 08 Aug 2018 01:00:28 GMT
Last-Modified: Mon, 07 Aug 2017 23:56:11 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 450596
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   42897
Md5:    b38bf92a0c9bb6cb738e3716dcd4e051
Sha1:   3ef3568edf184dd64cc58ded50393b12ef7d887a
Sha256: 506ea2e8c73328d4339ed68ffe7a91851475636a78d0bbec42d1ff4989f3cba6
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:24 GMT
Expires: Thu, 17 Aug 2017 06:10:24 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    596a29e252577a2d8031b342e42361cf
Sha1:   59d830e03307eea34c70224fdd40dc91ce5e7ed1
Sha256: a876127088860f61d6beb031ddf2c6ac593a0e9be3b58e67037e1fd7aa0586c3
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:24 GMT
Expires: Thu, 17 Aug 2017 06:10:24 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    88141c63c352ca742c5b629730b45893
Sha1:   3301bc486f109bf98fdf45a815d3b953afb5dcca
Sha256: 5af694cbf2deb11f62ceadf0df0969d5af69b6f0f447098e2ab30dcc3f9429b9
                                        
                                            GET /img/icon18_wrench_allbkg.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 475
Date: Wed, 09 Aug 2017 19:36:19 GMT
Expires: Wed, 16 Aug 2017 19:36:19 GMT
Last-Modified: Wed, 09 Aug 2017 02:17:39 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 297245
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  PNG image, 18 x 18, 8-bit colormap, non-interlaced
Size:   475
Md5:    f617effe6d96c15acfea8b2e8aae551f
Sha1:   6d676af11ad2e84b620cce4d5992b657cb2d8ab6
Sha256: d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Sun, 13 Aug 2017 04:50:02 GMT
Expires: Sun, 13 Aug 2017 06:50:02 GMT
Last-Modified: Tue, 01 Aug 2017 03:25:32 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 13249
Cache-Control: public, max-age=7200
Age: 4822
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   13249
Md5:    bba76bf50b45d005190ee3000d6deb86
Sha1:   6246a684a2d0ed18eb8946b56db1f328b688693a
Sha256: 6013ebd6cca20acf12020e8b8318d68ff4ae18aa392a6e4d9a4a468326acb02c
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.401xd.download
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.211.147
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Expires: Sun, 13 Aug 2017 06:10:24 GMT
Date: Sun, 13 Aug 2017 06:10:24 GMT
Cache-Control: private, max-age=86400
Last-Modified: Fri, 11 Aug 2017 17:53:35 GMT
Etag: W/"229f2bc2628d625d8ee1364386be06b7e963c4e5b601235140c5b1f3a715adac"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 603
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   603
Md5:    e72d26bd836962e3de2dbb6821de6eb7
Sha1:   a45d4d913caa3ad1ba50c3f3343ef89d4caf3cd6
Sha256: 1fc2b74cb7665dc98af2cf5f86622627d79aaf78369cc30476bd53e7cf74ae4e
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=8669907050542165260&zx=fd964b94-1bd5-46b6-9817-17e89702fd7a HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.137
HTTP/1.1 200 OK
Content-Type: text/css; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Cache-Control: private, max-age=1800
Pragma: no-cache
Expires: Sun, 13 Aug 2017 06:10:24 GMT
Date: Sun, 13 Aug 2017 06:10:24 GMT
Last-Modified: Sun, 13 Aug 2017 06:10:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   21
Md5:    b9afc501fc43fbea335a2dc5d43263a1
Sha1:   7290a2dd6afbf39ecfc35b52dfb32a38fc222994
Sha256: d6e425ca7840c0ab6f26f5fc2822a47e26b4a8bbd104468a9c185bc132b8662f
                                        
                                            GET /js/plusone.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Timing-Allow-Origin: *
Etag: "6cecf206908d58fdc0a655ebc3b28890"
Expires: Sun, 13 Aug 2017 06:10:24 GMT
Date: Sun, 13 Aug 2017 06:10:24 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
Strict-Transport-Security: max-age=31536000
P3P: CP="This is not a P3P policy! See https://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K;Domain=.google.com;Path=/;Expires=Mon, 12-Feb-2018 06:10:24 GMT;HttpOnly
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   16669
Md5:    c1d3d2e3d2eb88e4bf20c57f65158975
Sha1:   b10ca2c4c20efa3684da9000bb6e88bd67adfb45
Sha256: f3c9bb7ce540596af42014587beb87e52309411bd73a0653a0310b0f4ee33acb
                                        
                                            GET /pagead/js/r20170807/r20170110/show_ads_impl.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 10445365074379314862
Date: Sun, 13 Aug 2017 06:10:25 GMT
Expires: Sun, 13 Aug 2017 06:10:25 GMT
Cache-Control: private, max-age=1209600
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 68532
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   68532
Md5:    f62adca1749234d52291df629d8b8e1e
Sha1:   bb2a97b71dfc8b702d276c911b39f3578cdc805e
Sha256: 99f70cd5d5ee068d231da8118bf2370dd410e82a453302f81deece63d8278480
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:25 GMT
Server: Apache
Last-Modified: Sat, 12 Aug 2017 22:47:48 GMT
Expires: Sat, 19 Aug 2017 22:47:48 GMT
Etag: 788F5B439E35B92A33941B732FD91E06D8B35B7E
Cache-Control: max-age=577642,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp16
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    d5e0b0315b1ed337dcea41bac9b2df3b
Sha1:   788f5b439e35b92a33941b732fd91e06d8b35b7e
Sha256: 9534a4c0543397db16d12cab89ca134ee3e3ed4729270e60c463e11f44c340b4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:25 GMT
Server: Apache
Last-Modified: Sat, 12 Aug 2017 22:05:35 GMT
Expires: Sat, 19 Aug 2017 22:05:35 GMT
Etag: 594F74EA1C0B7DE453C91D12234C01251FC5B212
Cache-Control: max-age=575109,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp16
Content-Length: 727
Connection: close


--- Additional Info ---
Magic:  data
Size:   727
Md5:    a14f2107adf7693cf0d1195fa455ee81
Sha1:   594f74ea1c0b7de453c91d12234c01251fc5b212
Sha256: 5e2f5fa7515c73336da1ae68eb3309eacfa314d9442d9d7ce6626d2660164507
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:25 GMT
Server: Apache
Last-Modified: Sat, 12 Aug 2017 22:05:35 GMT
Expires: Sat, 19 Aug 2017 22:05:35 GMT
Etag: E31ED0B6BA66B8450D0522FEE6FBA87DD8C262DC
Cache-Control: max-age=575109,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp16
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    8488a7147dd072c12d26d77af9e1e7a0
Sha1:   e31ed0b6ba66b8450d0522fee6fba87dd8c262dc
Sha256: a03d55ccb4ade68e7a550f4c15c9690b7324da6373e28b02a5bd74737d72c3d8
                                        
                                            GET /-sgXN8os2_xA/WUbOn7fYb6I/AAAAAAAAORw/0zOrk-R9BAw-VokKG5wqccQOFbauI5XzgCLcBGAs/s640/Reinventing%2BBusiness%2BIntelligence%2Band%2BBig%2BData%2BAnalytics.PNG HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.129
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v391d"
Expires: Mon, 14 Aug 2017 06:10:24 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Reinventing Business Intelligence and Big Data Analytics.PNG"
Vary: Origin
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sun, 13 Aug 2017 06:10:24 GMT
Server: fife
Content-Length: 46095
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  PNG image, 640 x 194, 8-bit/color RGB, non-interlaced
Size:   46095
Md5:    595a178abdb385c9d2a477143565bedd
Sha1:   050294ecdf5a02412f51ab87393027f554b2702d
Sha256: 5aeaee77241e059e1ae1265d775df0d9ab426ce52dc743e0194a106176692b9e
                                        
                                            GET /r/collect?v=1&_v=j58&a=1848356223&t=pageview&_s=1&dl=http%3A%2F%2Fwww.401xd.download%2F&ul=en-us&de=UTF-8&dt=401XD%20Download&sd=24-bit&sr=1176x885&vp=1159x754&je=1&fl=10.0%20r45&_u=IEBAAMQAI~&jid=694028929&gjid=541594680&cid=1886313333.1502604624&tid=UA-80040783-1&_gid=1017972765.1502604624&_r=1&z=1858602938 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.142
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80040783-1&cid=1886313333.1502604624&jid=694028929&_gid=1017972765.1502604624&gjid=541594680&_v=j58&z=1858602938
Access-Control-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 418
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   418
Md5:    aac78befc08a46225a654e3dae90b624
Sha1:   5d32ac645860519d42b10476808f60a3ea7d564c
Sha256: d860efc601eb76f31db30267c01f64741aa82f244b9c3828ba2821e655823491
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request
Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:25 GMT
Expires: Thu, 17 Aug 2017 06:10:25 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    26c2de809bbc0e8359b5139a38c4828d
Sha1:   c49fe4e44b12947524a5196455ee53daa700c25f
Sha256: eab981e3f9b7690aa40e267c544dbda225166cbae4f9c1ea6c4f63a655a3bfca
                                        
                                            GET /r/collect?v=1&_v=j58&a=1848356223&t=pageview&_s=1&dl=http%3A%2F%2Fwww.401xd.download%2F&ul=en-us&de=UTF-8&dt=401XD%20Download&sd=24-bit&sr=1176x885&vp=1159x754&je=1&fl=10.0%20r45&_u=IEDAAMQAI~&jid=325603396&gjid=1108283551&cid=1886313333.1502604624&tid=UA-80040783-1&_gid=1017972765.1502604624&_r=1&z=1050612367 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.142
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80040783-1&cid=1886313333.1502604624&jid=325603396&_gid=1017972765.1502604624&gjid=1108283551&_v=j58&z=1050612367
Access-Control-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 419
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   419
Md5:    73604b45c078e8c1c3666271b0ddb21b
Sha1:   83615f579670b838932f096ca670dbe4ed0101b4
Sha256: 5efeb951e67d8aff312eee82d24ff9fe0dc2d7f2c7a9634c3a3365f683f74fec
                                        
                                            GET /pub-config/r20160913/ca-pub-5607029690380960.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 125
Date: Sun, 13 Aug 2017 06:10:25 GMT
Expires: Sun, 13 Aug 2017 18:10:25 GMT
Last-Modified: Fri, 11 Aug 2017 19:52:52 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=43200
Age: 0
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   125
Md5:    21aea2dae0239adff4f9f063cdacfc76
Sha1:   ce64c497ac1dd86393da79e8cea239de113c1de7
Sha256: a59ee78166b8467dd7dd8c7acb03d8df7d16cf4a04f45c8558366df1c33b868f
                                        
                                            GET /s/NjNfMjQxMDc4Xw/401xd.js HTTP/1.1 
Host: od.lk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         38.108.185.83
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, max-age=0, s-max-age=0, must-revalidate, no-store
Location: https://www.opendrive.com/login?ref=%2Fs%2FNjNfMjQxMDc4Xw%2F401xd.js&error=file-is-not-available
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            GET /js15_as.js HTTP/1.1 
Host: s10.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         46.105.201.240
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sun, 13 Aug 2017 06:00:30 GMT
Etag: "1262556565"
Last-Modified: Mon, 12 Jun 2017 15:26:33 GMT
Content-Length: 4243
Content-Encoding: gzip
Vary: Accept-Encoding
X-CDN-Pop: sbg
X-CDN-Pop-IP: 137.74.120.32/27
X-Cacheable: Matched cache
Accept-Ranges: bytes
X-IPLB-Instance: 4747


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4243
Md5:    56bb73fb348426e693c0eaa9dd2abbc0
Sha1:   1ffbf180a67c8ed35ece4a432d9d6dacd16961f5
Sha256: f4f7ac364c5b2b15a517942786044905da98388284ddfb1302bf76bbf407b8a5
                                        
                                            GET /small.js HTTP/1.1 
Host: widgets.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         146.185.16.146
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx/1.9.6
Date: Sun, 13 Aug 2017 06:10:26 GMT
Last-Modified: Fri, 09 Jun 2017 16:37:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"593acec4-1404"
Expires: Sun, 13 Aug 2017 06:11:26 GMT
Cache-Control: max-age=60
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2266
Md5:    cd8aeb845ae8bf9531610fbb6b971b21
Sha1:   cb9852db8082c66eb371dcea34322b2bc7440463
Sha256: b4af2d0b493979c8447f5a194096a3b00b7767e5dcb89f784ab399decdd0e3f7
                                        
                                            GET /pagead/ads?client=ca-pub-5607029690380960&output=html&h=90&slotname=5015538334&adk=2073358624&adf=807048394&w=200&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625002&bpp=21&fdt=39&idt=231&shv=r20170807&cbv=r20170110&saldr=aa&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=131&ady=88&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=1&dtd=265 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 13 Aug 2017 06:10:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 13-Aug-2017 06:25:25 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
Expires: Sun, 13 Aug 2017 06:10:25 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   2267
Md5:    9b2dc0dd074281870544aadd2dc294a5
Sha1:   700bb345ea7148acf8a8617af841e678b8af9953
Sha256: fb87aea2899ae6e8d1a905bcaebca350de3de53057a76bb55e77b72c854eeaa1
                                        
                                            GET /pagead/js/r20170807/r20170110/osd.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 6091082198805924231
Date: Tue, 08 Aug 2017 02:49:31 GMT
Expires: Tue, 22 Aug 2017 02:49:31 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 30503
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 444055
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   30503
Md5:    748700e949acf7d71408f2e58b936cd6
Sha1:   2b2253d11c681bdf47b46e74f708460133818e28
Sha256: ccf3f61d09540612b576f4600c0e05201a372c2cd40dde40e5356a2cc2adfe12
                                        
                                            GET /pagead/html/r20170807/r20170110/zrt_lookup.html HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Etag: 14437162045629979863
Date: Tue, 08 Aug 2017 02:49:27 GMT
Expires: Tue, 22 Aug 2017 02:49:27 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 6763
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 444059
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6763
Md5:    7efeab47f709f2fc09a76c01b20034fa
Sha1:   e07c55a23e2b0d5b8919401ac79aec1b4d0f2356
Sha256: a4a030b42efe1a4d4876f015650cba42132357f70265f6d7a16de65fecace52a
                                        
                                            GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80040783-1&cid=1886313333.1502604624&jid=694028929&_gid=1017972765.1502604624&gjid=541594680&_v=j58&z=1858602938 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         173.194.222.154
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=694028929&_v=j58&z=1858602938
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Sun, 13 Aug 2017 06:10:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 366
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   366
Md5:    af216770cc3a607871a750ef4e67bd97
Sha1:   9b10f0146b28852bd77172c267a9acdd103808ee
Sha256: 564b1fa0eb58577120d3357071bcfcb9bdb96928cb380f0660ec5af72a9ebca1
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request
Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:26 GMT
Expires: Thu, 17 Aug 2017 06:10:26 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    5b63e3a7097f119c0bcc7a6476ce6ecd
Sha1:   e116402a0da3de52e7339009d9b20ce655cde83a
Sha256: 974b3c9f078d63e5c3641086b1c5612fe849924355810a4d90e90e628f6fc0d5
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request
Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:26 GMT
Expires: Thu, 17 Aug 2017 06:10:26 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    cfaa10ae838f25533c4e19764a8c610a
Sha1:   90021e57998d3de3d027996f3cb49ff1cc629806
Sha256: 3478ae1dc22b0222e557fa97a0b11f9fc7cfa6774015cc6afd0ddbab52859195
                                        
                                            GET /pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 13 Aug 2017 06:10:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 13-Aug-2017 06:25:26 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
Expires: Sun, 13 Aug 2017 06:10:26 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3565
Md5:    84134a4d710a3faaf8e065e809920706
Sha1:   cbb681a95b4edd32ab5fd4d02d34724d351f6e95
Sha256: cbc6cae01c0b54835f1df0e2bf6e0e5bba1fe336d7bf70de5653ce65a2d333c0
                                        
                                            GET /stats/0.php?3479214&@f16&@g1&@h1&@i1&@j1502604626148&@k0&@l1&@m401XD%20Download&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1176&@vhttp%3A%2F%2Fwww.401xd.download%2F&@w HTTP/1.1 
Host: s4.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         208.43.241.178
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Sun, 13 Aug 2017 06:10:26 GMT
Content-Length: 379
Connection: close
Set-Cookie: CountUid=cf2114ea-38tv-4708-9293-57158c0eed61; domain=.histats.com; Max-Age=31536000; Expires=Mon, 13-Aug-2018 06:10:26 GMT


--- Additional Info ---
Magic:  ASCII text
Size:   379
Md5:    ecc983ea5aef0d57959d51f343925989
Sha1:   2131669adc0db4c68771b42e319fde216ad2e8de
Sha256: 08e8dc08ea50bb2bad849229fa217969462ca966d0e507cc3b7a93c3e69236b3
                                        
                                            GET /pagead/js/r20170807/r20110914/abg.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&output=html&h=90&slotname=5015538334&adk=2073358624&adf=807048394&w=200&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625002&bpp=21&fdt=39&idt=231&shv=r20170807&cbv=r20170110&saldr=aa&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=131&ady=88&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=1&dtd=265

                                         
                                         216.58.211.129
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 249522040450295925
Date: Thu, 10 Aug 2017 18:38:32 GMT
Expires: Thu, 24 Aug 2017 18:38:32 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 24366
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 214314
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   24366
Md5:    856f066e0eaf6294bbc8ce10687afc62
Sha1:   105adafb4f7663f6210b9311ca18b07362c9abf1
Sha256: c2e8547901a3f1b8d3139b96b0ab4114fef95ee23edafa6f599e0f47bee59c4e
                                        
                                            GET /pagead/adview?ai=CJ0CGUu2PWbToEcWyYY3Pr4AP4t6Cw0S-0LiF5QLAjbcBEAEgAGDD3KSFmBiCARdjYS1wdWItNTYwNzAyOTY5MDM4MDk2MMgBCakCvGttycVVhT6oAwGqBH9P0Mn8vb9pBqGW3xL2WR9TSf1yzrCNJLq7MCWp-nsdnxA6JjSRNdGZVqSklLZjsv2GiICqkcl1tqRfkRw3jMf1ORyIGDDSBOVr2GSaXkrkF8Q2QtelBQlQa3SYg6ms2DSUfoULQB3Vtcd-fFbeArrc5RiZvU15J8bib6LnLVG6gAaRk9Siic_7k2OgBiGoB6a-G9gHANIIBQiAYRAB&sigh=PNAwfTQ2qSQ&vis=0 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: test_cookie=CheckForPermission

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sun, 13 Aug 2017 06:10:26 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Set-Cookie: id=22de7c8fd72a0021||t=1502604626|et=730|cs=002213fd48e93dfb9325b7c214; expires=Tue, 13-Aug-2019 06:10:26 GMT; path=/; domain=.doubleclick.net test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT IDE=AHWqTUn3TWruLWfH-up0_ecAV3KTQJ6cOn4Icrf1mSvGkj2NfMPG8UFOUg; expires=Tue, 13-Aug-2019 06:10:26 GMT; path=/; domain=.doubleclick.net; HttpOnly
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
Expires: Sun, 13 Aug 2017 06:10:26 GMT
Cache-Control: private


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: gn.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1419
Content-Transfer-Encoding: binary
Cache-Control: max-age=541662, public, no-transform, must-revalidate
Last-Modified: Sat, 12 Aug 2017 12:35:40 GMT
Expires: Sat, 19 Aug 2017 12:35:40 GMT
Date: Sun, 13 Aug 2017 06:10:26 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1419
Md5:    1803c22907cf22b6b0073cc97073cdb7
Sha1:   dddd8272d29ba0364c9811e94eb04a5e8fb08b95
Sha256: 2dbb1ed6b26746991c82487b83bee232c79592fd2c7645f3129330d11cbd37ed
                                        
                                            GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=694028929&_v=j58&z=1858602938 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/
Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K

                                         
                                         216.58.211.132
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=694028929&_v=j58&z=1858602938&slf_rd=1&random=1612397727
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
                                        
                                            GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80040783-1&cid=1886313333.1502604624&jid=325603396&_gid=1017972765.1502604624&gjid=1108283551&_v=j58&z=1050612367 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         173.194.222.154
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=325603396&_v=j58&z=1050612367
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Sun, 13 Aug 2017 06:10:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 366
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   366
Md5:    2067eed5a486d53e49100a180b289455
Sha1:   ef36087266158093887e8322755cb6d0e97593d9
Sha256: d896f03995a5eeb9dd45242f81b72430633a947753f56b6781e7138d8aa77666
                                        
                                            GET /pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=6559413933&adk=483251890&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625749&bpp=4&fdt=251&idt=337&shv=r20170807&cbv=r20170110&saldr=aa&prev_fmts=300x600&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=859&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=3&dtd=379 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 13 Aug 2017 06:10:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 13-Aug-2017 06:25:26 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
Expires: Sun, 13 Aug 2017 06:10:26 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   368
Md5:    f3c0d2638dd80ae9f3e09e06c45a1484
Sha1:   9afc8f1e6f59bceccfa927d0c063d696ff25e574
Sha256: 6b49edbe49e4e012c70497009efc2e304e1b85bbd9824861da168dce8cc348b5
                                        
                                            GET /pagead/js/r20170807/r20110914/client/ext/m_qs_click_protection.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264

                                         
                                         216.58.211.129
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 3421429646565778917
Date: Thu, 10 Aug 2017 18:38:33 GMT
Expires: Thu, 24 Aug 2017 18:38:33 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 3840
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 214313
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3840
Md5:    c2e4a894dbd3cbb70429608d8ca5e0f7
Sha1:   046df738fd9c8a80c93a9347da8e89500dcbcec4
Sha256: c9a3e75124f56e76d7b28539d907f8f417ebbc127d33b7d3d52ab4a6ff5a7f05
                                        
                                            GET /pagead/js/r20170807/r20110914/activeview/osd_listener.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264

                                         
                                         216.58.211.129
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 8992262033103244650
Date: Thu, 10 Aug 2017 18:38:33 GMT
Expires: Thu, 24 Aug 2017 18:38:33 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10919
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 214313
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   10919
Md5:    8ff8c079e727734f4b770d01b9d1e528
Sha1:   acec105939345f7db8b426b1cb2e2d12cc550a26
Sha256: c62a00dbe369ee629fe76f0c61535aae7bfbc7c7a783eaf107877cd9a222bfdf
                                        
                                            GET /adfscript/?bn=18977408;rtbwp=WY_tUgAEdDQKGFlFAAvnjcW-7sM4gV6Hee-SSA;rtbdata=sFfkCKowzueRAt-YSIKxyt6LA-OUo2ByEr7Il-60QdaQIIUbGKfEoXGSX0P4P2FHeItKGCx4vxP7PqGXWDqE7eHcswNYOsjho0Wt9eNT4AW0wRpAucJuSimJ_IU6mQ8yoaWiyEmAAY2BzD27YP3AzsN4iOtIBxgX0;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ0CGUu2PWbToEcWyYY3Pr4AP4t6Cw0S-0LiF5QLAjbcBEAEgAGDD3KSFmBiCARdjYS1wdWItNTYwNzAyOTY5MDM4MDk2MMgBCakCvGttycVVhT6oAwGqBH9P0Mn8vb9pBqGW3xL2WR9TSf1yzrCNJLq7MCWp-nsdnxA6JjSRNdGZVqSklLZjsv2GiICqkcl1tqRfkRw3jMf1ORyIGDDSBOVr2GSaXkrkF8Q2QtelBQlQa3SYg6ms2DSUfoULQB3Vtcd-fFbeArrc5RiZvU15J8bib6LnLVG6gAaRk9Siic_7k2OgBiGoB6a-G9gHANIIBQiAYRAB&num=1&sig=AOD64_3wx5speO6_uZw-PvhdS9_Rw5NPGQ&client=ca-pub-5607029690380960&adurl= HTTP/1.1 
Host: server.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264

                                         
                                         37.157.2.41
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:26 GMT
Content-Length: 1417
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Set-Cookie: C=1; expires=Thu, 12-Oct-2017 06:10:26 GMT; path=/
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1417
Md5:    d672007d2d980ddbf5528e516512e06e
Sha1:   596a1352a3bb1c0997c23e5174f81f4fa74d5b73
Sha256: 5af0c951f933aa31348cc1ebe64ad1113de137747dc1522a66e0e7b2f4b4d46e
                                        
                                            GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=325603396&_v=j58&z=1050612367 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/
Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K

                                         
                                         216.58.211.132
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=325603396&_v=j58&z=1050612367&slf_rd=1&random=2435334516
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
                                        
                                            GET /pagead/js/r20170807/r20110914/client/ext/m_window_focus_non_hydra.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264

                                         
                                         216.58.211.129
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 2343874712358639894
Date: Thu, 10 Aug 2017 18:38:33 GMT
Expires: Thu, 24 Aug 2017 18:38:33 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 886
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 214313
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   886
Md5:    50409a29dec60eedc3fad0be2786a3eb
Sha1:   d37e133e07ddffdb36d2ebfc8dcca4a78acb800d
Sha256: b14c64f9d3a4580e00843c87162852124e895731b04c7a795407e724722c54ca
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request
Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:26 GMT
Expires: Thu, 17 Aug 2017 06:10:26 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    2a69eb87d99995eadd23a240e457a66e
Sha1:   980292d6dc7d111501cd368a68170a3d3de713db
Sha256: 2ecfbd983be75f029b6a7890040a0cd80773fc37097d8f99ccb10127cc707cde
                                        
                                            GET /activeview?avi=Bm5PIUe2PWdeRLdOzYe-4s9AEAJ26gfTTAQAAOAHIAQHIAwKgBkvSCAUIgGEQAQ&id=osdim&ti=1&r=pv&uc=0&tgt=nf&cl=0 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&output=html&h=90&slotname=5015538334&adk=2073358624&adf=807048394&w=200&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625002&bpp=21&fdt=39&idt=231&shv=r20170807&cbv=r20170110&saldr=aa&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=131&ady=88&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=1&dtd=265

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=694028929&_v=j58&z=1858602938&slf_rd=1&random=1612397727 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /e/?v=1a&pid=5200&site=1&l=http%3A%2F%2Fwww.401xd.download%2F&j= HTTP/1.1 
Host: e.dtscout.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         107.182.233.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.10.3 (Ubuntu)
Date: Sun, 13 Aug 2017 06:10:26 GMT
Transfer-Encoding: chunked
Connection: close
X-Z: E
Set-Cookie: m=1; expires=Sun, 13-Aug-2017 06:40:26 GMT; Max-Age=1800; path=/; domain=dtscout.com b=1; expires=Sun, 13-Aug-2017 14:10:26 GMT; Max-Age=28800; path=/; domain=dtscout.com ey=1; expires=Sun, 13-Aug-2017 14:10:26 GMT; Max-Age=28800; path=/; domain=dtscout.com ah=1; expires=Mon, 14-Aug-2017 06:10:26 GMT; Max-Age=86400; path=/; domain=dtscout.com df=1502604626; expires=Tue, 13-Aug-2019 06:10:26 GMT; Max-Age=63072000; path=/; domain=dtscout.com d=null; expires=Fri, 12-Aug-2022 06:10:26 GMT; Max-Age=157680000; path=/; domain=dtscout.com l=a7bp2VmP7VJz22V21h0lAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.dtscout.com; path=/
Expires: Sun, 13 Aug 2017 06:10:25 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   3746
Md5:    a0a1beb4dad870298e6413461e1e8f4e
Sha1:   0a8a7b935094b65fa54329f17ff1c03941e2142e
Sha256: d3f4b9d67365687a2124cd0c394013fb3486074913f704a34d6024451a9ac3e8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.starfieldtech.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 108
Content-Type: application/ocsp-request

                                         
                                         72.167.239.239
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Aug 2017 06:10:26 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=120797, public, no-transform, must-revalidate
Last-Modified: Sun, 13 Aug 2017 05:29:41 GMT
Expires: Mon, 14 Aug 2017 17:29:41 GMT
Etag: "da1b1493a36ebf8826fc99db877a34b2eb4a7efd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Content-Length: 1847
Connection: close


--- Additional Info ---
Magic:  data
Size:   1847
Md5:    41eaecb3c3ff545bb31cb9090fc306b0
Sha1:   da1b1493a36ebf8826fc99db877a34b2eb4a7efd
Sha256: 713fe51c9b5dca8c3e8af253c814db9c972d855c25c1cf77b45f5c027f55cd1b
                                        
                                            GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-80040783-1&cid=1886313333.1502604624&jid=325603396&_v=j58&z=1050612367&slf_rd=1&random=2435334516 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /stoat/599/s1.adformdsp.net/bootstrap.js HTTP/1.1 
Host: s1.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264

                                         
                                         37.157.2.28
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Last-Modified: Mon, 07 Aug 2017 12:58:49 GMT
Cache-Control: public, max-age=100000
Expires: Mon, 14 Aug 2017 09:52:56 GMT
X-Cache-Status: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13062
Md5:    3209bae5b60103b6e8cf0d3be42cae9c
Sha1:   1ec745864d0fc12bc0e1c4b789af1cceb45e5105
Sha256: a247347348f31f5417fc966a85fd79973a396d21c79a52cff9de7d07ea954c96
                                        
                                            GET /adfserve/?CC=1&bn=18977408;rtbwp=WY_tUgAEdDQKGFlFAAvnjcW-7sM4gV6Hee-SSA;rtbdata=sFfkCKowzueRAt-YSIKxyt6LA-OUo2ByEr7Il-60QdaQIIUbGKfEoXGSX0P4P2FHeItKGCx4vxP7PqGXWDqE7eHcswNYOsjho0Wt9eNT4AW0wRpAucJuSimJ_IU6mQ8yoaWiyEmAAY2BzD27YP3AzsN4iOtIBxgX0;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CJ0CGUu2PWbToEcWyYY3Pr4AP4t6Cw0S-0LiF5QLAjbcBEAEgAGDD3KSFmBiCARdjYS1wdWItNTYwNzAyOTY5MDM4MDk2MMgBCakCvGttycVVhT6oAwGqBH9P0Mn8vb9pBqGW3xL2WR9TSf1yzrCNJLq7MCWp-nsdnxA6JjSRNdGZVqSklLZjsv2GiICqkcl1tqRfkRw3jMf1ORyIGDDSBOVr2GSaXkrkF8Q2QtelBQlQa3SYg6ms2DSUfoULQB3Vtcd-fFbeArrc5RiZvU15J8bib6LnLVG6gAaRk9Siic_7k2OgBiGoB6a-G9gHANIIBQiAYRAB&num=1&sig=AOD64_3wx5speO6_uZw-PvhdS9_Rw5NPGQ&client=ca-pub-5607029690380960&adurl=;js=1;adfxid=1x;8013;set=en-US|en-US|1176X885|10.0452|300|600|24|8|3|7|1&CREFURL=http%3A%2F%2Fwww.401xd.download%2F HTTP/1.1 
Host: server.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: C=1

                                         
                                         37.157.2.41
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:27 GMT
Content-Length: 3888
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Set-Cookie: cid=6748055357674236703,0,0,0,0; expires=Thu, 12-Oct-2017 06:10:27 GMT; path=/ uid=6748055357674236703; domain=adformdsp.net; expires=Thu, 12-Oct-2017 06:10:27 GMT; path=/
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   3888
Md5:    cee674b7e711df9d6fea48774d76e043
Sha1:   af733ebf940fc476dc2ef43dc2f1b1871cac64a0
Sha256: b90ceac851f684e6c92807c80f5182f36448a187f9554e40b212f37b0e65af9a
                                        
                                            GET /pagead/images/transparent.png HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264

                                         
                                         216.58.211.129
HTTP/1.1 200 OK
Content-Type: image/png
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Etag: 2462972746714251406
Date: Sat, 12 Aug 2017 09:36:56 GMT
Expires: Sun, 13 Aug 2017 09:36:56 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 67
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 74011
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  PNG image, 1 x 1, 8-bit/color RGBA, non-interlaced
Size:   67
Md5:    3f318b569cc43578a73d1c38270b6857
Sha1:   244717a495885a727dc67313ebb1ef7b447dfe7d
Sha256: bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
                                        
                                            GET /activeview?avi=BXo_zUu2PWbToEcWyYY3Pr4APAL7QuIXlAgAAEAE4AcgBCaAGIdIIBQiAYRAB&id=osdim&ti=1&r=pv&uc=0&tgt=nf&cl=0 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Date: Sun, 13 Aug 2017 06:10:27 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /login?ref=%2Fs%2FNjNfMjQxMDc4Xw%2F401xd.js&error=file-is-not-available HTTP/1.1 
Host: www.opendrive.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         38.108.185.115
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, max-age=0, s-max-age=0, must-revalidate, no-store
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1646
Md5:    b9f1f4465b79e76a6388eafa5d148276
Sha1:   d6ea852c9ee80f9c9601cdb818a72a1d9c985f69
Sha256: 3e9b156fc38be3ebcebb5c30911bc7bb068445451859b79ca5446fdf53eb3c27
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.no.fJ20OopUCoY.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOYV-uGeKKMIsXry9dQXBbTYS-T9g/cb=gapi.loaded_0 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/
Cookie: NID=109=UEFMVFiIPgN9wg1vJKwfG3YXg4Ay5vsWDhlaBTz4Mo6AaPTk9LKIX5CQzaj9YutcO3IpdQ0TOd2YwuCALyS-Kt9yzrqSr9STkDWXMIINmQBnYESJtSf41n9uDy-eYU5K

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46130
Date: Fri, 11 Aug 2017 18:44:51 GMT
Expires: Sat, 11 Aug 2018 18:44:51 GMT
Last-Modified: Fri, 11 Aug 2017 00:45:44 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 127536
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   46130
Md5:    349f3ad9d1367e5138ba7de61a66c3e1
Sha1:   67bad6019e47f1535234ae38a74455822d34cbcd
Sha256: ec0d99c82071766495ad1c4ed7d9c14b58f8840cba7520e8832e7b7c6fcc2641
                                        
                                            GET /stoat/599/s1.adformdsp.net/load/v/0.0.129/e/ggCDgA/i/8IF-ACAAAQAA/r:AdConstructor:contents/HTML:contents/ImageTag:types/Standard HTTP/1.1 
Host: s1.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: uid=6748055357674236703

                                         
                                         37.157.2.28
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Last-Modified: Mon, 07 Aug 2017 12:58:49 GMT
Cache-Control: public, max-age=100000
Expires: Mon, 14 Aug 2017 09:57:07 GMT
X-Cache-Status: MISS
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   37414
Md5:    287e4fe9494b7a2224dd3e254cb6602d
Sha1:   29742d2e595751df8c5f7215b0b08f0e8ee4c95c
Sha256: 8ca1e2ca1535a53aebd2e0802c60aec4a35294f59a7e1e1b43631f3306ab4fb0
                                        
                                            GET /csimpr/?bn=18977408&csi=ozga5il61IGPgrJeLQ_KGlsJlFyQlKH-l3JZAI639c3zGOSzHeR5bw2 HTTP/1.1 
Host: server.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: C=1; cid=6748055357674236703,0,0,0,0; uid=6748055357674236703

                                         
                                         37.157.2.41
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /Banners/Elements/Files/100490/2150440.jpg?ADFassetID=2150440&bv=0 HTTP/1.1 
Host: s1.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: uid=6748055357674236703

                                         
                                         37.157.2.28
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:28 GMT
Content-Length: 54109
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Thu, 06 Jul 2017 14:17:59 GMT
Etag: "595e4697-d35d"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Strict-Transport-Security: max-age=0
X-Cache-Status: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   54109
Md5:    34b8dddcb2ba77a474849f753eb71c2a
Sha1:   02c7496f192db922e52b4a4f97e463425753dea3
Sha256: 65f035949af2bd1d2b2473333ff8eef81a6b84c5d69d87ab957fd717d0cbcbed
                                        
                                            GET /static/v1/v-css/368954415-lightbox_bundle.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.137
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6541
Date: Fri, 04 Aug 2017 11:44:12 GMT
Expires: Sat, 04 Aug 2018 11:44:12 GMT
Last-Modified: Fri, 04 Aug 2017 06:51:21 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 757576
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6541
Md5:    b4d05072b89cf2574170f64bdcded69e
Sha1:   af18e0787d801da60edb8d94e76c49ada4498e3a
Sha256: 58b89b1c09589455482e037eab33c5f4021df5ad69445dd01785e2a061d1d6b7
                                        
                                            GET /getconfig/pla?client=ca-pub-5607029690380960&plah=www.401xd.download&plat=1%3A1085448%2C2%3A1086472%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C25%3A32768%2C26%3A32768&plas=3&url=http%3A%2F%2Fwww.401xd.download%2F&prev_fmts=300x600%2C300x600&prev_slotnames=5015538334 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/
Origin: http://www.401xd.download

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Sun, 13 Aug 2017 06:10:28 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   39
Md5:    9b2398a87a3341098c22bf57d7cae646
Sha1:   47b52a8f1fadfde638377e84732deaa4ebf9241b
Sha256: 4f93860e7b2cdce16c40f52d47339e0072d0265d6be4721ac8a7277e6a6fd258
                                        
                                            GET /static/v1/jsbin/168762046-lbx.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.401xd.download/

                                         
                                         216.58.211.137
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 128843
Date: Thu, 10 Aug 2017 01:33:06 GMT
Expires: Fri, 10 Aug 2018 01:33:06 GMT
Last-Modified: Wed, 09 Aug 2017 23:02:26 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 275842
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   128843
Md5:    c310785a0ee792d6352813165086f56e
Sha1:   c0efd7291996c8b53ec2d2583d0796ac279e80af
Sha256: e6fb5545bb80ef9766cb20f6da7b9a0949fb34df47782ffcd08cb62c12dc7209
                                        
                                            GET /Banners/Elements/Files/100490/2150438/0-6%20Kampanj%20300x600%20NO_main_asset/2150438.js?ADFassetID=2150438&bv=1280 HTTP/1.1 
Host: s1.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: uid=6748055357674236703

                                         
                                         37.157.2.28
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Thu, 06 Jul 2017 14:17:59 GMT
Etag: W/"595e4697-ee1"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Strict-Transport-Security: max-age=0
Content-Encoding: gzip
X-Cache-Status: HIT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1389
Md5:    0940263f5bef4ea5b65aa0a8392e7a26
Sha1:   605631eab6d7cde9cd3f3159460701557b856830
Sha256: c7def6c648a2fd53e8458292d491073cc1c2168508ef8f6e68998a0f3bba0b1d
                                        
                                            GET /banners/scripts/rmb/Adform.DHTML.js?bv=599 HTTP/1.1 
Host: s1.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: uid=6748055357674236703

                                         
                                         37.157.2.28
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Mon, 22 May 2017 11:48:54 GMT
Etag: W/"5922d026-7520"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Content-Encoding: gzip
X-Cache-Status: HIT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   12856
Md5:    14cd6c0639eb54d7bc9e56d665447a94
Sha1:   4be2ddcba72fcbff157986946d8d7f0cba19620f
Sha256: 85d9187aa6233c838e761526ec1be0ca387222e3638c9154844ad21213c7ec47
                                        
                                            GET /banners/scripts/components/Adform.VideoPlayer.js?bv=1280 HTTP/1.1 
Host: s1.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: uid=6748055357674236703

                                         
                                         37.157.2.28
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Fri, 11 Aug 2017 13:12:30 GMT
Etag: W/"598dad3e-516e"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Content-Encoding: gzip
X-Cache-Status: HIT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8315
Md5:    5acd766761f3b4ccd51d77b9f9ed3a97
Sha1:   d87fb9c22404e6ab9a9cf264debc98e86165572a
Sha256: 599c0dea864b8ce913f0f37e006f90f74aa19ea34aac26f56f18129ea3a3074b
                                        
                                            GET /banners/scripts/assets/css/videoThemeV2.css?version=1280 HTTP/1.1 
Host: s1.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: uid=6748055357674236703

                                         
                                         37.157.2.28
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Wed, 24 Aug 2016 13:50:30 GMT
Etag: W/"57bda626-1af8"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Content-Encoding: gzip
X-Cache-Status: HIT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1356
Md5:    956ab172ebb46d936cca2daa1f3c1998
Sha1:   bd38ac65d5d59461945b51845c6ad15c11df5d5f
Sha256: ecca063ccbccb66ea74ffaa250266c13c9ab126605aeac13610ac1a9f1787596
                                        
                                            GET /Serving/Event/?bn=18977408&event=178&time=3&banner=19929856&name=Viewable%20impressions&imprid=1374586941196811016&icid=6748055357674236703&rnd=603840355&rtbwp=WY_tUgAEdDQKGFlFAAvnjcW-7sM4gV6Hee-SSA&rtbdata=sFfkCKowzueRAt-YSIKxyt6LA-OUo2ByEr7Il-60QdaQIIUbGKfEoXGSX0P4P2FHeItKGCx4vxP7PqGXWDqE7eHcswNYOsjho0Wt9eNT4AW0wRpAucJuSimJ_IU6mQ8yoaWiyEmAAY2BzD27YP3AzsN4iOtIBxgX0 HTTP/1.1 
Host: server.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: C=1; cid=6748055357674236703,0,0,0,0; uid=6748055357674236703

                                         
                                         37.157.2.41
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /serving/unload/?version=15&unload=6748055357674236703@@18977408,1374586941196811016,100|1098|0|0|0|0|0|0|0||197|1|1|598fed52000474340a185945f00be78d_1|||1|0|0 HTTP/1.1 
Host: server.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: C=1; cid=6748055357674236703,0,0,0,0; uid=6748055357674236703

                                         
                                         37.157.2.41
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /serving/unload/?version=15&unload=6748055357674236703@@18977408,1374586941196811016,100|3877|0|0|0|0|0|0|0||694|1|1|598fed52000474340a185945f00be78d_1|||1|0|0 HTTP/1.1 
Host: server.adformdsp.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5607029690380960&format=300x600&output=html&h=600&slotname=2129214331&adk=99256137&adf=807048394&w=300&lmt=1502474015&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.401xd.download%2F&wgl=0&dt=1502604625701&bpp=41&fdt=46&idt=217&shv=r20170807&cbv=r20170110&saldr=aa&prev_slotnames=5015538334&correlator=8271961973463&frm=20&ga_vid=1886313333.1502604624&ga_sid=1502604625&ga_hid=1848356223&ga_fc=0&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=18&biw=1159&bih=754&abxe=1&eid=575144605&oid=3&rx=0&eae=4&fc=784&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&dtd=264
Cookie: C=1; cid=6748055357674236703,0,0,0,0; uid=6748055357674236703

                                         
                                         37.157.2.41
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Sun, 13 Aug 2017 06:10:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015