Overview

URL redirect.xmlheads.com/
IP64.237.55.219
ASNAS20473 Choopa, LLC
Location United States
Report completed2018-12-11 20:32:14 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-11 2 redirect.xmlheads.com/ Malware
2018-12-11 2 redirect.xmlheads.com/index.php Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

No other reports on IP: 64.237.55.219


Last 10 reports on ASN: AS20473 Choopa, LLC

Date UQ / IDS / BL URL IP
2019-06-17 21:10:17 +0200
0 - 1 - 0 45.32.168.29/code0666s/ 45.32.168.29
2019-06-17 14:34:30 +0200
0 - 0 - 0 https://goblackcat.com 8.12.18.252
2019-06-16 21:45:59 +0200
0 - 0 - 0 https://asianstreetmeat.com/ 107.191.33.134
2019-06-16 00:06:33 +0200
0 - 0 - 0 goy.getinfodirect2.us/eqsp/8594571809 104.238.165.131
2019-06-15 22:24:51 +0200
0 - 0 - 0 goy.getinfodirect2.us/eqsp/8594571809 104.238.165.131
2019-06-15 11:47:43 +0200
0 - 0 - 0 donate.ssl.xmrig.com 185.92.222.223
2019-06-14 13:58:18 +0200
0 - 0 - 0 mufflerman-redux.testplanets.com/wp-exc?email (...) 64.237.36.123
2019-06-13 20:30:29 +0200
0 - 0 - 0 www.elmanana.com 108.61.191.76
2019-06-13 04:01:03 +0200
0 - 0 - 0 coppermountaintech.com 45.63.76.225
2019-06-13 00:27:18 +0200
0 - 0 - 0 www.designerradiatorsdirect.co.uk 104.238.184.208

No other reports on domain: xmlheads.com



JavaScript

Executed Scripts (8)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (34)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: redirect.xmlheads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         64.237.55.219
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:26:26 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.4.23
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: http://redirect.xmlheads.com/index.php?step=2&ref=http%3A%2F%2Fhottopic24.com


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index.php?step=2&ref=http%3A%2F%2Fhottopic24.com HTTP/1.1 
Host: redirect.xmlheads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         64.237.55.219
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:26:27 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.4.23
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   308
Md5:    0603141e743861717a0d6e5adfd3d763
Sha1:   8cd08fea20c34532b29da0496c0b220cd3c5d4c3
Sha256: 6850dab20e0f9c4e220838cad8fcbbda158ca1213171e29c2b597b3380d09a97
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: redirect.xmlheads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         64.237.55.219
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:26:27 GMT
Content-Length: 162
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   162
Md5:    70461da8b94c6ca5d2fda3260c5a8c3b
Sha1:   994bc667720c21257500e29038c1a5f61e25da1e
Sha256: f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee
                                        
                                            POST /index.php HTTP/1.1 
Host: redirect.xmlheads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://redirect.xmlheads.com/index.php?step=2&ref=http%3A%2F%2Fhottopic24.com

                                         
                                         64.237.55.219
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:26:28 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.4.23
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   621
Md5:    82f824965c1bd1e52aae4b2ac3a828d8
Sha1:   1331eb914cc4dd955cd702a3f3962f33b3f0576c
Sha256: 8e0ba72e6b581f21b36d697d00907b912c77babc845a1470615137a1dd80289f

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: redirect.xmlheads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         64.237.55.219
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:26:28 GMT
Content-Length: 162
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   162
Md5:    70461da8b94c6ca5d2fda3260c5a8c3b
Sha1:   994bc667720c21257500e29038c1a5f61e25da1e
Sha256: f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee
                                        
                                            GET /c.php?p=WprqAdF7aE80XizVaAoEV9qIQPMo2DxvNnzKkfw_n9eLIwIk3OqVIt1_RQBqvMMYTv8pYDwXfUwrld4Q6JYsi5L3hP39cCJ5VrGZhK3RenaF4_9nUsatKj4OOXsTpwE30x7cI-4WZLUrYZRsBIIukqnngm1CAEX4zsItPsqTOCRrf6TYtK7DcPdQfKqCp0thFTENCfaIMmHkf-kBLyj5o05wTNFR26uqphOXJc_k_-4_YcJhZpYu2_XxNdePAIXoIbeeYXxe9I9LHjtZTihM-l5bhelrHnr72Kv6kyMkF-zYsu4YvQsepQpYHBgTlhw0RHRpm8_7PD6OLQRtCQTkiyaDOuwFQ5vXUcQFF2QNaysrl7kwINzUcxGI-_5NHchOtnNSksFQOYBnreeVR2xH5ta1JzPZRJk9d6fjQSt9AS6XpY7sSGLjN4XbcEK824CaUrpuBN1-GNwZuiK2Cw3f5T_QtZTdHKV_jNn-ZUDnpKfoVToxoQgypOK6sFdxk_eh HTTP/1.1 
Host: 209.126.107.101
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://redirect.xmlheads.com/index.php

                                         
                                         209.126.107.101
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:31:41 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.19
Location: http://topmednews.com/feedmaker/click.php?d=g-_bqWrHHh71QEKaW7TmyKHE0KZEJzLSIGU4rUJdBq5W3frZtAMcd7SkqQhdf4tsq6mPVOFQNwm2SgJYYgyYa0UdfuAlC_N1YfUYNX5liDSCRuKkde_tzDqaZJU1fLiBQQ9zPlS0QSWIIgVb7qkefo5o5yfEj4vnKBxn9hnAOZGkTNmDBDiOx-GzJEpOhHYIs6uwvHHDbwbIN3dovmDEYVFmuJN2jupPDz3B73UiCRIr3aXDBHnK88-v-dbLXer8Op25GSfvIEM
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS


--- Additional Info ---
                                        
                                            GET /feedmaker/click.php?d=g-_bqWrHHh71QEKaW7TmyKHE0KZEJzLSIGU4rUJdBq5W3frZtAMcd7SkqQhdf4tsq6mPVOFQNwm2SgJYYgyYa0UdfuAlC_N1YfUYNX5liDSCRuKkde_tzDqaZJU1fLiBQQ9zPlS0QSWIIgVb7qkefo5o5yfEj4vnKBxn9hnAOZGkTNmDBDiOx-GzJEpOhHYIs6uwvHHDbwbIN3dovmDEYVFmuJN2jupPDz3B73UiCRIr3aXDBHnK88-v-dbLXer8Op25GSfvIEM HTTP/1.1 
Host: topmednews.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://redirect.xmlheads.com/index.php

                                         
                                         199.189.86.114
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:31:41 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.19
Location: https://dtrk.slimcdn.com/directclick/?aid=230379&q=cheats&c1=P1066-


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 12:58:33 GMT
Etag: 9EB17115238093C3D4E2717A84992162DBA2543F
X-OCSP-Responder-ID: mcdpcaocsp13
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=321383
Expires: Sat, 15 Dec 2018 12:48:05 GMT
Date: Tue, 11 Dec 2018 19:31:42 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    5915ca54a00a80f7cecd540ea0401bcf
Sha1:   9eb17115238093c3d4e2717a84992162dba2543f
Sha256: 55a622cbb722bccb5044d66a4aac401f0d4cbcb781f838c7abbe3c46b9b0ad2b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 02:14:26 GMT
Etag: 037B8E0DFE5A0F29AC9FCAAB8019F297EE1ED95B
X-OCSP-Responder-ID: mcdpcaocsp13
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=282753
Expires: Sat, 15 Dec 2018 02:04:15 GMT
Date: Tue, 11 Dec 2018 19:31:42 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    ac69dc3186104a1827322e450ce12ea7
Sha1:   037b8e0dfe5a0f29ac9fcaab8019f297ee1ed95b
Sha256: 15f8db1536c78951d97bdf44c460d40c3774d046169a240c60b9d1a03f7e2754
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 02:14:26 GMT
Etag: 87D71F7873A27CCB26DE7CBBC637753573B679CA
X-OCSP-Responder-ID: (null)
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=282783
Expires: Sat, 15 Dec 2018 02:04:45 GMT
Date: Tue, 11 Dec 2018 19:31:42 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    4a2228e0a0ee8eb3e5caecbcf543fb57
Sha1:   87d71f7873a27ccb26de7cbbc637753573b679ca
Sha256: 23520bd6ea9a247c5dd423ec0b3c100b41d645ced6f2347597daf04d4f0832e2
                                        
                                            GET /directclick/?aid=230379&q=cheats&c1=P1066- HTTP/1.1 
Host: dtrk.slimcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://redirect.xmlheads.com/index.php

                                         
                                         147.135.137.104
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:31:42 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: checkkeks=1; expires=Wed, 11-Dec-2019 19:31:42 GMT; Max-Age=31536000; path=/; domain=.slimcdn.com eTag=da16638cafb9d3344d17a09309f86ca3; expires=Wed, 12-Dec-2018 19:31:42 GMT; Max-Age=86400; path=/; domain=.slimcdn.com eTag=da16638cafb9d3344d17a09309f86ca3; expires=Wed, 12-Dec-2018 19:31:42 GMT; Max-Age=86400; path=/; domain=.slimspots.com ck_uniques=1544643101%3A4910-28227; expires=Wed, 11-Dec-2019 19:31:42 GMT; Max-Age=31536000; path=/; domain=.slimcdn.com ck_uniques=1544643101%3A4910-28227; expires=Wed, 11-Dec-2019 19:31:42 GMT; Max-Age=31536000; path=/; domain=.slimspots.com ck_uniquesPa=1544643101%3A82717; expires=Wed, 11-Dec-2019 19:31:42 GMT; Max-Age=31536000; path=/; domain=.slimcdn.com ck_uniquesPa=1544643101%3A82717; expires=Wed, 11-Dec-2019 19:31:42 GMT; Max-Age=31536000; path=/; domain=.slimspots.com ck_sys_uniques_3=1; expires=Wed, 12-Dec-2018 19:31:42 GMT; Max-Age=86400; path=/; domain=.slimcdn.com ck_sys_uniques_3=1; expires=Wed, 12-Dec-2018 19:31:42 GMT; Max-Age=86400; path=/; domain=.slimspots.com u_current_ads_view=82717----; expires=Wed, 12-Dec-2018 19:31:42 GMT; Max-Age=86400; path=/; domain=.slimcdn.com u_current_ads_view=82717----; expires=Wed, 12-Dec-2018 19:31:42 GMT; Max-Age=86400; path=/; domain=.slimspots.com
Etag: "da16638cafb9d3344d17a09309f86ca3"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   8613
Md5:    cf5817705868e8ac5e12cc020d7b5407
Sha1:   6361cb82a9e3b570e4648eb3adafefd963ff589a
Sha256: 9a2ceee08dbf4fa40629ac160a81c4f77c474486ec97fff27427e4a5796554a7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 11 Dec 2018 12:17:59 GMT
Etag: 76DBB40600CBF7715FDEC3E1CED0E46BDE4D84D5
X-OCSP-Responder-ID: mcdpcaocsp13
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=578122
Expires: Tue, 18 Dec 2018 12:07:05 GMT
Date: Tue, 11 Dec 2018 19:31:43 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    91c42c28d49ef6a196e6de54c289069d
Sha1:   76dbb40600cbf7715fdec3e1ced0e46bde4d84d5
Sha256: 27c846cd0a91395a37fedb914b20f307852f0e588b0e60377cbdfa456ea31bb6
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: redirect.xmlheads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         64.237.55.219
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:26:30 GMT
Content-Length: 162
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   162
Md5:    70461da8b94c6ca5d2fda3260c5a8c3b
Sha1:   994bc667720c21257500e29038c1a5f61e25da1e
Sha256: f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee
                                        
                                            GET /dep.php?pid=6748&subid=4910&cid=18121120_03_230379_fa1f0ce20de3b&affe=wldesk HTTP/1.1 
Host: grw.pfexch.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://dtrk.slimcdn.com/directclick/?aid=230379&q=cheats&c1=P1066-

                                         
                                         52.87.91.138
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 19:31:44 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Server: nginx
Set-Cookie: uuid=15445567049353992179967464; expires=Thu, 10-Jan-2019 19:31:44 GMT; Max-Age=2592000
Content-Length: 2735
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2735
Md5:    f44c3945034ae8163cfd2116b4ffc681
Sha1:   2af705c1eee7339a01e32c437a29dd2e0b37778f
Sha256: 13bd50e6317f26f7058c91bececb213eb71a16df9eb6dfef6c3a44e3280c4a0e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: redirect.xmlheads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         64.237.55.219
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 11 Dec 2018 19:26:31 GMT
Content-Length: 162
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   162
Md5:    70461da8b94c6ca5d2fda3260c5a8c3b
Sha1:   994bc667720c21257500e29038c1a5f61e25da1e
Sha256: f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: grw.pfexch.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: uuid=15445567049353992179967464

                                         
                                         52.87.91.138
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Accept-Ranges: bytes
Date: Tue, 11 Dec 2018 19:31:44 GMT
Etag: "5bfd4b63-0"
Last-Modified: Tue, 27 Nov 2018 13:49:23 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 13:30:03 GMT
Etag: 32BD81ECA272BCA4DD12B960399341BF5FA3DA7E
X-OCSP-Responder-ID: (null)
Content-Length: 472
Cache-Control: public, no-transform, must-revalidate, max-age=323297
Expires: Sat, 15 Dec 2018 13:20:02 GMT
Date: Tue, 11 Dec 2018 19:31:45 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   580
Md5:    2009f3f0c3f87bf707440b911b1a6fa1
Sha1:   537c7044c8eefdcb721074d30db01c97a88828ee
Sha256: 247f4a5206ea91cbdb13d52629e05ba4742f8dc0b84f23bf5dd10a84a01b7d62
                                        
                                            GET /?&version=1&id=15445567049667424212209881&tid=6748&sr=ep&trs=15445567045220967&filter=1&nf=14&nf2=16&fwidth=1176&fheight=754&fiframe=false&fiframesandbox=undefined&ftype=js&end=1 HTTP/1.1 
Host: qkmi.medperformsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://grw.pfexch.com/dep.php?pid=6748&subid=4910&cid=18121120_03_230379_fa1f0ce20de3b&affe=wldesk

                                         
                                         52.20.56.182
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 11 Dec 2018 19:31:45 GMT
Location: https://popcash.net/world/go/161339/429757
Server: nginx
Set-Cookie: ctxfeed_media-serving=%7B%22ctxpop_uuid%22%3A%2225901225651614371544556705%22%7D; expires=Wed, 31-Dec-2098 23:00:00 GMT; Max-Age=2526348495 ep_dd46a60f800849793fcea9046701c1eb=20181211%7C1631%7CEI1805c1010a187d4187109452%7C; expires=Thu, 10-Jan-2019 19:31:45 GMT; Max-Age=2592000; path=/; domain=.peak-serving.com eprt_6df7bcad0e43158f5250a5760ca8e8b1=20181211%7C1631%7CEI1805c1010a187d4187109452%7C; expires=Thu, 10-Jan-2019 19:31:45 GMT; Max-Age=2592000; path=/; domain=.peak-serving.com
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Fri, 07 Dec 2018 07:47:00 GMT
Etag: EBABD05BB200FD5D5F475A044D18FA032F233E01
X-OCSP-Responder-ID: (null)
Content-Length: 472
Cache-Control: public, no-transform, must-revalidate, max-age=216326
Expires: Fri, 14 Dec 2018 07:37:11 GMT
Date: Tue, 11 Dec 2018 19:31:45 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   472
Md5:    d4edc0327797104723fbe9a7edf17ce1
Sha1:   ebabd05bb200fd5d5f475a044d18fa032f233e01
Sha256: 822536e69f58c9febd6cd5455f1124e3caa1dc974175f088e93accaac4e7fcb9
                                        
                                            GET /world/go/161339/429757 HTTP/1.1 
Host: popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://grw.pfexch.com/dep.php?pid=6748&subid=4910&cid=18121120_03_230379_fa1f0ce20de3b&affe=wldesk

                                         
                                         104.20.128.46
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Tue, 11 Dec 2018 19:31:49 GMT
Content-Length: 162
Connection: keep-alive
Set-Cookie: __cfduid=d6bdcaa66c3e8381de2bebb6924aa16431544556705; expires=Wed, 11-Dec-19 19:31:45 GMT; path=/; domain=.popcash.net; HttpOnly
Location: http://ps.popcash.net/go/161339/429757
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 487a5f92bab34273-OSL


--- Additional Info ---
Magic:  HTML document text
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /go/161339/429757 HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d6bdcaa66c3e8381de2bebb6924aa16431544556705

                                         
                                         52.3.37.106
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 19:31:50 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 272
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   272
Md5:    ecac9e6c25471442b834432964726e0f
Sha1:   7b5bdd0b780b3be3f2543c2f4d7c8854d4e931dc
Sha256: c2aa2dfe8c3960b84172f0dbbd8f0cb559fab737970b24675b7308b6e2fa96fb
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d6bdcaa66c3e8381de2bebb6924aa16431544556705

                                         
                                         52.3.37.106
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
                                        
Date: Tue, 11 Dec 2018 19:31:50 GMT
Server: nginx
X-Content-Type-Options: nosniff
Content-Length: 19
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text
Size:   19
Md5:    595e88012a6521aae3e12cbebe76eb9e
Sha1:   da3968197e7bf67aa45a77515b52ba2710c5fc34
Sha256: b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
                                        
                                            GET /ad/ad?p=161339&w=429757&t=72a2af2b870cc4f4&r=&vw=1176&vh=0 HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ps.popcash.net/go/161339/429757
Cookie: __cfduid=d6bdcaa66c3e8381de2bebb6924aa16431544556705

                                         
                                         52.3.37.106
HTTP/1.1 303 See Other
Content-Type: text/html; charset=utf-8
                                        
Date: Tue, 11 Dec 2018 19:31:50 GMT
Location: http://usa.photios-raj.com/zcvisitor/68082899-fd7b-11e8-8285-0a900c2351aa?campaignid=57b20330-f60a-11e8-8133-0ebb138d3962#pc151445
Server: nginx
Content-Length: 157
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text
Size:   157
Md5:    4c7acb201a10bb638bb1d72ca7774b61
Sha1:   1651cdc075cb7c3ff47897775beecb707307faa4
Sha256: 88464a171c21575605c15d79d0e62ed3a7253d0861cdad751a0137987b3fff42
                                        
                                            GET /zcvisitor/68082899-fd7b-11e8-8285-0a900c2351aa?campaignid=57b20330-f60a-11e8-8133-0ebb138d3962 HTTP/1.1 
Host: usa.photios-raj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ps.popcash.net/go/161339/429757

                                         
                                         34.192.66.37
HTTP/1.1 302 Found
                                        
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
Date: Tue, 11 Dec 2018 19:31:50 GMT
Location: https://toptargeting.afftrack.com/click?aid=326&linkid=T289813&s1=zr68082899fd7b11e882850a900c2351aa5cf169bed41143dda8d70b36c163c8c90345798ebeb01961be&s2=DT.vitellary-lion.mike-bra-JBdCZj8L
Server: ZeroPark-Traffic
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 08:10:20 GMT
Etag: D7327ECE40BD5E21C1BF73BA755527C4BC32AB00
X-OCSP-Responder-ID: mcdpcaocsp13
Content-Length: 472
Cache-Control: public, no-transform, must-revalidate, max-age=304095
Expires: Sat, 15 Dec 2018 08:00:06 GMT
Date: Tue, 11 Dec 2018 19:31:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   472
Md5:    d79d0376f39f62a55cf66171f0ed5b87
Sha1:   d7327ece40bd5e21c1bf73ba755527c4bc32ab00
Sha256: 2ed59528368f8a261bd897802cec98a227fe4ed3ebea38c302ab90a07cb1c829
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 02:14:26 GMT
Etag: FE39EE126749960BDFCBBD02A4252A7DF83E5120
X-OCSP-Responder-ID: (null)
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=282714
Expires: Sat, 15 Dec 2018 02:03:45 GMT
Date: Tue, 11 Dec 2018 19:31:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    7f5f93dd4d089e00d2afa0089aed5a9d
Sha1:   fe39ee126749960bdfcbbd02a4252a7df83e5120
Sha256: e5b896f943d506215a87e2cba2e25e4dd19deee967d455cb1f4e467b011f4670
                                        
                                            GET /click?aid=326&linkid=T289813&s1=zr68082899fd7b11e882850a900c2351aa5cf169bed41143dda8d70b36c163c8c90345798ebeb01961be&s2=DT.vitellary-lion.mike-bra-JBdCZj8L HTTP/1.1 
Host: toptargeting.afftrack.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ps.popcash.net/go/161339/429757

                                         
                                         192.95.113.27
HTTP/1.1 302 Found
Content-Type: text/html
                                        
X-Powered-By: PHP/5.5.38
Referrer-Policy: no-referrer
Set-Cookie: 797ddaf8729c894a=adda58438db51f5aa01490ca7474a706fba19e3bc21c5e3c991f2b4f6458626f; expires=Thu, 10-Jan-2019 19:31:51 GMT; Max-Age=2592000
Location: https://go.topfxpro.com/visit/?bta=35873&nci=8328&afp=325_344_99_6fca587cb3a24fd87811b&AFP2=326.DT.vitellary-lion.mike-bra-JBdCZj8L
Content-Length: 0
Date: Tue, 11 Dec 2018 19:31:51 GMT
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate, max-age=0


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "7EB88072CBC691CB200A80ED1BFFE3B8AC7008073CD354F061D77DD1D3D48457"
Last-Modified: Sun, 09 Dec 2018 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16007
Expires: Tue, 11 Dec 2018 23:58:39 GMT
Date: Tue, 11 Dec 2018 19:31:52 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    9bf2770d19441f17debef5aa5f0cc8cd
Sha1:   df485d881beaa37ae80723f24b33654330e2d4c6
Sha256: 7eb88072cbc691cb200a80ed1bffe3b8ac7008073cd354f061d77dd1d3d48457
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.113
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Mon, 10 Dec 2018 18:58:07 GMT
Etag: "46b0d5bbc2fd8a10e8b3254689e7c5907480a06f"
Content-Length: 1396
Cache-Control: public, no-transform, must-revalidate, max-age=11597
Expires: Tue, 11 Dec 2018 22:45:09 GMT
Date: Tue, 11 Dec 2018 19:31:52 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1396
Md5:    652ef21fc3c23a871271ac0c4d5bfe4b
Sha1:   46b0d5bbc2fd8a10e8b3254689e7c5907480a06f
Sha256: d62d449cf7dd0ad42f5a5f0f6196b9fdaf99a0f88c6ec6127f0abb8f38ae44ab
                                        
                                            GET /visit/?bta=35873&nci=8328&afp=325_344_99_6fca587cb3a24fd87811b&AFP2=326.DT.vitellary-lion.mike-bra-JBdCZj8L HTTP/1.1 
Host: go.topfxpro.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ps.popcash.net/go/161339/429757

                                         
                                         35.234.86.61
HTTP/1.1 302 Object moved
Content-Type: text/html; Charset=UTF-8
                                        
Server: Reblaze Secure Web Gateway
Date: Tue, 11 Dec 2018 19:31:52 GMT
Content-Length: 438
Connection: keep-alive
Cache-Control: private,no-cache
Pragma: no-cache
Expires: Mon, 10 Dec 2018 19:31:52 GMT
Location: https://www.legacyfx.com/content/LPs/trusted-broker-v3/lp.html?affid=CellX_Legacy&cxd=LegacyFX_35873_407917_325_344_99_6fca587cb3a24fd87811b&utm_creative=EN_trusted_broker_R.form&tag=35873&bta=35873&nci=8328&afp=325_344_99_6fca587cb3a24fd87811b&AFP2=326.DT.vitellary-lion.mike-bra-JBdCZj8L
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Set-Cookie: LegacyFX=afp=325%5F344%5F99%5F6fca587cb3a24fd87811b&bta=35873&Visitors=q&cid=407917; expires=Fri, 11-Jan-2019 19:31:52 GMT; path=/
X-Cache-Status: MISS
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  HTML document text
Size:   438
Md5:    1ad6fa1f1007cd26d524cf3ba298a9f6
Sha1:   f10f70934e69e55eda575534ed05424d0a9c0073
Sha256: e22a8c0c2afb1378838f39241ac385e6894c5015a9e15d8029aed164055ac52c
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d6bdcaa66c3e8381de2bebb6924aa16431544556705

                                         
                                         52.3.37.106
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
                                        
Date: Tue, 11 Dec 2018 19:31:52 GMT
Server: nginx
X-Content-Type-Options: nosniff
Content-Length: 19
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text
Size:   19
Md5:    595e88012a6521aae3e12cbebe76eb9e
Sha1:   da3968197e7bf67aa45a77515b52ba2710c5fc34
Sha256: b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d6bdcaa66c3e8381de2bebb6924aa16431544556705

                                         
                                         52.3.37.106
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
                                        
Date: Tue, 11 Dec 2018 19:31:53 GMT
Server: nginx
X-Content-Type-Options: nosniff
Content-Length: 19
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text
Size:   19
Md5:    595e88012a6521aae3e12cbebe76eb9e
Sha1:   da3968197e7bf67aa45a77515b52ba2710c5fc34
Sha256: b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: dtrk.slimcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: checkkeks=1; eTag=da16638cafb9d3344d17a09309f86ca3; ck_uniques=1544643101%3A4910-28227; ck_uniquesPa=1544643101%3A82717; ck_sys_uniques_3=1; u_current_ads_view=82717----

                                         
                                         147.135.137.104
HTTP/1.0 404 Not Found
Content-Type: text/html
                                        
Cache-Control: no-cache
Connection: close


--- Additional Info ---
                                        
                                            GET /content/LPs/trusted-broker-v3/lp.html?affid=CellX_Legacy&cxd=LegacyFX_35873_407917_325_344_99_6fca587cb3a24fd87811b&utm_creative=EN_trusted_broker_R.form&tag=35873&bta=35873&nci=8328&afp=325_344_99_6fca587cb3a24fd87811b&AFP2=326.DT.vitellary-lion.mike-bra-JBdCZj8L HTTP/1.1 
Host: www.legacyfx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ps.popcash.net/go/161339/429757

                                         
                                         0.0.0.0
                                        


--- Additional Info ---