Overview

URL mir3.me/images/s.exe
IP216.239.38.21
ASNAS15169 Google Inc.
Location United States
Report completed2018-12-11 07:15:32 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-12-11 07:14:58 CET 1 Client IP  216.239.32.21 ET TROJAN Single char EXE direct download likely trojan (multiple families)
2018-12-11 07:14:58 CET 2 Client IP  216.239.32.21 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 216.239.38.21

Date UQ / IDS / BL URL IP
2019-06-26 16:46:35 +0200
0 - 0 - 0 northlandfm.com 216.239.38.21
2019-06-25 18:09:51 +0200
0 - 0 - 0 dimp45professionalservices.com 216.239.38.21
2019-06-18 21:53:53 +0200
0 - 0 - 1 login1and1.com/050774bfee0b0a1213811283cec510 (...) 216.239.38.21
2019-06-14 20:55:32 +0200
0 - 0 - 0 216.239.38.21 216.239.38.21
2019-06-13 22:42:52 +0200
0 - 0 - 0 216.239.38.21 216.239.38.21
2019-06-12 13:23:36 +0200
0 - 2 - 0 mmabancorra.org/ 216.239.38.21
2019-06-10 19:23:11 +0200
0 - 0 - 3 playlistku.com/~feerereeredsjp/errerer/8-logi (...) 216.239.38.21
2019-06-10 17:04:39 +0200
0 - 0 - 3 pressingf5.com/2011/02/empezando-con-android- (...) 216.239.38.21
2019-06-10 14:46:32 +0200
0 - 0 - 3 derstefashionist.com/feeds/505767412780685940 (...) 216.239.38.21
2019-06-10 14:46:31 +0200
0 - 0 - 3 derstefashionist.com/2018/07 216.239.38.21

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2019-07-01 11:14:59 +0200
0 - 0 - 0 https://docs.google.com/forms/d/e/1FAIpQLSfZp (...) 216.58.207.206
2019-07-01 09:39:24 +0200
0 - 0 - 1 bartuatenbe1974.blogspot.pt 216.58.211.1
2019-07-01 09:33:26 +0200
0 - 0 - 0 https://movieok4k.blogspot.com/2019/06/articl (...) 216.58.211.1
2019-07-01 09:28:48 +0200
0 - 0 - 1 bartuatenbe1974.blogspot.pt/ 216.58.211.1
2019-07-01 09:19:18 +0200
0 - 0 - 1 https://bartuatenbe1974.blogspot.pt/ 216.58.207.193
2019-07-01 08:47:18 +0200
0 - 0 - 1 https://elmulrapan1981.blogspot.ca/ 216.58.207.225
2019-07-01 08:24:54 +0200
0 - 0 - 1 pacarama1983.blogspot.com 216.58.207.193
2019-07-01 08:19:22 +0200
0 - 1 - 0 mycricketlive.live 172.217.22.179
2019-07-01 07:21:49 +0200
0 - 0 - 0 fijisharkdiving.blogspot.com/2018/10/my-fiji- (...) 216.58.207.193
2019-07-01 06:37:59 +0200
0 - 0 - 0 ta.wow-auto-forms.appspot.com/bower_component (...) 216.58.211.148

Last 3 reports on domain: mir3.me

Date UQ / IDS / BL URL IP
2019-06-03 08:28:00 +0200
0 - 1 - 0 mir3.me/images/s.exe 216.239.32.21
2019-05-26 08:03:28 +0200
0 - 1 - 0 mir3.me/images/s.exe 216.239.34.21
2019-05-10 18:06:06 +0200
0 - 1 - 0 mir3.me/images/s.exe 216.239.36.21


JavaScript

Executed Scripts (48)


Executed Evals (0)


Executed Writes (18)

#1 JavaScript::Write (size: 4, repeated: 1) - SHA256: 152e69cf3c8e76c8d8b0aed924ddd1708e4c68624611af33d52c2c2814dd5df9

                                        2018
                                    

#2 JavaScript::Write (size: 306, repeated: 1) - SHA256: 264161db8a220a93a331aed7110937b464b8718881278a8ebc31384bd1cfc1bc

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_0"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_0']});</script > < /body></html >
                                    

#3 JavaScript::Write (size: 306, repeated: 1) - SHA256: 5efcb9fc2a44ea42dca7f3a6201c413bf996957c8642429d6bfa6d151206a13e

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_1"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_1']});</script > < /body></html >
                                    

#4 JavaScript::Write (size: 306, repeated: 1) - SHA256: ceb1ece9d4cb4964ccd9219016b1b547d99a604ffb0173c99f882e88f578ed73

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_2"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_2']});</script > < /body></html >
                                    

#5 JavaScript::Write (size: 13294, repeated: 1) - SHA256: 13e73fbd1301b882250707e1241cc913ecf4cf917df73138800805d7dea72e78

                                        < !doctype html > < html > < head > < script >
    var google_casm = []; < /script></head > < body leftMargin = "0"
topMargin = "0"
marginwidth = "0"
marginheight = "0" > < script > (function() {
    var aa = "function" == typeof Object.create ? Object.create : function(a) {
            function b() {}
            b.prototype = a;
            return new b
        },
        m;
    if ("function" == typeof Object.setPrototypeOf) m = Object.setPrototypeOf;
    else {
        var p;
        a: {
            var ba = {
                    j: !0
                },
                q = {};
            try {
                q.__proto__ = ba;
                p = q.j;
                break a
            } catch (a) {}
            p = !1
        }
        m = p ? function(a, b) {
            a.__proto__ = b;
            if (a.__proto__ !== b) throw new TypeError(a + " is not extensible");
            return a
        } : null
    }
    var t = m,
        u = this,
        v = Date.now || function() {
            return +new Date
        };

    function w(a, b, c) {
        a.addEventListener && a.addEventListener(b, c, !1)
    }

    function x(a, b, c) {
        a.removeEventListener && a.removeEventListener(b, c, !1)
    };
    var ca = Array.prototype.indexOf ? function(a, b) {
            return Array.prototype.indexOf.call(a, b, void 0)
        } : function(a, b) {
            if ("string" == typeof a) return "string" == typeof b && 1 == b.length ? a.indexOf(b, 0) : -1;
            for (var c = 0; c < a.length; c++)
                if (c in a && a[c] === b) return c;
            return -1
        },
        da = Array.prototype.forEach ? function(a, b) {
            Array.prototype.forEach.call(a, b, void 0)
        } : function(a, b) {
            for (var c = a.length, d = "string" == typeof a ? a.split("") : a, e = 0; e < c; e++) e in d && b.call(void 0, d[e], e, a)
        };

    function z(a) {
        var b = this;
        this.b = !1;
        this.a = [];
        a(function(a) {
            B(b, a)
        })
    }

    function B(a, b) {
        if (!a.b)
            if (b instanceof z) b.then(function(b) {
                B(a, b)
            });
            else {
                a.b = !0;
                a.c = b;
                for (b = 0; b < a.a.length; ++b) C(a, a.a[b]);
                a.a = []
            }
    }

    function C(a, b) {
        a.b ? b(a.c) : a.a.push(b)
    }
    z.prototype.then = function(a) {
        var b = this;
        return new z(function(c) {
            C(b, function(b) {
                c(a(b))
            })
        })
    };

    function ea(a) {
        var b = a.length,
            c = 0;
        return new z(function(d) {
            if (0 == b) d([]);
            else
                for (var e = [], f = {
                        g: 0
                    }; f.g < b; f = {
                        g: f.g
                    }, ++f.g) a[f.g].then(function(a) {
                    return function(f) {
                        e[a.g] = f;
                        ++c == b && d(e)
                    }
                }(f))
        })
    };

    function D(a) {
        return {
            visible: 1,
            hidden: 2,
            prerender: 3,
            preview: 4,
            unloaded: 5
        }[a.visibilityState || a.webkitVisibilityState || a.mozVisibilityState || ""] || 0
    }

    function fa(a) {
        var b;
        a.visibilityState ? b = "visibilitychange" : a.mozVisibilityState ? b = "mozvisibilitychange" : a.webkitVisibilityState && (b = "webkitvisibilitychange");
        return b
    };

    function E(a) {
        E[" "](a);
        return a
    }
    E[" "] = function() {};

    function F(a, b) {
        var c = !1,
            d = !1;
        d = void 0 === d ? !1 : d;
        c = void 0 === c ? !1 : c;
        a.google_image_requests || (a.google_image_requests = []);
        var e = a.document.createElement("img");
        if (c) {
            var f = function() {
                if (c) {
                    var b = a.google_image_requests,
                        d = ca(b, e);
                    0 <= d && Array.prototype.splice.call(b, d, 1)
                }
                x(e, "load", f);
                x(e, "error", f)
            };
            w(e, "load", f);
            w(e, "error", f)
        }
        d && (e.referrerPolicy = "no-referrer");
        e.src = b;
        a.google_image_requests.push(e)
    };
    var G = null,
        ha = !1;

    function ia(a, b) {
        return "&adurl=" == a.substring(a.length - 7) ? a.substring(0, a.length - 7) + b + "&adurl=" : a + b
    }

    function H() {
        this.a = u.document;
        this.f = u;
        this.c = this.b = null;
        ja(this)
    }

    function ja(a) {
        var b = [];
        if (ha) {
            var c = new z(function(b) {
                a.b = b
            });
            b.push(c)
        } else 3 == D(a.a) && b.push(ka(a));
        0 < b.length && (a.c = v());
        a.h = ea(b)
    }

    function ka(a) {
        return new z(function(b) {
            var c = fa(a.a);
            if (c) {
                var d = function() {
                    3 != D(a.a) && (x(a.a, c, d), b())
                };
                G && (d = G("di::vch", d));
                w(a.a, c, d)
            }
        })
    }

    function la(a) {
        var b = H.b();
        /(google|doubleclick).*\/pagead\/adview/.test(a) && (a = ia(a, "&vis=" + D(b.a)));
        b.h.then(function() {
            var c = a;
            b.f.rvdt = b.c ? v() - b.c : 0;
            F(b.f, c)
        })
    }
    H.a = void 0;
    H.b = function() {
        return H.a ? H.a : H.a = new H
    };
    var ma = document,
        na = window;

    function I(a) {
        try {
            var b;
            if (b = !!a && null != a.location.href) a: {
                try {
                    E(a.foo);
                    b = !0;
                    break a
                } catch (c) {}
                b = !1
            }
            return b
        } catch (c) {
            return !1
        }
    }

    function oa(a, b) {
        if (a)
            for (var c in a) Object.prototype.hasOwnProperty.call(a, c) && b.call(void 0, a[c], c, a)
    };
    var pa;
    pa = /^true$/.test("");
    var qa = !!window.google_async_iframe_id,
        J = qa && window.parent || window;

    function K(a, b, c) {
        c = void 0 === c ? {} : c;
        this.error = a;
        this.context = b.context;
        this.line = b.line || -1;
        this.msg = b.message || "";
        this.file = b.file || "";
        this.id = b.id || "jserror";
        this.meta = c
    };
    var ra = /^https?:\/\/(\w|-)+\.cdn\.ampproject\.(net|org)(\?|\/|$)/;

    function sa(a, b) {
        this.a = a;
        this.b = b
    }

    function ta(a, b) {
        this.url = a;
        this.i = !!b;
        this.depth = null
    };

    function L() {
        this.c = "&";
        this.f = !1;
        this.b = {};
        this.h = 0;
        this.a = []
    }

    function ua(a, b) {
        var c = {};
        c[a] = b;
        return [c]
    }

    function va(a, b, c, d, e) {
        var f = [];
        oa(a, function(a, g) {
            (a = wa(a, b, c, d, e)) && f.push(g + "=" + a)
        });
        return f.join(b)
    }

    function wa(a, b, c, d, e) {
        if (null == a) return "";
        b = b || "&";
        c = c || ",$";
        "string" == typeof c && (c = c.split(""));
        if (a instanceof Array) {
            if (d = d || 0, d < c.length) {
                for (var f = [], h = 0; h < a.length; h++) f.push(wa(a[h], b, c, d + 1, e));
                return f.join(c[d])
            }
        } else if ("object" == typeof a) return e = e || 0, 2 > e ? encodeURIComponent(va(a, b, c, d, e + 1)) : "...";
        return encodeURIComponent(String(a))
    }

    function M(a, b, c, d) {
        a.a.push(b);
        a.b[b] = ua(c, d)
    }

    function xa(a, b, c, d) {
        b = b + "//" + c + d;
        var e = ya(a) - d.length;
        if (0 > e) return "";
        a.a.sort(function(a, b) {
            return a - b
        });
        d = null;
        c = "";
        for (var f = 0; f < a.a.length; f++)
            for (var h = a.a[f], g = a.b[h], k = 0; k < g.length; k++) {
                if (!e) {
                    d = null == d ? h : d;
                    break
                }
                var l = va(g[k], a.c, ",$");
                if (l) {
                    l = c + l;
                    if (e >= l.length) {
                        e -= l.length;
                        b += l;
                        c = a.c;
                        break
                    } else a.f && (c = e, l[c - 1] == a.c && --c, b += l.substr(0, c), c = a.c, e = 0);
                    d = null == d ? h : d
                }
            }
        a = "";
        null != d && (a = c + "trn=" + d);
        return b + a
    }

    function ya(a) {
        var b = 1,
            c;
        for (c in a.b) b = c.length > b ? c.length : b;
        return 3997 - b - a.c.length - 1
    };

    function za(a, b, c, d) {
        if (Math.random() < (d || a.a)) try {
            if (c instanceof L) var e = c;
            else e = new L, oa(c, function(a, b) {
                var c = e,
                    d = c.h++;
                a = ua(b, a);
                c.a.push(d);
                c.b[d] = a
            });
            var f = xa(e, a.f, a.b, a.c + b + "&");
            f && F(u, f)
        } catch (h) {}
    };
    var N = null;

    function Aa() {
        var a = u.performance;
        return a && a.now && a.timing ? Math.floor(a.now() + a.timing.navigationStart) : v()
    }

    function Ba() {
        var a = void 0 === a ? u : a;
        return (a = a.performance) && a.now ? a.now() : null
    };

    function Ca(a, b, c) {
        this.label = a;
        this.type = b;
        this.value = c;
        this.duration = 0;
        this.uniqueId = this.label + "_" + this.type + "_" + Math.random();
        this.slotId = void 0
    };
    var O = u.performance,
        Da = !!(O && O.mark && O.measure && O.clearMarks),
        P = function(a) {
            var b = !1,
                c;
            return function() {
                b || (c = a(), b = !0);
                return c
            }
        }(function() {
            var a;
            if (a = Da) {
                var b;
                if (null === N) {
                    N = "";
                    try {
                        a = "";
                        try {
                            a = u.top.location.hash
                        } catch (c) {
                            a = u.location.hash
                        }
                        a && (N = (b = a.match(/\bdeid=([\d,]+)/)) ? b[1] : "")
                    } catch (c) {}
                }
                b = N;
                a = !!b.indexOf && 0 <= b.indexOf("1337")
            }
            return a
        });

    function Ea() {
        var a = Q;
        this.b = [];
        this.c = a || u;
        var b = null;
        a && (a.google_js_reporting_queue = a.google_js_reporting_queue || [], this.b = a.google_js_reporting_queue, b = a.google_measure_js_timing);
        this.a = P() || (null != b ? b : 1 > Math.random())
    }

    function Fa(a) {
        a && O && P() && (O.clearMarks("goog_" + a.uniqueId + "_start"), O.clearMarks("goog_" + a.uniqueId + "_end"))
    }
    Ea.prototype.start = function(a, b) {
        if (!this.a) return null;
        var c = Ba() || Aa();
        a = new Ca(a, b, c);
        b = "goog_" + a.uniqueId + "_start";
        O && P() && O.mark(b);
        return a
    };

    function Ga() {
        var a = R;
        this.c = Ha;
        this.f = this.b;
        this.a = void 0 === a ? null : a
    }

    function Ia(a, b, c, d, e) {
        try {
            if (a.a && a.a.a) {
                var f = a.a.start(b.toString(), 3);
                var h = c();
                var g = a.a;
                c = f;
                if (g.a && "number" == typeof c.value) {
                    var k = Ba() || Aa();
                    c.duration = k - c.value;
                    var l = "goog_" + c.uniqueId + "_end";
                    O && P() && O.mark(l);
                    g.a && g.b.push(c)
                }
            } else h = c()
        } catch (n) {
            g = !0;
            try {
                Fa(f), g = (e || a.f).call(a, b, new U(V(n), n.fileName, n.lineNumber), void 0, d)
            } catch (y) {
                a.b(217, y)
            }
            if (!g) throw n;
        }
        return h
    }

    function Ja(a, b, c, d, e) {
        var f = Ka;
        return function(h) {
            for (var g = [], k = 0; k < arguments.length; ++k) g[k] = arguments[k];
            return Ia(f, a, function() {
                return b.apply(c, g)
            }, d, e)
        }
    }
    Ga.prototype.b = function(a, b, c, d, e) {
        e = e || "jserror";
        try {
            var f = new L;
            f.f = !0;
            M(f, 1, "context", a);
            b.error && b.meta && b.id || (b = new U(V(b), b.fileName, b.lineNumber));
            b.msg && M(f, 2, "msg", b.msg.substring(0, 512));
            b.file && M(f, 3, "file", b.file);
            0 < b.line && M(f, 4, "line", b.line);
            var h = b.meta || {};
            if (d) try {
                d(h)
            } catch (S) {}
            b = [h];
            f.a.push(5);
            f.b[5] = b;
            d = u;
            b = [];
            h = null;
            do {
                var g = d;
                if (I(g)) {
                    var k = g.location.href;
                    h = g.document && g.document.referrer || null
                } else k = h, h = null;
                b.push(new ta(k || ""));
                try {
                    d = g.parent
                } catch (S) {
                    d = null
                }
            } while (d && g != d);
            k = 0;
            for (var l = b.length - 1; k <= l; ++k) b[k].depth = l - k;
            g = u;
            if (g.location && g.location.ancestorOrigins && g.location.ancestorOrigins.length == b.length - 1) for (l = 1; l < b.length; ++l) {
                var n = b[l];
                n.url || (n.url = g.location.ancestorOrigins[l - 1] || "", n.i = !0)
            }
            var y = new ta(u.location.href, !1);
            g = null;
            var T = b.length - 1;
            for (n = T; 0 <= n; --n) {
                var r = b[n];
                !g && ra.test(r.url) && (g = r);
                if (r.url && !r.i) {
                    y = r;
                    break
                }
            }
            r = null;
            var Na = b.length && b[T].url;
            0 != y.depth && Na && (r = b[T]);
            var A = new sa(y, r);
            A.b && M(f, 6, "top", A.b.url || "");
            M(f, 7, "url", A.a.url || "");
            za(this.c, e, f, c)
        } catch (S) {
            try {
                za(this.c, e, {
                    context: "ecmserr",
                    rctx: a,
                    msg: V(S),
                    url: A && A.a.url
                }, c)
            } catch (Oa) {}
        }
        return !0
    };

    function V(a) {
        var b = a.toString();
        a.name && -1 == b.indexOf(a.name) && (b += ": " + a.name);
        a.message && -1 == b.indexOf(a.message) && (b += ": " + a.message);
        if (a.stack) {
            a = a.stack;
            var c = b;
            try {
                -1 == a.indexOf(c) && (a = c + "\n" + a);
                for (var d; a != d;) d = a, a = a.replace(/((https?:\/..*\/)[^\/:]*:\d+(?:.|\n)*)\2/, "$1");
                b = a.replace(/\n */g, "\n")
            } catch (e) {
                b = c
            }
        }
        return b
    }

    function U(a, b, c) {
        K.call(this, Error(a), {
            message: a,
            file: void 0 === b ? "" : b,
            line: void 0 === c ? -1 : c
        })
    }
    var W = U;
    W.prototype = aa(K.prototype);
    W.prototype.constructor = W;
    if (t) t(W, K);
    else
        for (var X in K)
            if ("prototype" != X)
                if (Object.defineProperties) {
                    var La = Object.getOwnPropertyDescriptor(K, X);
                    La && Object.defineProperty(W, X, La)
                } else W[X] = K[X];
    W.l = K.prototype;
    var Ha, Ka;
    if (qa && !I(J)) {
        var Y = "." + ma.domain;
        try {
            for (; 2 < Y.split(".").length && !I(J);) ma.domain = Y = Y.substr(Y.indexOf(".") + 1), J = window.parent
        } catch (a) {}
        I(J) || (J = window)
    }
    var Q = J,
        R = new Ea;

    function Ma() {
        if (!Q.google_measure_js_timing) {
            var a = R;
            a.a = !1;
            a.b != a.c.google_js_reporting_queue && (P() && da(a.b, Fa), a.b.length = 0)
        }
    }
    Ha = new function() {
        var a = void 0 === a ? na : a;
        this.f = "http:" === a.location.protocol ? "http:" : "https:";
        this.b = "pagead2.googlesyndication.com";
        this.c = "/pagead/gen_204?id=";
        this.a = .01
    };
    Ka = new Ga;
    "complete" == Q.document.readyState ? Ma() : R.a && w(Q, "load", function() {
        Ma()
    });

    function Z(a, b, c, d, e) {
        return Ja(a, b, c, d, e)
    };
    G = Z;
    ha = pa;
    window.vu = Z(492, function(a) {
        a = a.replace("&amp;", "&");
        la(a)
    });
    window.vv = Z(494, function() {
        var a = H.b();
        if (!a.b) throw Error("aiv::err");
        a.b()
    });
}).call(this); < /script><script>vu("https:/ / googleads.g.doubleclick.net / pagead / adview ? ai\ x3dCNbRi5lUPXKz2GpCP6gTxtZHwCsXHn71NvtC4heUCwI23ARABIABgw9ykhZgYggEXY2EtcHViLTYxMzY1NzY2NTI0OTEyNjTIAQmpAj8aEn3yboQ - qAMBqgSCAU_QHIUMtsq0ntPnMqL3xH2sZye1mGj5j98TYex8o6LHYd25mvtOclCcqOSe - TekK7x4DqpkAmMLkIEx2vIY6b7Eq99IOlyxDoZI4JmYEXFiCOShF - jPg2fTx3d8QrObo3MtG3TCVrL5GHyXLdQj0iY - 4 lvTaJP9H61xTaJtq - Ksb6eABsuSv_q87dKmTKAGIagHpr4bqAfZyxuoB8_MG9gHANIIBwiA4YAQEAE\ x26sigh\ x3dA6Ft3xx_BJ0\ x26tpd\ x3dAGWhJmuwyeU5cPVk4nncgUThXS - A3OfLi6AT0D1A7ta5sUzhpg ")</script><script src='https://track.adform.net/adfscript/?bn=26552995;rtbwp=XA9V5gAGuywKmoeQAARa8b8EfjwvZ6h5K5LilQ;rtbdata=yHKg1DRkRVB90WibbIO-KFGkoyRypRkfw9Qtx6GSvJ_3_8cdeZJHF3GSX0P4P2FH4jmoQeR0XAwIo1O4oEvBb3epe9jRP1phI_1njKPPKGkP1C0x0fK-YzJGkm8GsDLWanG5qArWphaVLlGDXntNp2CNiT19TODqLLp70aDZ5yB000vk2_88BKCuLJigarrccjoJe0Dcz_GCayJGOnKmgleIfkJU2xKY7qGXl8fzGK0Ymc1E2lYnQdUTb4IcMD1sQeEimShqzcc1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CNbRi5lUPXKz2GpCP6gTxtZHwCsXHn71NvtC4heUCwI23ARABIABgw9ykhZgYggEXY2EtcHViLTYxMzY1NzY2NTI0OTEyNjTIAQmpAj8aEn3yboQ-qAMBqgSCAU_QHIUMtsq0ntPnMqL3xH2sZye1mGj5j98TYex8o6LHYd25mvtOclCcqOSe-TekK7x4DqpkAmMLkIEx2vIY6b7Eq99IOlyxDoZI4JmYEXFiCOShF-jPg2fTx3d8QrObo3MtG3TCVrL5GHyXLdQj0iY-4lvTaJP9H61xTaJtq-Ksb6eABsuSv_q87dKmTKAGIagHpr4bqAfZyxuoB8_MG9gHANIIBwiA4YAQEAE&num=1&sig=AOD64_3D-VF9qE5mfmBM5kZ3HLMqX1wvOQ&client=ca-pub-6136576652491264&adurl='></script><script src="
https: //tpc.googlesyndication.com/pagead/js/r20181205/r20110914/client/ext/m_window_focus_non_hydra.js" async></script><script>function initWindowFocus() {window['window_focus_for_click'] =wfocusnhinit("https://googleads.g.doubleclick.net/pagead/conversion/?ai\x3dCNbRi5lUPXKz2GpCP6gTxtZHwCsXHn71NvtC4heUCwI23ARABIABgw9ykhZgYggEXY2EtcHViLTYxMzY1NzY2NTI0OTEyNjTIAQmpAj8aEn3yboQ-qAMBqgSCAU_QHIUMtsq0ntPnMqL3xH2sZye1mGj5j98TYex8o6LHYd25mvtOclCcqOSe-TekK7x4DqpkAmMLkIEx2vIY6b7Eq99IOlyxDoZI4JmYEXFiCOShF-jPg2fTx3d8QrObo3MtG3TCVrL5GHyXLdQj0iY-4lvTaJP9H61xTaJtq-Ksb6eABsuSv_q87dKmTKAGIagHpr4bqAfZyxuoB8_MG9gHANIIBwiA4YAQEAE\x26sigh\x3duMTdxOp4C70","5lUPXNK_Gpqk7gSRxqLwDg","CKyB7oOQl98CFZCHmgod8VoErg");}if (window.wfocusnhinit) {initWindowFocus();} else {window['google_wf_async'] = initWindowFocus;}</script><script src="https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914"></script><script type="text/javascript">osdlfm(-1,'','BnqMj5lUPXKz2GpCP6gTxtZHwCgC-0LiF5QIAABABOAHIAQmgBiHSCAcIgOGAEBAB','',2817588059,true,'ud\x3d1\x26la\x3d0\x26alp\x3dai\x26alh\x3d3751013077\x26',3,'','//pagead2.googlesyndication.com/activeview?avi\x3dBnqMj5lUPXKz2GpCP6gTxtZHwCgC-0LiF5QIAABABOAHIAQmgBiHSCAcIgOGAEBAB','');</script><script src="https://tpc.googlesyndication.com/pagead/js/r20181205/r20110914/client/ext/m_qs_click_protection.js"></script><script>googqscp.init([[[[null,500,99,2,9,null,null,null,1],[null,500,99,2,8,null,null,null,1]]],null,null,null,null,null,null,null,0]);</script><script>if (window.top && window.top.postMessage) {window.top.postMessage('{"googMsgType":"adpnt"}','*');}</script><div style="display:none" data-google-query-id="CKyB7oOQl98CFZCHmgod8VoErg"></div><div style="bottom:0;right:0;width:246px;height:90px;background:initial !important;position:absolute !important;max-width:100% !important;max-height:100% !important;pointer-events:none !important;image-rendering:-moz-crisp-edges !important;z-index:2147483647;background-image:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAWBAMAAACrl3iAAAAABlBMVEUAAAD+AciWmZzWAAAAAnRSTlMAApidrBQAAAB9SURBVBjTbZABDkAhCELxBt7/tE1ErL9vW+Ui9gT4r+ji7e6Sr+nVXZQCXKVWR11SVRd3VodPPN4lW++wbv6QZMpScSMwFO0cQyyKuuj0dNAuebJG7296nynxguy0JDK3jGESU2vUsnYKCxF3grmhXwnKst2fBDdHfBKEiA7sCQZvNb3QVgAAAABJRU5ErkJggg==') !important;"></div></body></html>
                                    

#6 JavaScript::Write (size: 85, repeated: 1) - SHA256: 1e4e7d168669eb1d6c3c61db7ac096656621867901671c52564b8dc91af78c98

                                        < div id = "+ADFP1x"
style = "width:728px;height:90px;" > < /div><i style="display:none"></i >
                                    

#7 JavaScript::Write (size: 1465, repeated: 1) - SHA256: 01c649c6ea04227819df518e68b213aab675db9524235e2f4c88787a0ff1ba91

                                        < iframe id = "google_ads_frame1"
name = "google_ads_frame1"
width = "960"
height = "90"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&amp;output=html&amp;h=90&amp;slotname=3448502337&amp;adk=2817588059&amp;adf=807048394&amp;w=960&amp;fwr_io=true&amp;fwrn=4&amp;fwrnh=100&amp;lmt=1543937434&amp;rafmt=1&amp;guci=1.2.0.0.2.2.0.0&amp;format=960x90&amp;url=http%3A%2F%2Fwww.mir3.me%2F&amp;ea=0&amp;flash=10.0.45&amp;fwr=0&amp;fwrattr=true&amp;resp_fmts=3&amp;wgl=0&amp;adsid=NT&amp;dt=1544508900584&amp;bpp=22&amp;fdt=1001&amp;idt=995&amp;shv=r20181205&amp;cbv=r20180604&amp;saldr=aa&amp;abxe=1&amp;correlator=3042333485942&amp;frm=20&amp;pv=2&amp;ga_vid=2104230394.1544508902&amp;ga_sid=1544508902&amp;ga_hid=1616166040&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=100&amp;ady=167&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;eid=21060853%2C21061394%2C410075081&amp;oid=3&amp;ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=144&amp;bc=1&amp;ifi=1&amp;uci=1.b481b67e5si9&amp;dtd=1834"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#8 JavaScript::Write (size: 1484, repeated: 1) - SHA256: 1e0801a4288b3558d7e7e874cfbb75370ee196971693a298b678f38579f47bff

                                        < iframe id = "google_ads_frame2"
name = "google_ads_frame2"
width = "260"
height = "600"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1837847987781291&amp;output=html&amp;h=600&amp;slotname=1929583678&amp;adk=1879727050&amp;adf=807048394&amp;w=260&amp;fwr_io=true&amp;fwrn=4&amp;fwrnh=100&amp;lmt=1543937434&amp;rafmt=1&amp;guci=1.2.0.0.2.2.0.0&amp;format=260x600&amp;url=http%3A%2F%2Fwww.mir3.me%2F&amp;ea=0&amp;flash=10.0.45&amp;fwr=0&amp;fwrattr=true&amp;resp_fmts=4&amp;wgl=0&amp;adsid=NT&amp;dt=1544508902599&amp;bpp=44&amp;fdt=50&amp;idt=-M&amp;shv=r20181205&amp;cbv=r20180604&amp;saldr=aa&amp;abxe=1&amp;prev_fmts=960x90&amp;correlator=3042333485942&amp;frm=20&amp;pv=2&amp;ga_vid=2104230394.1544508902&amp;ga_sid=1544508902&amp;ga_hid=1616166040&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=779&amp;ady=287&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;eid=21060853%2C21061394%2C410075081&amp;oid=3&amp;ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=144&amp;bc=1&amp;ifi=2&amp;uci=2.lr0v4csq2sco&amp;dtd=69"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#9 JavaScript::Write (size: 1497, repeated: 1) - SHA256: 986fecab8360879048443b760cb06aedf4941c692173690fa78ae26e90defd53

                                        < iframe id = "google_ads_frame3"
name = "google_ads_frame3"
width = "260"
height = "600"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8337003150356981&amp;output=html&amp;h=600&amp;slotname=6685699877&amp;adk=1153169564&amp;adf=807048394&amp;w=260&amp;fwr_io=true&amp;fwrn=4&amp;fwrnh=100&amp;lmt=1543937434&amp;rafmt=1&amp;guci=1.2.0.0.2.2.0.0&amp;format=260x600&amp;url=http%3A%2F%2Fwww.mir3.me%2F&amp;ea=0&amp;flash=10.0.45&amp;fwr=0&amp;fwrattr=true&amp;resp_fmts=4&amp;wgl=0&amp;adsid=NT&amp;dt=1544508903007&amp;bpp=10&amp;fdt=28&amp;idt=-M&amp;shv=r20181205&amp;cbv=r20180604&amp;saldr=aa&amp;abxe=1&amp;prev_fmts=960x90%2C260x600&amp;correlator=3042333485942&amp;frm=20&amp;pv=2&amp;ga_vid=2104230394.1544508902&amp;ga_sid=1544508902&amp;ga_hid=1616166040&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=120&amp;ady=2414&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;eid=21060853%2C21061394%2C410075081&amp;oid=3&amp;ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=144&amp;bc=1&amp;ifi=3&amp;uci=3.rmyhkjx9y2k3&amp;dtd=41"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#10 JavaScript::Write (size: 282, repeated: 1) - SHA256: 985074870f3102225f1d0c71fa395d0eb823e256b27b814286f3f6e7a23dfd3f

                                        < img src = "https://2.bp.blogspot.com/-6pukPGZ2eyw/W6hY6LaTSqI/AAAAAAAAADU/l_MK4FyRa3McvpP52TinKQDa5jqDDM22wCLcBGAs/w250-c-h160/img.jpg"
class = "post-thumbnail"
alt = "Cara Menambah Penjualan Usaha Pulsa Kecil"
width = "250"
height = "160"
title = "Cara Menambah Penjualan Usaha Pulsa Kecil" / >
                                    

#11 JavaScript::Write (size: 296, repeated: 1) - SHA256: ae1bfbf48fb0c4e5cd6197c07c3a62bbad9babf1b1edf9cf81132b37368f5b4a

                                        < img src = "https://2.bp.blogspot.com/-Z1ELbW3TFFk/W6hcxJQtBaI/AAAAAAAAAD4/9wcwXSdTtuED26zia0SSovuNrrGH7YT1QCLcBGAs/w250-c-h160/img.jpg"
class = "post-thumbnail"
alt = "Instagram Web Alias Facebook Untuk Iklan Online?"
width = "250"
height = "160"
title = "Instagram Web Alias Facebook Untuk Iklan Online?" / >
                                    

#12 JavaScript::Write (size: 344, repeated: 1) - SHA256: bfa8e1fc126468a62e6410fb3d0d928eb00de4480108004a64bc9ae9fe5c3b0b

                                        < img src = "https://3.bp.blogspot.com/-15Byq_s8glw/W6hbdtXnh7I/AAAAAAAAADs/QO9XgV3NMVAuVAXy3O0r8u6pRcKpi6PVwCLcBGAs/w250-c-h160/img.jpg"
class = "post-thumbnail"
alt = "Binshootg Mengawali Bisnis? Berikut 5 Argumen Psikologis Serta Solusinya"
width = "250"
height = "160"
title = "Binshootg Mengawali Bisnis? Berikut 5 Argumen Psikologis Serta Solusinya" / >
                                    

#13 JavaScript::Write (size: 316, repeated: 1) - SHA256: 731f686abdb9b0816fad5f374c7119d81049147ecdbc55e629ee7807fd6349a8

                                        < img src = "https://3.bp.blogspot.com/-IntBciNFrCA/W6hYNVhGrGI/AAAAAAAAADI/P5sznqXcS_cY3SwUfKy3agWTtlB6Xw2bQCLcBGAs/w250-c-h160/img.jpg"
class = "post-thumbnail"
alt = "Kesempatan Usaha Pulsa Elektips Reseller Serta Distributor"
width = "250"
height = "160"
title = "Kesempatan Usaha Pulsa Elektips Reseller Serta Distributor" / >
                                    

#14 JavaScript::Write (size: 258, repeated: 1) - SHA256: d4d64c08c6e24379005fb089bddfbdeada5eef0558bbf0cdfc9d3f6594b43e3e

                                        < img src = "https://4.bp.blogspot.com/-rdbukhd-Snk/W6hZt3BgJrI/AAAAAAAAADc/hlMim4u3v3E3nHpj1oh9iCSbvbYsjK8lQCLcBGAs/w250-c-h160/img.jpg"
class = "post-thumbnail"
alt = "Cara Memasang Iklan Di Google"
width = "250"
height = "160"
title = "Cara Memasang Iklan Di Google" / >
                                    

#15 JavaScript::Write (size: 122, repeated: 1) - SHA256: 20fbe76e138f272d807095c34e853571e834476bd96c9d96158e351ff876e3ee

                                        < script type = "text/javascript"
src = "/feeds/posts/summary?alt=json-in-script&callback=pageNavi&max-results=99999" > < /script>
                                    

#16 JavaScript::Write (size: 105, repeated: 1) - SHA256: 777fbfa593c439154ccf2fe85d35038b125909afe48110f0217b6c1143a886db

                                        < script type = "text/javascript"
src = "https://s1.adform.net/stoat/614/s1.adform.net/bootstrap.js" > < /script>
                                    

#17 JavaScript::Write (size: 1403, repeated: 1) - SHA256: 97cfb068668bd41d2e24437764b00ffb3e8537d9cea326bf717268de4de60e1f

                                        < script type = "text/javascript"
src = "https://track.adform.net/adfserve/?CC=1&bn=26552995;rtbwp=XA9V5gAGuywKmoeQAARa8b8EfjwvZ6h5K5LilQ;rtbdata=yHKg1DRkRVB90WibbIO-KFGkoyRypRkfw9Qtx6GSvJ_3_8cdeZJHF3GSX0P4P2FH4jmoQeR0XAwIo1O4oEvBb3epe9jRP1phI_1njKPPKGkP1C0x0fK-YzJGkm8GsDLWanG5qArWphaVLlGDXntNp2CNiT19TODqLLp70aDZ5yB000vk2_88BKCuLJigarrccjoJe0Dcz_GCayJGOnKmgleIfkJU2xKY7qGXl8fzGK0Ymc1E2lYnQdUTb4IcMD1sQeEimShqzcc1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CNbRi5lUPXKz2GpCP6gTxtZHwCsXHn71NvtC4heUCwI23ARABIABgw9ykhZgYggEXY2EtcHViLTYxMzY1NzY2NTI0OTEyNjTIAQmpAj8aEn3yboQ-qAMBqgSCAU_QHIUMtsq0ntPnMqL3xH2sZye1mGj5j98TYex8o6LHYd25mvtOclCcqOSe-TekK7x4DqpkAmMLkIEx2vIY6b7Eq99IOlyxDoZI4JmYEXFiCOShF-jPg2fTx3d8QrObo3MtG3TCVrL5GHyXLdQj0iY-4lvTaJP9H61xTaJtq-Ksb6eABsuSv_q87dKmTKAGIagHpr4bqAfZyxuoB8_MG9gHANIIBwiA4YAQEAE&num=1&sig=AOD64_3D-VF9qE5mfmBM5kZ3HLMqX1wvOQ&client=ca-pub-6136576652491264&adurl=;js=1;adfxid=1x;762;set=en-US|en-US|1176X885|10.0452|750|100|24|8|3|7|1;fd=0|0&CREFURL=https%3a%2f%2fgoogleads.g.doubleclick.net%2fpagead%2fads%3fclient%3dca-pub-6136576652491264%26output%3dhtml%26h%3d90%26slotname%3d3448502337%26adk%3d2817588059%26adf%3d807048394%26w%3d960%26fwr_io%3dtrue%26fwrn%3d4%26fwrnh%3d100%26lmt%3d1543937434%26rafmt%3d1%26guci%3d1.2.0.0.2.2.0.0%26format%3d960x90%26url%3dhttp%253A%252F%252Fwww.mir3.me%252F%26ea%3d0%26flash%3d10.0.45%26fwr%3d0%26fwrattr%3dtrue" > < /script>
                                    

#18 JavaScript::Write (size: 776, repeated: 1) - SHA256: f7ae374882a43d9aaec220806bed256239e4de047fc3b8f6da3bf6e2491adc98

                                        < span class = "pages" > Pages 1 of 7 < /span> <span class="current">1</span > < a href = "/search?updated-max=2018-10-01T01%3A45%3A00-07%3A00&max-results=7"
title = "Previous Page"
rel = "nofollow" > 2 < /a><a href="/search ? updated - max = 2018 - 09 - 23 T21 % 3 A01 % 3 A00 - 07 % 3 A00 & max - results = 7 " title="
Previous Page " rel="
nofollow ">3</a><a href=" / search ? updated - max = 2018 - 02 - 09 T17 % 3 A00 % 3 A00 - 08 % 3 A00 & max - results = 7 " title="
Previous Page " rel="
nofollow ">4</a><a href=" / search ? updated - max = 2018 - 01 - 26 T17 % 3 A00 % 3 A00 - 08 % 3 A00 & max - results = 7 " title="
Previous Page " rel="
nofollow ">5</a><a href=" / search ? updated - max = 2018 - 10 - 01 T01 % 3 A45 % 3 A00 - 07 % 3 A00 & max - results = 7 " title="
Next Page " rel="
nofollow ">Next</a><a href=" / search ? updated - max = 2016 - 09 - 13 T02 % 3 A30 % 3 A00 - 07 % 3 A00 & max - results = 7 " title="
Last Page " rel="
nofollow ">Last</a>
                                    


HTTP Transactions (62)


Request Response
                                        
                                            GET /images/s.exe HTTP/1.1 
Host: mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.239.32.21
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Location: http://www.mir3.me/images/s.exe
Date: Tue, 11 Dec 2018 06:14:58 GMT
Server: ghs
Content-Length: 228
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  HTML document text
Size:   228
Md5:    64853b2313ded85e5491353353022d51
Sha1:   3161baf1a0ab44856b58bed278e2aea65fe1be08
Sha256: 7fe4b1f4c81fcff420dba783ac363688daf248c8eda18542ef6c39798f21d334

Alerts:
  IDS:
    - ET TROJAN Single char EXE direct download likely trojan (multiple families)
    - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
                                        
                                            GET /images/s.exe HTTP/1.1 
Host: www.mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.209.147
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 11 Dec 2018 06:14:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 15573
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   15573
Md5:    f67350f766a0935daf7011eafce440f0
Sha1:   491da2091230e315c0fe048801f0b0901cb54244
Sha256: 1c738ea224055daf4e88219a489d63b2a1f94dc45b44b7b93bb18c767871ba98
                                        
                                            GET /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Tue, 11 Dec 2018 06:14:59 GMT
Expires: Tue, 11 Dec 2018 06:14:59 GMT
Cache-Control: private, max-age=3600
Etag: 2266865073180887146
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 28224
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   28224
Md5:    29df8b2db30ed21b89e571a6e39b7156
Sha1:   ba15771b5bf0e8244651558a19a23964abbe2096
Sha256: c4d66fbf75b4b96943c221d79f8734e9a38ac2d40af9c48a50ea3f74870e69de
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         80.239.159.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Fri, 07 Dec 2018 03:41:58 GMT
Etag: 3134D766B1970C43F0E623A35D70628C4B92BA15
X-OCSP-Responder-ID: (null)
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=249426
Expires: Fri, 14 Dec 2018 03:32:05 GMT
Date: Tue, 11 Dec 2018 06:14:59 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    8fd02a8e8dbae8f24977022af2aac7b2
Sha1:   3134d766b1970c43f0e623a35d70628c4b92ba15
Sha256: 07eea0e01d8490fb0c34183f4942e32a1de544934899a1a80a292989c125fb29
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         80.239.159.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 02:14:26 GMT
Etag: 037B8E0DFE5A0F29AC9FCAAB8019F297EE1ED95B
X-OCSP-Responder-ID: (null)
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=330541
Expires: Sat, 15 Dec 2018 02:04:00 GMT
Date: Tue, 11 Dec 2018 06:14:59 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    ac69dc3186104a1827322e450ce12ea7
Sha1:   037b8e0dfe5a0f29ac9fcaab8019f297ee1ed95b
Sha256: 15f8db1536c78951d97bdf44c460d40c3774d046169a240c60b9d1a03f7e2754
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         80.239.159.17
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 08 Dec 2018 02:14:26 GMT
Etag: 87D71F7873A27CCB26DE7CBBC637753573B679CA
X-OCSP-Responder-ID: (null)
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=330522
Expires: Sat, 15 Dec 2018 02:03:41 GMT
Date: Tue, 11 Dec 2018 06:14:59 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    4a2228e0a0ee8eb3e5caecbcf543fb57
Sha1:   87d71f7873a27ccb26de7cbbc637753573b679ca
Sha256: 23520bd6ea9a247c5dd423ec0b3c100b41d645ced6f2347597daf04d4f0832e2
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.209.147
HTTP/1.1 200 OK
Content-Type: image/x-icon; charset=UTF-8
                                        
Expires: Tue, 11 Dec 2018 06:14:59 GMT
Date: Tue, 11 Dec 2018 06:14:59 GMT
Cache-Control: private, max-age=86400
Last-Modified: Tue, 04 Dec 2018 15:30:34 GMT
Etag: W/"ca94c8e2a21ba825cc6acfcd42882435ca5b6b4e74335baa5902d7f9bbfeba83"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   412
Md5:    23e5eb1119a7f4d2ab629ccd77a5f84b
Sha1:   f7a5a792e41005ba918551e4416c4bf639ec80ec
Sha256: a0c8d4831f453c316840a502432719f7f7d833bea4a9b59f548e4a1bc2bf0c8a
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:14:59 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    ec09ede32d44cd47c76d903f028e422a
Sha1:   343f16779a04c240e75182908f219c5935341c87
Sha256: 905b48a10d2517d18230cc1df25725f132c3efbc2e08529517b928c36d32010d
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:14:59 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         209.197.3.15
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Date: Tue, 11 Dec 2018 06:14:59 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1544225803"
Content-Encoding: gzip
Content-Length: 6241
Last-Modified: Fri, 07 Dec 2018 23:36:43 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-Cache: HIT
Timing-Allow-Origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6241
Md5:    715e696d6145ca0f8cf4407ab7913d64
Sha1:   0f1657d56be75deb332589abeb73595884c6bc47
Sha256: 4fc67c2ffa67bb7ec269240693a486dd91da334f2f0e765761cc99568fb74db2
                                        
                                            GET /css?family=Open+Sans:300,400,400italic,600 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.22.170
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Tue, 11 Dec 2018 06:14:59 GMT
Date: Tue, 11 Dec 2018 06:14:59 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   288
Md5:    dee298a5d3496c7ca53c6939b7c67659
Sha1:   6ce44e9a108880fa5bd59ab7e12be107611ff52b
Sha256: 519463e0fc9da4193a166a977690587ec3cc55ed442587905af8dd5b81f48f6a
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:15:00 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    272790fee7b8719575f65f27160ed63c
Sha1:   c28381f66afd5697179351ab5a9d33464cd3e468
Sha256: 88a449feb74eeddc61cc3a9a8c742515ff3652ea578df6cfa9912d4a9998b20b
                                        
                                            GET / HTTP/1.1 
Host: www.mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.209.147
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Tue, 11 Dec 2018 06:15:00 GMT
Date: Tue, 11 Dec 2018 06:15:00 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 04 Dec 2018 15:30:34 GMT
Etag: W/"ca94c8e2a21ba825cc6acfcd42882435ca5b6b4e74335baa5902d7f9bbfeba83"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 17055
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   17055
Md5:    fcca0505bc9ec4836385c0b37f267198
Sha1:   c29397c2dc0850482a6a2f3587c5e43c8e2ad709
Sha256: c7b708b235667bec51ba956d16b68a13e6bc04712910cb2d2ccce4170fffa5f5
                                        
                                            GET /s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0d.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600
Origin: http://www.mir3.me

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 17704
Date: Tue, 27 Nov 2018 16:54:50 GMT
Expires: Wed, 27 Nov 2019 16:54:50 GMT
Last-Modified: Wed, 11 Oct 2017 21:49:44 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 1171210
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  data
Size:   17704
Md5:    bf2d0783515b7d75c35bde69e01b3135
Sha1:   0e92462e402c15295366d912a7b8be303d0257d8
Sha256: 054349dda27b80bb105fbc59b5973ef9889ed976aca1fbe39f77688dcff8c552
                                        
                                            GET /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Tue, 11 Dec 2018 06:15:00 GMT
Expires: Tue, 11 Dec 2018 06:15:00 GMT
Cache-Control: private, max-age=3600
Etag: 2266865073180887146
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 28224
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   28224
Md5:    29df8b2db30ed21b89e571a6e39b7156
Sha1:   ba15771b5bf0e8244651558a19a23964abbe2096
Sha256: c4d66fbf75b4b96943c221d79f8734e9a38ac2d40af9c48a50ea3f74870e69de
                                        
                                            GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff?v=4.5.0 HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Origin: http://www.mir3.me

                                         
                                         209.197.3.15
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Date: Tue, 11 Dec 2018 06:15:00 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1544225830"
Content-Encoding: gzip
Content-Length: 83584
Last-Modified: Fri, 07 Dec 2018 23:37:10 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-Cache: HIT
Timing-Allow-Origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   83584
Md5:    924ca9e1f90a4f9112efbdf3bf26802f
Sha1:   e905c3361c3c6790ab07b5d1f0584301c8100e23
Sha256: 6d3c99430402acff50738bd5a65a8f9f79d4e139a230db50d2c6651e8215eecb
                                        
                                            GET /pagead/js/r20181205/r20180604/show_ads_impl.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Tue, 11 Dec 2018 06:15:00 GMT
Expires: Tue, 11 Dec 2018 06:15:00 GMT
Cache-Control: private, max-age=1209600
Etag: 11651059295933233243
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 75629
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   75629
Md5:    dd8f7327a57b5024b7afe88267e56b35
Sha1:   a700fe67d73e1a345f46126d5ab4193ef0033887
Sha256: 53919813bb81de4065de0878d2a4c54edb7b7999f152b7cecf3338c7dc73506f
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:15:00 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    6181de27aec2343ac429b74195b4f78b
Sha1:   01bb6066cf0b76858a2be7e57dc525b4d42bfde4
Sha256: 343c27bb537962c7a9cb34d2a9b12b4e7be8d789d0b94cef1b8f16ce13c51ac9
                                        
                                            GET /s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhv.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600
Origin: http://www.mir3.me

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 18296
Date: Tue, 27 Nov 2018 13:57:22 GMT
Expires: Wed, 27 Nov 2019 13:57:22 GMT
Last-Modified: Wed, 11 Oct 2017 21:49:52 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 1181858
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  data
Size:   18296
Md5:    1cd5320f8937d337b61d5117cf9d7b28
Sha1:   24798ef7ac55ba93aaa033fefdb7ca4d57da44ad
Sha256: e19b28ad1aafcb23735d02cbec4e2697ebbf7d608cf47fb8f8565def01b28c2a
                                        
                                            GET /feeds/posts/summary?alt=json-in-script&callback=pageNavi&max-results=99999 HTTP/1.1 
Host: www.mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         216.58.209.147
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Etag: W/"aa7375b48e1a2cd452c9a0087cc162c986ffba64e59a1b8d088f4cbe69d9cbbc"
Date: Tue, 11 Dec 2018 06:15:00 GMT
Server: blogger-renderd
Expires: Tue, 11 Dec 2018 06:15:01 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 04 Dec 2018 15:30:34 GMT
Content-Encoding: gzip
Content-Length: 16816
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   16816
Md5:    b4fa66a2ce0ea450e65233bf54babffe
Sha1:   88c783835a1f97b6b93921b648067e5677c329d3
Sha256: c7d33aba26b852b0dff63931ac4b723ceb0d9659884f5564d3f81c0762f5fbde
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    55bdf35b441bc115bcfb6bd5076250f6
Sha1:   5d953ad85a083efc8645fe2ce7573d9d174e0414
Sha256: a5270251192a1b5aca7c52a6c9aaf685c76981296b2b53643d1b4b65a3b36cc9
                                        
                                            GET /ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         104.19.199.151
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 11 Dec 2018 06:15:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jul 2018 12:30:51 GMT
Etag: W/"5b4de17b-5148"
Expires: Sun, 01 Dec 2019 06:15:01 GMT
Cache-Control: public, max-age=30672000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Served-In-Seconds: 0.001
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4875d077e56a4297-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6868
Md5:    c70959e95cee98de7457e2fa5517f3c2
Sha1:   2bbadafceb0413c4c932564cf6db1c18266d5b13
Sha256: 269e7ef9a83f773875101cfa329ea7bcb6e8187ddbab9d46d673b4bf4f5b2294
                                        
                                            GET /pub-config/r20160913/ca-pub-6136576652491264.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 125
Date: Tue, 11 Dec 2018 06:15:01 GMT
Expires: Tue, 11 Dec 2018 18:15:01 GMT
Cache-Control: public, max-age=43200
Last-Modified: Tue, 11 Dec 2018 00:51:47 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   125
Md5:    21aea2dae0239adff4f9f063cdacfc76
Sha1:   ce64c497ac1dd86393da79e8cea239de113c1de7
Sha256: a59ee78166b8467dd7dd8c7acb03d8df7d16cf4a04f45c8558366df1c33b868f
                                        
                                            GET /ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         104.19.199.151
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 11 Dec 2018 06:15:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jul 2018 12:30:51 GMT
Etag: W/"5b4de17b-fe0"
Expires: Sun, 01 Dec 2019 06:15:01 GMT
Cache-Control: public, max-age=30672000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Served-In-Seconds: 0.057
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4875d077d4344261-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1215
Md5:    cc3627d34e7cdec4ebf54066ad9a4315
Sha1:   3e56a6f2f6e9b397308c6d6810c4493c70335eda
Sha256: f69922c6f461ae642ab199b54163412f23c92042ea15730a4cd050d7c5876a54
                                        
                                            GET /pagead/html/r20181205/r20180604/zrt_lookup.html HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Thu, 06 Dec 2018 11:08:58 GMT
Expires: Thu, 20 Dec 2018 11:08:58 GMT
Etag: 12810928231326100212
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 6940
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 414363
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6940
Md5:    d777326182433d075d044edb2f090fa9
Sha1:   6b39f197a7908fff24360fe81de0d221134a3197
Sha256: c8232f61c75ebbbe71b20c2aca70b70dcb6b65a0d35509a9ada4994a41c1976b
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    489fd81a29d45b887cc01a67b94e7cd7
Sha1:   adf6febe41655ba1b9992b8f12046b03187c89db
Sha256: cd4fc8ab5dc555418f5a00b0b64b4cf6f698f18c0b47cb8fb72c21210307fc73
                                        
                                            GET /s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhv.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600
Origin: http://www.mir3.me

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 18280
Date: Fri, 07 Dec 2018 21:37:26 GMT
Expires: Sat, 07 Dec 2019 21:37:26 GMT
Last-Modified: Wed, 11 Oct 2017 21:49:35 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 290255
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  data
Size:   18280
Md5:    521d17bc9f3526c690e8ada6eee55bec
Sha1:   0c74bab4a4ebdafe080c8a35bd61d38f1b692358
Sha256: 624b3c987e1731e2871567be1451a257be8ebcaa2abebaa45651d3d95fa99492
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    52298da2b8eaf61261ca68bc7182094f
Sha1:   b013bf312b468503079a29cab8018414e2492af0
Sha256: b4194cd55a99d28018decd990f5f4eab25b3941992d27ff9a0cc908bed25d715
                                        
                                            GET /img/icon18_wrench_allbkg.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         216.58.211.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 475
Date: Tue, 04 Dec 2018 15:41:41 GMT
Expires: Tue, 11 Dec 2018 15:41:41 GMT
Last-Modified: Mon, 03 Dec 2018 11:19:55 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 570800
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 18 x 18, 8-bit colormap, non-interlaced
Size:   475
Md5:    f617effe6d96c15acfea8b2e8aae551f
Sha1:   6d676af11ad2e84b620cce4d5992b657cb2d8ab6
Sha256: d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
                                        
                                            GET /-eV-8gKAEpPQ/WBK8lL35yyI/AAAAAAAAGy0/pw6rw0MDKzMDijgXPpl_7E0d5Jti60yEwCLcB/s1600/google-plus.png HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v1b39"
Expires: Thu, 29 Nov 2018 01:58:28 GMT
Content-Disposition: inline;filename="google-plus.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: fife
Content-Length: 408
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 0
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 30 x 29, 8-bit colormap, non-interlaced
Size:   408
Md5:    fc6f6707bee1d91245c2d6c62f2f0cb5
Sha1:   b44a020435093d3bc17ee583be54e4c2d656c6dc
Sha256: f56ea6edc29668b5115efbf1f3014df9c787415e9f294e5614eb7d54a4dca8f0
                                        
                                            GET /adsid/integrator.js?domain=www.mir3.me HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   104
Md5:    835dc76a57166c8b5b88275a570d1891
Sha1:   0d7e8826520cdadf8db62583b25e26149af2c8ce
Sha256: 6441b99ce0ba328cabe2ff8d6167c3ac47f8d67fc469689fd925f7b57761c333
                                        
                                            GET /adsid/integrator.js?domain=www.mir3.me HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   104
Md5:    835dc76a57166c8b5b88275a570d1891
Sha1:   0d7e8826520cdadf8db62583b25e26149af2c8ce
Sha256: 6441b99ce0ba328cabe2ff8d6167c3ac47f8d67fc469689fd925f7b57761c333
                                        
                                            GET /-6pukPGZ2eyw/W6hY6LaTSqI/AAAAAAAAADU/l_MK4FyRa3McvpP52TinKQDa5jqDDM22wCLcBGAs/w72-h72-p-k-no-nu/img.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v36"
Expires: Wed, 12 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="img.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: fife
Content-Length: 4464
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   4464
Md5:    1abbbed706be72f47a15e8ac40fd1c47
Sha1:   6f25b1519961a874d5101ff9a0ff19757e2b168f
Sha256: 3ab9f29426f0fe0366d63b49d87ad04bbbc46ca1c90a0a24584d59b13a113f2f
                                        
                                            GET /-6pukPGZ2eyw/W6hY6LaTSqI/AAAAAAAAADU/l_MK4FyRa3McvpP52TinKQDa5jqDDM22wCLcBGAs/w250-c-h160/img.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v36"
Expires: Wed, 12 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="img.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: fife
Content-Length: 20314
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   20314
Md5:    cbef8d1ba3c4306ae64dfef562cd7dbc
Sha1:   f477e925bfebdacd3cad33c734472d9d2a0add14
Sha256: 99c35355d75473129dfc68e46085badba9ffc16654ba13e6efc136f14ed958c9
                                        
                                            GET /-15Byq_s8glw/W6hbdtXnh7I/AAAAAAAAADs/QO9XgV3NMVAuVAXy3O0r8u6pRcKpi6PVwCLcBGAs/w250-c-h160/img.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v3c"
Expires: Wed, 12 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="img.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: fife
Content-Length: 6889
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6889
Md5:    88c022a2f5cbf91da6952c11e3f5e91e
Sha1:   8f8cfde11816923ad2ca2917bcaf1416c37ec567
Sha256: d3ab37ccacfa1c67293ccdede6a4c4bbe365e6d96d1d2726ff1b7b590b4c40de
                                        
                                            GET /-rdbukhd-Snk/W6hZt3BgJrI/AAAAAAAAADc/hlMim4u3v3E3nHpj1oh9iCSbvbYsjK8lQCLcBGAs/w72-h72-p-k-no-nu/img.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v38"
Expires: Wed, 12 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="img.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: fife
Content-Length: 3652
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   3652
Md5:    e1be65da863d23b020a22f36fcfe4ad0
Sha1:   c333aa0c7732594d1ab1ad5e7640ced27c9325eb
Sha256: dbc840e6d4490c3156018fa58855406a7c0eae2c0adfed84bf298229c6498628
                                        
                                            GET /-IntBciNFrCA/W6hYNVhGrGI/AAAAAAAAADI/P5sznqXcS_cY3SwUfKy3agWTtlB6Xw2bQCLcBGAs/w250-c-h160/img.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v33"
Expires: Wed, 12 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="img.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: fife
Content-Length: 21367
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   21367
Md5:    57fa5f6653d5444bbc9fd1d609ad1d45
Sha1:   c3070ef9344eed2ab351c93bb2e43b8f20bb31fa
Sha256: ab31ecc0ee89655dfa8557b49cc32935d9eff6b6579ebaed085cd7477b698d87
                                        
                                            GET /-Z1ELbW3TFFk/W6hcxJQtBaI/AAAAAAAAAD4/9wcwXSdTtuED26zia0SSovuNrrGH7YT1QCLcBGAs/w250-c-h160/img.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v3f"
Expires: Wed, 12 Dec 2018 06:15:01 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="img.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:01 GMT
Server: fife
Content-Length: 13959
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   13959
Md5:    b73faae94dd4c2278d4239450ff4c6eb
Sha1:   ac134e9878871e79ea89670e44d54fb11e1714d8
Sha256: b8d76ee564b3f3b42efec0ae2ad8979ce59528a6cef19ea41942f8f3fae2f9ee
                                        
                                            GET /-rdbukhd-Snk/W6hZt3BgJrI/AAAAAAAAADc/hlMim4u3v3E3nHpj1oh9iCSbvbYsjK8lQCLcBGAs/w250-c-h160/img.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v38"
Expires: Wed, 12 Dec 2018 06:15:02 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="img.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:02 GMT
Server: fife
Content-Length: 13962
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   13962
Md5:    6e1d386d13b2279dfb67987858498dac
Sha1:   b21e44ae5c92773d0ff7ed6bde047265ffcdc327
Sha256: 6789202bfbd95275e56af49c9fb4042461247cfe7ab096c0ece45f3add941db5
                                        
                                            GET /pagead/js/r20181205/r20100101/osd.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Mon, 10 Dec 2018 20:02:30 GMT
Expires: Mon, 24 Dec 2018 20:02:30 GMT
Etag: 10366987592970477111
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 26696
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 36752
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   26696
Md5:    91a87cc2bcd9cbebc88e95671016e324
Sha1:   fdcd51c5aa00495a55a559c4fa79a812d19f1cd7
Sha256: c7ebfc575409dc9731cca912ef08a2ac5f39e40ef4d2d853ec7f45dabacdc7e1
                                        
                                            GET /pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 06:15:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 11-Dec-2018 06:30:02 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Expires: Tue, 11 Dec 2018 06:15:02 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6518
Md5:    a013fd825c3fa0877f14ce004ead9739
Sha1:   5d80da7c2b4664a759cab6f7bf2e193efa21262c
Sha256: b0db887eee4096edd80f4eb1cb03fb93af834b688b75f157403655fca6a42b27
                                        
                                            GET /pagead/adview?ai=CNbRi5lUPXKz2GpCP6gTxtZHwCsXHn71NvtC4heUCwI23ARABIABgw9ykhZgYggEXY2EtcHViLTYxMzY1NzY2NTI0OTEyNjTIAQmpAj8aEn3yboQ-qAMBqgSCAU_QHIUMtsq0ntPnMqL3xH2sZye1mGj5j98TYex8o6LHYd25mvtOclCcqOSe-TekK7x4DqpkAmMLkIEx2vIY6b7Eq99IOlyxDoZI4JmYEXFiCOShF-jPg2fTx3d8QrObo3MtG3TCVrL5GHyXLdQj0iY-4lvTaJP9H61xTaJtq-Ksb6eABsuSv_q87dKmTKAGIagHpr4bqAfZyxuoB8_MG9gHANIIBwiA4YAQEAE&sigh=A6Ft3xx_BJ0&tpd=AGWhJmuwyeU5cPVk4nncgUThXS-A3OfLi6AT0D1A7ta5sUzhpg&vis=0 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: test_cookie=CheckForPermission

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Tue, 11 Dec 2018 06:15:03 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Set-Cookie: IDE=AHWqTUlqz1Js5abqtTBfU3XZLnQ5W4DMV0ISO-aH53qupI1J44xzNLxK0lH-wKhZ; expires=Thu, 10-Dec-2020 06:15:03 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Expires: Tue, 11 Dec 2018 06:15:03 GMT
Cache-Control: private


--- Additional Info ---
                                        
                                            GET /pagead/ads?client=ca-pub-1837847987781291&output=html&h=600&slotname=1929583678&adk=1879727050&adf=807048394&w=260&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=260x600&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=4&wgl=0&adsid=NT&dt=1544508902599&bpp=44&fdt=50&idt=-M&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&prev_fmts=960x90&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=779&ady=287&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=2&uci=2.lr0v4csq2sco&dtd=69 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 06:15:03 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 11-Dec-2018 06:30:03 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Expires: Tue, 11 Dec 2018 06:15:03 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   385
Md5:    9472ef174ddfe623c8f03aa35b4cf32b
Sha1:   377b9f298bbb3eb80735032c68163477cbe5e158
Sha256: 39219d49c2f7df1fd6dee13a8ae25e3ded7ff011dc631f5f31f0d65ec415b979
                                        
                                            GET /pagead/ads?client=ca-pub-8337003150356981&output=html&h=600&slotname=6685699877&adk=1153169564&adf=807048394&w=260&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=260x600&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=4&wgl=0&adsid=NT&dt=1544508903007&bpp=10&fdt=28&idt=-M&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&prev_fmts=960x90%2C260x600&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=120&ady=2414&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=3&uci=3.rmyhkjx9y2k3&dtd=41 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/
Cookie: test_cookie=CheckForPermission

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 06:15:03 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: IDE=AHWqTUlfa_j4boZNtPp6QsrKIriTIIr-m7ob0D9zsQqXOq1Lcfphy5CvlR0EB9fl; expires=Thu, 10-Dec-2020 06:15:03 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Expires: Tue, 11 Dec 2018 06:15:03 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   384
Md5:    360a520c18114209bcdf3c0d31622f4a
Sha1:   bd4005ed5890b1fdabad3eacbeda5c8e3d985c97
Sha256: 1f981c3bd95335d4be26b8b0812d2a22d960167e508db5c477ba6ecfee95de03
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=104898
Date: Tue, 11 Dec 2018 06:15:03 GMT
Etag: "5c0e3dda-1d7"
Expires: Wed, 12 Dec 2018 11:23:21 GMT
Last-Modified: Mon, 10 Dec 2018 10:20:10 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    75f5a060f1d801cdb792f41b0efcc6b4
Sha1:   7f6ec60aaf1edf1646071b7cddd8976cd8535d3b
Sha256: 7ac0bc04d98fdd1881fbe2a52eff6162dbe23bbde8e6768ee89db8aa31f1f25e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=101366
Date: Tue, 11 Dec 2018 06:15:03 GMT
Etag: "5c0e266c-1d7"
Expires: Wed, 12 Dec 2018 10:24:29 GMT
Last-Modified: Mon, 10 Dec 2018 08:40:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    b2cd7ca9f6db68e87861a8b66760a517
Sha1:   8885adaa1b225693891bec96a1e9b300743ca645
Sha256: 3a96c7146a8d905326f2292b62d666925ca3fad0fe196f5b854bd743c4e85501
                                        
                                            GET /adfscript/?bn=26552995;rtbwp=XA9V5gAGuywKmoeQAARa8b8EfjwvZ6h5K5LilQ;rtbdata=yHKg1DRkRVB90WibbIO-KFGkoyRypRkfw9Qtx6GSvJ_3_8cdeZJHF3GSX0P4P2FH4jmoQeR0XAwIo1O4oEvBb3epe9jRP1phI_1njKPPKGkP1C0x0fK-YzJGkm8GsDLWanG5qArWphaVLlGDXntNp2CNiT19TODqLLp70aDZ5yB000vk2_88BKCuLJigarrccjoJe0Dcz_GCayJGOnKmgleIfkJU2xKY7qGXl8fzGK0Ymc1E2lYnQdUTb4IcMD1sQeEimShqzcc1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CNbRi5lUPXKz2GpCP6gTxtZHwCsXHn71NvtC4heUCwI23ARABIABgw9ykhZgYggEXY2EtcHViLTYxMzY1NzY2NTI0OTEyNjTIAQmpAj8aEn3yboQ-qAMBqgSCAU_QHIUMtsq0ntPnMqL3xH2sZye1mGj5j98TYex8o6LHYd25mvtOclCcqOSe-TekK7x4DqpkAmMLkIEx2vIY6b7Eq99IOlyxDoZI4JmYEXFiCOShF-jPg2fTx3d8QrObo3MtG3TCVrL5GHyXLdQj0iY-4lvTaJP9H61xTaJtq-Ksb6eABsuSv_q87dKmTKAGIagHpr4bqAfZyxuoB8_MG9gHANIIBwiA4YAQEAE&num=1&sig=AOD64_3D-VF9qE5mfmBM5kZ3HLMqX1wvOQ&client=ca-pub-6136576652491264&adurl= HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:03 GMT
Content-Length: 1570
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Set-Cookie: C=1; expires=Fri, 11-Jan-2019 06:15:03 GMT; path=/
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1570
Md5:    51d5373ed779f9812d97d5cc91868c50
Sha1:   d6fb05d615d950407e2e0ed14a02b739777b10dc
Sha256: 62c71c58af9166f3d173f36e853c4bcd7fd3c1551dbbeeb5bba6ac7e00905d55
                                        
                                            GET /stoat/614/s1.adform.net/bootstrap.js HTTP/1.1 
Host: s1.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834

                                         
                                         37.157.5.72
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Last-Modified: Fri, 30 Nov 2018 11:13:30 GMT
Cache-Control: public, max-age=100000
Expires: Wed, 12 Dec 2018 09:59:07 GMT
X-Cache-Status: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   14267
Md5:    8e32fbd60a8869ab459df40239d0bb24
Sha1:   028ef59b65c4fb57db32e5c6091da794b8f037e9
Sha256: 0c5c0c0752325546aca231711cdb44f1c3ec52e451b89373af604351841679e9
                                        
                                            GET /adfserve/?CC=1&bn=26552995;rtbwp=XA9V5gAGuywKmoeQAARa8b8EfjwvZ6h5K5LilQ;rtbdata=yHKg1DRkRVB90WibbIO-KFGkoyRypRkfw9Qtx6GSvJ_3_8cdeZJHF3GSX0P4P2FH4jmoQeR0XAwIo1O4oEvBb3epe9jRP1phI_1njKPPKGkP1C0x0fK-YzJGkm8GsDLWanG5qArWphaVLlGDXntNp2CNiT19TODqLLp70aDZ5yB000vk2_88BKCuLJigarrccjoJe0Dcz_GCayJGOnKmgleIfkJU2xKY7qGXl8fzGK0Ymc1E2lYnQdUTb4IcMD1sQeEimShqzcc1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CNbRi5lUPXKz2GpCP6gTxtZHwCsXHn71NvtC4heUCwI23ARABIABgw9ykhZgYggEXY2EtcHViLTYxMzY1NzY2NTI0OTEyNjTIAQmpAj8aEn3yboQ-qAMBqgSCAU_QHIUMtsq0ntPnMqL3xH2sZye1mGj5j98TYex8o6LHYd25mvtOclCcqOSe-TekK7x4DqpkAmMLkIEx2vIY6b7Eq99IOlyxDoZI4JmYEXFiCOShF-jPg2fTx3d8QrObo3MtG3TCVrL5GHyXLdQj0iY-4lvTaJP9H61xTaJtq-Ksb6eABsuSv_q87dKmTKAGIagHpr4bqAfZyxuoB8_MG9gHANIIBwiA4YAQEAE&num=1&sig=AOD64_3D-VF9qE5mfmBM5kZ3HLMqX1wvOQ&client=ca-pub-6136576652491264&adurl=;js=1;adfxid=1x;762;set=en-US|en-US|1176X885|10.0452|750|100|24|8|3|7|1;fd=0|0&CREFURL=https%3a%2f%2fgoogleads.g.doubleclick.net%2fpagead%2fads%3fclient%3dca-pub-6136576652491264%26output%3dhtml%26h%3d90%26slotname%3d3448502337%26adk%3d2817588059%26adf%3d807048394%26w%3d960%26fwr_io%3dtrue%26fwrn%3d4%26fwrnh%3d100%26lmt%3d1543937434%26rafmt%3d1%26guci%3d1.2.0.0.2.2.0.0%26format%3d960x90%26url%3dhttp%253A%252F%252Fwww.mir3.me%252F%26ea%3d0%26flash%3d10.0.45%26fwr%3d0%26fwrattr%3dtrue HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: C=1

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:03 GMT
Content-Length: 2903
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Set-Cookie: cid=8171701748555864878,0,0,0,0; expires=Sat, 09-Feb-2019 06:15:03 GMT; path=/ uid=8171701748555864878; domain=adform.net; expires=Sat, 09-Feb-2019 06:15:03 GMT; path=/
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   2903
Md5:    3ab7ebb1a046ac62d2beb21c921e5f54
Sha1:   f7e8cb542e185ff6dae84761f8d6638b3078ce7d
Sha256: ec5baa3ce4a60918c8c2fee01aed5f1ed7def834d18617371074fc2fc21b1050
                                        
                                            GET /activeview/js/current/osd_listener.js?cache=r20110914 HTTP/1.1 
Host: www.googletagservices.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 11 Dec 2018 06:15:03 GMT
Expires: Tue, 11 Dec 2018 06:15:03 GMT
Cache-Control: private, max-age=3000
Last-Modified: Fri, 07 Dec 2018 12:16:45 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   27407
Md5:    0e5f74b78048f7a692995865a36a4098
Sha1:   2c24b59b6388912f88ef443ffba8cd4da53299ab
Sha256: 0661e3d9295d06d9e7d56fbbbf9365c9326bb420c8a8b80194cd7061bf6ce8b8
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 11 Dec 2018 06:15:03 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    068f42c754e6fa4cd177680116b35d8d
Sha1:   b00a042b26a2c5005a8a64436c1833f1ca681cac
Sha256: 34b3060cfadd8343c256a3ee55bcfe58b3ffced5c5a6eaf4a01baed56a82c6ba
                                        
                                            GET /stoat/614/s1.adform.net/load/v/0.0.164/e/0gBBwAA/i/8IG-xAAAACAA/r:AdConstructor:contents/ImageTag:types/Standard HTTP/1.1 
Host: s1.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: uid=8171701748555864878

                                         
                                         37.157.5.72
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Last-Modified: Fri, 30 Nov 2018 11:13:30 GMT
Cache-Control: public, max-age=100000
Expires: Wed, 12 Dec 2018 09:33:02 GMT
X-Cache-Status: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   35766
Md5:    3462786daa9126c2dc7ab4e1ceb3ebbd
Sha1:   70ee89e932e8b89acb8e55f77872498bfdd26ed4
Sha256: 2e9afd24fd7f2022d3eb6f33ae0aa3e4176eae13141aba1d8f00546d7ffedafd
                                        
                                            GET /pagead/js/r20181205/r20110914/client/ext/m_qs_click_protection.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Fri, 07 Dec 2018 20:04:30 GMT
Expires: Fri, 21 Dec 2018 20:04:30 GMT
Etag: 17047083013848426997
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 3401
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 295833
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3401
Md5:    855472fa5dc539578cd43237ff03eb69
Sha1:   43f622524347b43f47e48ba06f3d751dcec7c858
Sha256: 50c4a6535015ae9ecd9978b214ec838fd7542fffd19c3aaf5a9314b1bbdf494b
                                        
                                            GET /pagead/js/r20181205/r20110914/client/ext/m_window_focus_non_hydra.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Fri, 07 Dec 2018 20:04:30 GMT
Expires: Fri, 21 Dec 2018 20:04:30 GMT
Etag: 5672849149211090809
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 1255
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 295834
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   1255
Md5:    0f6da22e2865b3d24a33fa7c5fb386c6
Sha1:   9d78f9dbc67e17843c7e2c366a4d1f81b37e14a1
Sha256: ddcce03445d6a7173b8c3c682333314aaf3ca34f6c0c5a523ea677dee7a246ad
                                        
                                            GET /csimpr/?bn=26552995&csi=MNqU3IxShHX7MVV0rtPnI-mz2StwpgfUBkyDoFenwLLLcVYFVM4NyekXxPdTkxyH0 HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: C=1; cid=8171701748555864878,0,0,0,0; uid=8171701748555864878

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /activeview?avi=BnqMj5lUPXKz2GpCP6gTxtZHwCgC-0LiF5QIAABABOAHIAQmgBiHSCAcIgOGAEBAB&r=pv&id=osdim&uc=0&upc=0&tgt=nf&cl=0&v=20181207 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Date: Tue, 11 Dec 2018 06:15:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /Banners/28489598/28489598.jpg?bv=2 HTTP/1.1 
Host: s1.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: uid=8171701748555864878

                                         
                                         37.157.5.72
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:04 GMT
Content-Length: 49388
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Mon, 03 Dec 2018 08:35:10 GMT
Etag: "5c04eabe-c0ec"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Strict-Transport-Security: max-age=0
X-Cache-Status: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data
Size:   49388
Md5:    907701eb372afc53b12723012d35b16f
Sha1:   7feab6a29d24d389cf05a35d61a356ab376bbe69
Sha256: ece2cb3ef2ed2b5aae8edd3dbeefec01f0f89595d6f2863a8ca10c25b4a76fbb
                                        
                                            GET /Serving/Event/?bn=26552995&event=178&time=2&banner=28489598&name=Viewable%20impressions&imprid=5415290987219348827&icid=8171701748555864878&rnd=262301244&rtbwp=XA9V5gAGuywKmoeQAARa8b8EfjwvZ6h5K5LilQ&rtbdata=yHKg1DRkRVB90WibbIO-KFGkoyRypRkfw9Qtx6GSvJ_3_8cdeZJHF3GSX0P4P2FH4jmoQeR0XAwIo1O4oEvBb3epe9jRP1phI_1njKPPKGkP1C0x0fK-YzJGkm8GsDLWanG5qArWphaVLlGDXntNp2CNiT19TODqLLp70aDZ5yB000vk2_88BKCuLJigarrccjoJe0Dcz_GCayJGOnKmgleIfkJU2xKY7qGXl8fzGK0Ymc1E2lYnQdUTb4IcMD1sQeEimShqzcc1 HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: C=1; cid=8171701748555864878,0,0,0,0; uid=8171701748555864878

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /serving/unload/?version=15&unload=8171701748555864878@@26552995,5415290987219348827,100|1182|0|0|0|0|0|0|0||77|1|1|5c0f55e60006bb2c0a9a8790ae045af1_1|||1|0|0||||10 HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: C=1; cid=8171701748555864878,0,0,0,0; uid=8171701748555864878

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /serving/unload/?version=15&unload=8171701748555864878@@26552995,5415290987219348827,100|1182|0|0|0|0|0|0|0||77|1|1|5c0f55e60006bb2c0a9a8790ae045af1_1|||1|0|0||||10 HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: C=1; cid=8171701748555864878,0,0,0,0; uid=8171701748555864878

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /serving/unload/?version=15&unload=8171701748555864878@@26552995,5415290987219348827,100|4974|0|0|0|0|0|0|0||324|1|1|5c0f55e60006bb2c0a9a8790ae045af1_1|||1|0|0||||00 HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: C=1; cid=8171701748555864878,0,0,0,0; uid=8171701748555864878

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /serving/unload/?version=15&unload=8171701748555864878@@26552995,5415290987219348827,100|4974|0|0|0|0|0|0|0||324|1|1|5c0f55e60006bb2c0a9a8790ae045af1_1|||1|0|0||||00 HTTP/1.1 
Host: track.adform.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136576652491264&output=html&h=90&slotname=3448502337&adk=2817588059&adf=807048394&w=960&fwr_io=true&fwrn=4&fwrnh=100&lmt=1543937434&rafmt=1&guci=1.2.0.0.2.2.0.0&format=960x90&url=http%3A%2F%2Fwww.mir3.me%2F&ea=0&flash=10.0.45&fwr=0&fwrattr=true&resp_fmts=3&wgl=0&adsid=NT&dt=1544508900584&bpp=22&fdt=1001&idt=995&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&correlator=3042333485942&frm=20&pv=2&ga_vid=2104230394.1544508902&ga_sid=1544508902&ga_hid=1616166040&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=100&ady=167&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C21061394%2C410075081&oid=3&ref=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=1&ifi=1&uci=1.b481b67e5si9&dtd=1834
Cookie: C=1; cid=8171701748555864878,0,0,0,0; uid=8171701748555864878

                                         
                                         37.157.4.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 11 Dec 2018 06:15:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015