Overview

URL hlok.qertewrt.com/offer?prod=224
IP54.225.163.73
ASNAS14618 Amazon.com, Inc.
Location United States
Report completed2017-07-18 00:33:33 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-07-18 2 begin.geeker.com/css/signup/movies/cd/main.php?cache_control=1 Malware
2017-07-18 2 begin.geeker.com/js/signup/movies/cd/modernizr.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 5 reports on IP: 54.225.163.73

Date UQ / IDS / BL URL IP
2017-07-26 20:56:54 +0200
0 - 0 - 2 ads.ad-center.com/offer?prod=9 54.225.163.73
2017-07-25 19:01:24 +0200
0 - 0 - 2 hlok.qertewrt.com/offer?prod=139 54.225.163.73
2017-07-19 00:19:53 +0200
0 - 0 - 0 hlok.qertewrt.com/offer?prod=141&ref=5096742 54.225.163.73
2017-07-18 07:52:04 +0200
0 - 0 - 2 hlok.qertewrt.com/offer?prod=224 54.225.163.73
2017-07-11 22:38:11 +0200
0 - 0 - 0 hlok.qertewrt.com/offer?prod=101&ref=5048620& (...) 54.225.163.73

Last 10 reports on ASN: AS14618 Amazon.com, Inc.

Date UQ / IDS / BL URL IP
2017-11-24 12:05:04 +0100
0 - 0 - 0 www.cloudconnective-env.us-east-1.elasticbean (...) 52.20.94.0
2017-11-24 11:12:57 +0100
0 - 0 - 1 caafufayplfqxmbmvxcepaekjrw.biz/ 54.83.43.69
2017-11-24 11:05:49 +0100
0 - 0 - 1 party.com 54.205.101.85
2017-11-24 11:01:17 +0100
0 - 0 - 2 search.myemailxp.com/?uid=54878f1a-928b-4ace- (...) 174.129.235.191
2017-11-24 11:00:09 +0100
0 - 0 - 1 imp.searchleasy.com/impression.do?source=goog (...) 52.2.61.224
2017-11-24 11:00:08 +0100
0 - 0 - 1 imp.searchleasy.com/impression.do?source=goog (...) 52.2.61.224
2017-11-24 10:46:12 +0100
0 - 0 - 0 https://storia.me/en/@dflix.stream/watch-i-am (...) 52.23.91.125
2017-11-24 10:23:31 +0100
0 - 0 - 0 betternet.co 54.243.111.191
2017-11-24 10:09:14 +0100
0 - 0 - 0 payrollhero.ph 23.23.70.80
2017-11-24 10:08:24 +0100
0 - 0 - 0 payrollhero.ph/ph/css/bootstrap.min.css 52.6.135.141

No other reports on domain: .



JavaScript

Executed Scripts (24)


Executed Evals (1)

#1 JavaScript::Eval (size: 44, repeated: 4) - SHA256: efc5123fa1fc7da87164e918454d71af7dd897eae4ef89e41c3b9a465540815c

                                        (function() {
    return window.location.hash
})();
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 149, repeated: 1) - SHA256: 89065d85062f97bfc8d3049a9f3ca7ea6177f0982210347ca2ea3795f99b0ee7

                                        < script src = "http://www.google-analytics.com/ga_exp.js?utmxkey=&utmx=&utmxx=&utmxtime=1500330782309"
type = "text/javascript"
charset = "utf-8" > < /script>
                                    


HTTP Transactions (32)


Request Response
                                        
                                            GET /offer?prod=224 HTTP/1.1 
Host: hlok.qertewrt.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         184.73.175.163
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Mon, 17 Jul 2017 22:33:01 GMT
Location: http://titan.infra.systems/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=&adserver=0.21.2
Set-Cookie: site_id=736; Path=/; Expires=Tue, 14 Nov 2017 22:33:01 GMT
Vary: Accept
X-Powered-By: Express
Content-Length: 316
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   316
Md5:    5a00509f10a1535de14b954dd0d0aa67
Sha1:   4540d4c006922407e48d15053a3235917cd07745
Sha256: bd0b3a085ae11750bf18d9a8717a9206fd208011f7f16210ad07b893592c80ac
                                        
                                            GET /signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=&adserver=0.21.2 HTTP/1.1 
Host: titan.infra.systems
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         107.22.196.55
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
                                        
Date: Mon, 17 Jul 2017 22:33:01 GMT
Location: http://go-studcat.infra.systems/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075
Set-Cookie: lpid=528; Max-Age=10368000; Path=/; Expires=Tue, 14 Nov 2017 22:33:01 GMT; HttpOnly
Vary: Accept
Content-Length: 454
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   454
Md5:    3c272124a6ac17b588760dbecbffff3f
Sha1:   ec3f728e8b11dc88f778173a2b366d5593842f0e
Sha256: a2dbf287e9adeacd7ed9a88fe08f1a52db80fb0113b885de100af34411e4f356
                                        
                                            GET /signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075 HTTP/1.1 
Host: go-studcat.infra.systems
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         52.6.125.14
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Mon, 17 Jul 2017 22:33:01 GMT
Location: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
Set-Cookie: p224=s%3A834.e%2FZKsxjaNKR4o7n0eJ4UTcb7aMIcumEaKsGyA8Fje%2FM; Max-Age=86400; Path=/; Expires=Tue, 18 Jul 2017 22:33:01 GMT
Vary: Accept
Content-Length: 590
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   590
Md5:    c96be69d6253c6e7a2f7e49c6f131a4f
Sha1:   4c4dc6d43301bd72cf0e53acd4305b43d9e44c3f
Sha256: 60b07b7b2c97f8ec62e50dab3ad7f60313a8f8f2d840fb76c0d409fca7433871
                                        
                                            GET /signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Date: Mon, 17 Jul 2017 22:33:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.4.6 (Ubuntu)
Set-Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; path=/ studcat=1; expires=Wed, 16-Aug-2017 22:33:02 GMT; Max-Age=2592000
X-Powered-By: PHP/5.5.9-1ubuntu4.20
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Content-Length: 3225
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3225
Md5:    9af17e26daf09fd05dd185cebb60210e
Sha1:   f3c492f6899864ac63da3de147841432261e0231
Sha256: 798d4e522ef20f377c3a9c652efc0ade572dc09fc584ce760dac3a2db9e87e5b
                                        
                                            GET /ga_exp.js?utmxkey=&utmx=&utmxx=&utmxtime=1500330782309 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Date: Mon, 17 Jul 2017 22:33:02 GMT
Expires: Mon, 17 Jul 2017 22:33:02 GMT
Cache-Control: private, max-age=30
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Server: HTTP server (unknown)
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
If-Modified-Since: Fri, 03 Oct 2014 00:48:42 GMT

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Mon, 17 Jul 2017 21:31:35 GMT
Expires: Mon, 17 Jul 2017 23:31:35 GMT
Last-Modified: Tue, 06 Jun 2017 00:25:39 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 12343
Cache-Control: public, max-age=7200
Age: 3687


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   12343
Md5:    3b6fd0342f2d611de1a19a9825be41c8
Sha1:   509935ecd4ab357ff19f57a8e94b4eb0ddc9d61b
Sha256: fa8b4948c750c32d20997c3b6901ea0cd507ae2e444447ad619ac461387f784c
                                        
                                            GET /css?family=Open+Sans:400,600,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Mon, 17 Jul 2017 22:33:02 GMT
Date: Mon, 17 Jul 2017 22:33:02 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   315
Md5:    e5aeb2363ce59e74a5527231a9f206ad
Sha1:   9c9086fdc0465b3ab5d47d1e1401c8667a809a61
Sha256: 3ccd7f4e0935d9d0e18a8c1a6e92a3d7e6290a0e006258c9651488f1bc734f07
                                        
                                            GET /css?family=Droid+Sans:400,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Mon, 17 Jul 2017 22:33:02 GMT
Date: Mon, 17 Jul 2017 22:33:02 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   268
Md5:    1695e1f8e1cdc766cccc3d63e9ec4a5a
Sha1:   917b1df18589387d7b64a392d439772653922678
Sha256: df85155500564bd982bf7f6466f6e9891503045114444f3ef0675eb3370b1cfa
                                        
                                            GET /gtm.js?id=GTM-SPQR HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.136
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Access-Control-Allow-Origin: http://www.googletagmanager.com
Access-Control-Allow-Headers: Cache-Control
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 17 Jul 2017 22:33:02 GMT
Expires: Mon, 17 Jul 2017 22:33:02 GMT
Cache-Control: private, max-age=900
Server: Google Tag Manager (scaffolding)
Content-Length: 38952
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   38952
Md5:    7f3f22d4f576237fbb3c35dd713941f6
Sha1:   7f0dcc53aeb90bb4404a467234a6f9b15a0f572f
Sha256: 041bc37272eba067b81ffea14eea5ae0f93f53d45036aaf23693fd4721e932e2
                                        
                                            GET /css/signup/movies/cd/main.php?cache_control=1 HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; studcat=1; vid=1500330782.d6a1e4b49df8f0a2c2cab6c05a1686ce; step0_visit_tracked=1

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Cache-Control: 31536000
Content-Encoding: gzip
Date: Mon, 17 Jul 2017 22:33:02 GMT
Expires: Tue, 17 Jul 2018 22:33:02 GMT
Pragma: public
Server: nginx/1.4.6 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.20
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   14346
Md5:    48bb1b0353216746ba3e69396a51e2e5
Sha1:   03716870f3bd4aa88499dd10b86a83ca4bdac186
Sha256: ef43a9c2bb7415cc941bc91f52a47fc136a1a1f817d4677b6413e5b6ce187c7d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/signup/movies/cd/red-dot.png HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; studcat=1; vid=1500330782.d6a1e4b49df8f0a2c2cab6c05a1686ce; step0_visit_tracked=1

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:33:03 GMT
Etag: "596cea98-43d"
Last-Modified: Mon, 17 Jul 2017 16:49:28 GMT
Server: nginx/1.4.6 (Ubuntu)
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Content-Length: 1085
Connection: keep-alive


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
Size:   1085
Md5:    46151d0c5bdb858597dd8400c7c6c853
Sha1:   2de0b85a8bf0407cbc71a2b1e21ddbc963aecd33
Sha256: 6181d1d43261dd7df5b227b5c18273f3abebafddd35cfd14a1831345397715de
                                        
                                            GET /images/signup/movies/cd/video-throbber.gif HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; studcat=1; vid=1500330782.d6a1e4b49df8f0a2c2cab6c05a1686ce; step0_visit_tracked=1

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:33:02 GMT
Etag: "596cea98-d874"
Last-Modified: Mon, 17 Jul 2017 16:49:28 GMT
Server: nginx/1.4.6 (Ubuntu)
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Content-Length: 55412
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 110 x 110
Size:   55412
Md5:    0e7ca6fcbe5188f55c2f5e3d3c9a0fc5
Sha1:   64930ebec1ed267719ed1d16f330383b37c77345
Sha256: c525abaeff84e0f564f6f4918fbd12287c17c2c2af08433df345d06924278c63
                                        
                                            GET /js/show_ads_adsurge.js?pubId=874 HTTP/1.1 
Host: www.schborg.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         199.80.53.132
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
                                        
Server: Apache-Coyote/1.1
Cache-Control: max-age=600
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 17 Jul 2017 22:33:02 GMT
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4598
Md5:    ea67247947cfa2d666dc8f1263c17b9f
Sha1:   d0379ed622117eeccd322024e53d75b11a9af1ab
Sha256: aaa2a7e0f58194024c7fedf65c4bf72221fd02fb5e8dec63abfbbf434e169460
                                        
                                            GET /ajax/libs/webfont/1.4.2/webfont.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.209.138
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 6918
Date: Sat, 13 May 2017 20:41:36 GMT
Expires: Sun, 13 May 2018 20:41:36 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 5622687


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6918
Md5:    6aea4e62669de58af14650229b6018a8
Sha1:   2bbe94418d88c5e8ff0a3773d041a695fd1fd696
Sha256: ffacd2e09d1f7e4396fcbe79884f84cf0f6e05273f25a21622074b4d980aa49e
                                        
                                            GET /js/signup/movies/cd/modernizr.js HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; studcat=1; vid=1500330782.d6a1e4b49df8f0a2c2cab6c05a1686ce; step0_visit_tracked=1

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:33:02 GMT
Etag: "596cea99-2bf3"
Last-Modified: Mon, 17 Jul 2017 16:49:29 GMT
Server: nginx/1.4.6 (Ubuntu)
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Content-Length: 11251
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII English text, with very long lines
Size:   11251
Md5:    6346638d1d6424809c3cd6e7b3c93de7
Sha1:   15cca5595848ad4920acb0bd206cecfd61cd9317
Sha256: e9b62ed2448a63e4ae67f4736d62052df628e53179c2850456b374a418448041

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /js/signup/movies/cd/main.php?cache_control=&lng=NO HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; studcat=1; vid=1500330782.d6a1e4b49df8f0a2c2cab6c05a1686ce; step0_visit_tracked=1

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: 31536000
Content-Encoding: gzip
Date: Mon, 17 Jul 2017 22:33:03 GMT
Expires: Tue, 17 Jul 2018 22:33:03 GMT
Pragma: public
Server: nginx/1.4.6 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.20
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   94713
Md5:    076aab7238937121a9ee76de637e8ec9
Sha1:   bc29e7b2e0cf8f9e0e177a884ba9e0bf3e8bc70c
Sha256: c59ff9460604b2b100cbdcbca0fe72980f2744a4214deede0003811b72f13f2f
                                        
                                            GET /s/opensans/v14/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin: http://begin.geeker.com

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 17640
Date: Wed, 14 Jun 2017 16:48:27 GMT
Expires: Thu, 14 Jun 2018 16:48:27 GMT
Last-Modified: Wed, 14 Jun 2017 16:46:30 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 2871877


--- Additional Info ---
Magic:  data
Size:   17640
Md5:    e447d08f4d164f3995e7c5090a735332
Sha1:   affe866d1f2c13b1a91772c652392838f98e43ad
Sha256: 3fdc38539d2762cd1293e2822c97fa7972a89e3096c7b1163877344021d8fbf9
                                        
                                            GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin: http://begin.geeker.com

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 18408
Date: Wed, 14 Jun 2017 16:48:27 GMT
Expires: Thu, 14 Jun 2018 16:48:27 GMT
Last-Modified: Wed, 14 Jun 2017 16:46:23 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 2871877


--- Additional Info ---
Magic:  data
Size:   18408
Md5:    15aa9eb56fc3628ba270a5e1edf45284
Sha1:   b0cdb11242b86872aaa6e53ef315d571f9cdd0af
Sha256: 60c1bc05d0e5f1a20b9b92e4186534932cfb9c8d9b9a897a6f56eb155d823c77
                                        
                                            GET /s/opensans/v14/MTP_ySUJH_bn48VBG8sNSnhCUOGz7vYGh680lGh-uXM.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin: http://begin.geeker.com

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 18232
Date: Wed, 14 Jun 2017 16:48:27 GMT
Expires: Thu, 14 Jun 2018 16:48:27 GMT
Last-Modified: Wed, 14 Jun 2017 16:46:35 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 2871877


--- Additional Info ---
Magic:  data
Size:   18232
Md5:    bc53f23f7d5dd1a5934ef4b68d7e675d
Sha1:   c3a13ed878f1bd756ac420f1dc1c5142c95273f7
Sha256: 9b967e752d4df93fd2bf19158ba059eca1a79cd8a12e0c17bfac980fac2f13d5
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Mon, 17 Jul 2017 21:32:34 GMT
Expires: Mon, 17 Jul 2017 23:32:34 GMT
Last-Modified: Tue, 06 Jun 2017 00:25:39 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16022
Cache-Control: public, max-age=7200
Age: 3630


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   16022
Md5:    09889dfa1a6bf800507b7a6799c45901
Sha1:   51b1c3f117a0874b6e5ea58bf9e8863c918db4aa
Sha256: 1c92948832be823e16d40195f5f66135368b5cb3f8a7833c3e25f558f16fecfb
                                        
                                            GET /collect?v=1&_v=j56&a=2063876218&t=pageview&_s=1&dl=http%3A%2F%2Fbegin.geeker.com%2Fsignup%3Fad_domain%3Dhlok.qertewrt.com%26ad_path%3D%252Fsmart_ad%252Fdisplay%26prod%3D224%26sf%3Dsports%26adserver%3D0.21.2%26m%3Dsports%26lid%3D7102f1e7-3c9e-4d2b-8424-048729bb7075%26_sign%3Deb3724f63e3220a1bd4ed125d52235bf%26_signt%3D1500330841%26lng%3DNO&dp=%2Faffiliate&ul=en-us&de=UTF-8&dt=4K%20Sports%20-%20Live%20Stream&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=aGBAgAQAE~&jid=1476246512&gjid=1753192186&cid=1035578142.1500330784&tid=UA-35287253-12&_gid=127078342.1500330784&cd1=sports_eone&cd2=search&cd3=eMedia&cd4=search&cd15=No&cd18=Search%20Loader&cd19=All&z=1185584909 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Thu, 13 Jul 2017 17:50:55 GMT
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Cache-Control: no-cache, no-store, must-revalidate
Age: 362530


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /images/signup/movies/cd//sports-header.jpg HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/css/signup/movies/cd/main.php?cache_control=1
Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; studcat=1; vid=1500330782.d6a1e4b49df8f0a2c2cab6c05a1686ce; step0_visit_tracked=1

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:33:04 GMT
Etag: "596cea98-710f"
Last-Modified: Mon, 17 Jul 2017 16:49:28 GMT
Server: nginx/1.4.6 (Ubuntu)
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Content-Length: 28943
Connection: keep-alive


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   28943
Md5:    92b3dab9ffa4f2ce3a2bbd970b9fde19
Sha1:   e8b84dce460a250f920b21db96d710bc9ba68c3d
Sha256: 4ef49a4b5b21ef577032a872a510a3dd9b7614c2f273a913f31ef70932f6ffba
                                        
                                            POST / HTTP/1.1 
Host: gp.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1415
Content-Transfer-Encoding: binary
Cache-Control: max-age=507244, public, no-transform, must-revalidate
Last-Modified: Sun, 16 Jul 2017 19:27:00 GMT
Expires: Sun, 23 Jul 2017 19:27:00 GMT
Date: Mon, 17 Jul 2017 22:33:05 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1415
Md5:    c8e12c25ccee3754769e1503da536264
Sha1:   c5cc573605b679321752de23b0751afcb1cff863
Sha256: 325880a8eddb41587e2d6e423568e158455057268f6531a48971eda98d51084d
                                        
                                            GET /r/__utm.gif?utmwv=5.6.7&utms=1&utmn=2111827426&utmhn=begin.geeker.com&utme=8(det*3!product*m_gen)9(sports_eone*3!eMedia*search)&utmcs=UTF-8&utmsr=1176x885&utmvp=1176x754&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmdt=4K%20Sports%20-%20Live%20Stream&utmhid=2063876218&utmr=-&utmp=%2Faffiliate&utmht=1500330785197&utmac=UA-35287253-1&utmcc=__utma%3D219410182.1035578142.1500330784.1500330785.1500330785.1%3B%2B__utmz%3D219410182.1500330785.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2101758908&utmredir=1&utmu=ixCgAAAAACAAAAAAAAABAAAE~ HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Mon, 17 Jul 2017 22:33:05 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /js/pixel.js HTTP/1.1 
Host: titan.infra.systems
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO
Cookie: lpid=528

                                         
                                         107.22.196.55
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Date: Mon, 17 Jul 2017 22:33:05 GMT
Etag: W/"1c1-15d4fc5ded0"
Last-Modified: Mon, 17 Jul 2017 08:59:14 GMT
Content-Length: 449
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text
Size:   449
Md5:    81d78526608fdf4312f67024bcb244ec
Sha1:   701df869ae3de4b38ab6a2de1e4359488d524e82
Sha256: a15eae855a6b082b4493db4cf64f6008477f3b593685d00f0c8d4686f2ed0013
                                        
                                            GET /css?family=Open+Sans HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Mon, 17 Jul 2017 22:33:05 GMT
Date: Mon, 17 Jul 2017 22:33:05 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   214
Md5:    671e18c01647c81afdbcf0042b9a4102
Sha1:   ea2e3112826c48d2c04b18979c8adc030e85ae34
Sha256: ab1bb6c97cb50e4e6d6282aa605478f29568133c9d96cca3d31dc6c1d1964f38
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Jul 2017 22:33:05 GMT
Expires: Fri, 21 Jul 2017 22:33:05 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    37fea05d03943e910853a2e233293802
Sha1:   15314d7ec0d17fb919f2b70d2a74876dd708482f
Sha256: ff88728f281063989eff178210f6d6c2097bc955d6b1551c8a438fad5234ec4f
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1390
Content-Transfer-Encoding: binary
Cache-Control: max-age=601059, public, no-transform, must-revalidate
Last-Modified: Mon, 17 Jul 2017 21:26:55 GMT
Expires: Mon, 24 Jul 2017 21:26:55 GMT
Date: Mon, 17 Jul 2017 22:33:05 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1390
Md5:    b74a9fb9df25cd77adb7de7c3b01c5a8
Sha1:   9cca9c1b29d2e8799dec26692bae98dfaee30613
Sha256: d42cc04177856308d60126391d46ba858e4c86a44b73d248c385d28441754ea2
                                        
                                            GET /r/collect?t=dc&aip=1&_r=3&v=1&_v=j56&tid=UA-35287253-12&cid=1035578142.1500330784&jid=1476246512&gjid=1753192186&_gid=127078342.1500330784&_u=aGBAgAQAE~&z=1411712891 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         173.194.222.156
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Mon, 17 Jul 2017 22:33:05 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,36,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /uploads/logo-on-white.png HTTP/1.1 
Host: www.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         208.99.87.154
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 17 Jul 2017 22:33:05 GMT
Server: Apache
Last-Modified: Thu, 29 Sep 2016 14:47:19 GMT
Etag: "867-53da68df40bc0"
Accept-Ranges: bytes
Content-Length: 2151
Cache-Control: max-age=31536000, private
Expires: Tue, 17 Jul 2018 22:33:05 GMT
Set-Cookie: RNLBSERVERID=ded935; path=/


--- Additional Info ---
Magic:  PNG image, 100 x 100, 8-bit/color RGBA, non-interlaced
Size:   2151
Md5:    c685e803df1e999b45d3f6b65709426d
Sha1:   494bc3aa0b0dfc40c235061519b293a3af20baaa
Sha256: afc1391c3d7d145b5cf27d8197178a59b98d224c94f150751b5e567eef630168
                                        
                                            GET /images/signup/movies/cd//site-bg.jpg HTTP/1.1 
Host: begin.geeker.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/css/signup/movies/cd/main.php?cache_control=1
Cookie: PHPSESSID=0n73cj14vvvil8g44pnhv47o14; studcat=1; vid=1500330782.d6a1e4b49df8f0a2c2cab6c05a1686ce; step0_visit_tracked=1

                                         
                                         54.235.111.26
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:33:03 GMT
Etag: "596cea98-2ae92"
Last-Modified: Mon, 17 Jul 2017 16:49:28 GMT
Server: nginx/1.11.9
X-Robots-Tag: noindex, nofollow, noarchive, noodp, noimageindex, nosnippet
Content-Length: 175762
Connection: keep-alive


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   175762
Md5:    f8ae1ba703edefc221140afb43e79897
Sha1:   3beff6766e8b30fd97bdb7a135dfb978ca965e8a
Sha256: b14bfa661f679fc735bd37912b91c77ae1719fa9498ec3b3abb9b250ed66f0d9
                                        
                                            GET /set-cookie.gif?media=sports&sport= HTTP/1.1 
Host: www.shglegle.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://begin.geeker.com/signup?ad_domain=hlok.qertewrt.com&ad_path=%2Fsmart_ad%2Fdisplay&prod=224&sf=sports&adserver=0.21.2&m=sports&lid=7102f1e7-3c9e-4d2b-8424-048729bb7075&_sign=eb3724f63e3220a1bd4ed125d52235bf&_signt=1500330841&lng=NO

                                         
                                         199.80.53.132
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: ecvtcn_media=sports; Domain=.www.shglegle.com; Expires=Tue, 17-Jul-2018 22:33:04 GMT; Path=/ ecvtcn_sport=""; Domain=.www.shglegle.com; Expires=Tue, 17-Jul-2018 22:33:04 GMT; Path=/
Accept-Ranges: bytes
Content-Length: 49
Date: Mon, 17 Jul 2017 22:33:03 GMT
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   49
Md5:    56398e76be6355ad5999b262208a17c9
Sha1:   a1fdee122b95748d81cee426d717c05b5174fe96
Sha256: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef