Overview

URL bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad
IP88.85.82.180
ASNAS35415 Webzilla B.V.
Location Netherlands
Report completed2018-10-01 18:33:35 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 88.85.82.180

Date UQ / IDS / BL URL IP
2018-09-26 03:03:02 +0200
0 - 0 - 1 https://bestadbid.com/ 88.85.82.180
2018-09-20 23:51:39 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-08 00:58:37 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-08 00:32:44 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-08 00:29:20 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-07 21:12:10 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-03 13:34:15 +0200
0 - 0 - 1 bestadbid.com 88.85.82.180
2018-09-02 14:42:27 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1748446 88.85.82.180
2018-09-01 21:22:17 +0200
0 - 0 - 2 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180
2018-09-01 16:49:07 +0200
0 - 0 - 1 bestadbid.com 88.85.82.180

Last 10 reports on ASN: AS35415 Webzilla B.V.

Date UQ / IDS / BL URL IP
2019-01-16 07:57:02 +0100
0 - 1 - 0 dmoid.top/ 88.85.93.143
2019-01-16 05:22:46 +0100
0 - 0 - 1 bodelen.com/apu.php?zoneid=1834828 88.85.66.195
2019-01-16 00:42:53 +0100
0 - 1 - 2 ucfcstealler.ml/eYQRSkEtL.exe 178.208.83.9
2019-01-16 00:01:25 +0100
0 - 0 - 1 https://brells.pro/ 88.85.94.227
2019-01-15 23:45:01 +0100
0 - 1 - 0 rclmc.top/ 88.85.93.34
2019-01-15 22:06:00 +0100
0 - 0 - 1 ads.shorte.st/ads.php?key=2ea5b261f06ca771033 (...) 78.140.188.188
2019-01-15 20:57:56 +0100
0 - 0 - 1 kidnepishlient.pro/ 88.85.94.227
2019-01-15 20:13:49 +0100
0 - 3 - 0 10consdinoc.pw/ 78.140.165.10
2019-01-15 20:03:31 +0100
0 - 0 - 1 c0f3235774d3ee.com/ 88.85.92.113
2019-01-15 19:21:55 +0100
0 - 0 - 1 exox.pro/DATA/TV/csrss.exe 94.103.80.138

Last 10 reports on domain: bestadbid.com

Date UQ / IDS / BL URL IP
2019-01-06 19:35:48 +0100
0 - 0 - 0 bestadbid.com 188.42.162.193
2018-10-12 16:37:19 +0200
0 - 0 - 0 https://bestadbid.com 188.42.162.193
2018-10-09 12:07:19 +0200
0 - 0 - 0 bestadbid.com 194.187.98.176
2018-09-26 22:40:38 +0200
0 - 0 - 0 https://bestadbid.com/afu.php?zoneid=1850667& (...) 194.187.98.176
2018-09-26 03:03:02 +0200
0 - 0 - 1 https://bestadbid.com/ 88.85.82.180
2018-09-26 02:37:00 +0200
0 - 0 - 1 bestadbid.com 188.42.162.193
2018-09-24 20:38:06 +0200
0 - 0 - 1 bestadbid.com 194.187.98.176
2018-09-24 14:46:14 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1409812 194.187.98.176
2018-09-21 00:01:52 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 188.42.162.193
2018-09-20 23:51:39 +0200
0 - 0 - 1 bestadbid.com/afu.php?zoneid=1543567 88.85.82.180


JavaScript

Executed Scripts (27)


Executed Evals (2)

#1 JavaScript::Eval (size: 5318, repeated: 1) - SHA256: a6a76a343c867c0e8b0ef6339c7fec48580bc2c1e6c0ce80cd805151f90ad6f4

                                        function QCDone(d) {
    try {
        document.getElementById('ci_SW').value = d.SW
    } catch (e) {}
    try {
        document.getElementById('ci_SH').value = d.SH
    } catch (e) {}
    try {
        document.getElementById('ci_SAH').value = d.SAH
    } catch (e) {}
    try {
        document.getElementById('ci_WX').value = d.WX
    } catch (e) {}
    try {
        document.getElementById('ci_WY').value = d.WY
    } catch (e) {}
    try {
        document.getElementById('ci_WW').value = d.WW
    } catch (e) {}
    try {
        document.getElementById('ci_WH').value = d.WH
    } catch (e) {}
    try {
        document.getElementById('ci_CW').value = d.CW
    } catch (e) {}
    try {
        document.getElementById('ci_WIW').value = d.WIW
    } catch (e) {}
    try {
        document.getElementById('ci_WIH').value = d.WIH
    } catch (e) {}
    try {
        document.getElementById('ci_WFC').value = d.WFC
    } catch (e) {}
    try {
        document.getElementById('ci_PL').value = d.PL
    } catch (e) {}
    try {
        document.getElementById('ci_DRF').value = d.DRF
    } catch (e) {}
    try {
        document.getElementById('ci_NP').value = d.NP
    } catch (e) {}
    try {
        document.getElementById('ci_PT').value = d.PT
    } catch (e) {}
    try {
        document.getElementById('ci_NB').value = d.NB
    } catch (e) {}
    try {
        document.getElementById('ci_NG').value = d.NG
    } catch (e) {}
    try {
        document.getElementById('ci_DM').value = d.DM
    } catch (e) {}
    try {
        document.getElementById('ci_CF').value = d.CF
    } catch (e) {}
    try {
        document.getElementById('ci_NW').value = d.NW
    } catch (e) {}
    try {
        document.getElementById('ci_HIL').value = d.HIL
    } catch (e) {}
}
var QC = {};
try {
    QC.SW = window.screen.width;
    QC.SH = window.screen.height
} catch (e) {
    QC.SW = -1;
    QC.SH = -1
}
try {
    QC.SAH = window.screen.availHeight
} catch (e) {
    QC.SAH = -1
}
try {
    QC.WX = window.screenX;
    QC.WY = window.screenY
} catch (e) {
    QC.WX = -1;
    QC.WY = -1
}
try {
    QC.WW = window.outerWidth;
    QC.WH = window.outerHeight
} catch (e) {
    QC.WW = -1;
    QC.WH = -1
}
try {
    QC.WIW = window.innerWidth;
    QC.WIH = window.innerHeight
} catch (e) {
    QC.WIW = -1;
    QC.WIH = -1
}
try {
    QC.CW = document.documentElement.clientWidth
} catch (e) {
    QC.CW = -1
}
try {
    QC.WFC = window.top.frames.length
} catch (e) {
    QC.WFC = -1
}
try {
    QC.PL = document.location.href
} catch (e) {
    QC.PL = ''
}
try {
    QC.DRF = document.referrer
} catch (e) {
    QC.DRF = ''
}
try {
    QC.NP = (!(navigator.plugins instanceof PluginArray) || navigator.plugins.length == 0) ? 0 : 1
} catch (e) {
    QC.NP = -1
}
try {
    QC.PT = window.callPhantom !== undefined || window._phantom !== undefined ? 1 : 0
} catch (e) {
    QC.PT = -1
}
try {
    QC.NB = typeof navigator.sendBeacon === "function" ? 1 : 0
} catch (e) {
    QC.NB = -1
}
try {
    QC.NG = navigator.geolocation !== undefined ? 1 : 0
} catch (e) {
    QC.NG = -1
}
try {
    QC.NW = 'webdriver' in navigator ? 1 : 0
} catch (e) {
    QC.NW = -1
}
QC.CF = 0;
try {
    var FlashDetect = new function() {
        var self = this;
        self.installed = false;
        self.raw = "";
        self.major = -1;
        self.minor = -1;
        self.revision = -1;
        self.revisionStr = "";
        var activeXDetectRules = [{
            "name": "ShockwaveFlash.ShockwaveFlash.7",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash.6",
            "version": function(obj) {
                var version = "6,0,21";
                try {
                    obj.AllowScriptAccess = "always";
                    version = getActiveXVersion(obj)
                } catch (err) {}
                return version
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }];
        var getActiveXVersion = function(activeXObj) {
            var version = -1;
            try {
                version = activeXObj.GetVariable("\$version")
            } catch (err) {}
            return version
        };
        var getActiveXObject = function(name) {
            var obj = -1;
            try {
                obj = new ActiveXObject(name)
            } catch (err) {
                obj = {
                    activeXError: true
                }
            }
            return obj
        };
        var parseActiveXVersion = function(str) {
            var versionArray = str.split(",");
            return {
                "raw": str,
                "major": parseInt(versionArray[0].split(" ")[1], 10),
                "minor": parseInt(versionArray[1], 10),
                "revision": parseInt(versionArray[2], 10),
                "revisionStr": versionArray[2]
            }
        };
        var parseStandardVersion = function(str) {
            var descParts = str.split(/ +/);
            var majorMinor = descParts[2].split(/\./);
            var revisionStr = descParts[3];
            return {
                "raw": str,
                "major": parseInt(majorMinor[0], 10),
                "minor": parseInt(majorMinor[1], 10),
                "revisionStr": revisionStr,
                "revision": parseRevisionStrToInt(revisionStr)
            }
        };
        var parseRevisionStrToInt = function(str) {
            return parseInt(str.replace(/[a-zA-Z]/g, ""), 10) || self.revision
        };
        self.majorAtLeast = function(version) {
            return self.major >= version
        };
        self.minorAtLeast = function(version) {
            return self.minor >= version
        };
        self.revisionAtLeast = function(version) {
            return self.revision >= version
        };
        self.versionAtLeast = function(major) {
            var properties = [self.major, self.minor, self.revision];
            var len = Math.min(properties.length, arguments.length);
            for (i = 0; i < len; i++) {
                if (properties[i] >= arguments[i]) {
                    if (i + 1 < len && properties[i] == arguments[i]) {
                        continue
                    } else {
                        return true
                    }
                } else {
                    return false
                }
            }
        };
        self.FlashDetect = function() {
            if (navigator.plugins && navigator.plugins.length > 0) {
                var type = 'application/x-shockwave-flash';
                var mimeTypes = navigator.mimeTypes;
                if (mimeTypes && mimeTypes[type] && mimeTypes[type].enabledPlugin && mimeTypes[type].enabledPlugin.description) {
                    var version = mimeTypes[type].enabledPlugin.description;
                    var versionObj = parseStandardVersion(version);
                    self.raw = versionObj.raw;
                    self.major = versionObj.major;
                    self.minor = versionObj.minor;
                    self.revisionStr = versionObj.revisionStr;
                    self.revision = versionObj.revision;
                    self.installed = true
                }
            } else if (navigator.appVersion.indexOf("Mac") == -1 && window.execScript) {
                var version = -1;
                for (var i = 0; i < activeXDetectRules.length && version == -1; i++) {
                    var obj = getActiveXObject(activeXDetectRules[i].name);
                    if (!obj.activeXError) {
                        self.installed = true;
                        version = activeXDetectRules[i].version(obj);
                        if (version != -1) {
                            var versionObj = parseActiveXVersion(version);
                            self.raw = versionObj.raw;
                            self.major = versionObj.major;
                            self.minor = versionObj.minor;
                            self.revision = versionObj.revision;
                            self.revisionStr = versionObj.revisionStr
                        }
                    }
                }
            }
        }()
    };
    if (FlashDetect.major > 0) {
        QC.CF = 1
    }
} catch (e) {
    QC.CF = 2
}
try {
    QCDone(QC)
} catch (e) {
    console.log(e)
}
                                    

#2 JavaScript::Eval (size: 613, repeated: 1) - SHA256: 7d79d7f17504a461320f713188b82fa5a1fdfd154969db17892e75294035c861

                                        var a;
var b;
var ix;
if (typeof window.innerWidth != 'undefined') {
    a = window.innerWidth;
    b = window.innerHeight
} else if (typeof document.documentElement != 'undefined' && typeof document.documentElement.clientWidth != 'undefined' && document.documentElement.clientWidth != 0) {
    a = document.documentElement.clientWidth;
    b = document.documentElement.clientHeight
} else {
    a = document.getElementsByTagName('body')[0].clientWidth;
    b = document.getElementsByTagName('body')[0].clientHeight
}
try {
    ix = window.self !== window.top ? 1 : 0
} catch (e) {
    ix = 2
}
document.getElementById('a').value = a;
document.getElementById('b').value = b;
document.getElementById('ix').value = ix;
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 837, repeated: 1) - SHA256: 3f815370d201244b9ccf2df591cc303961b99b1616652ec7747c7e58177e3f44

                                        < img height = "1"
width = "1"
border = "0"
alt = ""
src = "https://www.googleadservices.com/pagead/conversion/1038302480/?random=1538411587392&cv=9&fst=1538411587392&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef"
style = "display:none" / >
                                    


HTTP Transactions (49)


Request Response
                                        
                                            GET /afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         194.187.98.176
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 01 Oct 2018 16:33:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: SeenToday=1; expires=Tue, 02-Oct-2018 16:33:02 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; expires=Tue, 02-Oct-2018 16:33:02 GMT; Max-Age=86400; path=/ oaidts=1538411582; expires=Tue, 01-Oct-2019 16:33:02 GMT; Max-Age=31536000; path=/ OAID=e292eb185aa3c829f4602ee8e97cbabe; expires=Tue, 01-Oct-2019 16:33:02 GMT; Max-Age=31536000; path=/ OXVAR=108437.2457-ace15ade1515c784ca476c6ee23575ad; expires=Tue, 02-Oct-2018 16:33:02 GMT; Max-Age=86400; path=/ OAID=e292eb185aa3c829f4602ee8e97cbabe; expires=Tue, 01-Oct-2019 16:33:02 GMT; Max-Age=31536000; path=/ exsdsf=1538411583 pbk3=3da3f1534687d5a2d2784c034405d0e16607427438903124232; expires=Mon, 01-Oct-2018 16:43:03 GMT; Max-Age=600 ltm_afu=1; expires=Tue, 02-Oct-2018 16:33:03 GMT; Max-Age=86400; path=/
X-FRAME-OPTIONS: DENY
P3P: CP="CUR ADM OUR NOR STA NID"
X-Used-AdExchange: 1
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4770
Md5:    bdb35c544217ed72f7f6c27dcb56379d
Sha1:   677403b0d37eb9baf787d60b7385b0b61e09bd0a
Sha256: d746515bb07204e2f2d10ff1582de7e5b044b02e6214af76daad66a572a685a0
                                        
                                            GET /sc.php?zoneid=1748446&bannerid=2091454&OXLCA=1&clickid=70665906761502721 HTTP/1.1 
Host: mygtmn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad

                                         
                                         194.187.98.187
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Mon, 01 Oct 2018 16:33:03 GMT
Content-Length: 43
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: SeenToday=1; expires=Tue, 02-Oct-2018 16:33:03 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; expires=Tue, 02-Oct-2018 16:33:03 GMT; Max-Age=86400; path=/ oaidts=1538411583; expires=Tue, 01-Oct-2019 16:33:03 GMT; Max-Age=31536000; path=/ OAID=a93a893b0b715528622a024b650fc41b; expires=Tue, 01-Oct-2019 16:33:03 GMT; Max-Age=31536000; path=/ _OXLCA[2091454]=pfxhz3-1748446; expires=Wed, 31-Oct-2018 16:33:03 GMT; Max-Age=2592000; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1538411582; OAID=e292eb185aa3c829f4602ee8e97cbabe; OXVAR=108437.2457-ace15ade1515c784ca476c6ee23575ad; exsdsf=1538411583; pbk3=3da3f1534687d5a2d2784c034405d0e16607427438903124232; ltm_afu=1

                                         
                                         194.187.98.176
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Mon, 01 Oct 2018 16:33:03 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---
                                        
                                            GET /?r=%2Fmb%2Fhan&pbk3=3da3f1534687d5a2d2784c034405d0e16607427438903124232&empty=0&auction_id=05759c33-0b63-487d-8728-1875951a5eaf&var=108437.2457-ace15ade1515c784ca476c6ee23575ad&uuid=408083ee-7999-42f5-9f6b-812adebe1ba9&ad_scheme=1&rotation_type=3&ppucounter=0&first_visit=0&on_test=1&offer_views=0&ab_test=0&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&zoneid=1748446&x=1176&y=754&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=754&wfc=0&pl=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1748446%26var%3D108437.2457-ace15ade1515c784ca476c6ee23575ad&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&hil=undefined&id=67b2047710905478421746aeab65ba16&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=1&sf_type=1&timeout=0 HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1538411582; OAID=e292eb185aa3c829f4602ee8e97cbabe; OXVAR=108437.2457-ace15ade1515c784ca476c6ee23575ad; exsdsf=1538411583; pbk3=3da3f1534687d5a2d2784c034405d0e16607427438903124232; ltm_afu=1

                                         
                                         194.187.98.176
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 01 Oct 2018 16:33:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Used-AdExchange: 1
Set-Cookie: f3d5bb63c9dbdcfb475795d659c65a4e=kG6kdk7PL5m2uZjblhZA4f-n2NYWdx3JolbPzH6YVLg; expires=Mon, 08-Oct-2018 16:33:04 GMT; Max-Age=604800 OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; expires=Tue, 02-Oct-2018 16:33:04 GMT; Max-Age=86400; path=/ ppucnt=1; expires=Tue, 02-Oct-2018 16:33:04 GMT; Max-Age=86400; path=/ ppucntstart=1538411584; expires=Tue, 02-Oct-2018 16:33:04 GMT; Max-Age=86400; path=/ allcnt=1; expires=Tue, 01-Oct-2019 16:33:04 GMT; Max-Age=31536000; path=/ OAID=e292eb185aa3c829f4602ee8e97cbabe; expires=Tue, 01-Oct-2019 16:33:04 GMT; Max-Age=31536000; path=/ _OACCAP[1381147]=1; expires=Tue, 01-Oct-2019 16:33:04 GMT; Max-Age=31536000; path=/ _OACBLOCK[1381147]=1538411584; expires=Wed, 31-Oct-2018 16:33:04 GMT; Max-Age=2592000; path=/ _OXCCLK[1381147]=1; expires=Tue, 01-Oct-2019 16:33:04 GMT; Max-Age=31536000; path=/ _OXPCLK[142687]=1; expires=Tue, 01-Oct-2019 16:33:04 GMT; Max-Age=31536000; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://dwindly.xyz/i/8300?clickid=70665911257804801&go=1748446&sf_type=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            GET /i/8300?clickid=70665911257804801&go=1748446&sf_type=1 HTTP/1.1 
Host: dwindly.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad

                                         
                                         145.239.141.3
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 01 Oct 2018 16:33:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: TRK_TRG=eJxjYGBgEmEXZMosEOQ1N9czMdAzNLIEYmNB5vTUfEEmP39B7qLU9Mz8vPjk%2FJRUQVY%2Ff10DY0HO5MySSogIO1DEvzgnX5A5s7hAkNupKD8xJS%2B1RMExWJAPSMcXF6SmpoCVsjEKcmQWxxcU5VdUsjECAOqzILE%3D; expires=Tue, 02-Oct-2018 16:33:04 GMT; Max-Age=86400; path=/ TRK_TRU2=eJxjYGBgEuEQZC5NNBVUMEtJM09KTkwxSDUxNjS1SDM1MjVINDU3M0hOtEi1SDIUZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMT5IfxylKLijPz83gceM6AwFlB1vxikBJmQS4gAy4rwwAGgtwpqWWZyanxJZUFqWyMAGk%2BKmU%3D; expires=Tue, 02-Oct-2018 16:33:04 GMT; Max-Age=86400; path=/
Location: http://wi.adpiano.com/aosaperz/aspaeoz/?utm_source=17232&utm_campaign=1206532&clck=ab8d3820-c597-11e8-acbf-1f583e13c484&sid=1748446
Content-Encoding: gzip
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
                                        
                                            GET /aosaperz/aspaeoz/?utm_source=17232&utm_campaign=1206532&clck=ab8d3820-c597-11e8-acbf-1f583e13c484&sid=1748446 HTTP/1.1 
Host: wi.adpiano.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad

                                         
                                         35.168.24.149
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Date: Mon, 01 Oct 2018 16:33:04 GMT
Content-Length: 158
Connection: keep-alive
Location: https://www.fixbestreformflash.icu/?32017a=TqCNvl6zYaJZHyypeLSOVWLY2sK_7Msp6IGLICCC3r4.&cid=ab8d3820-c597-11e8-acbf-1f583e13c484&payout=[LEAD_PRICE]
Server: nginx
Strict-Transport-Security: max-age=15768000


--- Additional Info ---
Magic:  HTML document text
Size:   158
Md5:    aff800f7c0fbcc0a1b3a01222155d46a
Sha1:   33555b5351d9740ef0f943c7a5aa6282601eadf9
Sha256: 39c7f77e186fa5ff07bd1bf2bb39281a6778e5b7cda6b72e08da6a7a688dd8e3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "862080CA86B96B9F43723D420967B2CFCE15D1976725E924EF5DAD97B92FFAC1"
Last-Modified: Sun, 30 Sep 2018 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=43200
Expires: Tue, 02 Oct 2018 04:33:05 GMT
Date: Mon, 01 Oct 2018 16:33:05 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    d202c8970f3e4d1f27abba737df9a383
Sha1:   81c6d29f4d690502e682ca8495d473cf8e2c9065
Sha256: 862080ca86b96b9f43723d420967b2cfce15d1976725e924ef5dad97b92ffac1
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.121
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Fri, 28 Sep 2018 20:36:14 GMT
Etag: "cca839ca14bba970341289bc9bf457dbe082bb6c"
Content-Length: 1396
Cache-Control: public, no-transform, must-revalidate, max-age=12381
Expires: Mon, 01 Oct 2018 19:59:26 GMT
Date: Mon, 01 Oct 2018 16:33:05 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1396
Md5:    51d659b48e2fc858ca949366f621eced
Sha1:   cca839ca14bba970341289bc9bf457dbe082bb6c
Sha256: bbd26e33dc42c4d6a72824f8e0fb7603cbf022d061c2365cc45c079a02869167
                                        
                                            GET /?32017a=TqCNvl6zYaJZHyypeLSOVWLY2sK_7Msp6IGLICCC3r4.&cid=ab8d3820-c597-11e8-acbf-1f583e13c484&payout=[LEAD_PRICE] HTTP/1.1 
Host: www.fixbestreformflash.icu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad

                                         
                                         18.215.115.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.13.9
Date: Mon, 01 Oct 2018 16:33:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.0.30-0+deb9u1
Location: https://www2.fasterakamaibestflash.icu/?32017a=dy88F03PVXL_6w91m67VeIYvOQ15f7poxOPToGqMDJjAmMPQA3VWWj_-mXiHVrwi3kBcUPiznjPzFEYV_Y04AQ..&cid=ab8d3820-c597-11e8-acbf-1f583e13c484&payout=[LEAD_PRICE]&v_id=GFnECxNiFsvLQq73oDmWUQEY1Mx4z0fDbDfiAXjtvYk.
Strict-Transport-Security: max-age=15768000


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "5466174B4F6C494EFF20EA2DFC6E0A2463BE1A622B7E0AF97CA692FA5253433A"
Last-Modified: Fri, 28 Sep 2018 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=43200
Expires: Tue, 02 Oct 2018 04:33:05 GMT
Date: Mon, 01 Oct 2018 16:33:05 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    07879416aa59a1c7a8d0e577e5e97fa3
Sha1:   29f46dc5c42947f23646899b125871e0a1939649
Sha256: 5466174b4f6c494eff20ea2dfc6e0a2463be1a622b7e0af97ca692fa5253433a
                                        
                                            GET /?32017a=dy88F03PVXL_6w91m67VeIYvOQ15f7poxOPToGqMDJjAmMPQA3VWWj_-mXiHVrwi3kBcUPiznjPzFEYV_Y04AQ..&cid=ab8d3820-c597-11e8-acbf-1f583e13c484&payout=[LEAD_PRICE]&v_id=GFnECxNiFsvLQq73oDmWUQEY1Mx4z0fDbDfiAXjtvYk. HTTP/1.1 
Host: www2.fasterakamaibestflash.icu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad

                                         
                                         18.211.136.211
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.13.9
Date: Mon, 01 Oct 2018 16:33:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.0.30-0+deb9u1
Set-Cookie: channel=makaro_newWINoff; expires=Mon, 01-Oct-2018 16:53:06 GMT; Max-Age=1200; path=/ dist_id=1; expires=Mon, 01-Oct-2018 16:53:06 GMT; Max-Age=1200; path=/ lp_id=4; expires=Mon, 01-Oct-2018 16:53:06 GMT; Max-Age=1200; path=/
Location: http://www.reimageplus.com/includes/router_land.php?tracking=Co2&banner=18770&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&lpx=tef
Strict-Transport-Security: max-age=15768000


--- Additional Info ---
Magic:  UTF-8 Unicode (with BOM) text, with no line terminators
Size:   6
Md5:    ff83448521724f553aa887e20d8ea99d
Sha1:   dbbc083c5b6ccc9adf316af366b9ab8b8fa73b3f
Sha256: 637b2c8da853bb1832c130f7e3bf70d07d3801190af1b8c77a8346faee3bfbb9
                                        
                                            GET /includes/router_land.php?tracking=Co2&banner=18770&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&lpx=tef HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad

                                         
                                         161.47.7.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Date: Mon, 01 Oct 2018 16:20:02 GMT
Location: http://www.reimageplus.com/lp/teg/index.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; path=/ _refcook=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1748446%26var%3D108437.2457-ace15ade1515c784ca476c6ee23575ad; expires=Fri, 30-Nov-2018 16:20:02 GMT; path=/ _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; expires=Fri, 30-Nov-2018 16:20:02 GMT; path=/ _testcookie=test; expires=Mon, 01-Oct-2018 16:26:02 GMT; path=/ rmo=true; expires=Thu, 15-Nov-2018 16:20:02 GMT; path=/; domain=reimageplus.com marketnetwork_subid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=reimageplus.com
Content-Length: 22


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   22
Md5:    a0501a98ab1b294fd669c2ecd1b8c027
Sha1:   ecd8ceda437c617578af895ce922b9497f20938b
Sha256: cada81a8faf83daa504d843d0795ec58a6f77bd94a28345385cdb54cef383832
                                        
                                            GET /lp/teg/index.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bestadbid.com/afu.php?zoneid=1748446&var=108437.2457-ace15ade1515c784ca476c6ee23575ad
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1748446%26var%3D108437.2457-ace15ade1515c784ca476c6ee23575ad; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Date: Mon, 01 Oct 2018 16:20:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: PHPSESSID=jsup1in40spii4kb7i71o56o03; path=/ _refcook=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1748446%26var%3D108437.2457-ace15ade1515c784ca476c6ee23575ad; expires=Fri, 30-Nov-2018 16:20:02 GMT; path=/ _testcookie=test; expires=Mon, 01-Oct-2018 16:26:02 GMT; path=/
Content-Length: 3959


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3959
Md5:    28d3ee9681d36dec2ea65244e26a8ebd
Sha1:   1080af22de3f3cf891ce032f79bc7b961478ddc0
Sha256: 476539d694253dc72fd3f51aeb1993a2fbb3b6577f658c8c541e6ff1f3148f1a
                                        
                                            GET /ajax/libs/jquery/1.5.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         172.217.21.170
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 29839
Date: Fri, 31 Aug 2018 12:11:45 GMT
Expires: Sat, 31 Aug 2019 12:11:45 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 2694081


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   29839
Md5:    9a9b2acb8c0cf46985e07996f688b43d
Sha1:   341c927be8f8344f30afb46d49ce6b5e3da62c7d
Sha256: 0b1e12a7712d7b092fd5e1b2724d6e248670ff82620ec75e24105b6b127e3ca8
                                        
                                            GET /lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fbestadbid.com%2Fafu.php%3Fzoneid%3D1748446%26var%3D108437.2457-ace15ade1515c784ca476c6ee23575ad; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true; PHPSESSID=jsup1in40spii4kb7i71o56o03

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Date: Mon, 01 Oct 2018 16:20:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef; expires=Fri, 30-Nov-2018 16:20:02 GMT; path=/ _testcookie=test; expires=Mon, 01-Oct-2018 16:26:02 GMT; path=/
Content-Length: 10138


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10138
Md5:    fa19f79d7b47f77343ccd415d1083e0c
Sha1:   a435eb72e9332abc13a9117f4c54c5732125b886
Sha256: da39634331810e054ba1a2691d6a7fd083d2ade6de57e70bae799d792bfcde49
                                        
                                            GET /meter/www.reimageplus.com/23.gif HTTP/1.1 
Host: images.scanalert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         143.204.47.119
HTTP/1.1 200 OK
Content-Type: image/png; charset=UTF-8
                                        
Content-Length: 3005
Connection: keep-alive
Date: Mon, 01 Oct 2018 15:53:15 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: public
Expires: Mon, 01 Oct 2018 16:53:15 GMT
Content-Encoding: gzip
Age: 2391
X-Cache: Hit from cloudfront
Via: 1.1 2291c3a6bbdb0b0147dc7972fd25ec3e.cloudfront.net (CloudFront)
X-Amz-Cf-Id: tcoIkW_zX0nwqXSmQCpp0v9xY6R58-1dMNrF7ygP9Dp_fbGz9EIg3A==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   3005
Md5:    102539419ea49058a5fd78365f742469
Sha1:   e4e891e5dc0d2c41eabf5dd8b497c191c287560a
Sha256: 7d59d63d95e75cf20757455fb4c3cc5333a2aacbf0424fc92a7a01ad3b694370
                                        
                                            GET /website/newwebsite/lp/tef/Win7.gif HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef
Cookie: rmo=true

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Mon, 01 Oct 2018 16:33:06 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501926"
Cache-Control: max-age=86400
Content-Length: 3059
Last-Modified: Thu, 14 Jul 2016 13:12:06 GMT
X-HW: 1538411586.dop003.sk1.t,1538411586.cds013.sk1.c


--- Additional Info ---
Magic:  GIF image data, version 89a, 60 x 62
Size:   3059
Md5:    72edefcd39d81e6d207b19834e6941ef
Sha1:   03e824da65cf1fbb8849c06df5fee4f753d3d8ce
Sha256: 41e53e6880391a2ffdcecfc04969e62ade0e3383c54aed8c281a3c5c122a5f3c
                                        
                                            GET /pagead/conversion.js HTTP/1.1 
Host: www.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         216.58.211.2
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Mon, 01 Oct 2018 16:33:06 GMT
Expires: Mon, 01 Oct 2018 16:33:06 GMT
Cache-Control: private, max-age=3600
Etag: 12528383239491287948
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 8480
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   8480
Md5:    89f3999827439aa746b94c812cb15fcc
Sha1:   a13ef382e46170c01346cfe878660bfc97051efa
Sha256: 1e7c277cd6c32cfbb953ae0d339074c33c5a565956f0a04debf35ad9f17d35f1
                                        
                                            GET /lp/teg/css/style.css HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true; PHPSESSID=jsup1in40spii4kb7i71o56o03

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 01 Oct 2018 16:20:02 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Connection: Keep-Alive
Content-Length: 2238


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2238
Md5:    2df0a84a55ce5bfdae54508a20665ea2
Sha1:   dc663bae0287ca12367121b3aee6589b41bc6120
Sha256: 9c11c77c765b2f2ad8c795671b85e80274a4da7a4463dfb76bbbbfef8776d5c6
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bestadbid.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C03%7COSLO%7CXDSL%7CBROADNET+AS%7C%7C11348%7C11093%7C%3F%7C578270; oaidts=1538411582; OAID=e292eb185aa3c829f4602ee8e97cbabe; OXVAR=108437.2457-ace15ade1515c784ca476c6ee23575ad; exsdsf=1538411583; pbk3=3da3f1534687d5a2d2784c034405d0e16607427438903124232; ltm_afu=1; f3d5bb63c9dbdcfb475795d659c65a4e=kG6kdk7PL5m2uZjblhZA4f-n2NYWdx3JolbPzH6YVLg; ppucnt=1; ppucntstart=1538411584; allcnt=1; _OACCAP[1381147]=1; _OACBLOCK[1381147]=1538411584; _OXCCLK[1381147]=1; _OXPCLK[142687]=1

                                         
                                         194.187.98.176
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Mon, 01 Oct 2018 16:33:06 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---
                                        
                                            GET /website/newwebsite/lp/tef/plus.png HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/css/style.css
Cookie: rmo=true

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501922"
Cache-Control: max-age=86400
Content-Length: 624
Last-Modified: Thu, 14 Jul 2016 13:12:02 GMT
X-HW: 1538411587.dop003.sk1.t,1538411587.cds058.sk1.c


--- Additional Info ---
Magic:  PNG image, 25 x 25, 8-bit/color RGB, non-interlaced
Size:   624
Md5:    47c1d3ee311e193de0cdd6e5b1a2eb4d
Sha1:   7f9d1d0cc1ffb72d64a75a088e8e9a1f105065c0
Sha256: 8c075719560b586b0c32318f5e963c3fea585c32a88cb874495c931e28f77ef9
                                        
                                            GET /website/newwebsite/lp/tef/download.png HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/css/style.css
Cookie: rmo=true

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501926"
Cache-Control: max-age=86400
Content-Length: 368
Last-Modified: Thu, 14 Jul 2016 13:12:06 GMT
X-HW: 1538411587.dop012.sk1.t,1538411587.cds058.sk1.c


--- Additional Info ---
Magic:  PNG image, 21 x 20, 8-bit/color RGB, non-interlaced
Size:   368
Md5:    3158e13e8184dbb60eada6725e897a95
Sha1:   9ee305bdd713bde36a49f580962cc83658b71f55
Sha256: da30e4140b53e29b452d18fdbe53efa3068e586f9d00f68da0ed2a68cbfab310
                                        
                                            GET /assets/styles/jquery.fancybox/jquery.fancybox-2.css HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true; PHPSESSID=jsup1in40spii4kb7i71o56o03

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 01 Oct 2018 16:20:02 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Connection: Keep-Alive
Content-Length: 1606


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1606
Md5:    39c87544233ef0fafef3816c7dc083d1
Sha1:   b5a214c16e29bb922d7dd247c8cd4ab32a48ec15
Sha256: e39857dbe26db2b9569d4ee2d3246135a51f76684c0caa76a4b7ba1d63f0b8ea
                                        
                                            GET /js/1.js HTTP/1.1 
Host: cdn.ywxi.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         143.204.47.39
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Length: 2791
Connection: keep-alive
Date: Mon, 01 Oct 2018 15:35:17 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Expires: Mon, 01 Oct 2018 16:35:17 GMT
Content-Encoding: gzip
Age: 3470
X-Cache: Hit from cloudfront
Via: 1.1 4f48f90c7cc5834331dc3e65cd576297.cloudfront.net (CloudFront)
X-Amz-Cf-Id: gh4uc5GufDhUzd98tcWmudadavJn7ZzflKV-KoSoaegN6LwGzf-vQQ==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   2791
Md5:    28626a0208ce04a910df6f63a21d43b2
Sha1:   46e42f3df83d424d6b64f2c169abb46c0f24c8f3
Sha256: 9e178d0d8199f52bd881bacbefcb10de882de63d76a88a1c297974f38460c850
                                        
                                            GET /website/newwebsite/lp/tef/minus.png HTTP/1.1 
Host: cdnrep.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/css/style.css
Cookie: rmo=true

                                         
                                         205.185.208.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1468501925"
Cache-Control: max-age=86400
Content-Length: 580
Last-Modified: Thu, 14 Jul 2016 13:12:05 GMT
X-HW: 1538411587.dop003.sk1.t,1538411587.cds008.sk1.c


--- Additional Info ---
Magic:  PNG image, 25 x 25, 8-bit/color RGB, non-interlaced
Size:   580
Md5:    27e624f58dfbc7e0b9d4d475181fc2dd
Sha1:   844b10905ee3fe43aa080ed9c48e379e82cca94b
Sha256: c5edda2dd802c5d9d437729d83c888306918e94262111bd24e3dc78560b7c6bd
                                        
                                            GET /assets/scripts/jquery.fancybox/jquery.fancybox-2.js HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true; PHPSESSID=jsup1in40spii4kb7i71o56o03

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: Apache/2.2.15 (CentOS)
Date: Mon, 01 Oct 2018 16:20:02 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Sun, 07 Jun 2015 06:06:18 GMT
Content-Length: 48716


--- Additional Info ---
Magic:  ASCII C++ program text
Size:   48716
Md5:    932c065e6c0658681ca19a34d45981f4
Sha1:   7e10f6aba5d7bc1b21e0c62ba107ac5593c039d8
Sha256: 1a2da275a2f66503da340a4b38a064c5329d8b3f03eb057dee553786482c4874
                                        
                                            GET /dc.js HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         64.233.162.155
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Mon, 01 Oct 2018 16:28:52 GMT
Expires: Mon, 01 Oct 2018 18:28:52 GMT
Last-Modified: Thu, 13 Sep 2018 23:12:19 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17093
Cache-Control: public, max-age=7200
Age: 255


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17093
Md5:    5f65521f6c6223e1e18cb161832bea2a
Sha1:   f03800023e7bbe2579cd24e122cdf8c6ecf8b4c6
Sha256: 787b69b93681cf41784dfa8655cbdafe8a56ecc62f0112a6ea2241a284a0e3c9
                                        
                                            GET /r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=189194754&utmhn=www.reimageplus.com&utmcs=UTF-8&utmsr=1176x885&utmvp=1159x754&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmhid=1678651359&utmr=0&utmp=%2Flp%2Fteg%2Findex_src.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&utmht=1538411587598&utmac=UA-24411584-1&utmcc=__utma%3D141870001.2003288311.1538411588.1538411588.1538411588.1%3B%2B__utmz%3D141870001.1538411588.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=718003746&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         64.233.162.155
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Mon, 01 Oct 2018 16:33:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-FRAME-OPTIONS: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    c0ee7fd382ff8ef0cafc39a345927ad5
Sha1:   876ac1292d68c847edc32768dd1677ac542f5ed3
Sha256: de5108f3ad008ad57aa46a1a8132611cbf3b31c8b4cdd6d1ca25a09bbdc99fc0
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-FRAME-OPTIONS: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /pagead/conversion/1038302480/?random=1538411587392&cv=9&fst=1538411587392&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef HTTP/1.1 
Host: www.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         216.58.211.2
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Mon, 01 Oct 2018 16:33:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1038302480/?random=1925671606&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Q0yyW5XLKoig6wS6tLDIAg&crd=CKrPGwjX0Rs&gtd=
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-FRAME-OPTIONS: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    9e64a227bd9af781eff193cdd0b75dcb
Sha1:   0b4d949fd3ce81f76d5095b39e57f906a6adc49b
Sha256: f6dd3d6dbaca10990feeea484e5f83372a94197c487435bd279c5115f717ac8b
                                        
                                            GET /pagead/viewthroughconversion/1038302480/?random=1925671606&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Q0yyW5XLKoig6wS6tLDIAg&crd=CKrPGwjX0Rs&gtd= HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         216.58.207.226
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Mon, 01 Oct 2018 16:33:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://www.google.com/pagead/1p-user-list/1038302480/?random=1925671606&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=CKrPGwjX0RsIhNAb&cdct=2&is_vtc=1&random=1591826468&resp=GooglemKTybQhCsO
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 01-Oct-2018 16:48:07 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-FRAME-OPTIONS: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    ea33728366b32d025c022708c0271336
Sha1:   f608567393325d2586ea8863bfec5fd133483b39
Sha256: 4e1e59dfee4a568381bcd76fdf7ef9f773f351b8e56dd19b2508da82d7c8f55e
                                        
                                            GET /pagead/1p-user-list/1038302480/?random=1925671606&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=CKrPGwjX0RsIhNAb&cdct=2&is_vtc=1&random=1591826468&resp=GooglemKTybQhCsO HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         216.58.211.4
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Mon, 01 Oct 2018 16:33:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Location: https://www.google.no/pagead/1p-user-list/1038302480/?random=1925671606&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=CKrPGwjX0RsIhNAb&cdct=2&is_vtc=1&random=1591826468&resp=GooglemKTybQhCsO&ipr=y
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /mfesecure-public/host/reimageplus.com/client.js HTTP/1.1 
Host: s3-us-west-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         52.218.209.160
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: mvaTox6iCokBMQOo3EnXNnvVOH7V4CJt/uPckACpC4xFVd/xI7W1aLktVQ0Ld3asejnI+CpYQSo=
x-amz-request-id: 7065FCBB66DB38D0
Date: Mon, 01 Oct 2018 16:33:08 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Sep 2018 01:43:53 GMT
Etag: "b59090b7bbb33a367b6eb82bfd4c2069"
Cache-Control: public, max-age=60
Content-Encoding: gzip
x-amz-version-id: IsRACDct51.NBjEQyzDIawr.6yziUEmR
Accept-Ranges: bytes
Content-Length: 160
Server: AmazonS3


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   160
Md5:    b59090b7bbb33a367b6eb82bfd4c2069
Sha1:   0c53207950f764fbf55faa604139faf5c8158c18
Sha256: 434367e7c517a675611a8756bae9e5d007efd2336c1ce6af3fc1b80bc6673fa1
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 01 Oct 2018 16:33:07 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-FRAME-OPTIONS: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    78784f21ce44bd1fbbeef9b6c4c2e989
Sha1:   a75c72c317001edb4c230df2b6f2d3e6716c004d
Sha256: 4cbb9440124cde85e6d11fc0223898551adf2d50e63df0da68454523c92ac984
                                        
                                            GET /static/img/tm-float.png HTTP/1.1 
Host: cdn.ywxi.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         143.204.47.39
HTTP/1.1 200 OK
Content-Type: image/png; charset=UTF-8
                                        
Content-Length: 9330
Connection: keep-alive
Date: Thu, 26 Apr 2018 23:59:53 GMT
Expires: Fri, 27 Apr 2018 23:59:53 GMT
Cache-Control: public, max-age=86400
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Etag: "HioVbLUyInv"
Last-Modified: Thu, 26 Apr 2018 22:02:54 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Age: 59442
X-Cache: Hit from cloudfront
Via: 1.1 4f48f90c7cc5834331dc3e65cd576297.cloudfront.net (CloudFront)
X-Amz-Cf-Id: uOXN5Rwzal8-_UNz8vP6rCc_ucrGP9KQ539FmXSPgk4zOIdBWkVwlA==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   9330
Md5:    c4c9391d05918c1a7045dff82c1391b2
Sha1:   be2ec6556d902ae0d78fa62cf2cb2751f357e8c0
Sha256: ec706c9c38eb71c40deb0d3deb2abe51058dc256910bfde4ef76d2a2bae24f61
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         143.204.51.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171475
Date: Mon, 01 Oct 2018 16:33:08 GMT
Etag: "5bb1f281-1d7"
Expires: Wed, 03 Oct 2018 16:11:03 GMT
Last-Modified: Mon, 01 Oct 2018 10:10:09 GMT
Server: ECS (lga/13A4)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: XsFQtfYPWCQtMkjaw72rgCzBbuAHhrUzyy6EDT7OIx797tNyoPUaOg==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    1a3ac7edd235bfada4045707d007b401
Sha1:   e2342bba6b9e5f7e423a5d22795b1c5a1d0f4805
Sha256: b289562e6e6effd0af3098a36dc5587db77646d3b23942ed9603ad41d37a02f7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.rootca1.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         143.204.51.148
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 1426
Connection: keep-alive
Date: Mon, 01 Oct 2018 16:33:08 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.7/2018-03-28)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: zgYLrzOkPWV_S2q15b_HFOTh9PEmh7tIF5cXNJRdrHcY3_-5SJY5-A==


--- Additional Info ---
Magic:  data
Size:   1426
Md5:    5ba7201ab2ffbd98e8ab0490f0c2d763
Sha1:   c7fd5d94d3d41294b4cc14018f062ed72d64fe34
Sha256: 63586bf743211cac3ddd49476882e2a03b6c11d106166418de1bab3e9cfdbdfc
                                        
                                            GET /pagead/1p-user-list/1038302480/?random=1925671606&cv=9&fst=*&num=1&fmt=3&value=0&label=6-3FCKyD8wEQkPqM7wM&bg=666666&hl=en&guid=ON&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_his=2&u_tz=120&u_java=true&u_nplug=10&u_nmime=92&frm=1&url=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ref=http://www.reimageplus.com/lp/teg/index.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=CKrPGwjX0RsIhNAb&cdct=2&is_vtc=1&random=1591826468&resp=GooglemKTybQhCsO&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Mon, 01 Oct 2018 16:33:08 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /js/1.js HTTP/1.1 
Host: cdn.trustedsite.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         143.204.47.90
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Length: 1872
Connection: keep-alive
Date: Mon, 01 Oct 2018 16:27:55 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Expires: Mon, 01 Oct 2018 17:27:55 GMT
Content-Encoding: gzip
Age: 313
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Id: l_5Op_73tATMIobBnsDtwfOg51prCICvAU5axwHcVVC1sOcZy7yqjQ==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   1872
Md5:    68dc342c1d27074362709798cc24d63e
Sha1:   cee55e0da80266c231acd65ebd386a563cca4e1c
Sha256: 5d4eda3ee64d69b769c026a13f4d30022c7af252a378acd0198943e917a9dbae
                                        
                                            GET /trustedsite-public/host/reimageplus.com/client.js HTTP/1.1 
Host: s3-us-west-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         52.218.209.160
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: dKrmOYIXEBIQsIZhbyfJ8RuzGX1pUpezf1uDxCWIJId/Yx69PKN9WmH4BZb0n3PIiJJ5wcaMAdc=
x-amz-request-id: D4B769EA78251888
Date: Mon, 01 Oct 2018 16:33:09 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 04 Jul 2018 23:05:38 GMT
Etag: "99a45cba3096b08317048a968af70cbd"
Cache-Control: public, max-age=60
Content-Encoding: gzip
x-amz-version-id: Otnbc0GHkBiRt7w2FfDBHNevvLnNWi3E
Accept-Ranges: bytes
Content-Length: 148
Server: AmazonS3


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   148
Md5:    99a45cba3096b08317048a968af70cbd
Sha1:   cdb50d86e5f776a679bd516f54f9b87eaee8938d
Sha256: bb45e632cbf9940c1180c70ff511fcd962b7fd2bc9c107f36a1c05850ca40582
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         143.204.51.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=156458
Date: Mon, 01 Oct 2018 16:33:08 GMT
Etag: "5bb1e24b-1d7"
Expires: Wed, 03 Oct 2018 12:00:46 GMT
Last-Modified: Mon, 01 Oct 2018 09:00:59 GMT
Server: ECS (lga/1386)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: qAsNC0CjCfQMCDmIy09fPXM-Yv0VCWbsQmtIo1bfdm0T77RqmEBWaA==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    a4b5fec26f4ff658ece357c8abe24ef2
Sha1:   0f0e32ce8f656904f5b0542821a63eff5a97dc46
Sha256: c054e5c8c3ec7cae9acc44cc08be00ddc5c34f57c1441b34bf695230fa380b2f
                                        
                                            GET /rpc/ajax?do=tmjs-visit&host=reimageplus.com&rand=1538411588002 HTTP/1.1 
Host: www.mcafeesecure.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         34.211.22.187
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Date: Mon, 01 Oct 2018 16:33:09 GMT
Content-Length: 40
Connection: keep-alive
Set-Cookie: AWSALB=4AH8d5HDI/3Kg2GQIt36DXioBgwiKN+6ocIhuwWFG8GstpTvWt+pjjt1z1GWqqRtYQmFa3daDot4ootsTxu31PpxrLCIicwg73P0kweKArnIQnV4cE1Tk+gxy40p; Expires=Mon, 08 Oct 2018 16:33:09 GMT; Path=/
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   40
Md5:    944a7272ccaa46cfdecd665777c6754e
Sha1:   82285849fee45064651b3f26f95076f8e3c495a4
Sha256: 6b9f3b810cad38e87d04f72b688215bf892f85df094d00334b876441c1169c5f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true; PHPSESSID=jsup1in40spii4kb7i71o56o03; __utma=141870001.2003288311.1538411588.1538411588.1538411588.1; __utmb=141870001.1.10.1538411588; __utmc=141870001; __utmz=141870001.1538411588.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; mfesecure_visit=1

                                         
                                         161.47.7.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 01 Oct 2018 16:20:04 GMT
Location: http://www.reimageplus.com/images/reimage.ico
Connection: Keep-Alive
Content-Length: 253


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   253
Md5:    89fbda29cd4758e3ab1f35468df805c2
Sha1:   337a11ad7f3201d716eafe475be4744c14579cb1
Sha256: aa3c8a7d131750c62a273230a83039796256fc9b9f7cb160de4b7e97a39af71d
                                        
                                            GET /images/reimage.ico HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true; PHPSESSID=jsup1in40spii4kb7i71o56o03; __utma=141870001.2003288311.1538411588.1538411588.1538411588.1; __utmb=141870001.1.10.1538411588; __utmc=141870001; __utmz=141870001.1538411588.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; mfesecure_visit=1

                                         
                                         161.47.7.14
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: Apache/2.2.15 (CentOS)
Date: Mon, 01 Oct 2018 16:20:05 GMT
Expires: Thu, 15 Apr 2045 20:00:00 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Mon, 30 Apr 2012 13:14:46 GMT
Content-Length: 894


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   894
Md5:    d0c2bd29933d303826e58db070e10832
Sha1:   1a6f18c55c3cd9ea9ff9485afc30c213a6aeefef
Sha256: 3af4842e79f2e783c9a73e19493a10164df5cf27e7e2fb67fb51b2f99d3b4d84
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.reimageplus.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: X-Mapping-fjhppofk=8EB7C1D4029F1355B7CBC09E2173829E; _refcook=http%3A%2F%2Fwww.reimageplus.com%2Flp%2Fteg%2Findex.php%3Ftracking%3DCo2%26banner%3D18770%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26nms%3D1%26lpx%3Dtef; _source=%2Fincludes%2Frouter_land.php%3Ftracking%3DCo2%26banner%3D18770%26context%3Dmem_makaro_newWINoff_15384115860465p4ggSxkHES%26lpx%3Dtef; _testcookie=test; rmo=true; PHPSESSID=jsup1in40spii4kb7i71o56o03; __utma=141870001.2003288311.1538411588.1538411588.1538411588.1; __utmb=141870001.1.10.1538411588; __utmc=141870001; __utmz=141870001.1538411588.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; mfesecure_visit=1

                                         
                                         161.47.7.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 01 Oct 2018 16:20:07 GMT
Location: http://www.reimageplus.com/images/reimage.ico
Connection: Keep-Alive
Content-Length: 253


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   253
Md5:    89fbda29cd4758e3ab1f35468df805c2
Sha1:   337a11ad7f3201d716eafe475be4744c14579cb1
Sha256: aa3c8a7d131750c62a273230a83039796256fc9b9f7cb160de4b7e97a39af71d
                                        
                                            GET /getseal?host_name=www.reimageplus.com&size=XS&use_flash=NO&use_transparent=YES&lang=en HTTP/1.1 
Host: seal.websecurity.norton.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.reimageplus.com/lp/teg/index_src.php?tracking=Co2&banner=18770&adgroup=direct&ads_name=direct&keyword=direct&context=mem_makaro_newWINoff_15384115860465p4ggSxkHES&nms=1&lpx=tef

                                         
                                         0.0.0.0
                                        


--- Additional Info ---