Overview

URL safesear.ch
IP54.243.72.69
ASNAS14618 Amazon.com, Inc.
Location United States
Report completed2017-07-18 00:07:22 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

No other reports on IP: 54.243.72.69


Last 10 reports on ASN: AS14618 Amazon.com, Inc.

Date UQ / IDS / BL URL IP
2017-07-22 16:36:02 +0200
0 - 0 - 1 https://www.unicos-oman.com/zVS4DLNs/whm/81fc (...) 52.86.91.85
2017-07-22 16:33:42 +0200
0 - 2 - 0 www.all2upgrade.top/ 52.0.170.231
2017-07-22 16:33:27 +0200
0 - 0 - 0 en.miui.com/thread-706123-1-1.html 50.17.212.104
2017-07-22 16:24:09 +0200
0 - 0 - 0 en.miui.com/thread-706104-1-1.html 50.17.212.104
2017-07-22 16:16:48 +0200
0 - 0 - 0 en.miui.com/thread-706096-1-1.html 50.16.247.229
2017-07-22 16:05:57 +0200
0 - 0 - 0 en.miui.com/thread-706080-1-1.html 50.16.247.229
2017-07-22 16:02:48 +0200
0 - 2 - 0 binkiland.com/?f=7&a=bnk_dnldastr_15_12&cd=2X (...) 54.225.218.28
2017-07-22 16:00:07 +0200
0 - 0 - 0 en.miui.com/thread-706071-1-1.html 50.17.212.104
2017-07-22 15:56:09 +0200
0 - 1 - 0 www.pa.undp.org/content/panama/es/home/ourwor (...) 52.71.135.64
2017-07-22 15:53:13 +0200
0 - 0 - 0 en.miui.com/thread-706057-1-1.html 50.16.247.229

No other reports on domain: .



JavaScript

Executed Scripts (14)


Executed Evals (0)


Executed Writes (6)

#1 JavaScript::Write (size: 62, repeated: 1) - SHA256: 6f7632bd575f09b1e60739f48dca6af219b4be182f3ebc583152f788b8a34aa3

                                        <!-- Creative 16948374 served by Member 1432 via AppNexus. -->
                                    

#2 JavaScript::Write (size: 450, repeated: 1) - SHA256: 6e9c9c66c59d29843fdb1e978a319a63f7e1faa102ecf6f43088bcce871ed5b3

                                        < a href = "http://ams1-ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAERAAAAAAAAAAAAAAAAAAAAAAJDL7jntwAREN8_l5xsHN3D8NG1ZAAAAAGvsLwCYBQAAmAUAAAIAAACWnAIBXfoGAAAAAAAAAAAAVVNEACwB-gCsWAAAAAAAAgIAAQAAAJIAjxOdyQAAAAA./bn=0/referrer=http%3A%2F%2Fsafesear.ch%2F/clickenc=http%3A%2F%2Fwww.safesear.ch"
target = "_blank" > < img width = "300"
height = "250"
style = "border-style: none"
src = "http://cdn.adnxs.com/p/a7/17/76/9a/a717769acf6767c3353945f606f9dfab.png" / > < /a>
                                    

#3 JavaScript::Write (size: 315, repeated: 1) - SHA256: 20505d095b8037efe5d0030123e30121607989fe66f3141f03ff25a86f8c2d67

                                        < iframe src = "http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html"
width = "1"
height = "1"
frameborder = "0"
scrolling = "no"
marginheight = "0"
marginwidth = "0"
topmargin = "0"
leftmargin = "0"
style = "position:absolute;overflow:hidden;clip:rect(0 0 0 0);height:1px;width:1px;margin:-1px;padding:0;border:0;" > < /iframe>
                                    

#4 JavaScript::Write (size: 325, repeated: 1) - SHA256: 7632b1cefa079b753a80602580865bc99a7bc396aa059f77f0a14d7948997cee

                                        < script language = "javascript"
src = "http://ib.adnxs.com/ttj?ttjb=1&bdc=1500329212&bdh=ZgBHueHTJHvxBKKsrVlcnG0xRGg.&&bdref=http%3A%2F%2Fsafesear.ch%2F&bdtop=true&bdifs=1&bstk=http%3A%2F%2Fsafesear.ch%2F,http%3A%2F%2Fib.adnxs.com%2Fbounce%3F%252Ftt%253Fid%253D3140715%2526position%253Dabove&&id=3140715&position=above" > < /script>
                                    

#5 JavaScript::Write (size: 42, repeated: 1) - SHA256: 8c5014328b3a24ba9e969f6c2d616273a9c7b72a5cbc7ece553b43dabee90b86

                                        < style > body {
    visibility: hidden;
} < /style>
                                    

#6 JavaScript::Write (size: 39, repeated: 1) - SHA256: 01999115736730ccd516199000d0bd1b1ce2c405b81ac2a9b4a378c61e18c1d5

                                        < style > .lighter {
    display: none
} < /style>
                                    


HTTP Transactions (49)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: safesear.ch
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.235.189.109
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: max-age=0, no-cache
Content-Encoding: gzip
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:;
Date: Mon, 17 Jul 2017 22:06:48 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
x-Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:;
X-Mod-Pagespeed: 1.11.33.4-0
X-WebKit-CSP: default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:;
Content-Length: 6688
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6688
Md5:    dc3c9a78eb77448919f4aa1dc9431a70
Sha1:   f7423873be7397b35d79583d15d035dcf150c159
Sha256: e1748e7445a28f72fcbaf7ceccfb288a0fbc7e71465aa4f2f8ace63186871fc1
                                        
                                            GET /A.basic.css.pagespeed.cf.7ea81HD-rp.css HTTP/1.1 
Host: safesear.ch
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/

                                         
                                         54.235.189.109
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
Date: Mon, 17 Jul 2017 22:06:48 GMT
Etag: W/"0-gzip"
Expires: Tue, 17 Jul 2018 22:06:48 GMT
Last-Modified: Mon, 17 Jul 2017 22:06:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 25017
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   25017
Md5:    85389fe711e2a0cb77b76b13c157c7ff
Sha1:   0a035eb26ca06d50413b2983d3c0c8785e8c39e5
Sha256: 8792cc16714e2b357fc78b7fe98b5b2e2e5cebbf327d4569579f1a4d076252d8
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: safesear.ch
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.235.189.109
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Date: Mon, 17 Jul 2017 22:06:49 GMT
Expires: Tue, 17 Jul 2018 22:06:49 GMT
Last-Modified: Wed, 10 May 2017 06:33:22 GMT
Server: Apache
Vary: User-Agent
Content-Length: 3262
Connection: keep-alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   3262
Md5:    703740ccb482f45a88d49ca7d20ce1fa
Sha1:   81af70500a3a52c3394572cea2995a0f67d12619
Sha256: ca1079a7f71a3159fd3da64feff6b79658d4ad68d9ed77ae982890b340fe9a46
                                        
                                            GET /y5.js.pagespeed.jm.U5w51pEc2f.js HTTP/1.1 
Host: safesear.ch
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/

                                         
                                         54.235.189.109
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
Date: Mon, 17 Jul 2017 22:06:49 GMT
Etag: W/"0-gzip"
Expires: Tue, 17 Jul 2018 22:06:49 GMT
Last-Modified: Mon, 17 Jul 2017 22:06:49 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 6223
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6223
Md5:    c1daf17e3fad1828879aa914f4f64b28
Sha1:   d50af0379c895bad3bcade3c8a605f58625e8fde
Sha256: c79805af62a92bb6bdf5a2ffb377abad0914f6b61afca68afe5e8f1f78a5b6cf
                                        
                                            GET /doc.js.pagespeed.jm.9UNEumdpQK.js HTTP/1.1 
Host: safesear.ch
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/

                                         
                                         54.235.189.109
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: max-age=2629743,private
Content-Encoding: gzip
Date: Mon, 17 Jul 2017 22:06:49 GMT
Expires: Thu, 17 Aug 2017 08:35:52 GMT
Last-Modified: Wed, 10 May 2017 06:33:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   77860
Md5:    e3ae5c4f7cff785988a23d5bf59f983a
Sha1:   7a85aad15bb3532d807945d57babfe78c69b66c8
Sha256: 7b7081297d6cb9712d1b9bf0e7b1d47af911bce1754d31595ba26084656c7f7c
                                        
                                            GET /tt?id=3140715&position=above HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/

                                         
                                         185.33.223.209
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: http://ib.adnxs.com/bounce?%2Ftt%3Fid%3D3140715%26position%3Dabove
AN-X-Request-Uuid: efeffa1a-fbe6-4298-8c37-bb85f1728db6
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.51:80


--- Additional Info ---
                                        
                                            GET /bounce?%2Ftt%3Fid%3D3140715%26position%3Dabove HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/
Cookie: sess=1; uuid2=8085939472403124023

                                         
                                         185.33.223.209
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 7435
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 84f0b00e-dc66-43c7-a72f-2b0b647ef3bf
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.77:80


--- Additional Info ---
Magic:  HTML document text
Size:   7435
Md5:    03cc27daecbed16466431163e40cf8b2
Sha1:   fa9b717f175d3ba1cc6b22a1ca934c4fc98fe974
Sha256: 37bc288634223eb96592ce73d641e245dee359a388116deec0d1c7aa2f6b6583
                                        
                                            GET /ttj?ttjb=1&bdc=1500329212&bdh=ZgBHueHTJHvxBKKsrVlcnG0xRGg.&&bdref=http%3A%2F%2Fsafesear.ch%2F&bdtop=true&bdifs=1&bstk=http%3A%2F%2Fsafesear.ch%2F,http%3A%2F%2Fib.adnxs.com%2Fbounce%3F%252Ftt%253Fid%253D3140715%2526position%253Dabove&&id=3140715&position=above HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ib.adnxs.com/bounce?%2Ftt%3Fid%3D3140715%26position%3Dabove
Cookie: sess=1; uuid2=8085939472403124023

                                         
                                         185.33.223.209
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 884
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
X-Creative-ID: 16948374
AN-X-Request-Uuid: da99c694-71bc-42dc-bf08-c5caff4d4ba3
Set-Cookie: anj=dTM7k!M4/8DYRWSF']wIg2In4t$pg(!]tbPB*SQLOsH`E.g3VsUw.0Z; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.84:80


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   884
Md5:    1cddb27908ae2c0ff6c6ec46f059a335
Sha1:   901da856925a09c0529780a5e581b1e61aac59fd
Sha256: 4f391d990ddb341c5597311f5e5a097af930a051b5c7c790fbd94598e01c6fc3
                                        
                                            GET /ib/static/usersync/v3/async_usersync.html HTTP/1.1 
Host: acdn.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ib.adnxs.com/bounce?%2Ftt%3Fid%3D3140715%26position%3Dabove
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4/8DYRWSF']wIg2In4t$pg(!]tbPB*SQLOsH`E.g3VsUw.0Z; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         151.101.85.108
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.9.13
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
Etag: W/"573e714d-3e3"
Expires: Tue, 01 Aug 2017 18:36:49 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:06:50 GMT
Age: 30252601
Connection: keep-alive
X-Served-By: cache-jfk1022-JFK, cache-bma7022-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 6573835
X-Timer: S1500329210.233108,VS0,VE0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   506
Md5:    b5df0fbc24b9c2e120c7adb1cd618f25
Sha1:   8ced45952c9a51b4e6689cd886e556719fa077b5
Sha256: 54020af72caa42494902c2e0d1fc011e0228df93d5531ef2f820af61528b3b63
                                        
                                            GET /p/a7/17/76/9a/a717769acf6767c3353945f606f9dfab.png HTTP/1.1 
Host: cdn.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ib.adnxs.com/bounce?%2Ftt%3Fid%3D3140715%26position%3Dabove
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4/8DYRWSF']wIg2In4t$pg(!]tbPB*SQLOsH`E.g3VsUw.0Z; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         151.101.85.108
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: Apache
Etag: "a717769acf6767c3353945f606f9dfab:1420007523"
Last-Modified: Wed, 31 Dec 2014 06:32:03 GMT
Access-Control-Allow-Origin: *, *, *, *, *, *
Cache-Control: max-age=1209600
Expires: Wed, 26 Jul 2017 09:50:01 GMT
Via: 1.1 varnish, 1.1 varnish
Fastly-Debug-Digest: 1776e3aa62f1f340da075a7e7b0ea4840c6c9753a015bb7f3ab0acd6d3dde631
Content-Length: 410
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:06:50 GMT
Age: 476209
Connection: keep-alive
X-Served-By: cache-jfk8134-JFK, cache-bma7022-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 4, 3
X-Timer: S1500329210.251590,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 300 x 250, 8-bit/color RGBA, non-interlaced
Size:   410
Md5:    a717769acf6767c3353945f606f9dfab
Sha1:   1ae0c61d75d97f76e745dc47b6cbf6f32d5e5e89
Sha256: e900df22d0929a9c334c4149c1c33566d467f35dafa00a01eac34c0321ce76a7
                                        
                                            GET /async_usersync?cbfn=AN_async_load HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4/8DYRWSF']wIg2In4t$pg(!]tbPB*SQLOsH`E.g3VsUw.0Z; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         185.33.223.209
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 1347
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: aab21aaa-36f4-4c91-abc8-6f5817153620
Set-Cookie: anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.79:80


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   1347
Md5:    0ad954d00911f8ae19f519e0020f8054
Sha1:   647e587f77f6e7dc883d2efec7ed151854ef557c
Sha256: e8a7e14ac136c83431ff29996012e0a9bf6a193db49efa5963e090af8ae98649
                                        
                                            GET /pixel?google_nid=appnexus&google_cm&google_sc&uid=8085939472403124023 HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         216.58.211.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_sc=&uid=8085939472403124023&google_tc=
Date: Mon, 17 Jul 2017 22:06:50 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 323
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 17-Jul-2017 22:21:50 GMT; path=/; domain=.doubleclick.net


--- Additional Info ---
Magic:  HTML document text
Size:   323
Md5:    fd4e6454875ca1b9e92cc942e1fb2334
Sha1:   f0a7f02d468efd2af52258f8e7b433ea000dd301
Sha256: f3fa30113e615f0a6b06e8838335a41d79da3d495edefd647a5b81cdbed7d364
                                        
                                            GET /t/v2/sync?tagid=V2_4265&src.visitorId=8085939472403124023 HTTP/1.1 
Host: odr.mookie1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         35.157.44.250
HTTP/1.1 302 Found
Content-Type: text/plain; charset=UTF-8
                                        
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 17 Jul 2017 22:06:50 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://global.ib-ibi.com/image.sbxx?go=298769&pid=541&xid=11388829401677538711
P3P: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
Pragma: no-cache
Set-Cookie: id=11388829401677538711; Domain=.mookie1.com; Expires=Thu, 16-Aug-2018 22:06:50 GMT; Path=/ mdata=1|11388829401677538711|1500329210335; Domain=.mookie1.com; Expires=Thu, 16-Aug-2018 22:06:50 GMT; Path=/
X-Application-Context: application
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            GET /pixel?google_nid=appnexus&google_cm=&google_sc=&uid=8085939472403124023&google_tc= HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: test_cookie=CheckForPermission

                                         
                                         216.58.211.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/setuid?entity=101&uid=8085939472403124023&code=CAESEE3m4uz1F7KSs0Ftvz9OgYY&google_cver=1
Date: Mon, 17 Jul 2017 22:06:50 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 317
X-XSS-Protection: 1; mode=block
Set-Cookie: id=2467780bfa3b4699||t=1500329210|et=730|cs=002213fd48b33f64b2e0d6c386; expires=Wed, 17-Jul-2019 22:06:50 GMT; path=/; domain=.doubleclick.net test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT IDE=AHWqTUm3dvNnbrlnYVPaolk7zy5iu5ZRzbgiwFY9EWCYwJotOs4XnoSxOA; expires=Wed, 17-Jul-2019 22:06:50 GMT; path=/; domain=.doubleclick.net; HttpOnly


--- Additional Info ---
Magic:  HTML document text
Size:   317
Md5:    bb657fef18454a2fd0baa24397ac016b
Sha1:   9537dd409e383594a329ab2e7146bef30d065e20
Sha256: 56e9b08dd2ed4d7abeea1959bbb7cd10a705972698dc508850db5b204cb24bd1
                                        
                                            GET /dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D52%26code%3D%7Bcriteo_userid%7D%26seg%3D5311899 HTTP/1.1 
Host: dis.criteo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         178.250.0.76
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 22:06:49 GMT
Content-Length: 43


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /sync/img?mt_exid=13&mt_exuid=8085939472403124023&redir=http%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D8%26code%3D%5Buuid%5D HTTP/1.1 
Host: sync.mathtag.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         185.29.133.34
HTTP/1.1 302 Moved Temporarily
Content-Type: image/gif
                                        
Date: Mon, 17 Jul 2017 22:06:50 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Cache-Control: no-cache
Set-Cookie: uuid=70ba596d-34fa-4100-b55a-97ad46013878; domain=.mathtag.com; path=/; expires=Tue, 14-Aug-2018 22:06:50 GMT
Location: http://sync.mathtag.com/sync/img?mt_exid=13&mt_exuid=8085939472403124023&redir=http%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D8%26code%3D%5Buuid%5D&mm_bnc&mm_bct
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 1.15.9.1 edd88a8 RELEASE zrh-pixel-x9
Expires: Mon, 17 Jul 2017 22:06:49 GMT


--- Additional Info ---
                                        
                                            GET /c.gif?anx_uid=8085939472403124023&Red3=MSAN_pd HTTP/1.1 
Host: c.bing.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         13.107.21.200
HTTP/1.1 302 Redirect
                                        
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://m.adnxs.com/seg?add=5159620&redir=http%3A%2F%2Fm.adnxs.com%2Fmapuid%3Fmember%3D226%26user%3D15A5EB3AF6F46E011019E1F8F2F46DCD%3B%26redir%3Dhttp%253A%252F%252Fm.adnxs.com%252Fmapuid%253Fmember%253D280%2526user%253D15A5EB3AF6F46E011019E1F8F2F46DCD%253B
Server: Microsoft-IIS/10.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: ANONCHK=1; domain=c.bing.com; expires=Mon, 17-Jul-2017 22:16:50 GMT; path=/; MUID=15A5EB3AF6F46E011019E1F8F2F46DCD; domain=.bing.com; expires=Sat, 11-Aug-2018 22:06:50 GMT; path=/; MR=0; domain=c.bing.com; expires=Sat, 13-Jan-2018 22:06:50 GMT; path=/; MUIDB=162C8D599793644025B8879B9677652F; path=/; httponly; expires=Wed, 17-Jul-2019 22:06:50 GMT
X-Powered-By: ASP.NET
X-MSEdge-Ref: Ref A: 0B5ECB1742314E2E9941827F5EE7DCFF Ref B: STOSCHEDGE0106 Ref C: 2017-07-17T22:06:50Z
Date: Mon, 17 Jul 2017 22:06:49 GMT
Content-Length: 0


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         54.230.15.71
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Date: Mon, 17 Jul 2017 22:06:50 GMT
Etag: "59682b92-1d7"
Expires: Mon, 24 Jul 2017 10:06:50 GMT
Last-Modified: Fri, 14 Jul 2017 02:25:22 GMT
Server: ECS (dca/53DB)
X-Cache: Miss from cloudfront
Via: 1.1 5515890e7ce0a4b8eaa000066bc1c8f7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: -kXtjTZbpfEW5dIkeeF8vIiLhW1g_Z8pm0fBs6Ffrmux6fLiiqw9cA==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    104d55f9483b16120455252645ef137b
Sha1:   0d2b6ffea7f6b9443bae33ab2dc58c88abdb7d4e
Sha256: dbae3a5158d6aaccce86c057a18bc83a0a95df26febe684570f434147aca42d4
                                        
                                            GET /setuid?entity=101&uid=8085939472403124023&code=CAESEE3m4uz1F7KSs0Ftvz9OgYY&google_cver=1 HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         185.33.223.209
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: 1d41dc01-f33e-429e-a89f-2e38894392f3
Set-Cookie: anj=dTM7k!M4/bgjZ%3ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_Ttixu:Sd'fFpOwkCwuJnBf-Wh9X=+Xn-qjyT0UU4x:JF)NRpkxW:a$iTC/A=5b2ERN4hGqKwTv)KWvsq)iSmVeyF^[>.VDs!]t+@!58[T:3!?k; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.174:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /tap.php?v=4894&nid=1986&put=8085939472403124023 HTTP/1.1 
Host: pixel.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         213.19.162.90
HTTP/1.1 307 Temporary Redirect
                                        
Set-Cookie: c=1; Path=/
Location: /tap.php?cookie_redirect=1&v=4894&nid=1986&put=8085939472403124023
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Content-Length: 0
Date: Mon, 17 Jul 2017 22:06:50 GMT
Server: Rubicon Project


--- Additional Info ---
                                        
                                            GET /cm?in=1&pub=345&userid=8085939472403124023 HTTP/1.1 
Host: p.rfihub.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         185.31.128.208
HTTP/1.1 302 Found
                                        
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAABMStjCwMLU0tjQxNzIxMDYEEkbGUbyGpgYGxkaWRoYGxhZmsxhR-QD4GvlvNAAAAA;Path=/;Domain=.rfihub.com;Expires=Sat, 11-Aug-2018 22:06:50 GMT ruds=H4sIAAAAAAAAAOMSNjQwMTQ1Mje3MDYwsDQ0tDQxMRDiM9QttLQwcqrwjswqMfIFAAopvOclAAAA;Path=/;Domain=.rfihub.com euds=H4sIAAAAAAAAABMStjCwMLU0tjQxNzIxMDYEEkbGAN40Ql8VAAAA;Path=/;Domain=.rfihub.com smd=H4sIAAAAAAAAALPiNTQ1MDA2sjQyNDC2MAMA7eYC6w8AAAA;Path=/;Domain=.rfihub.com;Expires=Sat, 11-Aug-2018 22:06:50 GMT rud=H4sIAAAAAAAAAOMSNjQwMTQ1Mje3MDYwsDQ0tDQxMRDiM9QttLQwcqrwjswqMfKV4jU0NTAwNrI0MjQwtjADAFm5XmY0AAAA;Path=/;Domain=.rfihub.com;Expires=Sat, 11-Aug-2018 22:06:50 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids('1041527783009119440','');&redir=
Content-Length: 0


--- Additional Info ---
                                        
                                            GET /track/cmf/generic?ttd_pid=appnexus&ttd_tpi=1&ttd_puid=8085939472403124023 HTTP/1.1 
Host: match.adsrvr.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         176.34.187.189
HTTP/1.1 302 Found
Content-Type: text/html
                                        
Cache-Control: private,no-cache, must-revalidate
Date: Mon, 17 Jul 2017 22:06:51 GMT
Location: http://match.adsrvr.org/track/cmb/generic?ttd_pid=appnexus&ttd_tpi=1&ttd_puid=8085939472403124023
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/8.5
Set-Cookie: TDID=451e74ba-582e-44f1-b6a8-865e44fa9cb4; domain=.adsrvr.org; expires=Tue, 17-Jul-2018 22:06:52 GMT; path=/ TDCPM=CAEYBSgCMgsI0Na3w9vapjUQBTgB; domain=.adsrvr.org; expires=Tue, 17-Jul-2018 22:06:52 GMT; path=/
X-AspNet-Version: 4.0.30319
Content-Length: 225
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   225
Md5:    f7ed3c046a214cac4a7dce974bfdb544
Sha1:   b0ecb332b5151f35c7c17101f4c2043cf17c5073
Sha256: 985a355cbc0bba88c722cc4db3ff6cd0619a708f3d82adc8ebb0fa74ba46ddc2
                                        
                                            GET /tap.php?cookie_redirect=1&v=4894&nid=1986&put=8085939472403124023 HTTP/1.1 
Host: pixel.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: c=1

                                         
                                         213.19.162.90
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
X-RPHost: 8A5IVoU6fejOQtfJgzkgpg
Set-Cookie: rpb=4894%3D1; Domain=.rubiconproject.com; Expires=Wed, 16-Aug-2017 22:06:50 GMT; Path=/ put_1986=8085939472403124023; Domain=.rubiconproject.com; Expires=Wed, 16-Aug-2017 21:59:59 GMT; Path=/ rpx=4894%3D66110%2C0%2C1%2C%2C; Domain=.pixel.rubiconproject.com; Expires=Wed, 16-Aug-2017 22:06:50 GMT; Path=/ khaos=J58P9VRX-1X-DOJM; Domain=.rubiconproject.com; Expires=Tue, 16-Jan-2018 10:06:50 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Connection: keep-alive
Content-Length: 42
Date: Mon, 17 Jul 2017 22:06:50 GMT
Server: Rubicon Project


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /sync/img?mt_exid=13&mt_exuid=8085939472403124023&redir=http%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D8%26code%3D%5Buuid%5D&mm_bnc&mm_bct HTTP/1.1 
Host: sync.mathtag.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: uuid=70ba596d-34fa-4100-b55a-97ad46013878

                                         
                                         185.29.133.34
HTTP/1.1 302 Moved Temporarily
Content-Type: image/gif
                                        
Date: Mon, 17 Jul 2017 22:06:50 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Cache-Control: no-cache
Location: http://ib.adnxs.com/setuid?entity=8&code=70ba596d-34fa-4100-b55a-97ad46013878
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 1.15.9.1 edd88a8 RELEASE zrh-pixel-x6
Set-Cookie: uuidc=xX04G6a+jYrRFNkCWRI2h29DFnqvXDTHzadyg+y/s9BgFTt02RBU0GJVZw0QBtfxua7EJzTxhzgrViIx2r+k8JkAvLJeggMzNzOPcqQkcFY=; Expires=Tue, 14-Aug-18 22:06:50 GMT; Domain=.mathtag.com; Path=/
Expires: Mon, 17 Jul 2017 22:06:49 GMT


--- Additional Info ---
                                        
                                            GET /pxj?bidder=18&seg=378601&action=setuids(%271041527783009119440%27,%27%27);&redir= HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4/bgjZ%3ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_Ttixu:Sd'fFpOwkCwuJnBf-Wh9X=+Xn-qjyT0UU4x:JF)NRpkxW:a$iTC/A=5b2ERN4hGqKwTv)KWvsq)iSmVeyF^[>.VDs!]t+@!58[T:3!?k; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         185.33.223.209
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: c9216c59-11ca-46d1-8a33-8fa4c9661a7b
Set-Cookie: anj=dTM7k!M4/bgjZ%3ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_Ttixu:Sd'fFpOwkCwuJnBf-Wh9X=+Xn-qjyT0UU4x:JF)NRpkxW:a$iTC/A=5b2ERN4hGqKwTv)KWvsq)iSmVeyF^[>.VDs!]t+@!58[T:3!?k; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.207:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /track/cmb/generic?ttd_pid=appnexus&ttd_tpi=1&ttd_puid=8085939472403124023 HTTP/1.1 
Host: match.adsrvr.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: TDID=451e74ba-582e-44f1-b6a8-865e44fa9cb4; TDCPM=CAEYBSgCMgsI0Na3w9vapjUQBTgB

                                         
                                         176.34.187.189
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private,no-cache, must-revalidate
Date: Mon, 17 Jul 2017 22:06:49 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/8.5
Set-Cookie: TDID=451e74ba-582e-44f1-b6a8-865e44fa9cb4; domain=.adsrvr.org; expires=Tue, 17-Jul-2018 22:06:49 GMT; path=/ TDCPM=CAESFwoIYXBwbmV4dXMSCwis6f_9xNqmNRAFGAU4AUIEIgIIAQ..; domain=.adsrvr.org; expires=Tue, 17-Jul-2018 22:06:49 GMT; path=/
X-AspNet-Version: 4.0.30319
Content-Length: 70
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   70
Md5:    58a7930cd4577fc33c35828c271eab8f
Sha1:   406e57f86dc101e10f3a57be1e2f7b93c4580474
Sha256: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
                                        
                                            GET /seg?add=5159620&redir=http%3A%2F%2Fm.adnxs.com%2Fmapuid%3Fmember%3D226%26user%3D15A5EB3AF6F46E011019E1F8F2F46DCD%3B%26redir%3Dhttp%253A%252F%252Fm.adnxs.com%252Fmapuid%253Fmember%253D280%2526user%253D15A5EB3AF6F46E011019E1F8F2F46DCD%253B HTTP/1.1 
Host: m.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         37.252.172.211
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: http://m.adnxs.com/mapuid?member=226&user=15A5EB3AF6F46E011019E1F8F2F46DCD;&redir=http%3A%2F%2Fm.adnxs.com%2Fmapuid%3Fmember%3D280%26user%3D15A5EB3AF6F46E011019E1F8F2F46DCD%3B
AN-X-Request-Uuid: 84eafa04-7ffc-4ef3-acda-14bf62f56b33
Set-Cookie: anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 288.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.201:80


--- Additional Info ---
                                        
                                            GET /setuid?entity=8&code=70ba596d-34fa-4100-b55a-97ad46013878 HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4/bgjZ%3ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_Ttixu:Sd'fFpOwkCwuJnBf-Wh9X=+Xn-qjyT0UU4x:JF)NRpkxW:a$iTC/A=5b2ERN4hGqKwTv)KWvsq)iSmVeyF^[>.VDs!]t+@!58[T:3!?k; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         185.33.223.209
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: d39ae68c-2545-4203-b5fe-d7c96ce42023
Set-Cookie: anj=dTM7k!M40uEVt4ZF']wIg2In4t$pg(!]tbPB*Ny7NI/6X@j6CjmQAmOAtQKE2D.O82p#iIMb4Bh9k)8.#CJg'm%5BSu)ooB<ww!LYUi-q`)URG^hJlI^#@BrXuwX>I6]xz<UmAXMxT^%cs9wy>>!UG<Ps/0+nV_:8fSfKEkPpQ:Y1K-$#f_OUAdW[e`8HZalI1=$1iG)ZQZrQp*yR9Ei7#3*CUEaeuiv].MY-fXs>8GobM.JOgJm!O+j:A!x#a+Azzbf; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.84:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /mapuid?member=226&user=15A5EB3AF6F46E011019E1F8F2F46DCD;&redir=http%3A%2F%2Fm.adnxs.com%2Fmapuid%3Fmember%3D280%26user%3D15A5EB3AF6F46E011019E1F8F2F46DCD%3B HTTP/1.1 
Host: m.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         37.252.172.211
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: http://m.adnxs.com/mapuid?member=280&user=15A5EB3AF6F46E011019E1F8F2F46DCD;
AN-X-Request-Uuid: d49c98e4-6816-4ebe-bbbe-f83f56bfe3ea
Set-Cookie: anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 288.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.59:80


--- Additional Info ---
                                        
                                            GET /mapuid?member=280&user=15A5EB3AF6F46E011019E1F8F2F46DCD; HTTP/1.1 
Host: m.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         37.252.172.211
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: ea9d3df0-be28-4f8b-b7d7-85b93e7e36df
Set-Cookie: anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 288.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.201:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /rsp?dnv=[TIMESTAMP]&rurl=//ib.adnxs.com/mapuid?member=364%26user=[MOOKIE] HTTP/1.1 
Host: t.mookie1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         54.165.163.96
HTTP/1.1 302 Found
Content-Type: text/plain; charset=UTF-8
                                        
Date: Mon, 17 Jul 2017 22:06:50 GMT
Location: http://tlg.mookie1.com/rsp?dnv=[TIMESTAMP]&rurl=//ib.adnxs.com/mapuid?member=364%26user=[MOOKIE]
P3P: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
X-Application-Context: application
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.rootca1.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         54.230.15.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 1426
Connection: keep-alive
Date: Mon, 17 Jul 2017 22:06:50 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.1/2016-04-26)
X-Cache: Miss from cloudfront
Via: 1.1 cb4a13289775641b81a657ee95b08f74.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2AhozekXdCKYL-vWd_tHw3VHSPpC4x4l6WoqBit-r-oTLb3vs9tRDA==


--- Additional Info ---
Magic:  data
Size:   1426
Md5:    ca109cc52a0f1843a3cdcc400cbf4230
Sha1:   48bf2138e273d0b0edf9ad64e8315f01a8d6ecc5
Sha256: 89a36b77db8909a03994110d77094644cbdb1a9a9f864363113ddbe3090e9d25
                                        
                                            POST / HTTP/1.1 
Host: ss.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1608
Content-Transfer-Encoding: binary
Cache-Control: max-age=378870, public, no-transform, must-revalidate
Last-Modified: Sat, 15 Jul 2017 07:17:37 GMT
Expires: Sat, 22 Jul 2017 07:17:37 GMT
Date: Mon, 17 Jul 2017 22:06:50 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1608
Md5:    400f3a4d63892082c50a6a768f5bf258
Sha1:   69c272822b5cbffbc98fd0b1002dbf181f8026fc
Sha256: 81258dd0633df9dce8df0c95893717539c0f0f0e56ef3d1c49d444e4cb82de03
                                        
                                            POST / HTTP/1.1 
Host: gn.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1419
Content-Transfer-Encoding: binary
Cache-Control: max-age=367650, public, no-transform, must-revalidate
Last-Modified: Sat, 15 Jul 2017 04:11:22 GMT
Expires: Sat, 22 Jul 2017 04:11:22 GMT
Date: Mon, 17 Jul 2017 22:06:50 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1419
Md5:    e177f6e203f501b94e65047d573b8e00
Sha1:   0977d40c64313850f9a71a94be382119fb9830ee
Sha256: 97975c777bb3da0be211921a3ac3e9d1e17a02d6a2684b5d99dfd9fa95ae408f
                                        
                                            GET /getuid?https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus1%26google_sc%26google_hm%3D%24%7BBASE64_UID_ENC%7D%26google_cm HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         185.33.223.209
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus1&google_sc&google_hm=ODA4NTkzOTQ3MjQwMzEyNDAyMw%3D%3D&google_cm
AN-X-Request-Uuid: 2ddebe75-d5f7-499c-9abf-8b85f6766389
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:52 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.229:80


--- Additional Info ---
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.16.25.216
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Jul 2017 22:06:50 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d95bc48df4696a669c563e86e3048061f1500329210; expires=Tue, 17-Jul-18 22:06:50 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Mon, 17 Jul 2017 19:57:58 GMT
Expires: Fri, 21 Jul 2017 19:57:58 GMT
Etag: "35a2275d4faafef24f4c23ae971b061dd7e1a71b"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 380082c0655186bb-ARN


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    401277ac8a77d61d1522bde328df4b43
Sha1:   35a2275d4faafef24f4c23ae971b061dd7e1a71b
Sha256: ff46b043e0b04a3212aa1781ae4ebfdfa38e205938cf2af8a2d2b90dbb432d7d
                                        
                                            GET /nr-1026.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/

                                         
                                         151.101.84.207
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: YqOOg0Es2ixkXesNY8ysbLwn/EQL5rH15+mu9e1OqPcA0qMGzkNgi/5dc962O9AFNetfxoP5QDM=
x-amz-request-id: 614E194B9F595416
Last-Modified: Mon, 06 Mar 2017 21:10:03 GMT
Etag: "230c916aaa9194e21891a639a9c2b8eb"
Server: AmazonS3
Cache-Control: public, max-age=7200, stale-if-error=604800
Content-Encoding: gzip
Content-Length: 8844
Accept-Ranges: bytes
Date: Mon, 17 Jul 2017 22:06:50 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-bma7033-BMA
X-Cache: HIT
X-Cache-Hits: 74022
X-Timer: S1500329211.991056,VS0,VE0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8844
Md5:    616ac0f9ae8c6bae973bb1ac43708bc9
Sha1:   27bf74c90698c70091d6a6c38fcfcfdc5f3723e3
Sha256: 1b5220df31d8f1d4fde134183461f46ea27252436677fee4caad037800a21722
                                        
                                            GET /mapuid?member=364&user=11388829401677538711 HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2R$_n^qK!9?75]=-YWbg0Xz_n%ugAGkkLC(9VnwH<ZTPZ0P9$bhL+aigT*qq5Y_)jiXZ:SamCff`[:6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4]eFlf2; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         185.33.223.209
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:53 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: e594e9df-a391-4621-b08d-6c050d6e385e
Set-Cookie: anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2Q9NW85p2LPq=5i%ATGoVF_3pc?iIRrR^PYs'_4b-onX.91E[#N+Q5l%)8l^#QR.^0q_?nJXt8f58alnEmzfQ!2Ooq%g=nJWaS@+BH*917z<dWME4(EW<KO0R`l; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:53 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:53 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:53 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.200:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            POST / HTTP/1.1 
Host: gn.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1419
Content-Transfer-Encoding: binary
Cache-Control: max-age=330821, public, no-transform, must-revalidate
Last-Modified: Fri, 14 Jul 2017 17:56:26 GMT
Expires: Fri, 21 Jul 2017 17:56:26 GMT
Date: Mon, 17 Jul 2017 22:06:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1419
Md5:    c4e096becd1bad922236157652211e88
Sha1:   d9fef254caf8c2da39a988f632f5ff5d401cc0ba
Sha256: 405d339bd0868aff58f77f757e9b7741c4141be5784e795a5c5a01f0dbf3c12a
                                        
                                            GET /js/sa-lib-min_9HMCOY0ST.js HTTP/1.1 
Host: www.safesear.ch
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/

                                         
                                         54.235.189.109
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: public, max-age=2629743
Content-Encoding: gzip
Date: Mon, 17 Jul 2017 22:06:50 GMT
Expires: Mon, 24 Jul 2017 22:06:50 GMT
Last-Modified: Wed, 10 May 2017 06:33:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 21682
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21682
Md5:    b251e7387741153e3b77f57f60346c55
Sha1:   586354bcc644bc4e9fc061f381581053c474cfaf
Sha256: 7b4e2100ed032f01e3f2ba2f1c4128a5c4fe4e2804b7274ba06faefda327be6e
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Jul 2017 22:06:51 GMT
Expires: Fri, 21 Jul 2017 22:06:51 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    37fea05d03943e910853a2e233293802
Sha1:   15314d7ec0d17fb919f2b70d2a74876dd708482f
Sha256: ff88728f281063989eff178210f6d6c2097bc955d6b1551c8a438fad5234ec4f
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1390
Content-Transfer-Encoding: binary
Cache-Control: max-age=602424, public, no-transform, must-revalidate
Last-Modified: Mon, 17 Jul 2017 21:26:55 GMT
Expires: Mon, 24 Jul 2017 21:26:55 GMT
Date: Mon, 17 Jul 2017 22:06:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1390
Md5:    b74a9fb9df25cd77adb7de7c3b01c5a8
Sha1:   9cca9c1b29d2e8799dec26692bae98dfaee30613
Sha256: d42cc04177856308d60126391d46ba858e4c86a44b73d248c385d28441754ea2
                                        
                                            GET /sync?c=30&r=2&j=cr_handle_data_a HTTP/1.1 
Host: gum.criteo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ib.adnxs.com/bounce?%2Ftt%3Fid%3D3140715%26position%3Dabove

                                         
                                         178.250.2.67
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: private
Expires: Mon, 17 Jul 2017 23:06:52 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 22:06:51 GMT
Content-Length: 51


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   51
Md5:    dacd100535138113b42bc58eea0dcfee
Sha1:   ea406ee2f313ee26905031e896bae89c8ba2b9a7
Sha256: acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a
                                        
                                            GET /pixel?google_nid=appnexus1&google_sc&google_hm=ODA4NTkzOTQ3MjQwMzEyNDAyMw%3D%3D&google_cm HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: id=2467780bfa3b4699||t=1500329210|et=730|cs=002213fd48b33f64b2e0d6c386; IDE=AHWqTUm3dvNnbrlnYVPaolk7zy5iu5ZRzbgiwFY9EWCYwJotOs4XnoSxOA

                                         
                                         216.58.211.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://adx.adnxs.com/mapuid?member=181&user=&google_gid=CAESEHwe3oFW3kFA3R_3yaKhouw&google_cver=1
Date: Mon, 17 Jul 2017 22:06:51 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 307
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"


--- Additional Info ---
Magic:  HTML document text
Size:   307
Md5:    df6cc8c6720bfcb636fd42fb460f7dab
Sha1:   e656f89fe71989b294b23665822abb05194dee46
Sha256: 66a8a03e85eb8503c96aab6a9c9c66fbc153f99353baedc7724626666df8ec6f
                                        
                                            GET /mapuid?member=181&user=&google_gid=CAESEHwe3oFW3kFA3R_3yaKhouw&google_cver=1 HTTP/1.1 
Host: adx.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: sess=1; uuid2=8085939472403124023; anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2Q9NW85p2LPq=5i%ATGoVF_3pc?iIRrR^PYs'_4b-onX.91E[#N+Q5l%)8l^#QR.^0q_?nJXt8f58alnEmzfQ!2Ooq%g=nJWaS@+BH*917z<dWME4(EW<KO0R`l; icu=ChIIjbAYEAoYASABKAEw_Om0ywUQ_Om0ywUYAA..

                                         
                                         37.252.172.53
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.11.5
Date: Mon, 17 Jul 2017 22:06:54 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: 8cfa3840-8477-4455-abee-621d8939da50
Set-Cookie: anj=dTM7k!M4.we8)4*ghqdmU(7TEoi7L.#[2RfN:t+o2LPq=5i%ATGoVF_3pc?iIRrR^PYs'_4b-onX.91E[#N+Q5l%)8l^#QR.^0q_?nJXt.Lu2Q6V'tqmIc8tI![0.42R6J0qWIuFqrmGCpCbSCnY4`NS0`H; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:54 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Tue, 18-Jul-2017 22:06:54 GMT; Domain=.adnxs.com; HttpOnly uuid2=8085939472403124023; Path=/; Max-Age=7776000; Expires=Sun, 15-Oct-2017 22:06:54 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 156.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.22:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /1/de86d252fb?a=3434579&v=1026.7a27a3e&to=NlAHNxAFXRVTBhFZVg8aMBELS1oIVgAdHkkJRQ%3D%3D&rst=2192&ref=http://safesear.ch/&ap=14&fe=979&dc=976&af=err,xhr&at=GhcEQVgfThs%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://safesear.ch/

                                         
                                         50.31.164.173
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
                                        
Set-Cookie: JSESSIONID=91265e2f1f4adf57;Path=/;Domain=.nr-data.net;Secure
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    5c9da71976fb9d00f82e61c7e496ba06
Sha1:   58884fb0e24a399213205ad35db27e6011bd149c
Sha256: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
                                        
                                            GET /rsp?dnv=[TIMESTAMP]&rurl=//ib.adnxs.com/mapuid?member=364%26user=[MOOKIE] HTTP/1.1 
Host: tlg.mookie1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: id=11388829401677538711; mdata=1|11388829401677538711|1500329210335

                                         
                                         208.81.233.48
HTTP/1.1 302 Found
Content-Type: text/plain; charset=UTF-8
                                        
Date: Mon, 17 Jul 2017 22:06:40 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: id=11388829401677538711; expires=Thu, 16-Aug-18 22:06:40 GMT; path=/; domain=.mookie1.com mdata=1|11388829401677538711|1500329200; expires=Thu, 16-Aug-18 22:06:40 GMT; path=/; domain=.mookie1.com OAX=we6ZR1ltNPAAAk4x; expires=Thu, 16-Aug-18 22:06:40 GMT; path=/; domain=.mookie1.com
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Location: /rsp/cc?dnv=[TIMESTAMP]&rurl=//ib.adnxs.com/mapuid?member=364%26user=[MOOKIE]
Connection: close


--- Additional Info ---
                                        
                                            GET /rsp/cc?dnv=[TIMESTAMP]&rurl=//ib.adnxs.com/mapuid?member=364%26user=[MOOKIE] HTTP/1.1 
Host: tlg.mookie1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Cookie: id=11388829401677538711; mdata=1|11388829401677538711|1500329200; OAX=we6ZR1ltNPAAAk4x

                                         
                                         208.81.233.48
HTTP/1.1 302 Found
Content-Type: text/plain; charset=UTF-8
                                        
Date: Mon, 17 Jul 2017 23:07:30 GMT
Server: Apache/2.2.3 (Red Hat)
Location: //ib.adnxs.com/mapuid?member=364&user=11388829401677538711
Connection: close


--- Additional Info ---
                                        
                                            GET /image.sbxx?go=298769&pid=541&xid=11388829401677538711 HTTP/1.1 
Host: global.ib-ibi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

                                         
                                         0.0.0.0
                                        


--- Additional Info ---