Overview

URL dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
IP149.56.18.55
ASN
Location United States
Report completed2018-03-14 01:34:03 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-03-14 2 dl-file.com/js/jquery.cookie.js Malware
2018-03-14 2 dl-file.com/js/paging.js Malware
2018-03-14 2 dl-file.com/js/jquery.paging.js Malware
2018-03-14 2 dl-file.com/js/jquery-1.9.1.min.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 149.56.18.55

Date UQ / IDS / BL URL IP
2018-11-22 12:05:04 +0100
0 - 0 - 4 https://dl-file.com/1t9bdfesdjfi/AdacHeli.zip.html 149.56.18.55
2018-11-21 19:23:45 +0100
0 - 0 - 6 dl-file.com/gfotr3yeb2i2/FS17_Kastor_Wood_Inc (...) 149.56.18.55
2018-10-08 19:33:18 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/ygzv72duiv3ggvyyre (...) 149.56.18.55
2018-10-06 15:52:03 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/f6yv72bed5ytgwqoqb (...) 149.56.18.55
2018-10-06 15:52:02 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/oczf72dranwtmfyqqb (...) 149.56.18.55
2018-09-02 12:14:16 +0200
0 - 0 - 6 dl-file.com/38ei1qp276fs/MB_SLS_AMG-FurkanSev (...) 149.56.18.55
2018-09-02 12:14:14 +0200
0 - 0 - 6 dl-file.com/fyzq8imukiao/FS17_Pack_Bennes_Dez (...) 149.56.18.55
2018-09-02 12:14:12 +0200
0 - 0 - 6 dl-file.com/id609typ8uky/MB_SLS_AMG-FurkanSev (...) 149.56.18.55
2018-07-23 06:29:19 +0200
0 - 0 - 0 149.56.18.55 149.56.18.55
2018-05-21 02:24:07 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/hc2v72daa4yduhscrv (...) 149.56.18.55

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2018-12-10 17:19:30 +0100
0 - 0 - 0 https://www.evensi.us/123movies-watch-black-p (...) 52.34.130.13
2018-12-10 17:19:23 +0100
0 - 0 - 2 markinwu.com/jhccphfm/450.html 156.238.85.217
2018-12-10 17:18:57 +0100
0 - 0 - 0 https://steemit.com/mogli/@stieve.woodz/mogli (...) 34.199.53.33
2018-12-10 17:18:17 +0100
0 - 0 - 0 wonin.name/wsportalia/ 162.241.204.116
2018-12-10 17:18:17 +0100
0 - 0 - 0 https://www.innovationpolicyplatform.org/cont (...) 34.226.182.22
2018-12-10 17:18:13 +0100
0 - 1 - 1 download.castvpn.com/AdExpert/castvpn.exe 185.10.6.7
2018-12-10 17:18:05 +0100
0 - 0 - 0 198.54.117.200 198.54.117.200
2018-12-10 17:18:02 +0100
0 - 0 - 4 romanceeousadia.com.br/ 170.247.48.142
2018-12-10 17:17:57 +0100
0 - 0 - 1 dl.loadgenclientservice.com/colni/scle8t42/ru (...) 64.95.103.181
2018-12-10 17:17:54 +0100
0 - 0 - 1 freecheatsyt.bplaced.net/KE2JNEXSeI/BoostingS (...) ::1

Last 10 reports on domain: dl-file.com

Date UQ / IDS / BL URL IP
2018-11-22 12:05:04 +0100
0 - 0 - 4 https://dl-file.com/1t9bdfesdjfi/AdacHeli.zip.html 149.56.18.55
2018-11-21 19:23:45 +0100
0 - 0 - 6 dl-file.com/gfotr3yeb2i2/FS17_Kastor_Wood_Inc (...) 149.56.18.55
2018-10-08 19:33:18 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/ygzv72duiv3ggvyyre (...) 149.56.18.55
2018-10-06 15:52:03 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/f6yv72bed5ytgwqoqb (...) 149.56.18.55
2018-10-06 15:52:02 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/oczf72dranwtmfyqqb (...) 149.56.18.55
2018-09-02 12:14:16 +0200
0 - 0 - 6 dl-file.com/38ei1qp276fs/MB_SLS_AMG-FurkanSev (...) 149.56.18.55
2018-09-02 12:14:14 +0200
0 - 0 - 6 dl-file.com/fyzq8imukiao/FS17_Pack_Bennes_Dez (...) 149.56.18.55
2018-09-02 12:14:12 +0200
0 - 0 - 6 dl-file.com/id609typ8uky/MB_SLS_AMG-FurkanSev (...) 149.56.18.55
2018-05-21 02:24:07 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/hc2v72daa4yduhscrv (...) 149.56.18.55
2018-05-21 02:23:13 +0200
0 - 0 - 1 dl-file.com/cgi-bin/dl.cgi/55hv72dhjnytycqbqn (...) 149.56.18.55


JavaScript

Executed Scripts (68)


Executed Evals (87)

#1 JavaScript::Eval (size: 31, repeated: 2) - SHA256: 491244959c023dc248cd268e9f16fd4ccb3850387d4382aa35fb8bdc4d87a398

                                        0,
function(V) {
    J(V, 1);
}
                                    

#2 JavaScript::Eval (size: 31, repeated: 2) - SHA256: f95cc6609e96d8064ddf6c3bd883cb36f0cdf404e1abc80bc665fb1fc593e48a

                                        0,
function(V) {
    J(V, 2);
}
                                    

#3 JavaScript::Eval (size: 31, repeated: 2) - SHA256: 2f8fc561520757a7aa22947db026132fd88d783b8e605763da39ffeb9431bb6b

                                        0,
function(V) {
    J(V, 4);
}
                                    

#4 JavaScript::Eval (size: 38, repeated: 2) - SHA256: c5ecb98e904e7dc676cc2d63534c5e706ce03011e1f7d25cc1c0e4b40913fa0f

                                        0,
function(V) {
    V.O && K(V, 0);
}
                                    

#5 JavaScript::Eval (size: 30, repeated: 2) - SHA256: 9dadf78bfa56d24ce2fe65795f9c792657e61c2cd290d72e21be66c1c138636c

                                        0,
function(V) {
    V.l(0);
}
                                    

#6 JavaScript::Eval (size: 30, repeated: 2) - SHA256: bd32823cb6dbd5c432c05f910b98d4c5bc4d6dc8123777b645518fd591ebe2c2

                                        0,
function(V) {
    V.l(3);
}
                                    

#7 JavaScript::Eval (size: 30, repeated: 2) - SHA256: 6f8c4732e555cb35aa4012d8ee99640a276d2e1090871b2bd3f83bfc9a72015b

                                        0,
function(V) {
    V.l(4);
}
                                    

#8 JavaScript::Eval (size: 30, repeated: 2) - SHA256: ff017d84bc445feaf9c55ee752e74ce730cee6d15a3bf2d14a9c74bc166fe996

                                        0,
function(V) {
    V.l(7);
}
                                    

#9 JavaScript::Eval (size: 31, repeated: 2) - SHA256: 34e47052e154fecc0d88967848bd7e11acf10851dbc71319df3df851973449b0

                                        0,
function(V) {
    X(V, 1);
}
                                    

#10 JavaScript::Eval (size: 31, repeated: 2) - SHA256: 0d6b4edd8f9335610d78d9e347305b98d0a3d2b467544674e963d270cd6e48d0

                                        0,
function(V) {
    X(V, 2);
}
                                    

#11 JavaScript::Eval (size: 31, repeated: 2) - SHA256: b4e57a3a1b3c21467868d87428699fbc8b498b1e0f099a826266786b879fee0b

                                        0,
function(V) {
    X(V, 4);
}
                                    

#12 JavaScript::Eval (size: 187, repeated: 2) - SHA256: 0860703eb9ee04c38c227da382380bbf48f171b124c65e067242084f8425536d

                                        0,
function(V, C) {
    ((C.push(V[0] << 24 | V[1] << 16 | V[2] << 8 | V[3]), C).push(V[4] << 24 | V[5] << 16 | V[6] << 8 | V[7]), C).push(V[8] << 24 | V[9] << 16 | V[10] << 8 | V[11]);
}
                                    

#13 JavaScript::Eval (size: 95, repeated: 2) - SHA256: 3266e49af363e3d5f91418475e817d7b3a2ba550066a961a8931215beb5229d2

                                        0,
function(V, C) {
    (C = V.G(), V = V.j(C), V[0]).removeEventListener(V[1], V[2], false);
}
                                    

#14 JavaScript::Eval (size: 50, repeated: 2) - SHA256: 9869bf620221d0d81b61ed1bcbc4c51f5ce468cef171fe2fbd1a7f37520159d7

                                        0,
function(V, C) {
    C = V.j(V.G()), p(V, C);
}
                                    

#15 JavaScript::Eval (size: 83, repeated: 2) - SHA256: c9d432e989f87cf917387bfd8fc0521bedf7adaf727a0b9de2dd7b755b09c559

                                        0,
function(V, C) {
    Z(V, 1, 5) || (C = m(V), B(V, C.P, C.Y.apply(C.C, C.g)));
}
                                    

#16 JavaScript::Eval (size: 123, repeated: 2) - SHA256: a21d55fb494fd8ff9878add868e4be98365a81173e8d292569e3d54e25da2e51

                                        0,
function(V, C) {
    if (C = this.I[V], void 0 === C) {
        throw L(this, 30, 0, V), this.v;
    }
    return C();
}
                                    

#17 JavaScript::Eval (size: 513, repeated: 2) - SHA256: e46f358de078c6dc3bc43b121a920cef63c771d532a766cc6e286915e31a64ec

                                        0,
function(V, C) {
    if (this.Z) {
        return V = V ? this.Z().shift() : this.D().shift(), this.Z().length ||
            this.D().length || (this.D = this.Z = void 0, this.V--), V;
    }
    if (!(V = this.j(255), V in this.U)) {
        throw L(this, 31), this.v;
    }
    return (void 0 == this.W && (this.W = M(this.U, V - 4), this.h = void 0), this.h != V >> 3) &&
        (this.h = V >> 3, C = [0, 0, 0, this.j(236)], this.F = w(this.W, this.h, C)), B(this, 255, V + 1), this.U[V] ^ this.F[V % 8];
}
                                    

#18 JavaScript::Eval (size: 90, repeated: 2) - SHA256: 2014958768cd3e7dda29d14e9ac24dea7f70386051c101fb6aea9d914a888626

                                        0,
function(V, C, P) {
    (C = (P = (C = V.G(), V).G(), V.I)[C] && V.j(C), B)(V, P, C);
}
                                    

#19 JavaScript::Eval (size: 78, repeated: 2) - SHA256: 4161962b317d0a26f050c19027d43ef53fff43dfff4c51b26d2d23c7a3f72047

                                        0,
function(V, C, P) {
    (C = V.G(), P = V.G(), B)(V, P, V.j(P) % V.j(C));
}
                                    

#20 JavaScript::Eval (size: 78, repeated: 2) - SHA256: 52948e6b27e7f209d5547cc3b77576b13778ed26fa68a93fae7e7d71c74d70a7

                                        0,
function(V, C, P) {
    (C = V.G(), P = V.G(), B)(V, P, V.j(P) * V.j(C));
}
                                    

#21 JavaScript::Eval (size: 78, repeated: 2) - SHA256: bd2e94c9a61cc1c82595fe2f9b95214c7d320867deeb3d1a784d297bf0c317eb

                                        0,
function(V, C, P) {
    (C = V.G(), P = V.G(), B)(V, P, V.j(P) + V.j(C));
}
                                    

#22 JavaScript::Eval (size: 78, repeated: 2) - SHA256: 7bf3c70bb7cab6f5ff34d7e85cc4fa7054aa1e53a5710bf51905fdefaaaf6b77

                                        0,
function(V, C, P) {
    (C = V.G(), P = V.G(), B)(V, P, V.j(P) - V.j(C));
}
                                    

#23 JavaScript::Eval (size: 76, repeated: 2) - SHA256: cae6a11dc27c6e33a2e99f11d711976b7defebc14faf2e93eb61c80bca24a8b0

                                        0,
function(V, C, P) {
    (P = (C = V.G(), V.G()), B)(V, P, "" + V.j(C));
}
                                    

#24 JavaScript::Eval (size: 79, repeated: 2) - SHA256: 75911f7131aedaf0f9edc0dad20e6bb0470dd30be717e117600dcb08ef64b4d4

                                        0,
function(V, C, P) {
    C = (C = V.G(), P = V.G(), V).j(C), B(V, P, r(C));
}
                                    

#25 JavaScript::Eval (size: 86, repeated: 2) - SHA256: a9222338d177d854c90cd14d24752834f9e534228c2af06772bf1c266610db47

                                        0,
function(V, C, P) {
    P = (C = V.G(), V.G()), 0 != V.j(C) && B(V, 255, V.j(P));
}
                                    

#26 JavaScript::Eval (size: 123, repeated: 2) - SHA256: d9554563703bc4fb379d5b57fe16e6fa74ffa5f47ac0bf09fb1611c5feacc5a2

                                        0,
function(V, C, P) {
    Z(V, 1, 5) ||
        (C = V.G(), P = V.G(), B(V, P, function(V) {
            return eval(V);
        }(V.j(C))));
}
                                    

#27 JavaScript::Eval (size: 244, repeated: 2) - SHA256: a742ae49ad7504da10357e46d0157e4e349e3bd14233663231bc84d8f1b9ea27

                                        0,
function(V, C, P) {
    if (3 == V.length) {
        for (P = 0; 3 > P; P++) {
            C[P] += V[P];
        }
        for (V = [(P = 0, 13), 8, 13, 12, 16, 5, 3, 10, 15]; 9 > P; P++) {
            C[3](C, P % 3, V[P]);
        }
    }
}
                                    

#28 JavaScript::Eval (size: 133, repeated: 2) - SHA256: 3d64628ef72452c414f79539e9b9c8703f9d66e2264eb32bf1e93ae101e7df48

                                        0,
function(V, C, P) {
    return P = function() {
        return V;
    }, C = function() {
        return P();
    }, C[this.m] = function(e) {
        V = e;
    }, C;
}
                                    

#29 JavaScript::Eval (size: 208, repeated: 2) - SHA256: b30b6b408144c3f73077e1a8948f1e20012ccfa8062e79f905937f97ed5f4661

                                        0,
function(V, C, P, g) {
    ((P = (g = (P = (V &= (C = V & 4, 3), this).G(), this).G(), this.j(P)), C) &&
        (P = u(("" + P).replace(/\r\n/g, "\n"))), V && Q(this, g, d(P.length, 2)), Q)(this, g, P);
}
                                    

#30 JavaScript::Eval (size: 104, repeated: 2) - SHA256: 300e93c71cc8e30e62c496203eb57e8eee96a71fbc394b180206c3a962eb37c9

                                        0,
function(V, C, P, g) {
    (C = (C = V.G(), P = V.G(), g = V.G(), V.j(C)) == V.j(P), B)(V, g, +C);
}
                                    

#31 JavaScript::Eval (size: 103, repeated: 2) - SHA256: 64b4168a57888aacad96b39d234b4507c2be27cb96c6f55c5bdf9810ca0de3fd

                                        0,
function(V, C, P, g) {
    (C = (C = V.G(), P = V.G(), g = V.G(), V.j(C)) > V.j(P), B)(V, g, +C);
}
                                    

#32 JavaScript::Eval (size: 88, repeated: 2) - SHA256: 86f8890892d1d226d9ffda133b5db638405eadce9ed68a90fc2a1129258eccff

                                        0,
function(V, C, P, g) {
    (C = V.G(), P = V.G(), g = V.G(), B)(V, g, V.j(C) << P);
}
                                    

#33 JavaScript::Eval (size: 88, repeated: 2) - SHA256: c342f15449fa42ea3c4dd49886a594f3dccf828e7a82a4b54aa7f8c3e3665c5d

                                        0,
function(V, C, P, g) {
    (C = V.G(), P = V.G(), g = V.G(), B)(V, g, V.j(C) >> P);
}
                                    

#34 JavaScript::Eval (size: 101, repeated: 2) - SHA256: efe1c3a5f5087218618c8a3203a219ae8b26db761a25708adcd089f5cc972043

                                        0,
function(V, C, P, g) {
    (P = (C = V.G(), V.G()), g = V.G(), B)(V, g, (V.j(C) in V.j(P)) + 0);
}
                                    

#35 JavaScript::Eval (size: 94, repeated: 2) - SHA256: 60bacdf1b42520ea6eca1cbee33c69a4b18746f3ade3e2716a5be3945f71e873

                                        0,
function(V, C, P, g) {
    (g = (C = V.G(), P = V.G(), V).G(), B)(V, g, V.j(C) | V.j(P));
}
                                    

#36 JavaScript::Eval (size: 95, repeated: 2) - SHA256: c641e4b27cba7ed73d9bcff3e7b6f6beeef83e104c1a2298d16bee15a40ac672

                                        0,
function(V, C, P, g) {
    (g = (C = V.G(), P = V.G(), V).G(), B)(V, g, V.j(C) || V.j(P));
}
                                    

#37 JavaScript::Eval (size: 89, repeated: 2) - SHA256: 217bdb18d4bf6eb4aa0b36cc8037a3ceb3abe2c666f41a628c9a49288c2f494b

                                        0,
function(V, C, P, g) {
    C = V.G(), P = V.G(), g = V.G(), V.j(C)[V.j(P)] = V.j(g);
}
                                    

#38 JavaScript::Eval (size: 109, repeated: 2) - SHA256: 56ca63cbd993a7cc625aae715c67f16e94fa05a6d97bb7c386c8fcf79f9a8714

                                        0,
function(V, C, P, g) {
    P = (g = (P = (C = V.G(), V.G()), V.G()), V).j(P), C = V.j(C), B(V, g, C[P]);
}
                                    

#39 JavaScript::Eval (size: 142, repeated: 2) - SHA256: 54b57e3085acd4c9b5a18eac069580cb8832eb4b2e2a7aff581857c6db6a3ef3

                                        0,
function(V, C, P, g) {
    for (; P--;) {
        255 != P && 66 != P && C.I[P] && (C.I[P] = C[g](C[V](P), this));
    }
    C[V] = this;
}
                                    

#40 JavaScript::Eval (size: 241, repeated: 2) - SHA256: e4c796369c11a3934296867857832eae06e17c45aa4a46cbb8eac7c91d7c0678

                                        0,
function(V, C, P, g) {
    if ((C = V.J.pop())) {
        for (P = V.G(); 0 < P; P--) {
            g = V.G(), C[g] = V.I[g];
        }
        C[C[6] = V.I[6], 215] = V.I[215], V.I = C;
    } else {
        B(V, 255, V.U.length);
    }
}
                                    

#41 JavaScript::Eval (size: 170, repeated: 2) - SHA256: 1c6dc5945d23841017fccc39ff3ff3574daf9d703591d130151db7a1204e4fdb

                                        0,
function(V, C, P, g) {
    try {
        g = V[(C + 2) % 3], V[C] = V[C] - V[(C + 1) % 3] - g ^ (1 == C ? g << P : g >>> P);
    } catch (v) {
        throw v;
    }
}
                                    

#42 JavaScript::Eval (size: 227, repeated: 2) - SHA256: 8b8d0189ba065444befe8557cc8cc47d75bd1ac62242dcc4a2abb9e8f63dc4fe

                                        0,
function(V, C, P, g, v) {
    (g = (v = (C = (g = (P = (C = V.G(), V.G()), V.G()), V).j(C), V).j(V.G()), P = V.j(P), V).j(g), 0 !== C) &&
    (g = H(V, g, v, 1, C, P), C.addEventListener(P, g, t), B(V, 70, [C, P, g]));
}
                                    

#43 JavaScript::Eval (size: 126, repeated: 2) - SHA256: 465afd1661aaf0ebcabec52202edd08229bdac277749f55e50bdc673421ef346

                                        0,
function(V, C, P, g, v) {
    P = (C = V.G(), P = V.G(), g = V.j(V.G()), v = V.j(V.G()), V.j(P)), B(V, C, H(V, P, g, v));
}
                                    

#44 JavaScript::Eval (size: 140, repeated: 2) - SHA256: 5e03b2969ccfed31abdb1a05c144b5b20f1137b9d831b85bba6cee31364c6d0b

                                        0,
function(V, C, P, g, v) {
    for (g = (v = (P = (C = V.G(), n)(V), 0), []); v < P; v++) {
        g.push(V.G());
    }
    B(V, C, g);
}
                                    

#45 JavaScript::Eval (size: 405, repeated: 2) - SHA256: a816b1b0a7021c6664757def5dc14691f313c8c85b32099edad948a7d0f06a1f

                                        0,
function(V, C, P, g, v, F) {
    if (!Z(V, 1, 255)) {
        if ("object" == (V = (g = (C = (v = (g = (C = V.G(), P = V.G(), V.G()), V.G()), V).j(C), P = V.j(P), V.j(g)), V).j(v), r)(C)) {
            for (F in v = [], C) {
                v.push(F);
            }
            C = v;
        }
        for (F = (v = 0, C.length); v < F; v += g) {
            P(C.slice(v, v + g), V);
        }
    }
}
                                    

#46 JavaScript::Eval (size: 212, repeated: 2) - SHA256: f8495edee2dfb745cc91302b8f0e10169c5910dbbc856315eba1761f93846249

                                        0,
function(V, C, P, g, v, F) {
    return (g = function() {
        return g[P.S + (v[P.H] === C) - !F[P.H]];
    }, v = function() {
        return g();
    }, P = this, F = P.$, v[P.m] = function(V) {
        g[P.N] = V;
    }, v)[P.m](V), V = v;
}
                                    

#47 JavaScript::Eval (size: 339, repeated: 2) - SHA256: 5b34edd3e5fcdf393d573a2cbd026a9dde4b624dca5da49e9e18c5c29312a8b1

                                        0,
function(V, C, P, g, v, F, k) {
    Z(V, 1, 5) ||
        (C = m(V), v = C.Y, g = C.C, P = C.g, k = P.length, 0 == k ? (F = new(g[v])) : 1 == k ? (F = new(g[v])(P[0])) : 2 == k ? (F = new(g[v])(P[0], P[1])) : 3 == k ? (F = new(g[v])(P[0], P[1], P[2])) : 4 == k ? (F = new(g[v])(P[0], P[1], P[2], P[3])) : L(V, 22), B(V, C.P, F));
}
                                    

#48 JavaScript::Eval (size: 780, repeated: 2) - SHA256: 7b73d88ed62a42cad4ebd673fddd4ed4e0f6611993079e5723f7d44bdcf1cd64

                                        0,
function(V, C, P, g, v, F, k, R, a, S, W, b, Y) {
    for (R = (k = (F = (g = (C = V.G(), P = 0), v = function(C, e) {
            for (; g < C;) {
                P |= V.G() << g, g += 8;
            }
            return e = P & (g -= C, (1 << C) - 1), P >>= C, e;
        }, v)(3) + 1, v)(5), []), S = a = 0; S < k; S++) {
        W = v(1), R.push(W), a += W ? 0 : 1;
    }
    for (a = (a - (S = 0, 1)).toString(2).length, b = []; S < k; S++) {
        R[S] || (b[S] = v(a));
    }
    for (S = 0; S < k; S++) {
        R[S] && (b[S] = V.G());
    }
    for (S = F, Y = []; S--;) {
        Y.push(V.j(V.G()));
    }
    B(V, C, function(V, C, e, P, g) {
        for (C = (e = (V.V++, P = 0, []), []); P < k; P++) {
            if (g = b[P], !R[P]) {
                for (; g >= C.length;) {
                    C.push(V.G());
                }
                g = C[g];
            }
            e.push(g);
        }
        V.Z = V.c(Y.slice(), V.G), V.D = V.c(e, V.G);
    });
}
                                    

#49 JavaScript::Eval (size: 298, repeated: 2) - SHA256: 62ab344c9ca57b367f0c882d59412df2064b0e625c0b7a0565ce32d3b52702e8

                                        0,
function(V, C, P, v, y, F, k) {
    if ((v = (P = (C = V.G(), n)(V), ""), V).I[254]) {
        for (y = V.j(254), k = y.length, F = 0; P--;) {
            F = (F + n(V)) % k, v += g[y[F]];
        }
    } else {
        for (; P--;) {
            v += g[V.G()];
        }
    }
    B(V, C, v);
}
                                    

#50 JavaScript::Eval (size: 39, repeated: 2) - SHA256: bb6753823aebc94f3cc0c4b3c3ed5b60753622b1198ec8abd45102911d59e131

                                        0,
function($, _) {
    _._ += !_.$[_[_._] = $[0]]
}
                                    

#51 JavaScript::Eval (size: 1, repeated: 2) - SHA256: df7e70e5021544f4834bbee64a9e3789febc4be81470df629cad6ddb03320a5c

                                        B
                                    

#52 JavaScript::Eval (size: 325, repeated: 2) - SHA256: d8180d23021426b6d346737918bc81119008d3424a3dcb1c01f0dee7234a66d5

                                        B = function(V, C, P) {
    if (255 == C || 66 == C) {
        if (V.I[C]) {
            V.I[C][V.m](P);
        } else {
            V.I[C] = V.o(P);
        }
    } else if (22 != C && 172 != C && 142 != C && 6 != C || !V.I[C]) {
        V.I[C] = V.c(P, V.j);
    }
    236 == C && (V.W = void 0, B(V, 255, V.j(255) + 4));
}
                                    

#53 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 44bd7ae60f478fae1061e11a7739f4b94d1daf917982d33b6fc8a01a63f89c21

                                        H
                                    

#54 JavaScript::Eval (size: 272, repeated: 2) - SHA256: a205ab366113fab2c2337f34986fe6fcd2c1c3c337b32d1ac1829fcbcb8e6314

                                        H = function(V, C, P, g, v, e) {
    return function() {
        var U = g & 1,
            N = [6, C, P, void 0, v, e, arguments];
        if (g & 2) {
            var l = (E(V, N), A)(V, true, false, false);
        } else {
            U && V.B.length ? E(V, N) : U ? (E(V, N), A(V, true, false, false)) : (l = T(V, N));
        }
        return l;
    };
}
                                    

#55 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

                                        J
                                    

#56 JavaScript::Eval (size: 118, repeated: 2) - SHA256: 75baa079b2af0bb0f86d307c40238c302b73dd9cf8b261b469d6d1f973c8dfc5

                                        J = function(V, C, P, g) {
    for (P = V.G(), g = 0; 0 < C; C--) {
        g = g << 8 | V.G();
    }
    B(V, P, g);
}
                                    

#57 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 72dfcfb0c470ac255cde83fb8fe38de8a128188e03ea5ba5b2a93adbea1062fa

                                        L
                                    

#58 JavaScript::Eval (size: 432, repeated: 2) - SHA256: 8cc37f13d632b8ac3a27d93cd70549f0ded0dff553e817774f0e817cc762a8e4

                                        L = function(V, C, P, g, v) {
    P = ((void 0 != (C = (v = V.j(66), [C, v >> 8 & 255, v & 255]), g) &&
                C.push(g), 0 == V.j(6).length) &&
            (V.I[6] = void 0, B(V, 6, C)), g = "", P &&
            (P.message && (g += P.message), P.stack && (g += ":" + P.stack)), V).j(215), 3 < P &&
        (g = g.slice(0, P - 3), P -= g.length + 3, g = u(g.replace(/\r\n/g, "\n")), Q(V, 172, d(g.length, 2).concat(g), 12)), B(V, 215, P);
}
                                    

#59 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 08f271887ce94707da822d5263bae19d5519cb3614e0daedc4c7ce5dab7473f1

                                        M
                                    

#60 JavaScript::Eval (size: 88, repeated: 2) - SHA256: 97cc020cc8f481ad81baa58d902c3e3a551065aa28503e8d0013458ed2bc7aa1

                                        M = function(V, C) {
    return V[C] << 24 | V[C + 1] << 16 | V[C + 2] << 8 | V[C + 3];
}
                                    

#61 JavaScript::Eval (size: 1, repeated: 2) - SHA256: c4694f2e93d5c4e7d51f9c5deb75e6cc8be5e1114178c6a45b6fc2c566a0aa8c

                                        O
                                    

#62 JavaScript::Eval (size: 632, repeated: 2) - SHA256: a9c2222f7b6ffbdafc07e062aac57be3ff7cdbc67281084632b5f8ea6a197197

                                        O = function(V, C, P, g, v, e, U) {
    V.V++;
    try {
        for (P = (v = void 0, e = 0, g = 5001, V).U.length;
            (--g || V.s) && (V.Z || (e = V.j(255)) < P);) {
            try {
                V.Z ? (v = V.G(true)) : (B(V, 66, e), U = V.G(), v = V.j(U)), v && v.call ? v(V) : L(V, 21, 0, U), V.M = true, Z(V, 0, 2);
            } catch (N) {
                N != V.v && (V.j(84) ? L(V, 22, N) : B(V, 84, N));
            }
        }
        g || L(V, 33);
    } catch (N) {
        try {
            L(V, 22, N);
        } catch (l) {
            f(V, l);
        }
    }
    return P = V.j(226), C && B(V, 255, C), V.V--, P;
}
                                    

#63 JavaScript::Eval (size: 1, repeated: 3) - SHA256: 4ae81572f06e1b88fd5ced7a1a000945432e83e1551e6f721ee9c00b8cc33260

                                        Q
                                    

#64 JavaScript::Eval (size: 417, repeated: 2) - SHA256: 7b5379ffe354063eb38bfe27c78bb770da8861d2d2c5c054c05570b39f5a44f2

                                        Q = function(V, C, P, g, v, e) {
    for (V = (g = (((v = V.j(C), 172 == C) ? (C = function(V, C, P, g) {
                if ((P = (C = v.length, C - 4) >> 3, v.A) != P) {
                    P = ((g = [0, 0, (v.A = P, 0), e], P) << 3) - 4;
                    try {
                        v.R = w(M(v, P), M(v, P + 4), g);
                    } catch (F) {
                        throw F;
                    }
                }
                v.push(v.R[C & 7] ^ V);
            }, e = V.j(184)) : (C = function(V) {
                v.push(V);
            }), g) &&
            C(g & 255), 0), P).length; g < V; g++) {
        C(P[g]);
    }
}
                                    

#65 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 4b68ab3847feda7d6c62c1fbcbeebfa35eab7351ed5e78f4ddadea5df64b8015

                                        X
                                    

#66 JavaScript::Eval (size: 78, repeated: 2) - SHA256: efe04a6b698286a39278149aeca6d32f49b341c72279347013bcadcbae8ae573

                                        X = function(V, C, P, g) {
    (P = V.G(), g = V.G(), Q)(V, g, d(V.j(P), C));
}
                                    

#67 JavaScript::Eval (size: 2, repeated: 34) - SHA256: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        []
                                    

#68 JavaScript::Eval (size: 1, repeated: 1) - SHA256: 18ac3e7343f016890c510e93f935261169d9e3f565436429830faf0934f4f8e4

                                        d
                                    

#69 JavaScript::Eval (size: 35, repeated: 1) - SHA256: 1e3606d95ce27d593157594820335681a9380f51a96147303cd8000e60a95e12

                                        document.createElement('div').style
                                    

#70 JavaScript::Eval (size: 29, repeated: 2) - SHA256: 53e5b7d706a350fe98d52499058624e15cddc1541f17370f94a899a386c50255

                                        document.createElement('img')
                                    

#71 JavaScript::Eval (size: 35, repeated: 1) - SHA256: f2a353ed5469812b863c5fbeb58b4d46b864ba4e20a49f57f9c44c7cda45f46b

                                        document.createEvent('MouseEvents')
                                    

#72 JavaScript::Eval (size: 1, repeated: 2) - SHA256: aaa9402664f1a41f40ebbc52c9993eb66aeb366602958fdfaa283b71e64db123

                                        h
                                    

#73 JavaScript::Eval (size: 135, repeated: 2) - SHA256: 60df8ebdf79d33e03ea7230b6ea2924fef4d7835c485647c3946c5923af53a3a

                                        h = function(V, C, P) {
    return ((P = V.j(255), V.U && P < V.U.length) ? (B(V, 255, V.U.length), p(V, C)) : B(V, 255, C), O)(V, P);
}
                                    

#74 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 62c66a7a5dd70c3146618063c344e531e6d4b59e379808443ce962b3abd63c5a

                                        m
                                    

#75 JavaScript::Eval (size: 265, repeated: 2) - SHA256: 5fa409f40f8ff1852d8c2040251584c04f625e4384848a9449102a56d835c534

                                        m = function(V, C, P, g, v, e) {
    for (v = (g = ((C = {}, P = V.G(), C).P = V.G(), C.g = [], V).G() - 1, V.G()), e = 0; e < g; e++) {
        C.g.push(V.G());
    }
    for ((C.Y = V.j(P), C).C = V.j(v); g--;) {
        C.g[g] = V.j(C.g[g]);
    }
    return C;
}
                                    

#76 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 1b16b1df538ba12dc3f97edbb85caa7050d46c148134290feba80f8236c83db9

                                        n
                                    

#77 JavaScript::Eval (size: 85, repeated: 2) - SHA256: 4e0fb1bff83eb4432aee14a04898902ff6904c927f4df71cdf772238bcb5ae39

                                        n = function(V, C) {
    return C = V.G(), C & 128 && (C = C & 127 | V.G() << 7), C;
}
                                    

#78 JavaScript::Eval (size: 9, repeated: 1) - SHA256: ebf49dcd836f810084c14e0f2dab4dc1768bbdc5980481bf201fcf76771dff7a

                                        navigator
                                    

#79 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 148de9c5a7a44d19e56cd9ae1a554bf67847afb0c58f6e12fa29ac7ddfca9940

                                        p
                                    

#80 JavaScript::Eval (size: 83, repeated: 2) - SHA256: 4c0678e2c900aae37448d48674b51fda091100a2e42f669802ba2875309ef417

                                        p = function(V, C) {
    (V.J.push(V.I.slice()), V).I[255] = void 0, B(V, 255, C);
}
                                    

#81 JavaScript::Eval (size: 4, repeated: 1) - SHA256: 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408

                                        this
                                    

#82 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 0bfe935e70c321c7ca3afc75ce0d0ca2f98b5422e008bb31c00c6d7f1f1c0ad6

                                        u
                                    

#83 JavaScript::Eval (size: 487, repeated: 2) - SHA256: a9bc949f941353190612404e832c16cc9f6d121d4a4e66845892016a538a90fc

                                        u = function(V, C, P, g, v) {
    for (g = (C = [], P = 0); g < V.length; g++) {
        v = V.charCodeAt(g), 128 > v ? (C[P++] = v) : (2048 > v ? (C[P++] = v >> 6 | 192) : (55296 == (v & 64512) &&
            g + 1 < V.length && 56320 == (V.charCodeAt(g + 1) & 64512) ? (v = 65536 + ((v & 1023) << 10) + (V.charCodeAt(++g) & 1023), C[P++] = v >> 18 | 240, C[P++] = v >> 12 & 63 | 128) : (C[P++] = v >> 12 | 224), C[P++] = v >> 6 & 63 | 128), C[P++] = v & 63 | 128);
    }
    return C;
}
                                    

#84 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

                                        w
                                    

#85 JavaScript::Eval (size: 366, repeated: 2) - SHA256: 775fe806c4e2e91b2ff90aeb17ab4004ff40958e04dd42dc78f5944a989de489

                                        w = function(V, C, P, g) {
    try {
        for (g = 0; 79669387488 != g;) {
            V += (C << 4 ^ C >>> 5) + C ^ g + P[g & 3], g += 2489668359, C += (V << 4 ^ V >>> 5) + V ^ g + P[g >>> 11 & 3];
        }
        return [V >>> 24, V >> 16 & 255, V >> 8 & 255, V & 255, C >>> 24, C >> 16 & 255, C >> 8 & 255, C & 255];
    } catch (v) {
        throw v;
    }
}
                                    

#86 JavaScript::Eval (size: 6, repeated: 2) - SHA256: 44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba

                                        window
                                    

#87 JavaScript::Eval (size: 1, repeated: 2) - SHA256: 2d711642b726b04401627ca9fbac32f5c8530fb1903cc4db02258717921a4881

                                        x
                                    

Executed Writes (12)

#1 JavaScript::Write (size: 0, repeated: 5) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    

#2 JavaScript::Write (size: 6079, repeated: 1) - SHA256: b488458914f60e2856d795474d4c1635a16db9e162c245b0187e9f2ff27f8d6e

                                        < script >
    var abgp = {
        hw: 15,
        sw: 75,
        hh: 15,
        sh: 15,
        himg: 'https://pagead2.googlesyndication.com' + '/pagead/images/adchoices/icon.png',
        simg: 'https://pagead2.googlesyndication.com' + '/pagead/images/adchoices/en.png',
        alt: 'AdChoices',
        t: 'AdChoices',
        tw: 53,
        t2: '',
        t2w: 0,
        tbo: 0,
        att: 'adchoices',
        ff: '',
        halign: 'right',
        fe: false,
        iba: false,
        lttp: false,
        ci: '',
        nc: 1,
        icd: {
            "creatives": [],
            "height": 90,
            "width": 728,
            "attribution": {
                "user_feedback_data": {
                    "mute_icon_url": "https://googleads.g.doubleclick.net/pagead/images/mtad/x_blue.png",
                    "pub_feedback_icon_url": "https://googleads.g.doubleclick.net/pagead/images/mtad/x_blue.png",
                    "conversion_url": "https://googleads.g.doubleclick.net/pagead/conversion/?ai=CoWrKX2-oWrTnJ4Oq6wS4542ABInWkeNQldmrsvkGq9D0_QgQASDoz7IcYMPcpIWYGMgBCagDAcgDAqoExAFP0Lz2rP7HWe0jIY4HCYlFl8ud0MK6oHXXpEb3bS0L-eC2PoOKYPyTmQb6XQjLBULpPeVzDue_U3q4qicNnIt9wufozEbyO1MkYD3NWp6b_KBUPl2hEsTcW2a_MF1QMLS-7jXokU353WB0u88gNDWStXedIIEqYewhcLjoj59v2ajSjtBXdGfIt7cd4co84BTw2dhFLsShugWzujcj_1FOxeEB9qMCDP_7sz6VGc6qYAPR0Uk3QDJdrUoXEpYq3XUvk3G44AQDkAYBoAZMgAeYzbl8qAemvhvYBwDSCAcIgGEQARgCgAoB0BMA2BMD\u0026sigh=emJr_GJVov0\u0026cid=CAASBORou80",
                    "close_button_token": "8dHm6SGD8YsIldmrsvkGEJGW65cEGLHS2HxCAEgAWABwAQ",
                    "interaction_conversion": {
                        "label": "user_feedback_menu_interaction",
                        "label_instance": "",
                        "include_close_button_token": false
                    },
                    "survey_header": "What was wrong with this ad?",
                    "back_icon_url": "https://googleads.g.doubleclick.net/pagead/images/mtad/back_blue.png",
                    "mute_confirmation_header": "Thanks for the feedback!",
                    "mute_confirmation_text": "Well review this ad to improve the experience in the future.",
                    "pub_feedback_confirmation_header": "Thanks for the feedback!",
                    "pub_feedback_confirmation_text": "Well use your feedback to review ads on this site.",
                    "closing_countdown_text": "Closing ad: %1$d",
                    "attribution_text": "AdChoices",
                    "attribution_icon_url": "https://googleads.g.doubleclick.net/pagead/images/mtad/ad_choices_blue.png",
                    "attribution_destination_url": "https://www.google.com/url?ct=abg\u0026q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html%26gl%3DNO%26hl%3Den%26ai0%3D\u0026usg=AFQjCNEWbdsl12_QVEYvFaTLs7_XUm1Rtw",
                    "ad_feedback_icon_url": "https://googleads.g.doubleclick.net/pagead/images/mtad/x_blue.png",
                    "is_rtl_language": false,
                    "feedback_options": [{
                        "text": "Report this ad",
                        "conversion": {
                            "label": "user_feedback_menu_option",
                            "label_instance": "1",
                            "include_close_button_token": true
                        },
                        "survey": {
                            "header": "What was wrong with this ad?",
                            "options": [{
                                "text": "Ad covered content",
                                "conversion": {
                                    "label": "mute_survey_option",
                                    "label_instance": "3",
                                    "include_close_button_token": true
                                }
                            }, {
                                "text": "Not interested in this ad",
                                "conversion": {
                                    "label": "mute_survey_option",
                                    "label_instance": "7",
                                    "include_close_button_token": true
                                }
                            }, {
                                "text": "Seen this ad multiple times",
                                "conversion": {
                                    "label": "mute_survey_option",
                                    "label_instance": "2",
                                    "include_close_button_token": true
                                }
                            }, {
                                "text": "Ad was inappropriate",
                                "conversion": {
                                    "label": "mute_survey_option",
                                    "label_instance": "8",
                                    "include_close_button_token": true
                                }
                            }]
                        },
                        "undo_conversion": {
                            "label": "user_feedback_undo",
                            "label_instance": "1",
                            "include_close_button_token": true
                        }
                    }],
                    "mute_panel_data": {
                        "adchoices_icon_url": "https://googleads.g.doubleclick.net/pagead/images/adchoices/iconx2-000000.png",
                        "adchoices_button_text": "AdChoices",
                        "closed_message_text": "Ad closed by %1$s",
                        "enable_lightbox": false,
                        "google_logo_url": "https://www.gstatic.com/images/branding/googlelogo/2x/googlelogo_dark_color_84x28dp.png",
                        "report_ad_button_text": "Report this ad",
                        "confirmation_text": "We'll try not to show that ad again",
                        "see_my_google_ad_settings_text": "See my Google ad settings",
                        "protocol_gstatic_host": "https://www.gstatic.com",
                        "jake_mta_context": "",
                        "overlay_message_text": "Ads by %1$s"
                    },
                    "why_this_ad_token": "AB3afGEAAAEMeyJ0YXJnZXRpbmdfcmVhc29ucyI6eyJhZF9yZWFzb24iOlsyXSwiZXhwbGFuYXRpb24iOnsiaW50cm9kdWN0aW9uIjoiVGhpcyBpcyBhIGxpc3Qgb2YgdGhlIGluZm9ybWF0aW9uIHNvdXJjZXMgdXNlZCB0byBkZXRlcm1pbmUgdGhhdCB0aGlzIGFkIGJlIHNob3duIHRvIHlvdToiLCJpdGVtIjpbeyJkZXNjcmlwdGlvbiI6IlRoZSBpbmZvcm1hdGlvbiBvbiB0aGUgd2Vic2l0ZSB5b3Ugd2VyZSB2aWV3aW5nLiJ9XX19LCJyZW5kZXJfYWRfaW5fd3RhX3BhZ2UiOmZhbHNlfQftORRYGnS-uEPsI4ERsGX6EGQ6mTX64jAM13RNCrIN_8YZIAVG1_UrJXfgp8C1NBX6hWJRyWh5zLzAhhnVkA-ydPG6UqbK2VjoLb29iFNTnIXtgGiAGVX1wPBjUXqHSZU49HPE2OM9jncfc003_qqQNrGNwS08vH6YDRMMxZN17S8EcVf7-dVqnjTukGzzUUyAJQ_FSFXbAeuW5MhoFARAm8Gge27jmJlyLNwFB67Q1Bnu5qlfW3MKboeVUio50EbcgFyuOdDRuSrqTaSglIiP9a87OY9GkofWHw37V4oLx9v6FS4te2a5arJv1vTAWmYa4UoI6BS1SCWk8BtUKVU,M0Xt2dAzfoh-4EAN57Nrjg",
                    "why_this_ad_url": "https://www.google.com/ads/preferences/whythisad/en-US/RoOyDD7L4IWn5ZfI/#/AB3afGEAAAEMeyJ0YXJnZXRpbmdfcmVhc29ucyI6eyJhZF9yZWFzb24iOlsyXSwiZXhwbGFuYXRpb24iOnsiaW50cm9kdWN0aW9uIjoiVGhpcyBpcyBhIGxpc3Qgb2YgdGhlIGluZm9ybWF0aW9uIHNvdXJjZXMgdXNlZCB0byBkZXRlcm1pbmUgdGhhdCB0aGlzIGFkIGJlIHNob3duIHRvIHlvdToiLCJpdGVtIjpbeyJkZXNjcmlwdGlvbiI6IlRoZSBpbmZvcm1hdGlvbiBvbiB0aGUgd2Vic2l0ZSB5b3Ugd2VyZSB2aWV3aW5nLiJ9XX19LCJyZW5kZXJfYWRfaW5fd3RhX3BhZ2UiOmZhbHNlfQftORRYGnS-uEPsI4ERsGX6EGQ6mTX64jAM13RNCrIN_8YZIAVG1_UrJXfgp8C1NBX6hWJRyWh5zLzAhhnVkA-ydPG6UqbK2VjoLb29iFNTnIXtgGiAGVX1wPBjUXqHSZU49HPE2OM9jncfc003_qqQNrGNwS08vH6YDRMMxZN17S8EcVf7-dVqnjTukGzzUUyAJQ_FSFXbAeuW5MhoFARAm8Gge27jmJlyLNwFB67Q1Bnu5qlfW3MKboeVUio50EbcgFyuOdDRuSrqTaSglIiP9a87OY9GkofWHw37V4oLx9v6FS4te2a5arJv1vTAWmYa4UoI6BS1SCWk8BtUKVU,M0Xt2dAzfoh-4EAN57Nrjg\u00268dHm6SGD8YsIldmrsvkGEJGW65cEGLHS2HxCAEgAWABwAQ\u0026https://googleads.g.doubleclick.net/pagead/conversion/?ai=CoWrKX2-oWrTnJ4Oq6wS4542ABInWkeNQldmrsvkGq9D0_QgQASDoz7IcYMPcpIWYGMgBCagDAcgDAqoExAFP0Lz2rP7HWe0jIY4HCYlFl8ud0MK6oHXXpEb3bS0L-eC2PoOKYPyTmQb6XQjLBULpPeVzDue_U3q4qicNnIt9wufozEbyO1MkYD3NWp6b_KBUPl2hEsTcW2a_MF1QMLS-7jXokU353WB0u88gNDWStXedIIEqYewhcLjoj59v2ajSjtBXdGfIt7cd4co84BTw2dhFLsShugWzujcj_1FOxeEB9qMCDP_7sz6VGc6qYAPR0Uk3QDJdrUoXEpYq3XUvk3G44AQDkAYBoAZMgAeYzbl8qAemvhvYBwDSCAcIgGEQARgCgAoB0BMA2BMD\u0026sigh=emJr_GJVov0\u0026cid=CAASBORou80",
                    "why_this_ad_text": "Why this ad?"
                }
            },
            "flags": [{
                "name": "jake_ui_extension",
                "value": "jake_default_ui"
            }]
        },
        opi: false,
        ti: false,
        mob: false,
        il: false,
        eaca: false,
        eda: false
    }; < /script>
                                    

#3 JavaScript::Write (size: 1834, repeated: 1) - SHA256: 73b54a8a3e4126881f143b54c6cf2f3dc7f5f7cb50f05fbe83d2169c8b36e842

                                        < !doctype html > < html > < body > < iframe style = "display:none"
data - ad - client = "ca-pub-2515630227857275"
id = "google_esf"
name = "google_esf"
src = "https://googleads.g.doubleclick.net/pagead/html/r20180312/r20170110/zrt_lookup.html#" > < /iframe><script>google_ad_slot="6844291416";google_ad_client="ca-pub-2515630227857275";google_adsbygoogle_status="done";google_ad_width=728;google_ad_height=90;google_ad_modifications={"plle":true,"eids":["332260003","38893302","21061122","191880502"],"loeids":["332260007","38893312"]};google_loader_used="aa";google_reactive_tag_first=false;google_ad_format="728x90";google_ad_unit_key="1487667633";google_ad_dom_fingerprint="807048394";google_sailm=false;google_unique_id=1;google_async_iframe_id="aswift_0";google_start_time=1520987998146;google_pub_vars="JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjI2ODQ0MjkxNDE2JTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi0yNTE1NjMwMjI3ODU3Mjc1JTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0E3MjglMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBOTAlMkMlMjJnb29nbGVfYWRfbW9kaWZpY2F0aW9ucyUyMiUzQSU3QiUyMnBsbGUlMjIlM0F0cnVlJTJDJTIyZWlkcyUyMiUzQSU1QiUyMjMzMjI2MDAwMyUyMiUyQyUyMjM4ODkzMzAyJTIyJTJDJTIyMjEwNjExMjIlMjIlMkMlMjIxOTE4ODA1MDIlMjIlNUQlMkMlMjJsb2VpZHMlMjIlM0ElNUIlMjIzMzIyNjAwMDclMjIlMkMlMjIzODg5MzMxMiUyMiU1RCU3RCUyQyUyMmdvb2dsZV9sb2FkZXJfdXNlZCUyMiUzQSUyMmFhJTIyJTJDJTIyZ29vZ2xlX3JlYWN0aXZlX3RhZ19maXJzdCUyMiUzQWZhbHNlJTJDJTIyZ29vZ2xlX2FkX2Zvcm1hdCUyMiUzQSUyMjcyOHg5MCUyMiUyQyUyMmdvb2dsZV9hZF91bml0X2tleSUyMiUzQSUyMjE0ODc2Njc2MzMlMjIlMkMlMjJnb29nbGVfYWRfZG9tX2ZpbmdlcnByaW50JTIyJTNBJTIyODA3MDQ4Mzk0JTIyJTdE";google_bpp=34;google_async_rrc=0;google_iframe_start_time=new Date().getTime();</script > < script src = "http://pagead2.googlesyndication.com/pagead/js/r20180312/r20170110/show_ads_impl.js" > < /script></body > < /html>
                                    

#4 JavaScript::Write (size: 1636, repeated: 1) - SHA256: d9ff2a40f47572e59afc46a4f855fa30a6f162a957b0995e1980fca056c087e4

                                        < !doctype html > < html > < body > < script > google_ad_slot = "3890825015";
google_ad_client = "ca-pub-2515630227857275";
google_adsbygoogle_status = "done";
google_ad_width = 336;
google_ad_height = 280;
google_ad_modifications = {
    "plle": true,
    "eids": ["332260003", "38893302", "21061122", "191880502"],
    "loeids": ["332260007", "38893312"]
};
google_loader_used = "aa";
google_reactive_tag_first = false;
google_ad_format = "336x280";
google_ad_unit_key = "2507200848";
google_ad_dom_fingerprint = "807048394";
google_sailm = false;
google_unique_id = 2;
google_async_iframe_id = "aswift_1";
google_start_time = 1520987998432;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjIzODkwODI1MDE1JTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi0yNTE1NjMwMjI3ODU3Mjc1JTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EzMzYlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBMjgwJTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlMjIzMzIyNjAwMDMlMjIlMkMlMjIzODg5MzMwMiUyMiUyQyUyMjIxMDYxMTIyJTIyJTJDJTIyMTkxODgwNTAyJTIyJTVEJTJDJTIybG9laWRzJTIyJTNBJTVCJTIyMzMyMjYwMDA3JTIyJTJDJTIyMzg4OTMzMTIlMjIlNUQlN0QlMkMlMjJnb29nbGVfbG9hZGVyX3VzZWQlMjIlM0ElMjJhYSUyMiUyQyUyMmdvb2dsZV9yZWFjdGl2ZV90YWdfZmlyc3QlMjIlM0FmYWxzZSUyQyUyMmdvb2dsZV9hZF9mb3JtYXQlMjIlM0ElMjIzMzZ4MjgwJTIyJTJDJTIyZ29vZ2xlX2FkX3VuaXRfa2V5JTIyJTNBJTIyMjUwNzIwMDg0OCUyMiUyQyUyMmdvb2dsZV9hZF9kb21fZmluZ2VycHJpbnQlMjIlM0ElMjI4MDcwNDgzOTQlMjIlN0Q=";
google_bpp = 45;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20180312 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#5 JavaScript::Write (size: 1635, repeated: 1) - SHA256: 4d07a0e00dbe3c8e90eb4c2d06e1f425ca92ad198e807a93baa30a371c6b7252

                                        < !doctype html > < html > < body > < script > google_ad_slot = "3890825015";
google_ad_client = "ca-pub-2515630227857275";
google_adsbygoogle_status = "done";
google_ad_width = 336;
google_ad_height = 280;
google_ad_modifications = {
    "plle": true,
    "eids": ["332260003", "38893302", "21061122", "191880502"],
    "loeids": ["332260007", "38893312"]
};
google_loader_used = "aa";
google_reactive_tag_first = false;
google_ad_format = "336x280";
google_ad_unit_key = "2507200848";
google_ad_dom_fingerprint = "807048394";
google_sailm = false;
google_unique_id = 3;
google_async_iframe_id = "aswift_2";
google_start_time = 1520987998482;
google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjIzODkwODI1MDE1JTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi0yNTE1NjMwMjI3ODU3Mjc1JTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EzMzYlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBMjgwJTJDJTIyZ29vZ2xlX2FkX21vZGlmaWNhdGlvbnMlMjIlM0ElN0IlMjJwbGxlJTIyJTNBdHJ1ZSUyQyUyMmVpZHMlMjIlM0ElNUIlMjIzMzIyNjAwMDMlMjIlMkMlMjIzODg5MzMwMiUyMiUyQyUyMjIxMDYxMTIyJTIyJTJDJTIyMTkxODgwNTAyJTIyJTVEJTJDJTIybG9laWRzJTIyJTNBJTVCJTIyMzMyMjYwMDA3JTIyJTJDJTIyMzg4OTMzMTIlMjIlNUQlN0QlMkMlMjJnb29nbGVfbG9hZGVyX3VzZWQlMjIlM0ElMjJhYSUyMiUyQyUyMmdvb2dsZV9yZWFjdGl2ZV90YWdfZmlyc3QlMjIlM0FmYWxzZSUyQyUyMmdvb2dsZV9hZF9mb3JtYXQlMjIlM0ElMjIzMzZ4MjgwJTIyJTJDJTIyZ29vZ2xlX2FkX3VuaXRfa2V5JTIyJTNBJTIyMjUwNzIwMDg0OCUyMiUyQyUyMmdvb2dsZV9hZF9kb21fZmluZ2VycHJpbnQlMjIlM0ElMjI4MDcwNDgzOTQlMjIlN0Q=";
google_bpp = 5;
google_async_rrc = 0;
google_iframe_start_time = new Date().getTime(); < /script><script src="http:/ / pagead2.googlesyndication.com / pagead / js / r20180312 / r20170110 / show_ads_impl.js "></script></body></html>
                                    

#6 JavaScript::Write (size: 54, repeated: 1) - SHA256: 166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da

                                        < !doctype html > < html > < head > < /head><body></body > < /html>
                                    

#7 JavaScript::Write (size: 30179, repeated: 1) - SHA256: aed75b904ae0cde6317c6b8a67d0431413d0f8e17a048b329579de532651a586

                                        < div id = "ad_unit" > < script > (function() {
    (function() {
        var h = this,
            k = function(a) {
                var b = typeof a;
                if ("object" == b)
                    if (a) {
                        if (a instanceof Array) return "array";
                        if (a instanceof Object) return b;
                        var c = Object.prototype.toString.call(a);
                        if ("[object Window]" == c) return "object";
                        if ("[object Array]" == c || "number" == typeof a.length && "undefined" != typeof a.splice && "undefined" != typeof a.propertyIsEnumerable && !a.propertyIsEnumerable("splice")) return "array";
                        if ("[object Function]" == c || "undefined" != typeof a.call && "undefined" != typeof a.propertyIsEnumerable && !a.propertyIsEnumerable("call")) return "function"
                    } else return "null";
                else if ("function" == b && "undefined" == typeof a.call) return "object";
                return b
            },
            l = function(a, b) {
                var c = Array.prototype.slice.call(arguments, 1);
                return function() {
                    var b = c.slice();
                    b.push.apply(b, arguments);
                    return a.apply(this, b)
                }
            };
        var m = function(a, b) {
            for (var c in a) b.call(void 0, a[c], c, a)
        };
        var n = function(a) {
            a = a ? a.toLowerCase() : "";
            switch (a) {
                case "normal":
                    return "normal";
                case "lightbox":
                    return "lightbox";
                case "push_down":
                    return "push_down"
            }
            return null
        };
        var p = {
                i: "ad_container_id",
                A: "hideObjects",
                X: "mtfTop",
                W: "mtfLeft",
                ca: "zindex",
                m: "mtfDuration",
                aa: "wmode",
                Z: "preferFlash",
                s: "as_kw",
                u: "as_lat",
                v: "as_lng",
                B: "mtfIFPath",
                o: "expansionMode",
                U: "top_container",
                T: "mtfTopFloat",
                S: "mtfTopDuration",
                V: "mtfTopWmode",
                P: "right_container",
                O: "mtfRightFloat",
                N: "mtfRightDuration",
                R: "mtfRightWmode",
                H: "bottom_container",
                G: "mtfBottomFloat",
                F: "mtfBottomDuration",
                I: "mtfBottomWmode",
                L: "left_container",
                K: "mtfLeftFloat",
                J: "mtfLeftDuration",
                M: "mtfLeftWmode",
                $: "mtfRenderFloatInplace",
                ba: "tryToWriteHtmlInline",
                j: "debugjs",
                C: "dcapp",
                g: "breakoutiframe",
                D: "inMobileAdSdk"
            },
            r = function(a) {
                m(a, function(b, c) {
                    if (c.toLowerCase() in q) {
                        var e = q[c.toLowerCase()];
                        c in a && delete a[c];
                        a[e] = b
                    }
                })
            },
            q = function() {
                var a = {};
                m(p, function(b) {
                    a[b.toLowerCase()] = b
                });
                return a
            }();
        var u = function(a) {
                this.a = a;
                a: {
                    for (c in a.displayConfigParameters) {
                        b: if (a = t, "string" == typeof a) a = "string" == typeof c && 1 == c.length ? a.indexOf(c, 0) : -1;
                            else {
                                for (var b = 0; b < a.length; b++)
                                    if (b in a && a[b] === c) {
                                        a = b;
                                        break b
                                    }
                                a = -1
                            }if (!(0 <= a)) {
                            var c = !0;
                            break a
                        }
                    }
                    c = !1
                }
                this.f = c
            },
            t = ["ad_container_id"],
            v = function(a) {
                return a.f ? a.a.displayConfigParameters : a.a.creativeParameters
            },
            w = function(a, b) {
                for (var c = 0; c < a.a.primaryFiles.length; ++c)
                    if (a.a.primaryFiles[c].type == b) return !0;
                return !1
            };
        var x = {
                pattern: /rendering_lib_((?:[0-9_]+)|(?:latest))\.js$/,
                c: "rendering_lib_db_$1.js"
            },
            y = {
                pattern: /\/[a-z_0-9]+_rendering_lib/,
                c: "/iframe_buster"
            },
            z = {
                pattern: /(.*\/)(.*_)rendering_lib_((?:[0-9_]+)|(?:latest))\.js$/,
                c: "$1inapp_html_inpage_rendering_lib_$3.js"
            },
            A = {
                pattern: /\/[0-9]+\/[a-z_0-9]+rendering_lib.+$/,
                c: "/ads/studio/cached_libs/modernizr_2.8.3_ec185bb44fe5e6bf7455d6e8ef37ed0e_no-classes.js"
            },
            B = function() {
                var a = [];
                a.push("e=101");
                a.push("renderingType=2");
                a.push("leftOffset=0");
                a.push("topOffset=0");
                a.push("t=1");
                return "?" + a.join("&")
            },
            F = function(a) {
                var b = v(a),
                    c = a.a,
                    e = c.renderingLibraryData,
                    f = e.renderingLibrary,
                    d = e.version;
                if (!/express|image_gallery|dfa7banner|inapp/.test(f) && ("latest" == d || 0 <= C(d, "200_74"))) {
                    if (d = !w(a, "FLASH")) {
                        a: {
                            for (d = 0; d < a.a.primaryFiles.length; ++d) {
                                var g = a.a.primaryFiles[d].expandingDisplayProperties;
                                if (g && "lightbox" == n(g.expansionMode)) {
                                    d = !0;
                                    break a
                                }
                            }
                            d = !1
                        }
                        d = !d
                    }
                    d = d && null != window.mraid
                } else d = !1;
                d && (f = f.replace(z.pattern, z.c));
                "true" == b.debugjs && (f = f.replace(x.pattern, x.c));
                (b = h.self == h.top) || (b = window.Y && window.Y.SandBox && window.Y.SandBox.vendor, d = window.$sf && window.$sf.ext, g = window.$WLXRmAd, b = !!(window.IN_ADSENSE_IFRAME || b || d || g));
                if (!b) {
                    a: if (b = v(a).breakoutiframe) b = !!b && "true" == b.toLowerCase();
                        else {
                            b = a.a.primaryFiles;
                            for (d = 0; d < b.length; d++) {
                                g = b[d].renderAs;
                                var N = 0 == (parseInt(b[d].width, 10) || 0) && 0 == (parseInt(b[d].height, 10) || 0);
                                if ("EXPANDABLE" == g || "FLOATING" == g && !N) {
                                    b = !0;
                                    break a
                                }
                            }
                            b = !1
                        }b = !b
                }
                if (b || a.a.previewMode) {
                    a: {
                        a = f;
                        b = D();
                        for (d = 0; d < b.renderingLibraries.length; d++)
                            if (g = b.renderingLibraries[d], g.url == a && g.bootstrapFunction) {
                                a = g;
                                break a
                            }
                        a = null
                    }
                    a ? a.bootstrapFunction() : (a = D(), E(f, !!c.a, void 0, void 0, void 0, !0), a.renderingLibraries.push({
                        version: e.version,
                        url: f,
                        loading: !0,
                        bootstrapFunction: null
                    }))
                } else c = f.replace(y.pattern, y.c), E(c, !0)
            },
            C = function(a, b) {
                a = G(a);
                b = G(b);
                for (var c = Math.min(a.length, b.length), e = 0; e < c; e++)
                    if (a[e] != b[e]) return a[e] - b[e];
                return a.length - b.length
            },
            G = function(a) {
                a = a.split("_");
                for (var b = [], c = 0; c < a.length; c++) b.push(parseInt(a[c], 10));
                return b
            },
            E = function(a, b, c, e, f, d) {
                var g = document.createElement("script");
                g.src = a;
                g.type = c ? c : "text/javascript";
                g.async = !!b;
                d && (g.crossOrigin = "anonymous");
                e && (g.onload = e);
                f && (g.onerror = f);
                a = document.getElementsByTagName("head");
                (a && 0 != a.length ? a[0] : document.documentElement).appendChild(g)
            },
            D = function() {
                return window.dclkStudioV3 = window.dclkStudioV3 || {
                    creatives: [],
                    renderingLibraries: [],
                    creativeCount: 1
                }
            },
            H = function(a) {
                try {
                    if (null != (a["cps-top-iframe-beacon"] ? a["cps-top-iframe-beacon"] : null)) return !0
                } catch (b) {}
                return a == a.parent ? !1 : H(a.parent)
            },
            I = function(a) {
                if (null != a) {
                    r(a.creativeParameters);
                    if (null != a.html5Features)
                        for (var b = 0; b < a.html5Features.length; ++b) "CSS_ANIMATIONS" == a.html5Features[b] && (a.html5Features[b] = "Modernizr.cssanimations");
                    !a.previewMode && H(h) && (a.previewMode = !0);
                    a = new u(a);
                    b = D();
                    b.creatives.push(a.a);
                    var c = a.a.creativeParameters;
                    c.creative_unique_id = c.cid + "_" + b.creativeCount++;
                    b = v(a).ad_container_id;
                    a: if ((c = v(a).mtfRenderFloatInplace) && "true" == c.toLowerCase()) c = !0;
                        else {
                            c = a.a.primaryFiles;
                            for (var e = 0; e < c.length; e++) {
                                var f = c[e].renderAs;
                                if ("EXPANDABLE" == f || "BANNER" == f) {
                                    c = !0;
                                    break a
                                }
                            }
                            c = !1
                        }
                    if (c && (!b || "" == b)) {
                        b = "dclk-studio-creative_" + (new Date).getTime();
                        c = a.a;
                        if (c.a) {
                            var d = a.a.primaryFiles[0].url;
                            e = document.createElement("div");
                            e.setAttribute("id", b);
                            f = document.createElement("div");
                            f.setAttribute("id", "st-rl-html-component");
                            var g = document.createElement("iframe");
                            g.setAttribute("src", d + B());
                            g.setAttribute("frameborder", 0);
                            g.setAttribute("scrolling", "no");
                            g.setAttribute("allowfullscreen", !0);
                            f.appendChild(g);
                            a: {
                                for (d = 0; d < a.a.primaryFiles.length; ++d)
                                    if ("EXPANDABLE" == a.a.primaryFiles[d].renderAs) {
                                        d = !0;
                                        break a
                                    }
                                d = !1
                            }
                            d ? (d = document.createElement("div"), d.setAttribute("id", "st-rl-expanding-component"), d.appendChild(f), e.appendChild(d)) : e.appendChild(f);
                            document.body.appendChild(e)
                        } else document.write(['<div id="', b, '"></div>'].join(""));
                        c.creativeParameters.ad_container_id = b;
                        c.creativeParameters.generate_ad_slot = "true";
                        null == c.displayConfigParameters && (c.displayConfigParameters = {});
                        c.displayConfigParameters.ad_container_id = b
                    }
                    c = a.a;
                    b = c.renderingLibraryData;
                    e = b.version;
                    if (w(a, "HTML5") && !("latest" == e || 0 <= C(e, "200_108")) && (c = c.html5Features, !("Modernizr" in h) && "array" == k(c) && 0 < c.length)) {
                        e = !1;
                        for (f = 0; f < c.length; f++)
                            if ("svgFilters" != c[f] && "svgFeImage" != c[f]) {
                                e = !0;
                                break
                            }
                        e && E(b.renderingLibrary.replace(A.pattern, A.c), !1)
                    }
                    b = v(a);
                    c = b.inMobileAdSdk;
                    "1" == b.dcapp || "1" == c || /Android ([2-3]|4\.[0-3])/.test(navigator.userAgent) ? (b = l(F, a), window.mraid ? (E("mraid.js", !1, "text/x-do-not-download", null, null), F(a)) : E("mraid.js", !1, "text/javascript", b, b)) : F(a)
                }
            },
            J = ["studio", "rendering", "BowResponse", "processCreativeData"],
            K = h;
        J[0] in K || "undefined" == typeof K.execScript || K.execScript("var " + J[0]);
        for (var L; J.length && (L = J.shift());) {
            var M;
            if (M = !J.length) M = void 0 !== I;
            M ? K[L] = I : K[L] && K[L] !== Object.prototype[L] ? K = K[L] : K = K[L] = {}
        };
    }).call(this);
    var creativeData = {
        width: '728',
        height: '90',
        slotWidth: '728',
        slotHeight: '90',
        renderingLibraryData: {
            version: '200_230',
            renderingLibrary: 'https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_230.js'
        },
        impressionUrl: 'https://googleads4.g.doubleclick.net/pcs/view?xai\x3dAKAOjssLFw2JZh7woBKJm9iltf8272EKli0Q3Ymw9guUkS5xE25vjv0eNa3Dx1f4FR563yoGLYv130BSiwHpWzLhnXAaQkhkFytpxGgiVCTFKO8aZ-i2IkexBF4mZLMJLi6wC3hCUJxSKLn6ypfzG9WMmgedvhEoRa8BeH50FYsoly-Q_GuECiCjSp-A6juqWnPQf5WgBaqUf8WDS0FRGYHsXEoQ62WOy6ADAUc7QdFc8VGEfn-fJ_NT9AsRHV2HrmjOH7UHGuUV13rt-cOM8JL2zPTG4VzKjYvN5wjBN_zalzVT6Yr_mvHTU_-WD5Gih8qW_YVHex6QsUetWdKGg0N43vbkmV9Ew-62ThUE80ZCaMLy9yYopwjsTalxT1d1nRSUvNltnAbfSNqFtN8PAfCY37zSLKgMncjzIJ3ioX8UpDArPNLnjrieaN-4RRBtlWHQzgl6L3T2GhW_p0ziELNHWiYXYbX_NNNbIioSsX7Zn9OqkJJsjpR9mwA3whvgk8XZemi0vyg7qlz8-KrZe9uxblRHjHsDIo5rrqI97soauySW9HriSDmE3Gqy8yQhGqAdfqKpRmnKO_70OqC3-3wl96SnhKUsox6-SRMV4D-3JUCLjnpzjABPMuP_UP7MIEOqMMWCqjuT5NcAXkUQ4_WeSlYR9WbuNR2fQWsC4ewOsKaLy1FuKn9WNmJBAELfMY08EAKmMNO6GkDREYpc2s1UaKoELtc2y9Vz2iCszoXbcKouYJf9II8CCjfHqjsgg-IKsG4pTOdlPqV6sPgNePgUIUZ9zufFDWAO1BoawMCd8IdrCuFjUsHwtxS_5a2QH-Q\x26sai\x3dAMfl-YSVneJ_D5PcDGX3Gcd799Os43ZJTbXBuK-2YrwpGZj63AMUw0PXPT_M8oMLNj-o6vF0FX9ugmU2e5JPYR0QF1GxUUYeCkl5\x26sig\x3dCg0ArKJSzMLWNG8jPeS-EAE\x26urlfix\x3d1\x26adurl\x3d',
        eventTrackingBaseUrl: 'https://ade.googlesyndication.com/ddm/activity/dc_oe\x3dChMIqKPo68nq2QIVj5GbCh3oeABpEAAYACDY65Iv',
        customEventTrackingBaseUrl: 'https://ad.doubleclick.net/activity;src\x3d8454919;pid\x3d216235150;aid\x3d415218976;ko\x3d0;cid\x3d98874840;rid\x3d98889227;rv\x3d1;',
        clickUrl: 'https://adclick.g.doubleclick.net/pcs/click?xai\x3dAKAOjssXvn3o-AL83EIk-oe85rYUq9ldZv8DvCIFnf7PMHpEsEyisTAv6KCgv6q4DeVM4_1LnhSflNjUGKvS3RLyeMi60Kf9AM1FZYvpaEAR_znOBZotlpMeWsrY6wuvTMopzwFO0Z4O1wDrJ7B3niabE-RJNedzz3tfekHhnL6tPihD4P1mHpz8b5Kat9rjGGhRXb0jtXFxdJBFBTgjzTyIJtXKeptb_rhZ9NjY-a0MK7R7KIx54S9MnyBGx120BqQ24OeO40Lo-MIBJbuC-lWow1auaz_KlIf6qLlkT_DXtLgwwQmQfMaXxjHu9ds1RWKDV0CpWCt3-uBGAE-t71KrC500bJoFDn1p9R__x5xlCUZxDhmEBRsKB_SwVwgjq2oxszMAXxX0vHbpTGvE3yezdRp3IGqXaXqbS9cZUtW_5PVairNlobdSngOjOnEa9Y266Pds83TPaAvOl-XZr9jmeCy7tD7nZU0kfkQgMIsiGmUkVg4YsYt6mrr_hzX7xjpNa9BpBze9mck09aKyK6T0x7Wpl0y9OSXkJiuLfl94qMNix6BMv_Z89QJD-FUhVFz3046Gz8XuALMHe-SbjgXd7ZLkXSyng5qyrK33sgagRrzurrwNb46kS_i5kdAW66ArDZ1knExyl1TCc69XmH3YyMpkMvutiiBzVVo-K2Q7qNd_TM4NuUbC9v8W1ln3qxaz_I4ybTzWRMl5Y1FMu74oI84bX-Mr7PKumHdQPqhmHPBJo3GRxQBcyK8KdoS4WG7RjE00idiBuQw6QlzpmeYwjJajQz4NWpy4PNJG5cuBQSVtdhgDFA98SYBX8F_r_1Q\x26sai\x3dAMfl-YRmTW7BCuwu_-Gg2MbYOK60-f52L_3hvuB0t2ePf6QXuwd78e1ybBz2sh1CYtIQeiGFi-X4PeFXfG1VpaFpUZkMYw0wihFLxlyvrXGz-Bc\x26sig\x3dCg0ArKJSzFisB_sgiVhEEAE\x26urlfix\x3d1\x26rm_eid\x3d[rm_exit_id]\x26adurl\x3d',
        thirdPartyUrls: [],
        clickString: 'BolvRYG-oWqjzHY-j7gTo8YHIBgAAAAAQATgB4AQCiAXQqvcJoAZH',
        activeViewUrlPrefix: 'https://pagead2.googlesyndication.com/pcs/activeview?xai\x3dAKAOjsu4bvWiH-Hp2vsoZgbUH-7eJt2kOA-RoA4bAfonD8Vxceazom5O0OQlsADXs-NRW01lChZqGQOx0NJJb-YY\x26sig\x3dCg0ArKJSzI58mEPNTQ6cEAE',
        activeViewMetadata: 'zac\x26opac\x26la\x3d0\x26',
        dynamicData: '',
        creativeParameters: {
            'CREATIVE_PARAMETER_ASSETS_DATA': '{\\\x221520517208433/BahrainSet2_EN_7280x90.html\\\x22:\\\x228454919/1520517208433/BahrainSet2_EN_7280x90.html\\\x22,\\\x22bahrainset2_728x90_en.jpg\\\x22:\\\x228454919/bahrainset2_728x90_en.jpg\\\x22}',
            'CREATIVE_PARAMETER_VIDEO_ASSETS_DATA': '[]',
            'CREATIVE_PARAMETER_VIDEO_DATA': '[]',
            'CREATIVE_PARAMETER_LAYOUT_CONFIG': '',
            'sn': 'N5897.328593.VIVAKI.COM',
            'sid': '1308275',
            'aid': '415218976',
            'buy': '20829520',
            'cid': '98874840',
            'pid': '216235150',
            'rv': '1',
            'adv': '8454919',
            'exit_suffix': '',
            'geo': 'ct\x3dNO\x26st\x3d\x26city\x3d0\x26dma\x3d0\x26zp\x3d\x26bw\x3d4',
            'displayHTML5': 'true',
            'CREATIVE_PARAMETER_EXPERIMENTS': '{ \\\x22disable_h5_mraid_imp_ping\\\x22 : true }'
        },
        previewMode: false,
        flashVersion: '0',
        html5Features: ['Modernizr.rgba', 'Modernizr.canvas', 'Modernizr.canvastext'],
        translated_layout: false,
        enableAsyncLoading: false,
        primaryFiles: [{
            type: 'HTML5',
            renderAs: 'BANNER',
            width: '728',
            height: '90',
            url: 'https://s0.2mdn.net/8454919/1520517208433/BahrainSet2_EN_7280x90.html',
            hideFlashObjects: false,
            zIndex: '',
            customCss: ''
        }, {
            type: 'IMAGE',
            renderAs: 'BACKUP_IMAGE',
            width: '728',
            height: '90',
            url: 'https://s0.2mdn.net/8454919/bahrainset2_728x90_en.jpg',
            hideFlashObjects: false,
            zIndex: '',
            customCss: ''
        }],
        standardEvents: [{
            name: 'DISPLAY_TIMER',
            reportingId: '2'
        }, {
            name: 'INTERACTION_TIMER',
            reportingId: '3'
        }, {
            name: 'INTERACTIVE_IMPRESSION',
            reportingId: '4'
        }, {
            name: 'FULL_SCREEN_VIDEO_PLAYS',
            reportingId: '5'
        }, {
            name: 'FULL_SCREEN_VIDEO_COMPLETES',
            reportingId: '6'
        }, {
            name: 'FULL_SCREEN_AVERAGE_VIEW_TIME',
            reportingId: '7'
        }, {
            name: 'MANUAL_CLOSE',
            reportingId: '8'
        }, {
            name: 'BACKUP_IMAGE_IMPRESSION',
            reportingId: '9'
        }, {
            name: 'EXPAND_TIMER',
            reportingId: '10'
        }, {
            name: 'VIDEO_PLAY',
            reportingId: '11'
        }, {
            name: 'VIDEO_VIEW_TIMER',
            reportingId: '12'
        }, {
            name: 'VIDEO_COMPLETE',
            reportingId: '13'
        }, {
            name: 'VIDEO_INTERACTION',
            reportingId: '14'
        }, {
            name: 'VIDEO_PAUSE',
            reportingId: '15'
        }, {
            name: 'VIDEO_MUTE',
            reportingId: '16'
        }, {
            name: 'VIDEO_REPLAY',
            reportingId: '17'
        }, {
            name: 'VIDEO_MIDPOINT',
            reportingId: '18'
        }, {
            name: 'FULL_SCREEN_VIDEO',
            reportingId: '19'
        }, {
            name: 'VIDEO_STOP',
            reportingId: '20'
        }, {
            name: 'VIDEO_ABANDON',
            reportingId: '22'
        }, {
            name: 'VIDEO_UNMUTE',
            reportingId: '149645'
        }, {
            name: 'FULL_SCREEN',
            reportingId: '286263'
        }, {
            name: 'DYNAMIC_CREATIVE_IMPRESSION',
            reportingId: '536393'
        }, {
            name: 'HTML5_CREATIVE_IMPRESSION',
            reportingId: '871060'
        }, {
            name: 'VIDEO_FIRST_QUARTILE',
            reportingId: '960584'
        }, {
            name: 'VIDEO_THIRD_QUARTILE',
            reportingId: '960585'
        }],
        exitEvents: [{
            name: 'backup image click through url',
            reportingId: '5418944',
            destinationUrl: 'http://',
            targetWindow: '_blank',
            windowProperties: '',
            backUpExit: true
        }, {
            name: 'clickTag',
            reportingId: '5418947',
            destinationUrl: 'http://springofculture.org/ticket-information',
            targetWindow: '_blank',
            windowProperties: '',
            backUpExit: false
        }],
        timerEvents: [],
        counterEvents: []
    };
    try {
        studio.rendering.BowResponse.processCreativeData(creativeData);
    } catch (e) { /* ignore errors but don't kill js execution. */ }
})(); < /script><noscript><a target="_blank" href="https:/ / adclick.g.doubleclick.net / pcs / click ? xai = AKAOjssXvn3o - AL83EIk - oe85rYUq9ldZv8DvCIFnf7PMHpEsEyisTAv6KCgv6q4DeVM4_1LnhSflNjUGKvS3RLyeMi60Kf9AM1FZYvpaEAR_znOBZotlpMeWsrY6wuvTMopzwFO0Z4O1wDrJ7B3niabE - RJNedzz3tfekHhnL6tPihD4P1mHpz8b5Kat9rjGGhRXb0jtXFxdJBFBTgjzTyIJtXKeptb_rhZ9NjY - a0MK7R7KIx54S9MnyBGx120BqQ24OeO40Lo - MIBJbuC - lWow1auaz_KlIf6qLlkT_DXtLgwwQmQfMaXxjHu9ds1RWKDV0CpWCt3 - uBGAE - t71KrC500bJoFDn1p9R__x5xlCUZxDhmEBRsKB_SwVwgjq2oxszMAXxX0vHbpTGvE3yezdRp3IGqXaXqbS9cZUtW_5PVairNlobdSngOjOnEa9Y266Pds83TPaAvOl - XZr9jmeCy7tD7nZU0kfkQgMIsiGmUkVg4YsYt6mrr_hzX7xjpNa9BpBze9mck09aKyK6T0x7Wpl0y9OSXkJiuLfl94qMNix6BMv_Z89QJD - FUhVFz3046Gz8XuALMHe - SbjgXd7ZLkXSyng5qyrK33sgagRrzurrwNb46kS_i5kdAW66ArDZ1knExyl1TCc69XmH3YyMpkMvutiiBzVVo - K2Q7qNd_TM4NuUbC9v8W1ln3qxaz_I4ybTzWRMl5Y1FMu74oI84bX - Mr7PKumHdQPqhmHPBJo3GRxQBcyK8KdoS4WG7RjE00idiBuQw6QlzpmeYwjJajQz4NWpy4PNJG5cuBQSVtdhgDFA98SYBX8F_r_1Q & amp;
sai = AMfl - YRmTW7BCuwu_ - Gg2MbYOK60 - f52L_3hvuB0t2ePf6QXuwd78e1ybBz2sh1CYtIQeiGFi - X4PeFXfG1VpaFpUZkMYw0wihFLxlyvrXGz - Bc & amp;
sig = Cg0ArKJSzFisB_sgiVhEEAE & amp;
urlfix = 1 & amp;
rm_eid = 5418944 & amp;
adurl = http: //"><img src="https://s0.2mdn.net/8454919/bahrainset2_728x90_en.jpg" width="728" height="90" border="0" /></a><img width="0px" height="0px" style="visibility:hidden" border="0" src="" /></noscript><style>div,ul,li{margin:0;padding:0;}.abgc{display:block;height:15px;overflow:hidden;position:absolute;right:17px;top:1px;text-rendering:geometricPrecision;width:15px;z-index:9020;}.abgb{display:block;height:15px;width:15px;}.abgc,.abgcp,.cbb {opacity: 0;}.jar .abgc,.jar .abgcp,.jar .cbb {opacity: 1;}.jaa .abgc,.jaa .abgcp,.jaa .cbb {display: none;}.abgc{cursor:pointer;}.cbb{cursor:pointer;height:15px;width:15px;z-index:9020;}.cbb svg {position: absolute;top: 0;right: 0;height: 15px;width: 15px;}.cbb .cbbbg {fill-opacity:1.0;fill:#ffffff;stroke:none;}.cbb .cbbcross {stroke: #00aecd;stroke-width: 1.25;}.cbb:hover{cursor:pointer;}.cbb:hover .cbbbg {fill: #58585a;}.cbb:hover .cbbcross {stroke: #ffffff;}.abgb{position:absolute;right:0px;top:0px;}.cbb{position:absolute;right:1px;top:1px;}.abgc img{display:block;}.abgc svg{display:block;}.abgs{display:none;height:100%;}.abgl{text-decoration:none;}.abgi{fill-opacity:1.0;fill:#00aecd;stroke:none;}.abgbg{fill-opacity:1.0;fill:#ffffff;stroke:none;}.abgtxt{fill:black;font-family:'Arial';font-size:100px;overflow:visible;stroke:none;}.abgac{position:fixed;left:0px;top:0px;z-index:9100;display:none;width:100%;height:100%;background-color:#FAFAFA;}</style><div id=abgc class=abgc dir='ltr' aria-hidden="true"><div id=abgb class="abgb"></div><div id=abgs class=abgs><a id=abgl class=abgl href="https://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html%26gl%3DNO%26hl%3Den%26ai0%3D&amp;usg=AFQjCNEWbdsl12_QVEYvFaTLs7_XUm1Rtw" target=_blank></a></div></div><div id="cbb" class="cbb" aria-hidden="true"><svg><path class="cbbbg" d="M0,0l15,0l0,15l-15,0Z"/><path class="cbbcross" d="M3.25,3.25l8.5,8.5M11.75,3.25l-8.5,8.5"/></svg></div><div id="mute_panel" aria-hidden="true"></div><div id="abgac" class="abgac" aria-hidden="true"></div><script>document.write('\n\x3cscript\x3evar abgp={hw:15,sw:75,hh:15,sh:15,himg:\'https://pagead2.googlesyndication.com\'+\'/pagead/images/adchoices/icon.png\',simg:\'https://pagead2.googlesyndication.com\'+\'/pagead/images/adchoices/en.png\',alt:\'AdChoices\',t:\'AdChoices\',tw:53,t2:\'\',t2w:0,tbo:0,att:\'adchoices\',ff:\'\',halign:\'right\',fe:false,iba:false,lttp:false,ci:\'\',nc:1,icd:{\x22creatives\x22:[],\x22height\x22:90,\x22width\x22:728,\x22attribution\x22:{\x22user_feedback_data\x22:{\x22mute_icon_url\x22:\x22https://googleads.g.doubleclick.net/pagead/images/mtad/x_blue.png\x22,\x22pub_feedback_icon_url\x22:\x22https://googleads.g.doubleclick.net/pagead/images/mtad/x_blue.png\x22,\x22conversion_url\x22:\x22https://googleads.g.doubleclick.net/pagead/conversion/?ai\x3dCoWrKX2-oWrTnJ4Oq6wS4542ABInWkeNQldmrsvkGq9D0_QgQASDoz7IcYMPcpIWYGMgBCagDAcgDAqoExAFP0Lz2rP7HWe0jIY4HCYlFl8ud0MK6oHXXpEb3bS0L-eC2PoOKYPyTmQb6XQjLBULpPeVzDue_U3q4qicNnIt9wufozEbyO1MkYD3NWp6b_KBUPl2hEsTcW2a_MF1QMLS-7jXokU353WB0u88gNDWStXedIIEqYewhcLjoj59v2ajSjtBXdGfIt7cd4co84BTw2dhFLsShugWzujcj_1FOxeEB9qMCDP_7sz6VGc6qYAPR0Uk3QDJdrUoXEpYq3XUvk3G44AQDkAYBoAZMgAeYzbl8qAemvhvYBwDSCAcIgGEQARgCgAoB0BMA2BMD\\u0026sigh\x3demJr_GJVov0\\u0026cid\x3dCAASBORou80\x22,\x22close_button_token\x22:\x228dHm6SGD8YsIldmrsvkGEJGW65cEGLHS2HxCAEgAWABwAQ\x22,\x22interaction_conversion\x22:{\x22label\x22:\x22user_feedback_menu_interaction\x22,\x22label_instance\x22:\x22\x22,\x22include_close_button_token\x22:false},\x22survey_header\x22:\x22What was wrong with this ad?\x22,\x22back_icon_url\x22:\x22https://googleads.g.doubleclick.net/pagead/images/mtad/back_blue.png\x22,\x22mute_confirmation_header\x22:\x22Thanks for the feedback!\x22,\x22mute_confirmation_text\x22:\x22Well review this ad to improve the experience in the future.\x22,\x22pub_feedback_confirmation_header\x22:\x22Thanks for the feedback!\x22,\x22pub_feedback_confirmation_text\x22:\x22Well use your feedback to review ads on this site.\x22,\x22closing_countdown_text\x22:\x22Closing ad: %1$d\x22,\x22attribution_text\x22:\x22AdChoices\x22,\x22attribution_icon_url\x22:\x22https://googleads.g.doubleclick.net/pagead/images/mtad/ad_choices_blue.png\x22,\x22attribution_destination_url\x22:\x22https://www.google.com/url?ct\x3dabg\\u0026q\x3dhttps://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html%26gl%3DNO%26hl%3Den%26ai0%3D\\u0026usg\x3dAFQjCNEWbdsl12_QVEYvFaTLs7_XUm1Rtw\x22,\x22ad_feedback_icon_url\x22:\x22https://googleads.g.doubleclick.net/pagead/images/mtad/x_blue.png\x22,\x22is_rtl_language\x22:false,\x22feedback_options\x22:[{\x22text\x22:\x22Report this ad\x22,\x22conversion\x22:{\x22label\x22:\x22user_feedback_menu_option\x22,\x22label_instance\x22:\x221\x22,\x22include_close_button_token\x22:true},\x22survey\x22:{\x22header\x22:\x22What was wrong with this ad?\x22,\x22options\x22:[{\x22text\x22:\x22Ad covered content\x22,\x22conversion\x22:{\x22label\x22:\x22mute_survey_option\x22,\x22label_instance\x22:\x223\x22,\x22include_close_button_token\x22:true}},{\x22text\x22:\x22Not interested in this ad\x22,\x22conversion\x22:{\x22label\x22:\x22mute_survey_option\x22,\x22label_instance\x22:\x227\x22,\x22include_close_button_token\x22:true}},{\x22text\x22:\x22Seen this ad multiple times\x22,\x22conversion\x22:{\x22label\x22:\x22mute_survey_option\x22,\x22label_instance\x22:\x222\x22,\x22include_close_button_token\x22:true}},{\x22text\x22:\x22Ad was inappropriate\x22,\x22conversion\x22:{\x22label\x22:\x22mute_survey_option\x22,\x22label_instance\x22:\x228\x22,\x22include_close_button_token\x22:true}}]},\x22undo_conversion\x22:{\x22label\x22:\x22user_feedback_undo\x22,\x22label_instance\x22:\x221\x22,\x22include_close_button_token\x22:true}}],\x22mute_panel_data\x22:{\x22adchoices_icon_url\x22:\x22https://googleads.g.doubleclick.net/pagead/images/adchoices/iconx2-000000.png\x22,\x22adchoices_button_text\x22:\x22AdChoices\x22,\x22closed_message_text\x22:\x22Ad closed by %1$s\x22,\x22enable_lightbox\x22:false,\x22google_logo_url\x22:\x22https://www.gstatic.com/images/branding/googlelogo/2x/googlelogo_dark_color_84x28dp.png\x22,\x22report_ad_button_text\x22:\x22Report this ad\x22,\x22confirmation_text\x22:\x22We\x27ll try not to show that ad again\x22,\x22see_my_google_ad_settings_text\x22:\x22See my Google ad settings\x22,\x22protocol_gstatic_host\x22:\x22https://www.gstatic.com\x22,\x22jake_mta_context\x22:\x22\x22,\x22overlay_message_text\x22:\x22Ads by %1$s\x22},\x22why_this_ad_token\x22:\x22AB3afGEAAAEMeyJ0YXJnZXRpbmdfcmVhc29ucyI6eyJhZF9yZWFzb24iOlsyXSwiZXhwbGFuYXRpb24iOnsiaW50cm9kdWN0aW9uIjoiVGhpcyBpcyBhIGxpc3Qgb2YgdGhlIGluZm9ybWF0aW9uIHNvdXJjZXMgdXNlZCB0byBkZXRlcm1pbmUgdGhhdCB0aGlzIGFkIGJlIHNob3duIHRvIHlvdToiLCJpdGVtIjpbeyJkZXNjcmlwdGlvbiI6IlRoZSBpbmZvcm1hdGlvbiBvbiB0aGUgd2Vic2l0ZSB5b3Ugd2VyZSB2aWV3aW5nLiJ9XX19LCJyZW5kZXJfYWRfaW5fd3RhX3BhZ2UiOmZhbHNlfQftORRYGnS-uEPsI4ERsGX6EGQ6mTX64jAM13RNCrIN_8YZIAVG1_UrJXfgp8C1NBX6hWJRyWh5zLzAhhnVkA-ydPG6UqbK2VjoLb29iFNTnIXtgGiAGVX1wPBjUXqHSZU49HPE2OM9jncfc003_qqQNrGNwS08vH6YDRMMxZN17S8EcVf7-dVqnjTukGzzUUyAJQ_FSFXbAeuW5MhoFARAm8Gge27jmJlyLNwFB67Q1Bnu5qlfW3MKboeVUio50EbcgFyuOdDRuSrqTaSglIiP9a87OY9GkofWHw37V4oLx9v6FS4te2a5arJv1vTAWmYa4UoI6BS1SCWk8BtUKVU,M0Xt2dAzfoh-4EAN57Nrjg\x22,\x22why_this_ad_url\x22:\x22https://www.google.com/ads/preferences/whythisad/en-US/RoOyDD7L4IWn5ZfI/#/AB3afGEAAAEMeyJ0YXJnZXRpbmdfcmVhc29ucyI6eyJhZF9yZWFzb24iOlsyXSwiZXhwbGFuYXRpb24iOnsiaW50cm9kdWN0aW9uIjoiVGhpcyBpcyBhIGxpc3Qgb2YgdGhlIGluZm9ybWF0aW9uIHNvdXJjZXMgdXNlZCB0byBkZXRlcm1pbmUgdGhhdCB0aGlzIGFkIGJlIHNob3duIHRvIHlvdToiLCJpdGVtIjpbeyJkZXNjcmlwdGlvbiI6IlRoZSBpbmZvcm1hdGlvbiBvbiB0aGUgd2Vic2l0ZSB5b3Ugd2VyZSB2aWV3aW5nLiJ9XX19LCJyZW5kZXJfYWRfaW5fd3RhX3BhZ2UiOmZhbHNlfQftORRYGnS-uEPsI4ERsGX6EGQ6mTX64jAM13RNCrIN_8YZIAVG1_UrJXfgp8C1NBX6hWJRyWh5zLzAhhnVkA-ydPG6UqbK2VjoLb29iFNTnIXtgGiAGVX1wPBjUXqHSZU49HPE2OM9jncfc003_qqQNrGNwS08vH6YDRMMxZN17S8EcVf7-dVqnjTukGzzUUyAJQ_FSFXbAeuW5MhoFARAm8Gge27jmJlyLNwFB67Q1Bnu5qlfW3MKboeVUio50EbcgFyuOdDRuSrqTaSglIiP9a87OY9GkofWHw37V4oLx9v6FS4te2a5arJv1vTAWmYa4UoI6BS1SCWk8BtUKVU,M0Xt2dAzfoh-4EAN57Nrjg\\u00268dHm6SGD8YsIldmrsvkGEJGW65cEGLHS2HxCAEgAWABwAQ\\u0026https://googleads.g.doubleclick.net/pagead/conversion/?ai\x3dCoWrKX2-oWrTnJ4Oq6wS4542ABInWkeNQldmrsvkGq9D0_QgQASDoz7IcYMPcpIWYGMgBCagDAcgDAqoExAFP0Lz2rP7HWe0jIY4HCYlFl8ud0MK6oHXXpEb3bS0L-eC2PoOKYPyTmQb6XQjLBULpPeVzDue_U3q4qicNnIt9wufozEbyO1MkYD3NWp6b_KBUPl2hEsTcW2a_MF1QMLS-7jXokU353WB0u88gNDWStXedIIEqYewhcLjoj59v2ajSjtBXdGfIt7cd4co84BTw2dhFLsShugWzujcj_1FOxeEB9qMCDP_7sz6VGc6qYAPR0Uk3QDJdrUoXEpYq3XUvk3G44AQDkAYBoAZMgAeYzbl8qAemvhvYBwDSCAcIgGEQARgCgAoB0BMA2BMD\\u0026sigh\x3demJr_GJVov0\\u0026cid\x3dCAASBORou80\x22,\x22why_this_ad_text\x22:\x22Why this ad?\x22}},\x22flags\x22:[{\x22name\x22:\x22jake_ui_extension\x22,\x22value\x22:\x22jake_default_ui\x22}]},opi:false,ti:false,mob:false,il:false,eaca:false,eda:false};\x3c/script\x3e');</script><script src="https://pagead2.googlesyndication.com/pagead/js/r20180312/r20110914/abg.js"></script></div><script type="text/javascript">(function() {if (!window.GoogleTyFxhY || typeof window.GoogleTyFxhY.push !== 'function') {window.GoogleTyFxhY = [];}window.GoogleTyFxhY.push({'_scs_': 'BpQVfYG-oWqjzHY-j7gTo8YHIBgAAAAA4AeAEAg','_bgu_': 'https://pagead2.googlesyndication.com/bg/lSvH2GMDHdWiQ5txKk8DBwe8KHVpOosizyQXSe1BYYE.js','_bgp_': 'IKVaAH0MD5FRY2tFeLJuaivd8zfr4vsD1R6EevSqaasGgyCfA1VuNWfNVlZMLT4fMLs9BLvA6RiJJZDq7RLpqrqv0AKS1hX+RlnPkukGXn6OGCY3Zz/1smG2eHgY7yA8kYTFWcPJrZ8j1FT5JMX5OcCeOGvFyNhWvcW3jAUgGvizlr9hy3PgrPTbh8ntkcN2y3XJacUlLojO82k260x+JCMyYXNJzWikCzmlxGL0y/5hJB7ZBaWmARJuNMB/SEoQFrFz3jK/a31Nul2sYEVBClMhV3bJJvj/17OBAo51IxhF4RUYTCmv/Ed9l1oQk/bTmuIx7vpBmqZ+BQleigTdffoefSkqi48BhkS9qDyyEASk79sCQe9stQoLbOeYStHYQAEQeWHwVxWptYxSS0RUzU217TVX1ZT5Jx4hKwmnuq9qAsIl1pSCJy9jdiqhS3d7NM4HbSjY5YkUx6WRzhy1xtCnOktITjnQzie6k7OBXbjGp645Bw4Y4PkCVz3e8t5plAwdnFeYDjyVK7D0yhkl/HHb8ooL0paBTz63oUClNGKxhY8CL5baIkp01n22gOosJ1cRytI7mkp7fvdflFQQpcsEcMaX2onlSfZNyZPSKapQsHhDoPdWm/EbU+6vysKyRvxHO5CGmiPdbbZwYQli2bAOg0DBLyPpIU8jBU1f0wbp/RegKd4bUHq6tXsHda0vrdSdd6oLyr0chICQXolVfaikY0nLfzIuEeEvj5c+HNn3Cz1q+Bi1mH5Gy2tLh4T19azLh/XrKkIQYYFaQq6jWGcQEgZESAE2VT7PBgL1Fsh1sOJa02h/vgOkEDLORIlGyZtg5UmNlH2gSAcr+UOwtNcWsCF78PFSj/T9x46drcgbXUkQuK9LvSnam5bTT0sEcl4RHAdIOl01GUPvTcclzEr8oMBIgmot2h4KsunfmCoWD7AsgRGEHXM7FCgYWoDo77T6B98dzR9uUknVznSRBY7p9+6SOT0Lm3+MmGTh32ZUrfSWgk6L1rOeMWIz799/3zVj4mnC0i/8FzWw14sNgYjF36QpxaIbL1Ufz6ystKkZETYrWv0fyihqlAJUYokVAt+uuRVmWfgT5Ez69Nhi9ru/mp6QA/S/6mqcLA2zWzJP4ePHpLpXM6mNlrkfM+xTraA0k2nBOQwy9jWB/RqXtqMEqJhELjdsoTbL8ORBg/Wnew58MJlFel3WckKEItBxwreioEQq4ffg4CiW9QETTBZ4eA128smkKWJWf4BlLaDrlKMsv2pdRUJhPFFwWDhjVYZwY9cjrsrq0xYCrNMks2VJarChlHjZpKe61twPoejomZPLGokt3C7M/LUyCCwJmL2BPxoG/q1QfmIjZTpQK9uOA4Us3FTZWkmEf1Vw2MQpye9H3Rprs+Dm3QSzpbRAjKsffRO5i0FnizFW6aCxbTyiYNJMqcTk/qKjkJEUEXfhlt5w+TBEhLV7l7zYCVDWFUN6qxtzVh54msQylG8rfUzHO6Ur4+xYAX1pDZjX7vupvmJ2M5sUeyJGkVOn4oIVkGaxBjhQbhVzUIZSRzRI+7yNMKTrJdEwqZpSMK6LBE4RQV+SM95sd8bQxjxPDpLHGDKQ/pppNP26+uqZMlupDgDEqx7Ld2WErwwuaWA4B29qfupe1AXg9Zo/XNB5cz9PRI7bg2vV/AungmoOmmgEFB550QUn03O3CpQ+Vv8ddaB1PtRLjmYkt/gtypW43Wu3kRbVA7F16CAOvsVlZBxnd92WxR50EF5CxPn6Jrdn8/hkhqjubyy23hRBmmE41TtjKRC9ROAlshEt5wQIDz6czg0JHSLcF8lvIJgjD3mbA6np3D5oLPaKpuWqF28M+Samlkl0NUDno57VNSqnv24hHycWsFQUJtW76YimuBzdESl6PuENSWQjD7VgohHfvI7MUktKQukGuXJNEVbsn0Sob0CKfPWZxvJCH/Po/r062kTJWfWcOlEj/oEHSXXwnC4w9CelIHiIVgVC1vvqw9ZnG0ZiTUrDYDc+k+3TDOZHEpU5WJ5sREPKFkOLUwXgn+7bXR0Ul3k1t04YCOhP9YS5aj2NuzA5vcY2kfU73SaHQTMhjbSHS7Onjbt/Y9vBOq+CGYQ/LT62LrvJS+yCYL6kFZj7ErYwGDg56irGikrVAu9rzq8IapzQHB5eV/uUrQNIfjPp9QJ9Q0TMlLHLzL1MszFrAepEhICf1A2355ACzGRNaYbk8ENuSovhxo71irSnDerGK+0C5vWjJ0Xk8Z/EnOwdDhodh2RjSEBi0yj11YO/5on0RHntjPsQ5okSr5i+WVXQtoRZkGuoPQ54KlwTZYEbVH7l2mWivvmwPcWuxKt2gxkp+xgeqLcvvHKxDbu0abJfWiPpYDeZs/TcSPQj83IbZzPQQ7RZ9Eo8e2L46wuerhe67ltytM+owjo8U017TLyRZyCyWzNTa6nJFnNKnNfOgKk9iSc7XYxcjxl1XDjbmuZFx0qvk3qHsO71NU3vW/aXFznVKaK4+u2tCeh/8eu5gLuuqwJTh21FAz9UqcXfDfB92jAwRAl6/BYenkABE5USNzTnRTuyJeDhfZnq0gzyu5DIMZfirLyPOI5BCFdKBeyAakYQ7MoovBggIQd0FeB49pQP9cflIBfTzDNeoOdG1hFk++bHfM0kcX7Nixamsivngbi13f4XH+EJzoqZDtLRi3yOUycwGv7a3msXtOGK0bEjYl7DlkmowXSMsj0pGTfZ2+y2BpRtnaCyEUgAvZiYY8tfZAhwdc6q94CMmoxvH+AYg1RYXywkNZSHKz25mlZczCb28WnHpwhRoUtMs2WGFBcYQ1Q1uQzKLwzZqBK543eYZRXmeL6aODqR7bQOfSKqS84N3HtSqpzBWuxlruT08EZ9hRL/XIRXpm9ZDuvMxgsUV85bFycufD/uBDrCO//CgqqGjIg1BZVtbY/eCwsm3X51OeDbFA/n/ZRWWQFshwyPHNUwilHHwiMI77yc3hMnOL4kihFgmrtk5Hd2Moq8R/FA7/spogwcvbXGrEQZ9EFjdjgd0XKei0h6kHE+h1an9xMoc6LOGxP3AqyPAPwNDlYXrgfVosqLUYGoQyYP+W7FffniIW+j8gtNY2CrP9G0sjfJcl8Eb4WYLN/cj/kR1FMRySOf9Swd2oX2rBRLUq00OdAw/ohhVhPhs0lUbC/hPtzOvvvRTFFsPUqeJ0gvheVKEteGQ20qAn2GJPanWT16OnthBxFVFewWVlHIJO4zlG5snPHmK4/2q8njybkTHJlGYcuA9gBpMCFixRrTc0+W3q2rSvGbvxKmVKhmWRQ7O/Hxzvuw0DmBsEufBW7+MgavYAU3r7bls89+KfubjZIxevg12nVsixuNrClkpIY8BU/UwJQp/xHTbdBCyVoBnEdZUR2K0/bXtMSYWhZw9nZliPTElCfqCk0aPCFEIvPmjTGpHgRC91pavnj9/JMkyY7hFRPNY/TNyazyDEoZyPfcIvoEafDceWzTPx1/qU4rc7QffXRXUiXKpgeKzc9EcCuVEiT1tLH4vfLLt+646N9+txVeXPse78G/Yp8cWHDUGnZs/Irs7Rxl9hH01qZ3KelqTQvmCrMhZdCDJvkfD12YQZtVb8f7qcIMCcQduSx2uSW6ytXHGOstz08WHOM2yNGO0NrQC4SbShjhqhwKYpXIOsv8/9Jp4laCopbL5hvQYQ2ghGEEk0IXrLXvVsuXgaen/o+ksZFi9C9Q8rv//Y2og75gEIJw1xbSys8uALy0YhxhwBQeXVnaWhaiY9O1KL566DmTuZ8ymNKV9DBu304mNeJ56Ui+vXcpCyFDAYeurBFhJ2Hl4DIgVYoKJ35VimM7Rh3Uepnp7QlkkgewjQiSOvc94pHhGKM7dBBsm0aHVEU0vrJH70h22vBaz04ox7D1d1Ubwsq0DtjW7YDXHBG8CJgcdAEPJwRBHopEfK0VAaFiwKJxk9tsXYYmH1setpeloKXG0DfJk1lMgeat2iwYcZSnayjCTHKhvp/Olux615ANwY9fC3jy745MY71rwL02GByT/w4Chj5pqCRv+IRNNj/m3cFtsq0fc3wQnVn/0FoPD6i3GPUdgCP5PGK8jU7r4VsRGoeR3Q+bI8OhMDpgYEurZ738sN9YWNiVEzfIU9mjIniVT7rV8WSVmtCCXwEKe/BKrrBBfTJVga0qNjueMzjEJn6FPyeh5qHov876KuVrnDBx2a1PBfw5euCQkB5oHH4pnhMzZmvdqMzxeu8CFCr/xN60VKrppTu0HlfOsQEFxN45PDjnxx0M5QkQbl83CCElrhwPqhXyD1uV21gxxLUj/07Iv8Kc0QNSLSBbJRV4406/H8IeSVGBFBMZ86XnxeqLCHQCB0N0ftLQGg7rzhLgkbsxErfBBTGd5y/j/tzW4Rvr/NfaBCzrtyOk7hOqT6+Ms9fRwdLZcT1hYCWOWaSoKZUfC1N87yRfkBES2IFNYs3xQj3XORUQ/ugwpX1sBDOat/r7sebO81jN443ZYNix2nO4tlkRq+aoCo9MKHjBVr0n3ivG09dX0+opsenvOZOEZvXRwIQ8x9wptTTbnq9gjH/riTUTwSCY95XXux954pBlnKrTG69KnzjyzPwD7LCFBefft/xPYh5HaddztvAkNN8U+Fq+OJV5cRzd5XL2y6MATsyi1Z87ak+5PsYXPZhudCXyLpm1vVbZDC0AaspMe6RGkTQ1b6rczH3KBomYtuZ9TAaA/Sa5H44s4d6Qx4dNomw3CIbOHIsGxbyksfNxjfcs7kNotsqOyDnL6qSlMJTqIKbhoBDZLR2YixKd1NOwPaqPHjHGgdzjW4Xb7YP0YQgNWp+sBpt8RK/+yckmPPybfgHfzTGgbwIXDwmtMOvK+tC4ly9VoZPG+QhEPuRmlhEF7odQzFS3wRO3r/qgNuP2zrD1i20SBJSdStQMAOGXLbYpOEwl20QmMmPoAZGKhoxnJ5E+NLVkD5hfcUYp+Zgbd2Alx2Equ+ACNypH9S+MvXpVDBJ9/1KJB4AXbzN9V1FH7Yrqp9nmXnuBXYKUGMg+Mk9XCje++j+QwneLnvxx/0tOslO43gwij33sRwT9OVxBpFDkZC6liUvBfmtmcOw/5FSg/YWeonM+kjOg+MLknz7QO0NeSydsPpcPM35nsWi4S8oOeUsR5/8WhpOWXSL+FrxdkJ61tSJyABO+edrpYm46DSUN7Vmlqz9eIgNw69fDiRfdvtBv5jFavQSUvVmb6/WdnD96dNO+0WhTeUniHlBDG1nfor5LkqivjwsOq+sz4dJVvr6qlTW1rs/o9TaAVBFbvy1rI5unFF65fSmkK9IcXrFZYLz0oepdeQ6+X89QLJkzbssfaOxSBVNl3lT9274WsIyhLLd/rzFbTXLhYl1pdqbYrWEs9xanwxbb7L8x3wEa+bGnjKiSUHb0QOxUekKqTubey844OskjaCFTDgdPckWb2+ZUX2jA0GvOiVyDbZWUSf9zDZZ07yC4eJkjmdoKGsXs5VL1jqJlfBdPQJtA0RbNKxEwhK/iiEECpKdsdVpRvA5hoX8MuMdUoyqS5fHfH1l6c00uO1XFFZJuAgdEjtGoVY36rRvUtOBimQimLugcWQ0hEZ4nDiu+ga7NVTN/9pAzJfNhb9irOQs6wsum2+r+jVTq4JYO5XVWkuR1kujFFi2e+ITZe3v1mvAtyROwxDzpxEuoGsrlOhxEhBHlstZ5T5konGepzwGIyh8BmpPcR3mG0ZX01X9Dqx3PpTWzh8wlSBJ/fY7w7vU1QHdBEzgNsFp9zN7eLiM5kLEvEZ8wxL4PHTDVanf1akGPfFd24Kein/T9IP6GZF63xWFcnqBpCSi54JsgTR1P+MfffyjGYHLEBywjbhe+0ak673NV+dnRyKWEVJ2P7uks+1Q7igj+fNmGRtXiN06nQXsXbViIx+e9RBrhybGLOdNbQsFONRsqZHWqDgekTuTXG0bjS9G8B8QM44Qz2dqdLUoDQKGbpnv/kcEsEQBMg\x3d\x3d','_ifr_': 'false'});var gsodar = document.createElement('script');gsodar.type = 'text/javascript';gsodar.async = true;gsodar.src = '//tpc.googlesyndication.com/sodar/V6zvOIoD.js';var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(gsodar, s);})();</script>
                                    

#8 JavaScript::Write (size: 51, repeated: 1) - SHA256: a6ff5b4126c399432c1bdf240cf220a7e0923ed6cab858179437888e49827c33

                                        < div id = "dclk-studio-creative_1520988000580" > < /div>
                                    

#9 JavaScript::Write (size: 1372, repeated: 1) - SHA256: c12e4c4259b93fa0e18c0fb5801d3a5778dee2c90e890c18066763dca0447db0

                                        < iframe id = "google_ads_frame1"
name = "google_ads_frame1"
width = "728"
height = "90"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&amp;output=html&amp;h=90&amp;slotname=6844291416&amp;adk=1487667633&amp;adf=807048394&amp;w=728&amp;lmt=1520987996&amp;loeid=332260007%2C38893312&amp;format=728x90&amp;url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;adsid=NT&amp;dt=1520987998146&amp;bpp=34&amp;fdt=40&amp;idt=192&amp;shv=r20180312&amp;cbv=r20170110&amp;saldr=aa&amp;correlator=7111511273072&amp;frm=20&amp;ga_vid=1723159861.1520987997&amp;ga_sid=1520987997&amp;ga_hid=1524862060&amp;ga_fc=1&amp;pv=2&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=224&amp;ady=522&amp;biw=1176&amp;bih=754&amp;abxe=1&amp;scr_x=0&amp;scr_y=0&amp;eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1040&amp;bc=1&amp;ifi=1&amp;dtd=220"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#10 JavaScript::Write (size: 1398, repeated: 1) - SHA256: 67fb5dd3addbd037f8709fcad45c0f6da6851d9c8763415b3ea73efb965542b9

                                        < iframe id = "google_ads_frame2"
name = "google_ads_frame2"
width = "336"
height = "280"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&amp;output=html&amp;h=280&amp;slotname=3890825015&amp;adk=2507200848&amp;adf=807048394&amp;w=336&amp;lmt=1520987996&amp;loeid=332260007%2C38893312&amp;format=336x280&amp;url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;adsid=NT&amp;dt=1520987998432&amp;bpp=45&amp;fdt=49&amp;idt=395&amp;shv=r20180312&amp;cbv=r20170110&amp;saldr=aa&amp;prev_fmts=728x90&amp;correlator=7111511273072&amp;frm=20&amp;ga_vid=1723159861.1520987997&amp;ga_sid=1520987997&amp;ga_hid=1524862060&amp;ga_fc=1&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=242&amp;ady=850&amp;biw=1159&amp;bih=737&amp;abxe=1&amp;scr_x=0&amp;scr_y=0&amp;eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1040&amp;bc=1&amp;ifi=2&amp;dtd=449"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#11 JavaScript::Write (size: 1408, repeated: 1) - SHA256: 48887b72db56ec5b80fd251d0b45190766988df79ebb1282e475502eb9c4cf56

                                        < iframe id = "google_ads_frame3"
name = "google_ads_frame3"
width = "336"
height = "280"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&amp;output=html&amp;h=280&amp;slotname=3890825015&amp;adk=2507200848&amp;adf=807048394&amp;w=336&amp;lmt=1520987996&amp;loeid=332260007%2C38893312&amp;format=336x280&amp;url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;adsid=NT&amp;dt=1520987998482&amp;bpp=5&amp;fdt=559&amp;idt=648&amp;shv=r20180312&amp;cbv=r20170110&amp;saldr=aa&amp;prev_fmts=728x90%2C336x280&amp;correlator=7111511273072&amp;frm=20&amp;ga_vid=1723159861.1520987997&amp;ga_sid=1520987997&amp;ga_hid=1524862060&amp;ga_fc=1&amp;pv=1&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=582&amp;ady=850&amp;biw=1159&amp;bih=737&amp;abxe=1&amp;scr_x=0&amp;scr_y=0&amp;eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=528&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=1040&amp;bc=1&amp;ifi=3&amp;dtd=689"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#12 JavaScript::Write (size: 2218, repeated: 1) - SHA256: 5333df59e7488031750c5b83bd0c589419135a02cd4f582f0e650910660370df

                                        < script src = "https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B73QSBo7SuZyyjt0z8DU5JY83nIAaDNSXrSxctcTPYJzzKnwtfsbfk4YIW-Ni7RkXRttXF&dbm_d=AKAmf-AxG51_oAR8cTVCDPV4CtcrnmTPsHr-fihw0GvrbhbnWgGcryuXkDMBwiRrDZODcN-Pg7igvIrk3zdNf3dRd6KdwtefKCCGqTpyXXGfdvzMM6MWFziLq3FN0AEVquDO3SEUxGDcfzCROIGzXCvygUynvBmuZ46EeTr8l4mqfggGYUV6Eio3Of3pLNsht5BFFr_O8eoA13DtJO-aVYfXY0KZG72XYnAAG-KXjanRHsNrKLr0V-1dVn39JiRWndwXN1rA1p832stXQ4IAEAaeKFXKEiObgUn8iC8_X6kCG-I-OehYQzUSiRTMFO-DKzPECuZNrRazZwbwh5XEHiaMAuggTEEjtEnuPmU6NFAiczJBiiCHe9huRokYyHJbSHvTVTJ1umELpIXtUG-_E498bneaN-po3NX24ZzUbfO2xg8av9ETxn_bABbz8U2sLXYYPDGIxb9DKouavZ70awf-kIZS1Hc8oxZbIyGX3NLmdK84KraF8pz9jcyEP6J81LicJnzXz1rfZewt7--3BHMVey79KfnMPtnb2NA5YwSX54Txn3ym9mB3KWu18nSu-yDgz3Bf4yYRxhcxMkywREkrY5rrIBmKs_wLG2bh1H8lKHMycgfnx8s8WBvRq4C3micMX_u0wAQEUZiHLROR1jF165bpFhvvjXUss7cIVFR_vGGktMPLm26PGxdKrtlrGuaJVKxVD5Cu1LAjtB9QM9-KVe4jOi7CtfXRM9nzeZRlIOw_3YMmC16771GVBYj-wegk3uykzpg6Dj-BGUbnMtCmEQUR-k_XvTzxH3DuPJyL0pmu_qgAqs7zP8_FwHGdmF4aLRiJiMyPdHKXXrNCx0F2BXNRcuY6iosd39EyuomlzwJqaHcmUkqj1YEVC2znFRzHUf7snuTJFb3IHjqkUusPGXzWpSQLgfxsrKOk3MY5tK_R1GUvvIXoyGimMWYVExtMEpvBOC2gLZrYHBZvt_wiHm7KW55gq3W_m5ebn7vgGkpKqss_sgKaa1GA64CHmd0p0wrWRdnyMJy1OTomr7m5zGeRvrf5Aavone2xrKIeo953h4xXdvox_UiVeQBKuJanRwSroQOF6ulSm-s0RTyCwWuLZSTcW1JoPJpvPnbOe328X3Ezmf87KjuchIWaSzFs2LbH59pfvWtkVvnJVBpkGjYh3O2papMchJKDqFGDp-9VZSXW7ZyY8ahCJ21MV0RoMsqSVhxnDxE2dUUV3RwJmCpA1WegjAXTENI02hhCP9cpSfFVk477-U_17iimYKKMBMcXDyEuzX9enKjz3R6WTVgUQsUdJw6RiWjskpJqOhok5fhBmFCjcK_Ls8G194647DbVhQKRrIN6BtVb7Va8fIqkTX9j4Pm3cSwoRellJSTtm5GHiu8HvDGDJeQoeEiYZkrjjBkvSDmC6qQrmAjBHOWHcLzL18T24FyRNB9Ux6KXhquerZaoK_fMQBlWcHS5L9-rqmxubem0VK8hs50m6DAlVguWu7BOjOwccMN1ZyAgSczuj0n7rw6gEz4pd_USlsVBskWSAvlmJRZe7woUUIB51QRgOwTfVBAjWvz-D-R2xWklvxIdRR2VRLVOJTgEHHF1KnVvDCgZAWL5uoF6T3iKptui6JQWlWNsYraAP0RTyUbAVGSlhnh7olZn9FYyPnzjvzw1gLxmzcvvzg-4VA0koaPQFyLs7cO-LzMyIzOEbDSgzNuVKObC5r26SxgUc9PQmCP21ceSjZzJPokssWzQNy3L4zDeyus6vBlaIx7OsI1V1r4-2tz1B1xfIX-othMlntsV2k4ssB3JjetPnCsMgTwMsebUil8eErCxBmqXhRwijQXNb1kLrbqQiqFDfPnscgeKt-9OhWZlj6VfjJdnY2swGb6HHvQv2lluKDf3oF0pHftvui8qrWV1mhTuTSA9BV8WeUX64Sl0WHsTQAXOcb57uQ&cid=CAASBORou80&rfl=2%2C%2Chttp%253A%252F%252Fdl-file.com%252Fyh7a9ppnndbp%252FFS17_Leuchtturm.zip.html%240" > < /script>
                                    


HTTP Transactions (108)


Request Response
                                        
                                            GET /yh7a9ppnndbp/FS17_Leuchtturm.zip.html HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: text/html ; charset=UTF-8
                                        
Date: Wed, 14 Mar 2018 00:30:52 GMT
Server: Apache/2.4.6
Expires: Tue, 13 Mar 2018 00:30:52 GMT
Set-Cookie: lang=english; domain=dl-file.com; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text
Size:   26775
Md5:    396a4ebac2d356a762c20361eb3e86aa
Sha1:   a17b9ec384589e5480a078327db48781de2202d7
Sha256: 50f237ac6d255b5c634adefee025a07973cb2852a8118b39be3fb2a8d8a78626
                                        
                                            GET /ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         104.19.194.102
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Wed, 14 Mar 2018 00:39:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2016 14:41:22 GMT
Expires: Mon, 04 Mar 2019 00:39:56 GMT
Cache-Control: public, max-age=30672000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 3fb2afa1267542a3-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1946
Md5:    d927af0997aa2abe50c5fdca613f50ff
Sha1:   51224e2481c6095fdb9b5c2cefbac44d13ebc21e
Sha256: 3b08c1d74fb7f1d6ee4a8702a6448eb19f5d6f035ecf0dcacc7e7789f1a670bc
                                        
                                            GET /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:39:56 GMT
Expires: Wed, 14 Mar 2018 00:39:56 GMT
Cache-Control: private, max-age=3600
Etag: 613761559229449182
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 26737
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   26737
Md5:    5d55783b180a4d3731bb97f4bffec2de
Sha1:   223fbe261dd911a0d348ba84243a44122871b593
Sha256: b58eeb55628d30d90ee3234e385f1d380380ef04d6bd07195762dc601dacf084
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:39:56 GMT
Server: Apache
Last-Modified: Tue, 13 Mar 2018 08:38:02 GMT
Expires: Tue, 20 Mar 2018 08:38:02 GMT
Etag: 230538E40BC2B3852FE7D52F7F79BE87793D27E1
Cache-Control: max-age=546485,public,no-transform,must-revalidate
X-OCSP-Responder-ID: rmdccaocsp22
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    9712dbe74eed80f3b46811e45d0a8805
Sha1:   230538e40bc2b3852fe7d52f7f79be87793d27e1
Sha256: 681c1c07040c5c7535ed14f9c35a190d2a11021dd6d6316a6d5dda38d5eedb12
                                        
                                            GET /js/jquery.cookie.js HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 01 Jun 2015 06:04:12 GMT
Etag: "c31-5176e98442f00"
Accept-Ranges: bytes
Content-Length: 3121
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII English text
Size:   3121
Md5:    ff14e4812b7f512e620b1ad35542bcfc
Sha1:   c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae
Sha256: c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /js/paging.js HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 01 Jun 2015 06:04:12 GMT
Etag: "6ad-5176e98442f00"
Accept-Ranges: bytes
Content-Length: 1709
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII C program text
Size:   1709
Md5:    43e50aa00ad654da80af8f7936afd4c6
Sha1:   fb5921b855cce329191077b7e93563029d703545
Sha256: e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:39:56 GMT
Server: Apache
Last-Modified: Tue, 13 Mar 2018 11:02:22 GMT
Expires: Tue, 20 Mar 2018 11:02:22 GMT
Etag: 16683195A32CEC974E624C7CE6175BACB0C03F06
Cache-Control: max-age=555145,public,no-transform,must-revalidate
X-OCSP-Responder-ID: rmdccaocsp32
Content-Length: 727
Connection: close


--- Additional Info ---
Magic:  data
Size:   727
Md5:    343a0c2a4c99ae17a56d25b77687b4b4
Sha1:   16683195a32cec974e624c7ce6175bacb0c03f06
Sha256: a4e6ef17bdbc9ecaff6ed842181d92561f6b46f1fc07aaf05f710c697b05d0ad
                                        
                                            GET /css/NewTheme.css HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 14 Mar 2018 00:30:52 GMT
Server: Apache/2.4.6
Last-Modified: Sat, 18 Nov 2017 19:22:43 GMT
Etag: "128b0-55e46c70fc7c6"
Accept-Ranges: bytes
Content-Length: 75952
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII C program text, with very long lines
Size:   75952
Md5:    3748c45cfbbaa5eb6d600d6f90acf72f
Sha1:   57ab92458f3dca7c7d8c08c191ff4671313b8d15
Sha256: 5fd143e6cc99ae55c0a6408f9926349170eb7e436533f309cb570a359417f364
                                        
                                            GET /js/jquery.paging.js HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 01 Jun 2015 06:04:12 GMT
Etag: "4ba5-5176e98442f00"
Accept-Ranges: bytes
Content-Length: 19365
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII English text
Size:   19365
Md5:    d7a2c1c7af2a004a6d68e1e55b1cfb46
Sha1:   7fd6daa7076c30381880519ad06ef5639b19ee28
Sha256: c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images-NewTheme/ico_noads.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Tue, 14 Nov 2017 09:45:41 GMT
Etag: "aa2-55dee400ee2bd"
Accept-Ranges: bytes
Content-Length: 2722
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 47 x 47, 8-bit/color RGBA, non-interlaced
Size:   2722
Md5:    6a72dd1b74275a25832041950416a02c
Sha1:   a91006576782760b0b60df6d21598ab217278d29
Sha256: f6bf6d1af4e1926e10a1f8b61a1d0a658a48e7ffe323b13ef50d57438e6f24b7
                                        
                                            GET /images-NewTheme/ico_compressed.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Tue, 14 Nov 2017 09:50:34 GMT
Etag: "890-55dee51826a47"
Accept-Ranges: bytes
Content-Length: 2192
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 45 x 59, 8-bit/color RGBA, non-interlaced
Size:   2192
Md5:    b7cc8a4579fe47cbc696e9a5b2419ad5
Sha1:   9ceac8ab50c876e463d2e8f2b5542f822a3161c5
Sha256: e22a0f3f0c63f4f9e2be0b362a40706b6504d08e370a2769b8293ddbb203b3dc
                                        
                                            GET /?cdlad=663717 HTTP/1.1 
Host: d3al52d8cojds7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         54.192.185.201
HTTP/1.1 200 OK
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:39:56 GMT
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 15915c6842263dc42a906b5361d7d566.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 9K2GObpXxRmUjKeYJrbeyg6RC3UQrNWru5OsNBsOfyPkUigojbYUuQ==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   81484
Md5:    1be99f757e9a5d90c053ced34e19b0fe
Sha1:   9ae87f4af32bdf46f2130a05374142647310657b
Sha256: a1dd58dd5235c6ac01645b5f87b32d9b2545b706a65cd69a595f2d9160b872f4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:39:56 GMT
Server: Apache
Last-Modified: Tue, 13 Mar 2018 11:02:22 GMT
Expires: Tue, 20 Mar 2018 11:02:22 GMT
Etag: 5D5A96F0031D54EF2C00DA6074614F966BA3888B
Cache-Control: max-age=555145,public,no-transform,must-revalidate
X-OCSP-Responder-ID: rmdccaocsp32
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    b74e020b8474f831279734d54c89ddbb
Sha1:   5d5a96f0031d54ef2c00da6074614f966ba3888b
Sha256: a7b6b5573ba9e1eb81d0acf126ffbb8ea02d0700e45c261e68d6eec93636c74d
                                        
                                            GET /images-NewTheme/about_hd.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 09:31:03 GMT
Etag: "1d1d-55d4d1cfdb3b0"
Accept-Ranges: bytes
Content-Length: 7453
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 529 x 42, 8-bit/color RGBA, non-interlaced
Size:   7453
Md5:    8a5c56a6bd3c83776e4647b0176abeeb
Sha1:   97ec0614fda99067c5a718832467b5feaef9bf83
Sha256: 12d9d71d8c07e3b32e6922a03a1d0c0183f6dee780a3229305f3b0f3c4aea4b4
                                        
                                            GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         108.161.189.121
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Date: Wed, 14 Mar 2018 00:39:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 17 Feb 2018 21:46:17 GMT
Etag: W/"04425bbdc6243fc6e54bf8984fe50330"
Server: NetDNA-cache/2.2
Expires: Sat, 09 Mar 2019 00:39:56 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5969
Md5:    ba373cbdaa527fa77147813bfde39b60
Sha1:   f9fd3e50cf868db4fecac96a74f808f47c81f0e4
Sha256: 1a16f82176c65ee75de3937bf1bcc897e8c41c346714157cf1c760c4d1bd0944
                                        
                                            GET /js/jquery-1.9.1.min.js HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 01 Jun 2015 06:04:12 GMT
Etag: "169d5-5176e98442f00"
Accept-Ranges: bytes
Content-Length: 92629
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   92629
Md5:    397754ba49e9e0cf4e7c190da78dda05
Sha1:   ae49e56999d82802727455f0ba83b63acd90a22b
Sha256: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images-NewTheme/ico_in.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 08:24:19 GMT
Etag: "4e5-55d4c2e4a85a9"
Accept-Ranges: bytes
Content-Length: 1253
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 38 x 38, 8-bit/color RGBA, non-interlaced
Size:   1253
Md5:    eccfaf55761fd01dcdcfa946e1b17e10
Sha1:   ede1ea1b0f2abc3d8cafc19ee5ee4f3d816d8b17
Sha256: d97f3efe68f835117863e4d76fec93f4309fd3c9070b3eee59400d7f145517d2
                                        
                                            GET /images-NewTheme/ico_yt.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 08:24:21 GMT
Etag: "4fc-55d4c2e6919c9"
Accept-Ranges: bytes
Content-Length: 1276
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 38 x 38, 8-bit/color RGBA, non-interlaced
Size:   1276
Md5:    10ba6c9e2fc90f3dc734c3836c273943
Sha1:   31c8cb9fedb222dd169e1f07fc666d15e3216ff5
Sha256: 163aab8fdd4b7cfa854101763984a802120bf13a82d6f841c33ee9cd201f28c4
                                        
                                            GET /images-NewTheme/ico_tr.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 08:24:20 GMT
Etag: "58c-55d4c2e5ae129"
Accept-Ranges: bytes
Content-Length: 1420
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 38 x 38, 8-bit/color RGBA, non-interlaced
Size:   1420
Md5:    824840f3668c29857cd3ac627958d625
Sha1:   960341aee7027034deca020ee51aaee82c09f030
Sha256: 94024b15f0a587f637a2303205ae361518e1965d6beb190c005e04307783bf19
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Tue, 13 Mar 2018 23:40:14 GMT
Expires: Wed, 14 Mar 2018 01:40:14 GMT
Last-Modified: Mon, 13 Nov 2017 20:19:12 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17172
Age: 3583
Cache-Control: public, max-age=7200


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17172
Md5:    43adefe535269f3b75e0f229d0dba4d6
Sha1:   5e3bed19757401b3aa6c8ab8b5f26aa17add8a3a
Sha256: fc7f9d5234f97de0433021d02e8969a93003d90bf16d40a9cb2d8f5c7bfaa398
                                        
                                            GET /images-NewTheme/ico_fb.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 08:24:21 GMT
Etag: "475-55d4c2e693909"
Accept-Ranges: bytes
Content-Length: 1141
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 38 x 38, 8-bit/color RGBA, non-interlaced
Size:   1141
Md5:    0a7b6c21de905ab79c993393e75dea09
Sha1:   93a8f39eb8e8a8efebeff8dd2735c1ff6c2af42d
Sha256: e26142148dc2365533532cc901d730ee02f79bfffb9da86b20873911281c180f
                                        
                                            GET /images-NewTheme/logo.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Sun, 05 Nov 2017 16:48:33 GMT
Etag: "5e3-55d3f1bc11d41"
Accept-Ranges: bytes
Content-Length: 1507
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 138 x 26, 8-bit/color RGBA, non-interlaced
Size:   1507
Md5:    431d078cf85512e52b7f2baab20ce7ec
Sha1:   1b597217b102114e58d0a635e57118da60bbb364
Sha256: 358c94a5208f8b2853a5aa2e19fe0acaf500807c27e68d7c04561cd5771e16d2
                                        
                                            GET /images-NewTheme/btn_signup.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 04:28:57 GMT
Etag: "788-55d48e496518c"
Accept-Ranges: bytes
Content-Length: 1928
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 130 x 45, 8-bit/color RGBA, non-interlaced
Size:   1928
Md5:    a7fef04356188d59b8fecf30792657c5
Sha1:   9cf1df2fdaeef6657e366363c5e6bed47860b43c
Sha256: 9be599d6cefdb3787be094191b685a027f52e6bf4ef49d04a50310e7b023c0a6
                                        
                                            GET /images-NewTheme/logo_w.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 06:50:18 GMT
Etag: "57f-55d4ade1945ca"
Accept-Ranges: bytes
Content-Length: 1407
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 138 x 26, 8-bit/color RGBA, non-interlaced
Size:   1407
Md5:    2ac2ebcd9acb32ba5f236b298a73bbe3
Sha1:   22fb68a7f0dc1e4eacc536e0885e2bbb29f0e80f
Sha256: 38eba31327475bf6d3b177561a8a2a5cadfa16ed7efab885684acafdb0bd0bfe
                                        
                                            GET /images-NewTheme/ico_globe.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 02:19:51 GMT
Etag: "305-55d4716dbccc6"
Accept-Ranges: bytes
Content-Length: 773
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 19 x 24, 8-bit/color RGBA, non-interlaced
Size:   773
Md5:    0ee7028d0b49395a4f31943b123c468d
Sha1:   5bc316e0e313c4c08124692eed1bd340f5cef954
Sha256: 798adb8860b3dc412e2d789d153f1824e085eef370e05b7531e192a433c06cd4
                                        
                                            GET /images-NewTheme/btn_login.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 04:28:58 GMT
Etag: "826-55d48e4a9c9ec"
Accept-Ranges: bytes
Content-Length: 2086
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 130 x 45, 8-bit/color RGBA, non-interlaced
Size:   2086
Md5:    d93fef270b263fa1b89b97a398b9e33f
Sha1:   2178cd4232c960015fb8bae123a06c57b17f3f80
Sha256: 3b92fd57682bb7613f88077272e0020c5f2cdf808b7e6f39e6d5ef765a1d5717
                                        
                                            GET /images/flags.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 01 Jun 2015 06:04:10 GMT
Etag: "3b4c-5176e9825aa80"
Accept-Ranges: bytes
Content-Length: 15180
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 1248 x 11, 8-bit/color RGBA, non-interlaced
Size:   15180
Md5:    0e7e0406e09ea913dc344ca9974ec94a
Sha1:   084fcf2d8e96661354a7e563f64801dfd13bead7
Sha256: 0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9
                                        
                                            GET /css/fonts/Candara.woff HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Sun, 05 Nov 2017 18:01:42 GMT
Etag: "172c8-55d402162d6b5"
Accept-Ranges: bytes
Content-Length: 94920
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  data
Size:   94920
Md5:    fe4cf1169915bb63d5ba33642e8d9ace
Sha1:   81b1ba9f4774fedb343305b5eea5d7a38143fe1e
Sha256: a4fd29aeff5c2151c3e4a2d0edc28885ffd0675a6d3a59e3ca229944e3490c0e
                                        
                                            GET /css/fonts/Candarab.woff HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Sun, 05 Nov 2017 18:01:45 GMT
Etag: "178c4-55d402190cc55"
Accept-Ranges: bytes
Content-Length: 96452
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  data
Size:   96452
Md5:    eec5f6908699dfcc4767bdb7bd857aa6
Sha1:   bc221c51b37578968583f84ac44bf8cf48ccef91
Sha256: 79ea0fcaad1578acda495df0617d5b4f46de11c0b2dab44f6d20609935385e6c
                                        
                                            GET /css/fonts/OpenSans-Regular.woff HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Last-Modified: Thu, 09 Nov 2017 15:09:20 GMT
Etag: "107c8-55d8e304af94f"
Accept-Ranges: bytes
Content-Length: 67528
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  data
Size:   67528
Md5:    33ad0b840f7ea248dbc031820adf3040
Sha1:   e2b8f3a755202c8557093b44bcfccdec10d3ff0a
Sha256: d12fd1d8afb1c2d8cb9d59868336a6c9e357af548f36aa41bcdb12fa19158365
                                        
                                            GET /r/__utm.gif?utmwv=5.7.1&utms=1&utmn=1822796997&utmhn=dl-file.com&utmcs=UTF-8&utmsr=1176x885&utmvp=1176x754&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmdt=Download%20FS17%20Leuchtturm%20zip&utmhid=1524862060&utmr=-&utmp=%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&utmht=1520987997873&utmac=UA-75596034-1&utmcc=__utma%3D125620191.1723159861.1520987997.1520987997.1520987997.1%3B%2B__utmz%3D125620191.1520987997.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=674082763&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:39:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:39:57 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    dffb78c8620434ad859262105030d98f
Sha1:   892f3cd35b7bb4983411fd3212c088e46b751658
Sha256: 890353c1202390ef7a5ecea9787a0669b7b0790ee9026d5b28d936e7319243b5
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:39:58 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    6bf50ec404fb4a8b4a94be8390d11938
Sha1:   0caaab7704d6221abc5e0342909a4928cee50b1c
Sha256: 63b592179b1e9a528344ce1d430b9479fc55f43420a468ec35aaeaa9dff911cf
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:39:58 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    9f8805acd1d281b1be2ca9ee162ef625
Sha1:   b2358e9898b59e9a7df3c8b1c3bea36db2918192
Sha256: 8b8018ab697a9fa81fe68fb33caa61d56bb06b44710652c5e45fa561f376572e
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.12.2
Content-Length: 1391
Content-Transfer-Encoding: binary
Cache-Control: max-age=503816, public, no-transform, must-revalidate
Last-Modified: Mon, 12 Mar 2018 20:36:22 GMT
Expires: Mon, 19 Mar 2018 20:36:22 GMT
Date: Wed, 14 Mar 2018 00:39:58 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1391
Md5:    ce7104fd1b1e36a10a8231e274672bed
Sha1:   f856c8493350454c991ff99e4f55cfafadac551c
Sha256: 978cf2f0b07676e0312a60ef031c8abd78ec2519590a096622ecf850d4ae072d
                                        
                                            GET /adsid/integrator.js?domain=dl-file.com HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Wed, 14 Mar 2018 00:39:58 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   105
Md5:    08d8ad1692c0573b7f6a93ce0e6c7492
Sha1:   cc6b5fa6bbf2aee1afd6fbaefa36b11285e9b049
Sha256: d647283fac1dab813b321a67948c61cac768f4aa61b660b56983fe0328b0f4d4
                                        
                                            GET /adsid/integrator.js?domain=dl-file.com HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Wed, 14 Mar 2018 00:39:58 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   105
Md5:    08d8ad1692c0573b7f6a93ce0e6c7492
Sha1:   cc6b5fa6bbf2aee1afd6fbaefa36b11285e9b049
Sha256: d647283fac1dab813b321a67948c61cac768f4aa61b660b56983fe0328b0f4d4
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:39:58 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    84d001d9cdb7c2a879c1e77f18ca7c67
Sha1:   8f37ce9554555bbfb6d283dfcd3c281fe1ec79a5
Sha256: 372406eafbe6e1dfd3a26f807380a70daf3d0c29fc6656258ad0b9700df634d0
                                        
                                            GET /pagead/js/r20180312/r20170110/show_ads_impl.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:39:58 GMT
Expires: Wed, 14 Mar 2018 00:39:58 GMT
Cache-Control: private, max-age=1209600
Etag: 8649850770391557732
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67923
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   67923
Md5:    5ae61aa9f405d9bac398c4706956de82
Sha1:   aa9414d6b689c94f643bcdee5bed26c2d79fe009
Sha256: 953a2b0e65926768ab9e2ba065aa0ec53b948ca0e129cc9fcc0ec4b2456cbd18
                                        
                                            GET /pub-config/r20160913/ca-pub-2515630227857275.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 125
Date: Wed, 14 Mar 2018 00:27:48 GMT
Expires: Wed, 14 Mar 2018 12:27:48 GMT
Last-Modified: Tue, 13 Mar 2018 00:21:13 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 730
Cache-Control: public, max-age=43200
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   125
Md5:    f80120281945bc2ccdaebc64cbad921d
Sha1:   b5c7ef140888ede182fcac94921a4eb502f07a5c
Sha256: 4cb4b9970ec5cedababe29f9a4ab00d00194bbebd2063cb117dec008b8c6982a
                                        
                                            GET /css/fonts/ERASDEMI.woff HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english; __utma=125620191.1723159861.1520987997.1520987997.1520987997.1; __utmb=125620191.1.10.1520987997; __utmc=125620191; __utmz=125620191.1520987997.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Wed, 14 Mar 2018 00:30:55 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 09:54:30 GMT
Etag: "7d8c-55d4d70d5ff40"
Accept-Ranges: bytes
Content-Length: 32140
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  data
Size:   32140
Md5:    35a83a14e21bc6c5419a85666bdd9151
Sha1:   52105f04219ce3570ddf3f92e3ecc93ece66b053
Sha256: 7b748cce237953136fb0e45af806e1d89388aee1c24d9f1ef89a732399a6c2e2
                                        
                                            GET /29cc5d665d4061d051587a5164a18113749d12b65005cca9130cdb331b3d5/d566d5cc92 HTTP/1.1 
Host: s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html
Origin: http://dl-file.com

                                         
                                         52.216.165.229
HTTP/1.1 200 OK
Content-Type: binary/octet-stream
                                        
x-amz-id-2: CDCohronw1Ovw5k8hax1MMQNAAH0Hc7CZuIyxg5pJ+WE6S2RKZesR640bWYPZES3q/3ZkOUHjZo=
x-amz-request-id: 248F4F7C6B7AF5C9
Date: Wed, 14 Mar 2018 00:40:00 GMT
Access-Control-Allow-Origin: http://dl-file.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Mar 2018 00:15:03 GMT
Etag: "0619ed19c4b84fe79414683ffbcd4326"
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-meta-pragma: no-cache
Accept-Ranges: bytes
Content-Length: 17352
Server: AmazonS3


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   17352
Md5:    0619ed19c4b84fe79414683ffbcd4326
Sha1:   d01249da031fc42c188873d4f2db4dd2626caa34
Sha256: d5385bd49ec1df21334f38854e9a8c67a3fb03381b73a325af95809a67adbd8c
                                        
                                            GET /images-NewTheme/about_bk.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/css/NewTheme.css
Cookie: lang=english; __utma=125620191.1723159861.1520987997.1520987997.1520987997.1; __utmb=125620191.1.10.1520987997; __utmc=125620191; __utmz=125620191.1520987997.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 14 Mar 2018 00:30:55 GMT
Server: Apache/2.4.6
Last-Modified: Mon, 06 Nov 2017 09:23:46 GMT
Etag: "2c052-55d4d02eb1481"
Accept-Ranges: bytes
Content-Length: 180306
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 1366 x 376, 8-bit/color RGB, non-interlaced
Size:   180306
Md5:    63fb25bdd1615376f47f667e75b40ec3
Sha1:   5bba44e11fe1d93ff9dd3842d4666cbbfebf93e2
Sha256: 9d78c0148361a3fcb690e899c0dd3885c79797359301f6829e98ae476b800460
                                        
                                            GET /pagead/js/r20180312/r20170110/osd.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Mon, 12 Mar 2018 13:39:22 GMT
Expires: Mon, 26 Mar 2018 13:39:22 GMT
Etag: 13992280071806881209
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 28091
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 126037
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   28091
Md5:    45284af7729f0fc6ed8dba9d9d36e393
Sha1:   eb277ba403bec121ac1769852559fa5b92c332a3
Sha256: 2498bc65eae86855da0b1b59b214f7bd06d4cdb6fbac8990c80543d5af938fff
                                        
                                            GET /pagead/html/r20180312/r20170110/zrt_lookup.html HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Mon, 12 Mar 2018 20:27:31 GMT
Expires: Mon, 26 Mar 2018 20:27:31 GMT
Etag: 7893540961313292660
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 6819
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 101548
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6819
Md5:    8caea4ee531aab9f5d9328f80b7b23f3
Sha1:   3c1b05353b141a9e742555def5993bee1ec31ecd
Sha256: 0c3ec59d66f4780431ae46c09d53fe92c858ea2f05c6a5e02a17ab56d4428ff4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         54.192.185.54
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:39:59 GMT
Etag: "5aa81b05-1d7"
Expires: Fri, 16 Mar 2018 00:39:59 GMT
Last-Modified: Tue, 13 Mar 2018 18:40:05 GMT
Server: ECS (dca/24AB)
X-Cache: Miss from cloudfront
Via: 1.1 dec4b3de431643ec89adeb5927c28af7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ccaZx2LEbb5L3ISvr6FQFWVbkBSjNJJ_U9kIDGm02p6zHqMRlxuEZQ==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    8b170223750e760b4aa8091e9c0209d9
Sha1:   11a00854e1aa93164175c09f77329c0c75ec40b5
Sha256: ef4ba21e731525f684db56983a5fb3e89a1c4c1a51ca91bab3fd1f44175e0003
                                        
                                            GET /yh7a9ppnndbp/images/favicon.gif HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: lang=english; __utma=125620191.1723159861.1520987997.1520987997.1520987997.1; __utmb=125620191.1.10.1520987997; __utmc=125620191; __utmz=125620191.1520987997.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: text/html ; charset=UTF-8
                                        
Date: Wed, 14 Mar 2018 00:30:56 GMT
Server: Apache/2.4.6
Expires: Tue, 13 Mar 2018 00:30:56 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text
Size:   12933
Md5:    a8168527631924cbc04f807b73911eda
Sha1:   5a3c9f02af59c89a84457efb9c435765fc2a1101
Sha256: 455a27ffbcf52563010e6093b4ce26accda1845bf9be5373120f3e473748c757
                                        
                                            GET /yh7a9ppnndbp/favicon.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: lang=english; __utma=125620191.1723159861.1520987997.1520987997.1520987997.1; __utmb=125620191.1.10.1520987997; __utmc=125620191; __utmz=125620191.1520987997.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: text/html ; charset=UTF-8
                                        
Date: Wed, 14 Mar 2018 00:30:56 GMT
Server: Apache/2.4.6
Expires: Tue, 13 Mar 2018 00:30:56 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text
Size:   12933
Md5:    a8168527631924cbc04f807b73911eda
Sha1:   5a3c9f02af59c89a84457efb9c435765fc2a1101
Sha256: 455a27ffbcf52563010e6093b4ce26accda1845bf9be5373120f3e473748c757
                                        
                                            GET /SM09raVQMOwINaQV5WF5lBA%3D%3D HTTP/1.1 
Host: d3ud741uvs727m.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         54.192.185.253
HTTP/1.1 200 OK
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:39:59 GMT
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 714d4048a66ba417746073ce1cef6197.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Rp2mirFAMR2tNCG8BC3rVEpMe5lNxGnuginqXRXJ1O6drdNeV79kXw==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   81484
Md5:    46aa7082fe15e7c0a00b8a7ba2003751
Sha1:   864434d0d67c9be99977102e75ce30f9a9bd4b80
Sha256: e9658aeeed12168658cbf2a21b0aa1db3f985299e6bfa0a2ff1ff8d7a845c0e6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.rootca1.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 118
Content-Type: application/ocsp-request

                                         
                                         54.192.185.71
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 1426
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:00 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.6/2017-12-14)
X-Cache: Miss from cloudfront
Via: 1.1 1a629d8fe32e33972e289357f4305ead.cloudfront.net (CloudFront)
X-Amz-Cf-Id: OujZyf4S-CUXFSwlOBxvMeEfiMDyDAnUk1_cPz-zsiGMxdNXseA7Iw==


--- Additional Info ---
Magic:  data
Size:   1426
Md5:    68d82fc7209753bfa6efe0d0fd082c12
Sha1:   bdae4387b5c02537261b5e1c3c6f9f1149d9b8e2
Sha256: c468cb075b8369dedd298475d0bf7f9fbdf60e0280947bc95eb84a649d635c6f
                                        
                                            GET /pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998482&bpp=5&fdt=559&idt=648&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90%2C336x280&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=582&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=3&dtd=689 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 14 Mar 2018 00:39:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Wed, 14-Mar-2018 00:54:59 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Expires: Wed, 14 Mar 2018 00:39:59 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   384
Md5:    888d697a3d05b737c2c18b8f1939d96c
Sha1:   585bf9028db74cad7251728399023f1bd3a2e7d4
Sha256: 81c9d53049a4f21d8dac8fefff5485ecdc12ffa261f0b088b956d4ae27640bd0
                                        
                                            GET /pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 14 Mar 2018 00:39:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Wed, 14-Mar-2018 00:54:59 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Expires: Wed, 14 Mar 2018 00:39:59 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17521
Md5:    a1509b93269db465d23a7cf0a8f8f805
Sha1:   a83f8f82a89a693c6ebf56ece2cce6b1e83f89bc
Sha256: 723322c56d90e15dd1726681b9a32cc3a54e1c4e3d1d1f1ffad49371b9a3a5a3
                                        
                                            GET /pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 14 Mar 2018 00:39:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Wed, 14-Mar-2018 00:54:59 GMT; path=/; domain=.doubleclick.net
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Expires: Wed, 14 Mar 2018 00:39:59 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   5122
Md5:    983ef323b8999dab94e0426a9cc6cc50
Sha1:   6171528a7e276aed70196917f79ea01d96fcc7be
Sha256: a38e35effffbaf390a72d604f9e7a166aec1819353d42c4830c9b11481fc1fd4
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:40:00 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    6bcdc243fa75033440bc836ffe4cdd81
Sha1:   dadaefbeb92d6ea4f242cb2064dd81f83df7fc7e
Sha256: b699dc8d9e7260f2f606f045f58e38eb50d9497fa536de2706bc48b5b4b54514
                                        
                                            GET /pagead/adview?ai=CWbW8X2-oWr_zKI2q6wSZzaDwBJbxzs1Q5sDytdYGxISFngsQASDoz7IcYMPcpIWYGKABleKahwPIAQKpAlAk7rO7i1A-qAMByAPJBKoEugFP0A2FEEiB9I9mrAGaYagpn_bsVhebP_R1P0HD0aLFFmWlPWmfCL5iB7PR8GObverUFAaRPrXookOMNqUw7tWmzG9O1xLNiHeRrd7AbT0dGp-e4ly846i54tKF7L7a2qUud0kNpSu6xX5-JN4pK6Y2ax3mZO9llO7t311AKZPOAu6XK50x6xVF5st5gsRzdZ8U2ZD2BQ3uN2RyD5hEGSDvyrOsZPqk76cv3vIlUrQ061Mmb21HqQlyNDXABM7eo8-6AZIFBAgEGAGSBQQIBRgEoAYCgAfTneV4qAemvhvYBwHyBwQQw6ID0ggHCIBhEAEYAoAKAdgTAg&sigh=KQSaSI5FxIg&vis=0 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449
Cookie: test_cookie=CheckForPermission

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Wed, 14 Mar 2018 00:40:00 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT IDE=AHWqTUmsJrRABG2r3weUUUbWkx88Bn6v2ncWkGsYyREiDBKZeaSiHDvMxhWGavxk; expires=Fri, 13-Mar-2020 00:40:00 GMT; path=/; domain=.doubleclick.net; HttpOnly
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Expires: Wed, 14 Mar 2018 00:40:00 GMT
Cache-Control: private


--- Additional Info ---
                                        
                                            GET /RjY2STJpVVt2QDILVCxWIFlEJFhoVVkk HTTP/1.1 
Host: boudja.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         52.85.219.45
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 4190
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:00 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: csu=c20b0415-2254-46ec-8380-fe2d5624a4de
X-Cache: Miss from cloudfront
Via: 1.1 2ca402c5412abcdc27e682e2b326bdbb.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cUY8LWuiGFQ1rfFlUfB1WXLhdW19DEuMLg_SPLth3qRfYT09o_8rHQ==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4190
Md5:    d84ee6b39442aa3249beb3ab7f8fadcb
Sha1:   e7edd6f469396a6e96fdfef61e4b6a2c4db1cc26
Sha256: 67e9df7528f145aa434492877f7541373135ff01de31754a9ca7313a2fb5c0b4
                                        
                                            GET /simgad/18107235220409946103 HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 45301
Date: Tue, 27 Feb 2018 19:22:54 GMT
Expires: Wed, 27 Feb 2019 19:22:54 GMT
Last-Modified: Sat, 27 Jan 2018 09:09:48 GMT
X-Content-Type-Options: nosniff
x-dns-prefetch-control: off
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 1228626
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   45301
Md5:    01b6228955b122df6269fcf54500ce49
Sha1:   25cda7c8c5b5b9d2b9d4d6d1f94106d8c5b0049c
Sha256: 4893139977819f10db5936de039997e96cde1e394ea2265e6c47cd8345335ed6
                                        
                                            GET /dbm/ad?dbm_c=AKAmf-B73QSBo7SuZyyjt0z8DU5JY83nIAaDNSXrSxctcTPYJzzKnwtfsbfk4YIW-Ni7RkXRttXF&dbm_d=AKAmf-AxG51_oAR8cTVCDPV4CtcrnmTPsHr-fihw0GvrbhbnWgGcryuXkDMBwiRrDZODcN-Pg7igvIrk3zdNf3dRd6KdwtefKCCGqTpyXXGfdvzMM6MWFziLq3FN0AEVquDO3SEUxGDcfzCROIGzXCvygUynvBmuZ46EeTr8l4mqfggGYUV6Eio3Of3pLNsht5BFFr_O8eoA13DtJO-aVYfXY0KZG72XYnAAG-KXjanRHsNrKLr0V-1dVn39JiRWndwXN1rA1p832stXQ4IAEAaeKFXKEiObgUn8iC8_X6kCG-I-OehYQzUSiRTMFO-DKzPECuZNrRazZwbwh5XEHiaMAuggTEEjtEnuPmU6NFAiczJBiiCHe9huRokYyHJbSHvTVTJ1umELpIXtUG-_E498bneaN-po3NX24ZzUbfO2xg8av9ETxn_bABbz8U2sLXYYPDGIxb9DKouavZ70awf-kIZS1Hc8oxZbIyGX3NLmdK84KraF8pz9jcyEP6J81LicJnzXz1rfZewt7--3BHMVey79KfnMPtnb2NA5YwSX54Txn3ym9mB3KWu18nSu-yDgz3Bf4yYRxhcxMkywREkrY5rrIBmKs_wLG2bh1H8lKHMycgfnx8s8WBvRq4C3micMX_u0wAQEUZiHLROR1jF165bpFhvvjXUss7cIVFR_vGGktMPLm26PGxdKrtlrGuaJVKxVD5Cu1LAjtB9QM9-KVe4jOi7CtfXRM9nzeZRlIOw_3YMmC16771GVBYj-wegk3uykzpg6Dj-BGUbnMtCmEQUR-k_XvTzxH3DuPJyL0pmu_qgAqs7zP8_FwHGdmF4aLRiJiMyPdHKXXrNCx0F2BXNRcuY6iosd39EyuomlzwJqaHcmUkqj1YEVC2znFRzHUf7snuTJFb3IHjqkUusPGXzWpSQLgfxsrKOk3MY5tK_R1GUvvIXoyGimMWYVExtMEpvBOC2gLZrYHBZvt_wiHm7KW55gq3W_m5ebn7vgGkpKqss_sgKaa1GA64CHmd0p0wrWRdnyMJy1OTomr7m5zGeRvrf5Aavone2xrKIeo953h4xXdvox_UiVeQBKuJanRwSroQOF6ulSm-s0RTyCwWuLZSTcW1JoPJpvPnbOe328X3Ezmf87KjuchIWaSzFs2LbH59pfvWtkVvnJVBpkGjYh3O2papMchJKDqFGDp-9VZSXW7ZyY8ahCJ21MV0RoMsqSVhxnDxE2dUUV3RwJmCpA1WegjAXTENI02hhCP9cpSfFVk477-U_17iimYKKMBMcXDyEuzX9enKjz3R6WTVgUQsUdJw6RiWjskpJqOhok5fhBmFCjcK_Ls8G194647DbVhQKRrIN6BtVb7Va8fIqkTX9j4Pm3cSwoRellJSTtm5GHiu8HvDGDJeQoeEiYZkrjjBkvSDmC6qQrmAjBHOWHcLzL18T24FyRNB9Ux6KXhquerZaoK_fMQBlWcHS5L9-rqmxubem0VK8hs50m6DAlVguWu7BOjOwccMN1ZyAgSczuj0n7rw6gEz4pd_USlsVBskWSAvlmJRZe7woUUIB51QRgOwTfVBAjWvz-D-R2xWklvxIdRR2VRLVOJTgEHHF1KnVvDCgZAWL5uoF6T3iKptui6JQWlWNsYraAP0RTyUbAVGSlhnh7olZn9FYyPnzjvzw1gLxmzcvvzg-4VA0koaPQFyLs7cO-LzMyIzOEbDSgzNuVKObC5r26SxgUc9PQmCP21ceSjZzJPokssWzQNy3L4zDeyus6vBlaIx7OsI1V1r4-2tz1B1xfIX-othMlntsV2k4ssB3JjetPnCsMgTwMsebUil8eErCxBmqXhRwijQXNb1kLrbqQiqFDfPnscgeKt-9OhWZlj6VfjJdnY2swGb6HHvQv2lluKDf3oF0pHftvui8qrWV1mhTuTSA9BV8WeUX64Sl0WHsTQAXOcb57uQ&cid=CAASBORou80&rfl=2%2C%2Chttp%253A%252F%252Fdl-file.com%252Fyh7a9ppnndbp%252FFS17_Leuchtturm.zip.html%240 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220
Cookie: test_cookie=CheckForPermission

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:40:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Set-Cookie: IDE=AHWqTUnxhJurQ3NM3o38R7YpxY_FOzpSshgChNTC7vFx_fA_We7ptnksiTdr_8t6; expires=Fri, 13-Mar-2020 00:40:00 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14864
Md5:    6c4a455e18bcb84a47f53315622a4b6c
Sha1:   7796ed5b18c459df0ca4d11a7fcac1c159671b46
Sha256: 29c6568cca55998700632e969e479cf6e96ae005131ae6a4049e046d0910a6a8
                                        
                                            GET /pagead/js/r20180307/r20110914/activeview/osd_listener.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Tue, 13 Mar 2018 13:21:46 GMT
Expires: Tue, 27 Mar 2018 13:21:46 GMT
Etag: 16391050125601492395
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 26418
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 40694
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   26418
Md5:    c77ffca08d24abed058fbb24896dc0c3
Sha1:   d04a7d9d14495ee0f509dcdb9ac022834cecdb3a
Sha256: 407da9c035c04adde53ad67d982bfa5e7580a146d1ea5be2eb022866ba154114
                                        
                                            GET /pagead/js/r20180312/r20110914/abg.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Mon, 12 Mar 2018 19:25:58 GMT
Expires: Mon, 26 Mar 2018 19:25:58 GMT
Etag: 6999181876442281353
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 22560
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 105242
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   22560
Md5:    6a4a2ee02700bdf6a71395ee7f876b52
Sha1:   09470a4e4dd7822dfca259bd58cde34a261d3dbe
Sha256: aa151edeb409daedd8835db68a8eec295685b878bba9c7d3455245efacaf35ea
                                        
                                            GET /pagead/js/r20180307/r20110914/client/ext/m_qs_click_protection.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Tue, 13 Mar 2018 13:21:49 GMT
Expires: Tue, 27 Mar 2018 13:21:49 GMT
Etag: 18254379283724408787
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 3642
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 40691
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3642
Md5:    24d24f1211524aff604a7a982bfb33ed
Sha1:   15c0f03407eb77a3da6a7476c6ffb4b8993eaefb
Sha256: 78ef839be435484d29b2cd6e0fe1a05331bf1df22f4105141e45f7ab4703f9d7
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:40:00 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    ec65cb998b8dbdfc776bc50595b76f94
Sha1:   a96e8a140987991b0ccd1d150f490527a2bb3fdc
Sha256: c57b8ad54c113e355f5686caba83f268739ce8684ce3eae28e0b02438d0b0c1e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         54.192.185.54
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:40:00 GMT
Etag: "5aa835f7-1d7"
Expires: Fri, 16 Mar 2018 00:40:00 GMT
Last-Modified: Tue, 13 Mar 2018 20:35:03 GMT
Server: ECS (dca/24F9)
X-Cache: Miss from cloudfront
Via: 1.1 dec4b3de431643ec89adeb5927c28af7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: t1ylDLFVR0nn2R8yR-u0Rywf7JAzQNy6ZgHTQpOMM2MEATmZ-eZoXw==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    c042868ca8643a7407ac22d33b77e3be
Sha1:   54d06d4a498b9d92c942f3667a57c0ef20787554
Sha256: 8d07d5434f32c1bba833ec16f211d659ea7af484dd75b209ed6fefc4b0eb0b71
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         54.192.185.54
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:40:01 GMT
Etag: "5aa85470-1d7"
Expires: Fri, 16 Mar 2018 00:40:01 GMT
Last-Modified: Tue, 13 Mar 2018 22:45:04 GMT
Server: ECS (dca/2470)
X-Cache: Miss from cloudfront
Via: 1.1 dec4b3de431643ec89adeb5927c28af7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 1TfHBWdsSzEevCTOogZVRf7fClLYVtwqtdZru4byXMiPDwC9o3zS8g==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    60fc5d18c9b8380f384f3b8243443630
Sha1:   5ba39a3c42d831f70ffe54d90593c1aecd9fbb05
Sha256: 5c5e4c65299cc133aab464404b6681d1181b7c31513f95ca98e59aee7efb6ff3
                                        
                                            GET /879366/express_html_inpage_rendering_lib_200_230.js HTTP/1.1 
Host: s0.2mdn.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         172.217.20.38
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 40305
Date: Tue, 13 Mar 2018 16:21:38 GMT
Expires: Wed, 14 Mar 2018 16:21:38 GMT
Last-Modified: Fri, 02 Mar 2018 12:08:32 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 29902
Cache-Control: public, max-age=86400
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   40305
Md5:    8e7edee49b374c1ba7b4420f2d268e76
Sha1:   4acb7d2729a830477c9820124f05d5112c9531ef
Sha256: ca70cfc4c37c08fcb16ec6423aa8e711d26aee50a51d476ad2ea86fb649ebf80
                                        
                                            GET /VUlXSWN6Kjp2ESF0NSwHMyYlJAl7Kjgk HTTP/1.1 
Host: boudja.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dl-file.com/yh7a9ppnndbp/FS17_Leuchtturm.zip.html

                                         
                                         52.85.219.45
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 4191
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:00 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: csu=e93d55fa-eae5-41c3-9f43-f3552c6c1316
X-Cache: Miss from cloudfront
Via: 1.1 3a78f278deaf85794525da757cc44966.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xaqUBx2JIz3lnwPL6F6vbJf8L5eFweNQNsl1XEesq5IgsjeEAkkO-w==


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4191
Md5:    3b332f59d0ef640f66997bd3c9790eba
Sha1:   47ee4770bf7679bb191078d882bdde03ac9d0de6
Sha256: dcbf93d91200466d7af8b7bb0a25c60812e8063aa88c64602c7f1a87d50e0c98
                                        
                                            GET /activeview?avi=B20oZX2-oWrTnJ4Oq6wS4542ABACV2auy-QYAABABOAHIAQnIAwLgBAOgBkzSCAUIgGEQAQ&cid=CAASBORou80&id=osdim&ti=1&r=pv&uc=0&tgt=nf&cl=0&v=r20180307 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:40:02 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/js/r20180307/r20110914/abg.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Tue, 13 Mar 2018 13:21:51 GMT
Expires: Tue, 27 Mar 2018 13:21:51 GMT
Etag: 6999181876442281353
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 22560
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 40689
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   22560
Md5:    6a4a2ee02700bdf6a71395ee7f876b52
Sha1:   09470a4e4dd7822dfca259bd58cde34a261d3dbe
Sha256: aa151edeb409daedd8835db68a8eec295685b878bba9c7d3455245efacaf35ea
                                        
                                            GET /sodar/V6zvOIoD.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15146
Date: Tue, 13 Mar 2018 13:21:49 GMT
Expires: Wed, 13 Mar 2019 13:21:49 GMT
Last-Modified: Tue, 02 Jan 2018 21:45:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 40693
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   15146
Md5:    6a56e1d1c9c0c105245cbce244c876f3
Sha1:   6613490ab3735f37499d311c6efba3f689ec4abb
Sha256: ad20ef401ac229a0ab07b057ed9350c85816118a662c7cfa240fa5cd86c718f0
                                        
                                            GET /sc?u=c20b0415-2254-46ec-8380-fe2d5624a4de HTTP/1.1 
Host: lucklayed.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/RjY2STJpVVt2QDILVCxWIFlEJFhoVVkk

                                         
                                         52.85.219.202
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:02 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: csu=c20b0415-2254-46ec-8380-fe2d5624a4de
X-Cache: Miss from cloudfront
Via: 1.1 33be852abb39a8e95242a0c764cdc483.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Hz-OctNn8CZsgurcaYNLLWNjBi2K5qA3fgoqkJ0wEgPQCNOPEBSnIQ==


--- Additional Info ---
                                        
                                            GET /sc?u=c20b0415-2254-46ec-8380-fe2d5624a4de HTTP/1.1 
Host: croissed.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/RjY2STJpVVt2QDILVCxWIFlEJFhoVVkk

                                         
                                         52.85.219.70
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:02 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: csu=c20b0415-2254-46ec-8380-fe2d5624a4de
X-Cache: Miss from cloudfront
Via: 1.1 15915c6842263dc42a906b5361d7d566.cloudfront.net (CloudFront)
X-Amz-Cf-Id: aoN4Zatr0Z-3hzyMfMoa1kSyz1TOc0QFloAPFijA3zuIr573T3IjkQ==


--- Additional Info ---
                                        
                                            GET /sodar/6uQTKQJz.html HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7233
Date: Tue, 13 Mar 2018 13:21:49 GMT
Expires: Wed, 13 Mar 2019 13:21:49 GMT
Last-Modified: Tue, 02 Jan 2018 21:45:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 40693
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   7233
Md5:    30bf1c51eb9c0ba258ea2df31d24bc98
Sha1:   d13abffacc94ee31dfd5a094bfa975cca8e4d292
Sha256: 25a3afe99572ebbe3af74f504252d7fe97ebd580d47f5b734c286cc40a82131e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         54.192.185.54
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:40:02 GMT
Etag: "5aa80a9e-1d7"
Expires: Fri, 16 Mar 2018 00:40:02 GMT
Last-Modified: Tue, 13 Mar 2018 17:30:06 GMT
Server: ECS (dca/24D3)
X-Cache: Miss from cloudfront
Via: 1.1 dec4b3de431643ec89adeb5927c28af7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 1fntF8lPs50IuMYuMncIqiccDFWhfrRlbWYWp42HgjeFpVgTPLkjHg==


--- Additional Info ---
Magic:  data
Size:   471
Md5:    0ddf3078a75c8c5e52c55ff5b11cc220
Sha1:   a9ff489b237e69ee2cae66aea1f2528c0b5239e8
Sha256: 236cc64a1bcd546c7000db3f0bc6d32561b225a1ed14f3bdea5a8c8ed5cc040a
                                        
                                            GET /bg/lSvH2GMDHdWiQ5txKk8DBwe8KHVpOosizyQXSe1BYYE.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/6uQTKQJz.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4978
Date: Fri, 09 Mar 2018 15:06:28 GMT
Expires: Sat, 09 Mar 2019 15:06:28 GMT
Last-Modified: Mon, 05 Mar 2018 13:45:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 380014
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   4978
Md5:    020012a3b98658a92b9ff162a7cb1720
Sha1:   c4c204c649440af5fde7fadae2964f92373f7b57
Sha256: fdce09f36a1341ca45faff65d0d9d5f3f4258300920de3a08a16bb1deccff1fc
                                        
                                            GET /pagead/js/r20180307/r20110914/client/ext/m_js_controller.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Tue, 13 Mar 2018 13:21:49 GMT
Expires: Tue, 27 Mar 2018 13:21:49 GMT
Etag: 12599056116272873353
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Server: cafe
Content-Length: 35112
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 40693
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   35112
Md5:    911c39c0bcf90b883afb5e73d70141b9
Sha1:   781cc7ce7226b4dc99e3e3f54fa8a7b47c0ff571
Sha256: f54afbc8b1997ff0e9f02a62c9d52017e8da332dff9e48fdab4dfc9d9fd137a6
                                        
                                            GET /sc?u=e93d55fa-eae5-41c3-9f43-f3552c6c1316&csr=1 HTTP/1.1 
Host: bedformj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/VUlXSWN6Kjp2ESF0NSwHMyYlJAl7Kjgk

                                         
                                         52.85.219.89
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:02 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: csu=e93d55fa-eae5-41c3-9f43-f3552c6c1316
X-Cache: Miss from cloudfront
Via: 1.1 563853117b767ad5935282f751c56195.cloudfront.net (CloudFront)
X-Amz-Cf-Id: _1e8Tg-sBI67pTGagRNFYAS_5lbDrA4r_ciWKjlGeW0uED8A9Txohw==


--- Additional Info ---
                                        
                                            GET /sc?u=e93d55fa-eae5-41c3-9f43-f3552c6c1316 HTTP/1.1 
Host: lucklayed.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/VUlXSWN6Kjp2ESF0NSwHMyYlJAl7Kjgk

                                         
                                         52.85.219.202
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:02 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: csu=e93d55fa-eae5-41c3-9f43-f3552c6c1316
X-Cache: Miss from cloudfront
Via: 1.1 4d6497b14f1f470cb6ee31c934eec29d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: VGBvzUVogmF6sL_zP4irF2LKa32tg1t8SdNJhdinEHkD5Ys7pc8WYQ==


--- Additional Info ---
                                        
                                            GET /xbbe/pixel?d=CKwDEPrFlgEY7sqlLzAB&v=APEucNWlbStR9Jt5GuEwTx45_9NdV7qTvXVtjaxB6uYlkVgrZ4kDCehIAdNKU49ShtQlA7r-OgUW HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220
Cookie: test_cookie=CheckForPermission

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 14 Mar 2018 00:40:00 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT IDE=AHWqTUlLDkWi1PiSLYKEBB2_vVbx3JWyM26RMYo0dt0vEJuSTjYxaCAXqCuNmIHq; expires=Fri, 13-Mar-2020 00:40:00 GMT; path=/; domain=.doubleclick.net; HttpOnly
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Expires: Wed, 14 Mar 2018 00:40:00 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   214
Md5:    02247d909a831178bfbddac723940ebd
Sha1:   9d29a593fe8e22024b5091691df54e3a02a3ba82
Sha256: 48647fe897d3f952a9ad4422e05ed61869c9bf0d2108a78bd2eba0f5eed26446
                                        
                                            GET /pagead/gen_204?id=xbid&dbm_b=AKAmf-ARAY5Tiagp4YPaZcKRByxfk3tCp6Mia6UG6Td2-QNkkZsYFJ4NUZcnsL0ojNyrupuMx3FMWMqJRAy1E_2OAId0gw15Vc448OEaKLp5fvX8wcUlC5E HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:40:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/drt/s?v=r20120211 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449
Cookie: IDE=AHWqTUnxhJurQ3NM3o38R7YpxY_FOzpSshgChNTC7vFx_fA_We7ptnksiTdr_8t6

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 14 Mar 2018 00:32:53 GMT
Server: safe
Content-Length: 145
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 429
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   145
Md5:    92235b51835ea17fa6d313a73f3c2b8f
Sha1:   1e310139fd2be77b54f39c7c64e1616fd35785ad
Sha256: 2cf3e738572a24733a96c3be1d798e95e2bff434d37d6f28cde31ce53df8e333
                                        
                                            GET /pagead/js/r20180307/r20110914/client/ext/m_window_focus_non_hydra.js HTTP/1.1 
Host: tpc.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449

                                         
                                         216.58.211.1
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Tue, 13 Mar 2018 13:21:49 GMT
Expires: Tue, 27 Mar 2018 13:21:49 GMT
Etag: 2112876643077467119
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 1203
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 40694
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   1203
Md5:    9a504624fadda2dcec8340bf93b2252c
Sha1:   fa6dbebcf9b5450a1dd2f2371c971e838ff627c0
Sha256: 1451d6f091d36a586c2d20cc652337663e11fe4045ec6867de1e21d5d8868c93
                                        
                                            GET /activeview?avi=BiDSeX2-oWr_zKI2q6wSZzaDwBADmwPK11gYAABABOAHIAQLIA8kEoAYC0ggFCIBhEAHCEwYYleKahwM&id=osdim&ti=1&r=pv&uc=0&tgt=nf&cl=0&v=r20180307 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=280&slotname=3890825015&adk=2507200848&adf=807048394&w=336&lmt=1520987996&loeid=332260007%2C38893312&format=336x280&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998432&bpp=45&fdt=49&idt=395&shv=r20180312&cbv=r20170110&saldr=aa&prev_fmts=728x90&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=1&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=242&ady=850&biw=1159&bih=737&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=2&dtd=449

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:40:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /sc?u=e93d55fa-eae5-41c3-9f43-f3552c6c1316 HTTP/1.1 
Host: croissed.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/VUlXSWN6Kjp2ESF0NSwHMyYlJAl7Kjgk

                                         
                                         52.85.219.70
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Content-Length: 0
Connection: keep-alive
Date: Wed, 14 Mar 2018 00:40:02 GMT
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Set-Cookie: csu=e93d55fa-eae5-41c3-9f43-f3552c6c1316
X-Cache: Miss from cloudfront
Via: 1.1 6fc39d82c3df32a119f9a1f0c60d2203.cloudfront.net (CloudFront)
X-Amz-Cf-Id: XF6EmjWYqKKhTus0op5MmNTD-W8yyuazDbRJjLW7NyOiWSIKvXVa2A==


--- Additional Info ---
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:40:03 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    8cbc4ad850be2d147013b1b9cdf5ae92
Sha1:   e957fd2b838e731747751c58c1fb4a18e4ca170d
Sha256: 1be35b9b3f2205b034bb8cbe76f45f3c19c2d92acccda84011e0c278197d7445
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Mar 2018 00:40:03 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    d61ba31a01fe92968940e7e84793833d
Sha1:   312ca65c1b3328f8d5ce0262cf1417aa02ea7d14
Sha256: 6a5939f6d68f91436d17530677ace6c06bf1a4702821b2fbe65b6920cfd1a3a8
                                        
                                            GET /pagead/gen_204?id=sodar&v=24&t=2&bgai=BpQVfYG-oWqjzHY-j7gTo8YHIBgAAAAA4AeAEAg&bg=!fX6lfmZElBAUiCEfPtoCAAABMVIAAAAhCgAG0efsNoYamQEjBpYrXejF6CDn5_i7ZqPPnv_NrnUhTnG033yLl3znpNxv_56zA00FSXXXeSuSc4XXjoU5-KeES3zQhe66exd2PeuaBw4Krh9wDpCzsBqwBrCkd53f0PZ3rWE_atrDImtWQyvE1AOtYiP-YvIebuG022uZgL_0K_-MU5_aBIj2oOQOtN4fWQtNagVT48q0b8NYXhwTX9wWq1z9Gql8jd2U86JfzqzT_r_ysVX0g2_QCn19kcNHdnZrRdaBgtcdKBLL-eVr8ovwYt9MD-efTA7G0MrpSpSrNeP2Oy2wwYoFL9uWbHQyp6GgAUtfGg3ZH4kCwmlNN8mYo0ObvW9vgiV8jUicCMZuTu2c4eGHV9cjO4fq7yZV7UBlXRcurwNmpMaw8Bex HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/6uQTKQJz.html

                                         
                                         172.217.20.34
HTTP/1.1 204 No Content
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:40:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
                                        
                                            GET /pagead/drt/ui HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.20.36
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://googleads.g.doubleclick.net/pagead/drt/si
Cache-Control: private
X-Content-Type-Options: nosniff
Date: Wed, 14 Mar 2018 00:40:03 GMT
Server: safe
Content-Length: 246
X-XSS-Protection: 1; mode=block
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  HTML document text
Size:   246
Md5:    12d3bb478cfbdfd43b2451e457c7e45c
Sha1:   311750b25d944af1375dd12d32f8f842f13514a9
Sha256: eb9b81fa102425307404e896040d2b2c3dbbc913dfc5315e97a2b4bfc321c7c8
                                        
                                            GET /pixel?google_nid=appnexus&google_cm&google_sc&google_dbm HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKwDEPrFlgEY7sqlLzAB&v=APEucNWlbStR9Jt5GuEwTx45_9NdV7qTvXVtjaxB6uYlkVgrZ4kDCehIAdNKU49ShtQlA7r-OgUW
Cookie: IDE=AHWqTUlLDkWi1PiSLYKEBB2_vVbx3JWyM26RMYo0dt0vEJuSTjYxaCAXqCuNmIHq

                                         
                                         216.58.207.226
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHKTiCKPfwahxY1lUh1eop4&google_cver=1
Date: Wed, 14 Mar 2018 00:40:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 290
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  HTML document text
Size:   290
Md5:    92f51c3dd1b405b323c0a14def65487d
Sha1:   952118cbb5cca2b6e00cbd786dab4457a749a5fc
Sha256: 999d38deba127783284a35b08becd5d94bcf2ec1ea7821d2d1dd0c7e0216a721
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:40:03 GMT
Etag: "5aa85343-1d7"
Expires: Fri, 16 Mar 2018 00:40:03 GMT
Last-Modified: Tue, 13 Mar 2018 22:40:03 GMT
Server: ECS (arn/459B)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    d216e8f85337a224e88243b6a1136b35
Sha1:   e6fdc6750a15339c452ef3b45b30ee3167ffecd9
Sha256: 3014e239a5d582affb1b834daed278ecdae1c4758146e63a1e50e9cddbb9700b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:40:03 GMT
Etag: "5aa850f3-1d7"
Expires: Fri, 16 Mar 2018 00:40:03 GMT
Last-Modified: Tue, 13 Mar 2018 22:30:11 GMT
Server: ECS (arn/45E2)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    03ad88542d4cf826c5a9215bae14011a
Sha1:   febdf5ffc4d5f5eec60179740f8e8bd0d0b8cd5e
Sha256: 1c6cbd4b298cb472757db82be934d3902fed69dde94752e7d6108a7fa18d08df
                                        
                                            GET /pagead/drt/si HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: IDE=AHWqTUlLDkWi1PiSLYKEBB2_vVbx3JWyM26RMYo0dt0vEJuSTjYxaCAXqCuNmIHq

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-Content-Type-Options: nosniff
Date: Wed, 14 Mar 2018 00:40:03 GMT
Server: safe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Set-Cookie: DSID=NO_DATA; expires=Wed, 14-Mar-2018 01:40:03 GMT; path=/; domain=.doubleclick.net; HttpOnly
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
Expires: Wed, 14 Mar 2018 00:40:03 GMT
Cache-Control: private


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:40:03 GMT
Etag: "5aa82597-139"
Expires: Fri, 16 Mar 2018 00:40:03 GMT
Last-Modified: Tue, 13 Mar 2018 19:25:11 GMT
Server: ECS (arn/459B)
X-Cache: HIT
Content-Length: 313


--- Additional Info ---
Magic:  data
Size:   313
Md5:    60b69495d235e0f32c498e9b9a492ef9
Sha1:   42db5be753661ea5d05a734bc22496ce74ce27fc
Sha256: 2cb8ebcd4c82c1f82d8cd7e6b6855a2474db433e36a631e34b9e984d5d94bd56
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Wed, 14 Mar 2018 00:40:03 GMT
Etag: "5aa8013c-1d7"
Expires: Fri, 16 Mar 2018 00:40:03 GMT
Last-Modified: Tue, 13 Mar 2018 16:50:04 GMT
Server: ECS (arn/45E2)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    a9d792f3159d50e920a7ce8b046210e9
Sha1:   0e57f2da6d8f4c4f35ff2c5de5ae57c7e9491943
Sha256: 890c64a6dbcd34e84044249f6d2468a75da14266c145776c1be7518b0873ecfe
                                        
                                            GET /cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1 HTTP/1.1 
Host: ads.yahoo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKwDEPrFlgEY7sqlLzAB&v=APEucNWlbStR9Jt5GuEwTx45_9NdV7qTvXVtjaxB6uYlkVgrZ4kDCehIAdNKU49ShtQlA7r-OgUW

                                         
                                         217.12.15.54
HTTP/1.1 302 Found
Content-Type: text/plain; charset=utf-8
                                        
Date: Wed, 14 Mar 2018 00:40:03 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: B=3vpqke9dagrr3&b=3&s=23; expires=Thu, 14-Mar-2019 00:40:03 GMT; path=/; domain=.yahoo.com
Location: https://googleads.g.doubleclick.net/xbbe/match?xid=I3fL55Y1Xw4twfYxM8HF6lSO
Cache-Control: private
Content-Length: 0
Age: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Server: ATS
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Public-Key-Pins-Report-Only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="Gtk3r1evlBrs0hG3fm3VoM19daHexDWP//OCmeeMr5M="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="iduNzFNKpwYZ3se/XV+hXcbUonlLw09QPa6AYUwpu4M="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"


--- Additional Info ---
                                        
                                            GET /8454919/1520517208433/BahrainSet2_EN_7280x90.html HTTP/1.1 
Host: s0.2mdn.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         172.217.20.38
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Length: 2118
Date: Wed, 14 Mar 2018 00:18:34 GMT
Expires: Thu, 15 Mar 2018 00:18:34 GMT
Last-Modified: Thu, 08 Mar 2018 13:53:28 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 1289
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   2118
Md5:    5da37a4c25dab7c0bb1f8115db2d965a
Sha1:   48aea75872bca2975d569acbe4182f24bf91aecb
Sha256: cc3160447bea2cac8dc3668b6512e8d160b5863ec718fc883b212b4aab3be6ac
                                        
                                            GET /pagead/js/lidar.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:39:46 GMT
Expires: Wed, 14 Mar 2018 01:39:46 GMT
Etag: 4801535833242477396
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 29229
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 17
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   29229
Md5:    4b7ec4a83ca02d8c83865bce672d1bc0
Sha1:   8dcb795e05e171de1ed5c235dcf60afe45b5825e
Sha256: c858c02a0e83ed11b4dc756555dca0c52558302a258894c8b053700320f64e23
                                        
                                            GET /pcs/view?xai=AKAOjssLFw2JZh7woBKJm9iltf8272EKli0Q3Ymw9guUkS5xE25vjv0eNa3Dx1f4FR563yoGLYv130BSiwHpWzLhnXAaQkhkFytpxGgiVCTFKO8aZ-i2IkexBF4mZLMJLi6wC3hCUJxSKLn6ypfzG9WMmgedvhEoRa8BeH50FYsoly-Q_GuECiCjSp-A6juqWnPQf5WgBaqUf8WDS0FRGYHsXEoQ62WOy6ADAUc7QdFc8VGEfn-fJ_NT9AsRHV2HrmjOH7UHGuUV13rt-cOM8JL2zPTG4VzKjYvN5wjBN_zalzVT6Yr_mvHTU_-WD5Gih8qW_YVHex6QsUetWdKGg0N43vbkmV9Ew-62ThUE80ZCaMLy9yYopwjsTalxT1d1nRSUvNltnAbfSNqFtN8PAfCY37zSLKgMncjzIJ3ioX8UpDArPNLnjrieaN-4RRBtlWHQzgl6L3T2GhW_p0ziELNHWiYXYbX_NNNbIioSsX7Zn9OqkJJsjpR9mwA3whvgk8XZemi0vyg7qlz8-KrZe9uxblRHjHsDIo5rrqI97soauySW9HriSDmE3Gqy8yQhGqAdfqKpRmnKO_70OqC3-3wl96SnhKUsox6-SRMV4D-3JUCLjnpzjABPMuP_UP7MIEOqMMWCqjuT5NcAXkUQ4_WeSlYR9WbuNR2fQWsC4ewOsKaLy1FuKn9WNmJBAELfMY08EAKmMNO6GkDREYpc2s1UaKoELtc2y9Vz2iCszoXbcKouYJf9II8CCjfHqjsgg-IKsG4pTOdlPqV6sPgNePgUIUZ9zufFDWAO1BoawMCd8IdrCuFjUsHwtxS_5a2QH-Q&sai=AMfl-YSVneJ_D5PcDGX3Gcd799Os43ZJTbXBuK-2YrwpGZj63AMUw0PXPT_M8oMLNj-o6vF0FX9ugmU2e5JPYR0QF1GxUUYeCkl5&sig=Cg0ArKJSzMLWNG8jPeS-EAE&urlfix=1&adurl= HTTP/1.1 
Host: googleads4.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220
Cookie: IDE=AHWqTUlLDkWi1PiSLYKEBB2_vVbx3JWyM26RMYo0dt0vEJuSTjYxaCAXqCuNmIHq

                                         
                                         216.58.207.226
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cache-Control: private
X-Content-Type-Options: nosniff
Date: Wed, 14 Mar 2018 00:40:04 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
                                        
                                            GET /8454919/1520517208433/BahrainSet2_EN_7280x90.js HTTP/1.1 
Host: s0.2mdn.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://s0.2mdn.net/8454919/1520517208433/BahrainSet2_EN_7280x90.html

                                         
                                         172.217.20.38
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Length: 1754
Date: Wed, 14 Mar 2018 00:18:34 GMT
Expires: Thu, 15 Mar 2018 00:18:34 GMT
Last-Modified: Thu, 08 Mar 2018 13:53:28 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 1290
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   1754
Md5:    3d9be0d7dd499da01bbf597b6b22ca14
Sha1:   9cf1e9d059b233a7e86d1516f8858f9cc9fa5894
Sha256: fb1b3980b96483a85250566688816f91c5d3bd2ad9d13808bea5a9c238042bb2
                                        
                                            GET /setuid?entity=101&code=CAESEHKTiCKPfwahxY1lUh1eop4&google_cver=1 HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKwDEPrFlgEY7sqlLzAB&v=APEucNWlbStR9Jt5GuEwTx45_9NdV7qTvXVtjaxB6uYlkVgrZ4kDCehIAdNKU49ShtQlA7r-OgUW

                                         
                                         185.33.223.206
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.13.4
Date: Wed, 14 Mar 2018 00:40:06 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
AN-X-Request-Uuid: 5d0f90f1-a3a1-4c10-8faa-ea8c8d4fdcfd
Set-Cookie: anj=dTM7k!M41.DunaTF']wIg2E>6s+:>'!]tbPB*SPcQwTQLTYe%/_dQ@C].yrnZV*N6B)]VL:ESCjFWOw4M^!Cp_`6*e_>_k4_$HF(3If)3!.3JY0RJ/L; Path=/; Max-Age=7776000; Expires=Tue, 12-Jun-2018 00:40:06 GMT; Domain=.adnxs.com; HttpOnly sess=1; Path=/; Max-Age=86400; Expires=Thu, 15-Mar-2018 00:40:06 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 77.40.129.123; 77.40.129.123; 301.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.73:80


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /8454919/1520517208433/libs/createjs-2015.11.26.min.js HTTP/1.1 
Host: s0.2mdn.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://s0.2mdn.net/8454919/1520517208433/BahrainSet2_EN_7280x90.html

                                         
                                         172.217.20.38
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Length: 49352
Date: Wed, 14 Mar 2018 00:18:34 GMT
Expires: Thu, 15 Mar 2018 00:18:34 GMT
Last-Modified: Thu, 08 Mar 2018 13:53:28 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 1290
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   49352
Md5:    8cb26e17b9166689bb4fec17a131f8c1
Sha1:   d6f553f36b576e717f6dc1e65ab241e9a29e8c84
Sha256: 056d35c9025ed07828a40bdcd135e371563d7bb9386fcdfc25a2ed64dde4a19f
                                        
                                            GET /xbbe/match?xid=I3fL55Y1Xw4twfYxM8HF6lSO HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKwDEPrFlgEY7sqlLzAB&v=APEucNWlbStR9Jt5GuEwTx45_9NdV7qTvXVtjaxB6uYlkVgrZ4kDCehIAdNKU49ShtQlA7r-OgUW
Cookie: IDE=AHWqTUlLDkWi1PiSLYKEBB2_vVbx3JWyM26RMYo0dt0vEJuSTjYxaCAXqCuNmIHq; DSID=NO_DATA

                                         
                                         172.217.20.34
HTTP/1.1 204 No Content
Content-Type: text/html; charset=UTF-8
                                        
X-Content-Type-Options: nosniff
Date: Wed, 14 Mar 2018 00:40:04 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
                                        
                                            GET /pcs/activeview?xai=AKAOjsu4bvWiH-Hp2vsoZgbUH-7eJt2kOA-RoA4bAfonD8Vxceazom5O0OQlsADXs-NRW01lChZqGQOx0NJJb-YY&sig=Cg0ArKJSzI58mEPNTQ6cEAE&id=lidar2&adk=1&mtos=1176,1176,1176,1176,1176&tos=1176,0,0,0,0&p=457,220,547,948&opac=1&inapp=0&mcvt=1176&rs=5&tfs=411&tls=1587&mc=1&lte=1&bas=-1&bac=-1&if=1&r=v&tt=1185&bs=1184,715&bos=1184,863&ps=-12245933,-12245933&ss=1176,885&pt=404&xde=1&deb=1-1-1-6-4-5-0-4&tvt=1179&is=728,90&iframe_loc=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2515630227857275%26output%3Dhtml%26h%3D90%26slotname%3D6844291416%26adk%3D1487667633%26adf%3D807048394%26w%3D728%26lmt%3D1520987996%26loeid%3D332260007%252C38893312%26format%3D728x90%26url%3Dhttp%253A%252F%252Fdl-file.com%252Fyh7a9ppnndbp%252FFS17_Leuchtturm.zip.html%26ea%3D0%26flash%3D10.0.45%26wgl%3D0%26adsid%3DNT%26dt%3D1520987998146%26bpp%3D34%26fdt%3D40%26idt%3D192%26shv%3Dr20180312%26cbv%3Dr20170110%26saldr%3Daa%26correlator%3D7111511273072%26frm%3D20%26ga_vid%3D1723159861.1520987997%26ga_sid%3D1520987997%26ga_hid%3D1524862060%26ga_fc%3D1%26pv%3D2%26icsg%3D0%26nhd%3D1%26ds&url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2515630227857275%26output%3Dhtml%26h%3D90%26slotname%3D6844291416%26adk%3D1487667633%26adf%3D807048394%26w%3D728%26lmt%3D1520987996%26loeid%3D332260007%252C38893312%26format%3D728x90%26url%3Dhttp%253A%252F%252Fdl-file.com%252Fyh7a9ppnndbp%252FFS17_Leuchtturm.zip.html%26ea%3D0%26flash%3D10.0.45%26wgl%3D0%26adsid%3DNT%26dt%3D1520987998146%26bpp%3D34%26fdt%3D40%26idt%3D192%26shv%3Dr20180312%26cbv%3Dr20170110%26saldr%3Daa%26correlator%3D7111511273072%26frm%3D20%26ga_vid%3D1723159861.1520987997%26ga_sid%3D1520987997%26ga_hid%3D1524862060%26ga_fc%3D1%26pv%3D2%26icsg%3D0%26nhd%3D1%26ds&referrer=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&itpl=0&avms=xde&v=r20180312 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:40:06 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ddm/activity/dc_oe=ChMIqKPo68nq2QIVj5GbCh3oeABpEAAYACDY65Iv;met=1;&timestamp=1520988013224;eid1=2;ecn1=1;etm1=9;eid2=871060;ecn2=1;etm2=0; HTTP/1.1 
Host: ade.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2515630227857275&output=html&h=90&slotname=6844291416&adk=1487667633&adf=807048394&w=728&lmt=1520987996&loeid=332260007%2C38893312&format=728x90&url=http%3A%2F%2Fdl-file.com%2Fyh7a9ppnndbp%2FFS17_Leuchtturm.zip.html&ea=0&flash=10.0.45&wgl=0&adsid=NT&dt=1520987998146&bpp=34&fdt=40&idt=192&shv=r20180312&cbv=r20170110&saldr=aa&correlator=7111511273072&frm=20&ga_vid=1723159861.1520987997&ga_sid=1520987997&ga_hid=1524862060&ga_fc=1&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=224&ady=522&biw=1176&bih=754&abxe=1&scr_x=0&scr_y=0&eid=332260003%2C38893302%2C21061122%2C191880502%2C20040069&oid=3&rx=0&eae=4&fc=528&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&ppjl=u&pfx=0&fu=1040&bc=1&ifi=1&dtd=220

                                         
                                         216.58.207.226
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 14 Mar 2018 00:40:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /yh7a9ppnndbp/favicon.png HTTP/1.1 
Host: dl-file.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: lang=english

                                         
                                         149.56.18.55
HTTP/1.1 200 OK
Content-Type: text/html ; charset=UTF-8
                                        
Date: Wed, 14 Mar 2018 00:30:53 GMT
Server: Apache/2.4.6
Expires: Tue, 13 Mar 2018 00:30:53 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /sc?u=c20b0415-2254-46ec-8380-fe2d5624a4de&csr=1 HTTP/1.1 
Host: bedformj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/RjY2STJpVVt2QDILVCxWIFlEJFhoVVkk

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /d/px/?_pid=15261&_psign=2bf069f9d9a7a84e2904dfa3d3b805bd&_puuid=c20b0415-2254-46ec-8380-fe2d5624a4de&_rand=1520988000479 HTTP/1.1 
Host: p.adsymptotic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/RjY2STJpVVt2QDILVCxWIFlEJFhoVVkk

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /466936.gif?partner_uid=c20b0415-2254-46ec-8380-fe2d5624a4de HTTP/1.1 
Host: idsync.rlcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/RjY2STJpVVt2QDILVCxWIFlEJFhoVVkk

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /d/px/?_pid=15261&_psign=2bf069f9d9a7a84e2904dfa3d3b805bd&_puuid=e93d55fa-eae5-41c3-9f43-f3552c6c1316&_rand=1520988002006 HTTP/1.1 
Host: p.adsymptotic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://boudja.com/VUlXSWN6Kjp2ESF0NSwHMyYlJAl7Kjgk

                                         
                                         0.0.0.0
                                        


--- Additional Info ---