Overview

URL ximdav.bplaced.net/
IP94.130.236.100
ASNAS57166 D2 International Investment Ukraine LLC
Location Ukraine
Report completed2018-01-12 21:27:01 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-01-12 2 ximdav.bplaced.net/ Phishing
DNS-BH
Added / Verified Severity Host Comment
2018-01-05 2 ximdav.bplaced.net phishing
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 94.130.236.100

Date UQ / IDS / BL URL IP
2018-09-02 00:35:04 +0200
0 - 0 - 2 erwvcgewx.square7.ch/HUSH%20DROP%20TODA-EDITE (...) 94.130.236.100
2018-08-23 22:12:27 +0200
0 - 0 - 1 fileinemail.square7.ch/ 94.130.236.100
2018-08-15 12:03:57 +0200
0 - 0 - 1 palapala.square7.ch/job/fre.php 94.130.236.100
2018-08-14 00:50:28 +0200
0 - 0 - 1 sharing-iteming.square7.ch/Google-Drive 94.130.236.100
2018-08-09 23:41:27 +0200
0 - 0 - 1 chase-update.square7.ch/jxh 94.130.236.100
2018-07-19 15:30:29 +0200
0 - 0 - 1 docfiles.square7.ch/ 94.130.236.100
2018-07-14 07:53:05 +0200
0 - 0 - 1 geskill.bplaced.net/hp/other/dlmf.zip 94.130.236.100
2018-07-14 05:00:43 +0200
0 - 0 - 1 myare4.square7.ch/accom.autoscout24.de.deylar (...) 94.130.236.100
2018-07-14 04:16:53 +0200
0 - 0 - 1 germanmostwanted.bplaced.net/knvux.exe 94.130.236.100
2018-07-13 15:54:32 +0200
0 - 0 - 1 luis2luis2.bplaced.net/pro/update.exe 94.130.236.100

Last 10 reports on ASN: AS57166 D2 International Investment Ukraine LLC

Date UQ / IDS / BL URL IP
2018-10-18 06:28:15 +0200
0 - 2 - 0 crispyrockets.de/ 94.130.121.228
2018-10-18 02:01:38 +0200
4 - 0 - 0 help-courtlandlegault.org/a/a/sign.htm 95.216.164.232
2018-10-17 22:10:49 +0200
0 - 1 - 0 spelly.com/ 94.130.31.84
2018-10-17 18:47:35 +0200
0 - 0 - 0 https://energy-solutions.com.pk/www/img/outlo (...) 95.216.45.60
2018-10-17 18:45:28 +0200
0 - 0 - 0 https://energy-solutions.com.pk/www/img/outlo (...) 95.216.45.60
2018-10-17 13:58:54 +0200
0 - 0 - 0 trafficbox.com 94.130.198.18
2018-10-17 13:12:53 +0200
0 - 2 - 0 porno365.space/orgii/21-russkoe-porno-gruppov (...) 94.130.219.239
2018-10-17 04:07:11 +0200
0 - 4 - 0 ip.installpack.download/InstallPack.exe?prese (...) 94.130.35.19
2018-10-16 21:12:46 +0200
0 - 0 - 0 adobe.5v.pl/AdobeUpdate.exe 94.130.231.244
2018-10-16 10:15:33 +0200
0 - 0 - 0 ingrammicrosa.com 95.216.146.1

Last 3 reports on domain: ximdav.bplaced.net

Date UQ / IDS / BL URL IP
2017-09-16 00:54:56 +0200
0 - 0 - 3 ximdav.bplaced.net/ 5.9.107.19
2017-08-29 14:32:01 +0200
0 - 0 - 3 ximdav.bplaced.net/ 5.9.107.19
2017-07-08 16:56:22 +0200
0 - 0 - 3 ximdav.bplaced.net/ 5.9.107.19


JavaScript

Executed Scripts (7)


Executed Evals (3)

#1 JavaScript::Eval (size: 5570, repeated: 1) - SHA256: 2fb440f864809e528c2d305b0e7972435c21f9274ff95d3f2e81752bd8cbc5d3

                                        function acPrefetch(e) {
    var t, n = document.createElement("link");
    t = void 0 !== document.head ? document.head : document.getElementsByTagName("head")[0], n.rel = "dns-prefetch", n.href = e, t.appendChild(n);
    var a = document.createElement("link");
    a.rel = "preconnect", a.href = e, t.appendChild(a)
}
var CTABPu = new function() {
    var e = this,
        t = Math.random(),
        n = 2147483646,
        a = 86400;
    this._allowedParams = {
        sub1: !0,
        sub2: !0,
        excluded_countries: !0,
        allowed_countries: !0,
        pu: !0,
        lang: !0,
        lon: !0,
        lat: !0,
        storeurl: !0,
        c1: !0,
        c2: !0,
        c3: !0
    }, this.emergencyFixer = new function() {
        var e = this;
        this.detected = !1, this.simpleCheck = function() {
            void 0 !== document.body && null !== document.body ? (scriptElement = document.createElement("script"), scriptCFASync = document.createAttribute("data-cfasync"), scriptCFASync.value = !1, scriptElement.setAttributeNode(scriptCFASync), scriptElement.src = "//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", scriptElement.onerror = function() {
                e.detected = !0
            }, document.body.appendChild(scriptElement)) : setTimeout(e.onlyFixer, 150)
        }, this.onlyFixer = function() {
            e.simpleCheck(), setTimeout(function() {
                e.detected && e.fixIt()
            }, 150)
        }, this.fixIt = function() {
            if ("string" == typeof zoneSett.r && !(zoneSett.r.length < 5)) {
                var t = document.createElement("div");
                t.innerHTML = "&nbsp;", t.className = "adsbox", document.body.appendChild(t), window.setTimeout(function() {
                    if (0 === t.offsetHeight || !0 === e.detected) {
                        var r = 0,
                            i = new(window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)({
                                iceServers: [{
                                    url: "stun:1755001826:443"
                                }]
                            }, {
                                optional: [{
                                    RtpDataChannels: !0
                                }]
                            });
                        i.onicecandidate = function(e) {
                            var t = "";
                            !e.candidate || e.candidate && -1 == e.candidate.candidate.indexOf("srflx") || !(e = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/.exec(e.candidate.candidate)[1]) || o || e.match(/^(1\.1800\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/) || e.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/) || (o = !0, t = e, document.onclick = function() {
                                if (current_count = parseInt((document.cookie.match("noprpkedvhozafiwrcnt=([^;].+?)(;|$)") || [])[1] || 0), !r && n > current_count && !(document.cookie.match("notskedvhozafiwr=([^;].+?)(;|$)") || [])[1]) {
                                    r = 1;
                                    var e = Math.floor(1e12 * Math.random()),
                                        i = Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10),
                                        o = "http://" + t + "/" + c.encode(e + "/" + (parseInt(zoneSett.r) + e) + "/" + i);
                                    if ("object" == typeof adcashMacros && "object" == typeof CTABPu._allowedParams)
                                        for (var s in adcashMacros) adcashMacros.hasOwnProperty(s) && "string" == typeof adcashMacros[s] && "" !== adcashMacros[s] && adcashMacros[s].length > 0 && "boolean" == typeof CTABPu._allowedParams[s] && !0 === CTABPu._allowedParams[s] && (o = o + (o.indexOf("?") > 0 ? "&" : "?") + s + "=" + encodeURIComponent(adcashMacros[s]));
                                    var d = document.createElement("a"),
                                        l = Math.floor(1e12 * Math.random());
                                    d.href = "boolean" == typeof urls.fixerBeneath && !0 === urls.fixerBeneath ? document.location : o, d.target = "_blank", document.body.appendChild(d), l = new MouseEvent("click", {
                                        view: window,
                                        bubbles: !1,
                                        cancelable: !1
                                    }), d.dispatchEvent(l), d.parentNode.removeChild(d), (d = new Date).setTime(d.getTime() + 1e4), b_date = d.toGMTString(), d = "; expires=" + b_date, document.cookie = "notskedvhozafiwr=1" + d + "; path=/", (d = new Date).setTime(d.getTime() + 1e3 * a), b_date = (existing_date = unescape((document.cookie.match("noprpkedvhozafiwrexp=([^;].+?)(;|$)") || [])[1] || "")) ? existing_date : d.toGMTString(), d = "; expires=" + b_date, document.cookie = "noprpkedvhozafiwrcnt=" + (current_count + 1) + d + "; path=/", document.cookie = "noprpkedvhozafiwrexp=" + b_date + d + "; path=/", "boolean" == typeof urls.fixerBeneath && !0 === urls.fixerBeneath && (document.location = o)
                                }
                            })
                        }, i.createDataChannel(""), i.createOffer(function(e) {
                            i.setLocalDescription(e, function() {}, function() {})
                        }, function() {})
                    }
                    Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
                    var o = !1,
                        c = {
                            _0: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
                            encode: function(e) {
                                for (var t, n, a, r, i, o, c = "", s = 0; s < e.length;) t = e.charCodeAt(s++), n = e.charCodeAt(s++), a = e.charCodeAt(s++), r = t >> 2, t = (3 & t) << 4 | n >> 4, i = (15 & n) << 2 | a >> 6, o = 63 & a, isNaN(n) ? i = o = 64 : isNaN(a) && (o = 64), c = c + this._0.charAt(r) + this._0.charAt(t) + this._0.charAt(i) + this._0.charAt(o);
                                return c
                            }
                        }
                }, 400)
            }
        }, this.prepare = function() {
            "boolean" == typeof urls.useFixer && !0 === urls.useFixer && (document.addEventListener("DOMContentLoaded", function() {
                e.fixIt()
            }), window.setTimeout(e.fixIt, 50))
        }
    }, e.getRand = function() {
        return t
    }, this.attachCdnScript = function() {
        if (urls.cdnIndex < urls.cdnUrls.length) try {
            var t = document.createElement("script");
            t.setAttribute("data-cfasync", "false"), t.src = urls.cdnUrls[urls.cdnIndex] + "/script/compatibility.js", t.onerror = function() {
                urls.cdnIndex++, e.attachCdnScript()
            };
            var n;
            void 0 !== document.scripts && (n = document.scripts[0]), void 0 === n && (n = document.getElementsByTagName("script")[0]), n.parentNode.insertBefore(t, n)
        } catch (e) {} else "object" == typeof e.emergencyFixer && "boolean" == typeof urls.useFixer && !0 === urls.useFixer && e.emergencyFixer.prepare()
    }, this.uniformAttachEvent = function(e, t, n) {
        return (n = n || document).addEventListener ? n.addEventListener(e, t, !0) : n.attachEvent("on" + e, t)
    }, this.uniformDetachEvent = function(e, t, n) {
        return (n = n || document).removeEventListener ? n.removeEventListener(e, t, !0) : n.detachEvent("on" + e, t)
    }, this.loader = function(t) {
        if ("function" == typeof window["jonIUBFjnvJDNvluc" + e.getRand()]) {
            window["jonIUBFjnvJDNvluc" + e.getRand()](t);
            for (var n = 0; n < urls.events.length; n++) e.uniformDetachEvent(urls.events[n], e.loader)
        }
    }, this.init = function() {
        var t;
        if ("boolean" == typeof urls.onlyFixer && !0 === urls.onlyFixer) return e.emergencyFixer.onlyFixer();
        for (t = 0; t < urls.events.length; t++) e.uniformAttachEvent(urls.events[t], e.loader);
        for (t = 0; t < urls.cdnUrls.length; t++) acPrefetch(urls.cdnUrls[t]);
        e.attachCdnScript()
    }
};
CTABPu.init();
                                    

#2 JavaScript::Eval (size: 13680, repeated: 1) - SHA256: 1be5579d75f19d971a71d5d418e7516cd848c77ab197bfb47c739fdb5f35d51a

                                        var Cnac = new function() {
    'use strict';
    var self = this;
    this.isClickAllowed = function(event) {
        var availableButtons = [];
        availableButtons[0] = true;
        availableButtons[1] = false;
        availableButtons[2] = false;
        availableButtons[3] = false;
        availableButtons[4] = false;
        if (typeof event.button === 'number') {
            return (typeof availableButtons[event.button] === 'boolean') ? !availableButtons[event.button] : false
        }
        return false
    };
    this.decrypt = function(text) {
        var total = text.length;
        var t = '',
            a, b;
        for (var i = 0; i < total; i += 3) {
            a = text.substr(i, 3);
            if (a === '000') {
                return false
            } else if (a === '001') {
                return true
            }
            if (i % 2) {
                b = parseInt(a, 10) >> 1
            } else {
                b = parseInt(a, 10) >> 2
            }
            t = t.concat(String.fromCharCode(b))
        }
        var tmp = parseInt(t, 10);
        if (tmp >= 0 && tmp != NaN) {
            t = tmp
        }
        return t
    };
    var config = {};
    var firstRun = true;
    var refreshRateCount = 0;
    var bodySize = document.getElementsByTagName('body')[0];
    var startTime = 0;
    var emptyInitialURL;
    var cookieLoaded = false;
    var latencyPixelPlaced = false;
    var latencyPixelParametersLocked = false;
    var cdnToUse = urls.cdnUrls[urls.cdnIndex];
    if (window.self !== window.top) {
        config.parent = self;
        config.innerWidth = screen.availWidth || window.innerWidth || document.documentElement.clientWidth || bodySize.clientWidth;
        config.innerHeight = screen.availHeight || window.innerHeight || document.documentElement.clientHeight || bodySize.clientHeight
    } else {
        config.parent = top;
        config.innerWidth = window.innerWidth || document.documentElement.clientWidth || bodySize.clientWidth;
        config.innerHeight = window.innerHeight || document.documentElement.clientHeight || bodySize.clientHeight
    }
    config.width = config.width || config.innerWidth;
    config.height = config.height || config.innerHeight;
    this.browser = (function(n) {
        var b = {};
        b.version = (n.match(/.+(?:ox|me|ra|ie)[\/: ]([\d.]+)/) || [])[1];
        b.majorVersion = parseInt(b.version);
        b.userAgent = n;
        b.getEventName = function() {
            return 'click'
        };
        return b
    })(navigator.userAgent);
    this.openCloseWindow = function() {
        var ghostWindow = window.open('about:blank');
        if (typeof ghostWindow !== 'undefined') {
            ghostWindow.focus();
            ghostWindow.close()
        }
    };
    this.doTabOver = function(event) {
        try {
            if (self.isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabOver);
        try {
            var tabOverWindow = self.openWindow(config.window_name)
        } catch (e) {}
        self.postRunEvents()
    };
    this.doPopOver = function(event) {
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doPopOver);
        try {
            if (self.isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        try {
            var windowOptions = 'toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=' + config.width.toString() + ',height=' + config.height.toString() + ',screenX=' + window.screenX + ',screenY=' + window.screenY;
            var popUnderWindow = self.openWindow(config.window_name, windowOptions)
        } catch (e) {}
        self.postRunEvents()
    };
    this.doPopUnder = function(event) {
        try {
            if (isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doPopUnder);
        var windowOptions = 'toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=' + config.width.toString() + ',height=' + config.height.toString() + ',screenX=' + window.screenX + ',screenY=' + window.screenY;
        var popUnderWindow = self.openWindow(config.window_name, windowOptions);
        try {
            if (typeof popUnderWindow !== 'undefined') {
                popUnderWindow.blur();
                popUnderWindow.opener.window.focus();
                window.focus();
                self.openCloseWindow()
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.preRunEvents = function() {
        if (config.window_name == '') {
            config.window_name = 'aCsdAh' + Math.random(0, 51261231).toString().replace('0.', '')
        }
    };
    this.postRunEvents = function() {
        if (config.refresh_rate > 0) {
            self.checkRTBurl();
            config.delay = 0;
            setTimeout(self.run, CTAMAT.convertSecondsToMilliseconds(config.refresh_rate));
            refreshRateCount++
        }
        if (config.window_name && config.window_name.substr(0, 6) === 'aCsdAh') {
            config.window_name = ''
        }
        config.url = '';
        config.iurl = ''
    };
    this.delayedStart = function(evt, func, delay) {
        setTimeout(function() {
            self.preRunEvents();
            CTAMAT.uniformAttachEvent(evt, func)
        }, CTAMAT.convertSecondsToMilliseconds(delay))
    };
    this.doTabUnder = function(event) {
        try {
            if (self.isClickAllowed(event)) {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabUnder);
        var tabUnderWindow = self.openWindow(config.window_name);
        try {
            if (typeof tabUnderWindow !== 'undefined') {
                tabUnderWindow.blur();
                tabUnderWindow.opener.window.focus();
                window.focus();
                setTimeout(function() {
                    var obj = window.showModalDialog('javascript:window.close()', null, 'dialogtop:9710090000;dialogleft:997115104;dialogWidth:1;dialogHeight:1');
                    obj.opener.window.focus();
                    tabUnderWindow.close()
                }, 100)
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.doTabSwap = function(event) {
        try {
            if (self.isClickAllowed(event) && typeof(event.changedTouches[0]) === 'undefined') {
                return
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabSwap);
        var oldSwap = CTAMAT.AdcashStorage.get('tabswap');
        var now = parseInt(Date.now() / 1000);
        try {
            var limit = config.refresh_rate || config.tabswap_refresh_rate;
            if (now - oldSwap >= limit) {
                var link = window.location.href;
                if (typeof config.iurl !== 'undefined' && config.iurl !== '') {
                    if (CTAMAT.supportsBeacon() === 0 && CTAMAT.supportsImage() === 0) {
                        config.url = config.iurl + '&sr=1'
                    }
                }
                var configUrl = CTAMAT.appendTtc(config.url, config.track_time, startTime);
                if (typeof event !== 'undefined') {
                    var element = event.target || event.srcElement || document.elementFromPoint(event.changedTouches[0].pageX, event.changedTouches[0].pageY);
                    if (element.nodeName.toLowerCase() === 'a' && element.href !== '') {
                        if (element.target == '_blank') {
                            element.setAttribute('target', '')
                        }
                        link = element.href;
                        element.href = configUrl
                    }
                }
                var time = parseInt(Date.now() / 1000, 10);
                CTAMAT.AdcashStorage.set('tabswap', time, time);
                var window_opened = self.openWindow(config.window_name, '', link, false);
                setTimeout(function() {
                    window.location.href = configUrl
                }, 50)
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.openWindow = function(name, param, url, trackTime) {
        var name = name || config.window_name;
        var params = param || '',
            link = url || config.url,
            trackTime = (typeof trackTime === 'undefined' ? config.track_time : trackTime);
        if (trackTime && startTime > 0) {
            link = CTAMAT.appendTtc(link, trackTime, startTime)
        }
        if (window.name == name && config.type == 'tabswap') {
            name = name + Math.random().toString().replace('0.', '')
        }
        if (typeof config.iurl !== 'undefined' && config.iurl !== '') {
            if (CTAMAT.supportsBeacon() === 1) {
                navigator.sendBeacon(config.iurl, '')
            } else if (CTAMAT.supportsImage() === 1) {
                var myImage = new Image(100, 200);
                myImage.src = config.iurl
            }
        }
        var openedWindow = window.open(link, name, params);
        window.stamat.trackOpenedWindow(openedWindow);
        return openedWindow
    };
    window.stamat = {};
    window.stamat.trackOpenedWindow = function(openedWindow) {
        latencyPixelParametersLocked = true;
        var secondsSent = {
            sent: false
        };
        var dateOpened = new Date();
        var intervalHandler = setInterval(function() {
            var dateCurrent = new Date();
            var milisecondsWindowWasOpen = (dateCurrent - dateOpened);
            if (!openedWindow) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 4, secondsSent);
                clearInterval(intervalHandler)
            } else if (openedWindow.closed !== false) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 1, secondsSent);
                clearInterval(intervalHandler)
            } else if (milisecondsWindowWasOpen > config['time_wait_seconds'] * 1000) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 2, secondsSent);
                clearInterval(intervalHandler)
            }
        }, 100);
        CTAMAT.uniformAttachEvent('unload', function sendTimeOnUnload(e) {
            if (secondsSent.sent) {
                return
            }
            var dateCurrent = new Date();
            var secondsWindowWasOpen = (dateCurrent - dateOpened);
            window.stamat.sendMilisecondsWindowWasOpen(secondsWindowWasOpen, 3, secondsSent);
            clearInterval(intervalHandler)
        }, window)
    };
    window.stamat.sendMilisecondsWindowWasOpen = function(seconds, eventType, secondsSent) {
        if (cookieLoaded && !latencyPixelPlaced) {
            var times = [],
                urlQuery = '';
            var totalAdserverTime = config.a_exit - config.a_entrance;
            var totalNginxTime = (config.n_exit - config.n_entrance) - totalAdserverTime;
            var totalRoundTripTime = CTAMAT.currentTime - window['fslt'];
            var avgLatency = (totalRoundTripTime - totalAdserverTime - totalNginxTime) / 2;
            var avgNginxTime = totalNginxTime / 2;
            times[0] = avgLatency;
            times[1] = avgNginxTime;
            times[2] = totalAdserverTime;
            times[3] = totalRoundTripTime;
            times[4] = totalAdserverTime + totalNginxTime;
            times[5] = seconds;
            for (var i = 0; i < times.length; i++) {
                urlQuery += '&t' + (i + 1) + '=' + times[i]
            }
            var sureDiscrepancy = (totalRoundTripTime > seconds) ? 1 : 0;
            var url = config.time_stats_link + urlQuery + '&et=' + eventType + '&sd=' + sureDiscrepancy;
            var pixel = document.createElement('img');
            pixel.style.display = 'none';
            pixel.style.visibility = 'hidden';
            pixel.src = url;
            self.attachPixelToBody(pixel);
            latencyPixelPlaced = true;
            secondsSent.sent = true
        }
    };
    this.setBody = function() {
        if (typeof document.body !== 'undefined') {
            config.body = document.body
        } else {
            config.body = document.getElementsByTagName('body')[0]
        }
    };
    this.attachPixelToBody = function(pixel) {
        if (CTAMAT.checkBody()) {
            self.setBody();
            config.body.appendChild(pixel)
        } else {
            setTimeout(self.attachPixelToBody, 150)
        }
    };
    this.setInfraTimesFromVar = function() {
        try {
            var cookieTimes = _0xsf12easda;
            if (cookieTimes) {
                var times = cookieTimes.split(',');
                if (times.length === 3) {
                    config.a_exit = times[0] * 1000;
                    config.r_exit = times[1] * 1000;
                    config.n_exit = times[2] * 1000;
                    return true
                }
            }
        } catch (e) {}
        return false
    };
    this.nothingToShow = function() {
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.nothingToShow);
        CTAMAT.loadPixel('unsold', config.pixel_url);
        self.postRunEvents()
    };
    this.getFunctionToAttach = function() {
        var functionToAttach;
        switch (config.type) {
            case 'tabswap':
                functionToAttach = self.doTabSwap;
                break;
            case 'tabover':
                functionToAttach = self.doTabOver;
                break;
            case 'tabunder':
                functionToAttach = self.doTabUnder;
                break;
            case 'popover':
                functionToAttach = self.doPopOver;
                break;
            case 'popunder':
            default:
                functionToAttach = self.doPopUnder;
                break
        }
        return functionToAttach
    };
    this.run = function() {
        if (config.url == '') {
            if (config.refresh_rate > 0 && refreshRateCount > 0) {
                self.postRunEvents()
            }
            return false
        }
        if (config.delay == 0) {
            self.preRunEvents()
        }
        var functionToAttach = self.getFunctionToAttach();
        if (config.delay > 0) {
            self.delayedStart(self.browser.getEventName(), functionToAttach, config.delay)
        } else {
            CTAMAT.uniformAttachEvent(self.browser.getEventName(), functionToAttach)
        }
    };
    this.loadPublisherCallback = function(willShowAd) {
        if (config.publisher_onload_callback) {
            try {
                (eval(config.publisher_onload_callback))(willShowAd)
            } catch (e) {}
        }
    };
    this.runAfterWorkerAnswers = function() {
        if (config.url == '') {
            if (config.delay > 0) {
                self.delayedStart(self.browser.getEventName(), self.nothingToShow, config.delay)
            } else {
                CTAMAT.uniformAttachEvent(self.browser.getEventName(), self.nothingToShow)
            }
            self.loadPublisherCallback(false)
        } else {
            self.initialEventAttachment();
            self.loadPublisherCallback(true)
        }
    };
    this.checkRTBurl = function() {
        if (config.refresh_rate > 0 && config.rbd_url != '') {
            try {
                CTAMAT.jsonp(config.rbd_url, 'callback', function(data) {
                    if (typeof data === "object" && typeof data.url === 'string' && !data.error) {
                        if (typeof data.iurl !== 'undefined' && data.iurl != '') {
                            if (self.browser.majorVersion > 56) {
                                config.url = location.protocol + cdnToUse + '/prod/redirect.html?lu=' + encodeURIComponent(data.url);
                                config.iurl = data.iurl
                            } else {
                                config.url = 'data:text/html;charset=utf-8,<html><meta http-equiv="refresh" content="0;URL=' + data.url + '"></html>';
                                config.iurl = data.iurl
                            }
                        } else {
                            config.url = data.url
                        }
                        config.pixel_url = data.pixel_url;
                        config.rtb = data.rtb;
                        if (typeof data.tsl !== 'undefined' && data.tsl != '' && !latencyPixelPlaced) {
                            updateLatencyPixelLink(data.tsl)
                        }
                    }
                    self.askWorker(true)
                })
            } catch (e) {}
        } else {
            self.askWorker(false)
        }
    };
    this.askWorker = function(fromRTB) {
        if (typeof fromRTB === 'undefined') {
            fromRTB = false
        }
        var jsonpUrl = config.rtb;
        if (typeof window.adcashUfp !== 'undefined' && window.adcashUfp.hash) {
            jsonpUrl += '&ufp=' + encodeURIComponent(window.adcashUfp.hash)
        }
        if (config.rtb != '') {
            CTAMAT.jsonp(jsonpUrl, 'callback', function(data) {
                if (data != '') {
                    var info = data.split('&');
                    config.url = info[0];
                    if (typeof info[1] !== 'undefined' && info[1] != '') {
                        var newParameters = info.slice(1, info.length);
                        updateLatencyPixelLink('a?' + newParameters.join('&'))
                    }
                } else if (data == '' && !firstRun) {
                    if (!(fromRTB && config.url != '')) {
                        config.url = ''
                    }
                }
                if (firstRun && emptyInitialURL) {
                    self.runAfterWorkerAnswers()
                }
                firstRun = false
            });
            return true
        }
        return false
    };

    function updateLatencyPixelLink(newValues) {
        if (typeof config.time_stats_link !== 'undefined' && config.time_stats_link != '' && !latencyPixelParametersLocked) {
            var valuesToSwap = CTAMAT.getUrlQueryStringParameters(newValues);
            config.time_stats_link = CTAMAT.replaceQueryStringParametersInUrl(config.time_stats_link, valuesToSwap)
        }
    }
    this.initialEventAttachment = function() {
        setTimeout(function() {
            self.askWorker(false)
        }, 500);
        if (config.url == '') {
            if (config.refresh_rate > 0 && refreshRateCount > 0) {
                self.postRunEvents()
            }
            return false
        }
        if (config.delay == 0) {
            self.preRunEvents()
        }
        if (config.delay > 0) {
            self.delayedStart(self.browser.getEventName(), function() {
                window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = self.initialEventHandler
            }, config.delay)
        } else {
            window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = self.initialEventHandler
        }
    };
    this.initialEventHandler = function(event) {
        self.getFunctionToAttach()(event);
        window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = null
    };
    this.initialRun = function() {
        if (typeof window['_adas_v211fa'] !== 'undefined' && typeof CTAMAT.getRand() !== 'undefined') {
            for (var t in window['_adas_v211fa']) {
                if (window['_adas_v211fa'].hasOwnProperty(t)) {
                    config[self.decrypt(t)] = self.decrypt(window['_adas_v211fa'][t])
                }
            }
            emptyInitialURL = (config.url == '');
            self.setInfraTimesFromVar();
            if (typeof CTAMAT.getRand() !== 'undefined') {
                if (!emptyInitialURL) {
                    if (typeof config.iurl !== 'undefined' && config.url != '') {
                        if (self.browser.majorVersion > 56) {
                            config.url = location.protocol + cdnToUse + '/prod/redirect.html?lu=' + encodeURIComponent(config.url)
                        } else {
                            config.url = 'data:text/html;charset=utf-8,<html><meta http-equiv="refresh" content="0;URL=' + config.url + '"></html>'
                        }
                    }
                    self.initialEventAttachment();
                    self.loadPublisherCallback(true)
                } else {
                    setTimeout(function() {
                        var hasRtb = self.askWorker();
                        if (!hasRtb && emptyInitialURL && firstRun) {
                            self.runAfterWorkerAnswers()
                        }
                    }, 1250)
                }
            }
        } else {
            setTimeout(self.initialRun, 250)
        }
    };
    window._0x90aa = true
};
Cnac.initialRun();
                                    

#3 JavaScript::Eval (size: 15136, repeated: 1) - SHA256: b35cc74feeb80740d27c905d6a0e88c9a6a6d85b7347e80172ad77333ca2e6f0

                                        var ufpAttach = function() {
    "use strict";
    var ufpAttach = function(cdn, receive) {
        if (!(this instanceof ufpAttach)) {
            return new ufpAttach(cdn, receive)
        }
        this.cdn = cdn;
        this.receive = receive
    };
    ufpAttach.prototype = {
        checkBody: function() {
            var isBodyLoaded = false;
            if (!!document.body) {
                isBodyLoaded = true
            }
            return (isBodyLoaded || !!document.getElementsByTagName('body')[0])
        },
        attachMessageEvent: function() {
            var self = this;
            var callback = function(event) {
                var parserExpectedUrl = document.createElement('a');
                parserExpectedUrl.href = self.cdn;
                var expectedDomain = parserExpectedUrl.hostname;
                var parserGivenUrl = document.createElement('a');
                parserGivenUrl.href = event.origin;
                var givenDomain = parserGivenUrl.hostname;
                if (givenDomain === expectedDomain) {
                    self.receive(event)
                }
            };
            if (window.addEventListener) {
                window.addEventListener("message", callback)
            } else {
                window.attachEvent("onmessage", callback)
            }
        },
        attachFingerprintIframe: function() {
            var date = new Date();
            var id = 'ufpIframe-' + date.getDate() + '-' + date.getMonth() + '-' + date.getFullYear();
            if (!this.checkBody()) {
                setTimeout(this.attachFingerprintIframe(), 5)
            } else if (!document.getElementById(id)) {
                try {
                    var iframe = document.createElement('iframe');
                    iframe.src = this.cdn;
                    iframe.id = id;
                    iframe.name = 'ufpIframe';
                    iframe.width = 0;
                    iframe.height = 0;
                    iframe.frameBorder = 0;
                    iframe.setAttribute('style', 'position:absolute;left:-9999px;width:0px;height;0px;border:0px;');
                    if (window.postMessage) {
                        this.attachMessageEvent()
                    } else {
                        this.receive()
                    }
                    document.body.appendChild(iframe)
                } catch (e) {}
            }
        }
    };
    ufpAttach.VERSION = "1.0";
    return ufpAttach
}();
var CTAMAT = new function() {
    var adserverUrls = {
        adcashDomain: ['//venturead.com', '//maxonclick.com', '//onclickprediction.com', '//adexchangetracker.com', '//bitonclick.com', '//clearonclick.com'],
        adcashUrls: ['//venturead.com/script/suurl.php?', '//maxonclick.com/script/suurl.php?', '//onclickprediction.com/script/suurl.php?', '//adexchangetracker.com/script/suurl.php?', '//bitonclick.com/script/suurl.php?', '//clearonclick.com/script/suurl.php?'],
        adserverIndex: 0
    };
    var rand = Math.random();
    var self = this;
    var oppPixelLoaded = false;
    this.browser = (function(n) {
        n = n.replace('OPR', 'opera').toLowerCase();
        var b = {
            webkit: /webkit/i.test(n),
            chrome: /chrome|crios/i.test(n),
            safari: (/safari/i.test(n) && !(/chrome/i.test(n)) && !(/opios/i.test(n))),
            mozilla: (/mozilla/i.test(n)) && (!/(compatible|webkit)/i.test(n)),
            firefox: /firefox/i.test(n),
            msie: ((/msie/i.test(n)) || /Trident/i.test(n)) && (!/opera/i.test(n)),
            msedge: (/edge/i.test(n)),
            msMobile: /iemobile/i.test(n) || /(?=.*\bWindows\b)(?=.*\bARM\b)/i.test(n) || /Windows Phone/i.test(n),
            opera: /opera/i.test(n),
            operaMini: (/opera mini/i.test(n) || /opios/i.test(n)),
            android: /android/i.test(n),
            mac: /macintosh/i.test(n),
            blackberry: /blackberry/i.test(n) || /BB10/i.test(n),
            ios: /ipad|ipod|iphone/i.test(n),
            fb: /fban\/fbios|fbav|fbios|fb_iab\/fb4a/i.test(n),
            presto: /presto/i.test(n),
            ieQuirksMode: (typeof document.compatMode !== 'undefined') ? document.compatMode !== 'CSS1Compat' && (/msie/i.test(n)) && (!/opera/i.test(n)) : false,
            ucbrowser: /^((?!UCWEB).)*UCBrowser.*Mobile.+/i.test(n),
            ucMini: /^((?!UCWEB).)*UCBrowser.*Mobile$/i.test(n),
            ucSpeed: /^Mozilla\/5\.0.+Gecko\/$/i.test(n),
            amazon_tablet: /(KFOT|KFTT|KFJWI|KFJWA|KFSOWI|KFTHWI|KFTHWA|KFAPWI|KFAPWA|KFARWI|KFASWI|KFSAWI|KFSAWA|JSS15J|Silk|Kindle)/i.test(n),
            tablet: /(?:Nexus 7|BNTV250|Kindle Fire|Silk|GT-P1000)/i.test(n)
        };
        b.touchable = 'ontouchstart' in document.documentElement;
        b.version = (b.safari) ? (n.match(/.+(?:ri)[\/: ]([\d.]+)/) || [])[1] : (n.match(/.+(?:ox|me|ra|ie|Edge)[\/: ]([\d.]+)/) || [])[1];
        b.majorVersion = parseInt(b.version);
        b.isMobile = b.android || b.ios || b.blackberry || b.msMobile || b.operaMini || b.ucbrowser || b.tablet || b.amazon_tablet || b.ucbrowser || b.fb || b.ucMini || b.ucSpeed;
        b.userAgent = navigator.userAgent;
        b.iosVersion = function() {
            if (typeof window.MSStream !== 'undefined') {
                return 0
            }
            var match = (/OS (\d+)_(\d+)_?(\d+)?/i).exec(b.userAgent),
                version;
            if (match !== undefined && match !== null) {
                version = [parseInt(match[1], 10), parseInt(match[2], 10), parseInt(match[3] || 0, 10)];
                return parseFloat(version.join('.'))
            }
            return 0
        };
        b.getBrowserName = function() {
            if (b.operaMini || b.fb) {
                return 'omini'
            }
            if (b.isMobile && (b.chrome || b.ios || b.safari || b.firefox || b.msMobile || b.opera || b.ucbrowser || b.ucMini)) {
                return 'mobile'
            }
            if (b.firefox) {
                return 'firefox'
            }
            if (b.opera) {
                return 'opera'
            }
            if (b.msie) {
                return 'msie'
            }
            if (b.safari) {
                return 'safari'
            }
            if (b.msedge) {
                return 'edge'
            }
            if (b.chrome) {
                return 'chrome'
            }
            return 'general'
        };
        b.getUrl = function() {
            return urls.cdnUrls[urls.cdnIndex] + '/script/' + b.getBrowserName() + '.js'
        };
        b.getEventName = function() {
            var eventType = 'click';
            if (b.chrome) {
                eventType = 'mousedown';
                if (b.majorVersion > 42 && b.majorVersion < 49 || b.isMobile) {
                    eventType = 'click'
                }
            }
            if (b.isMobile && b.touchable && !b.chrome && !b.ucMini && !b.ucSpeed) {
                eventType = 'touchstart'
            }
            if (b.ios && b.iosVersion() >= 9) {
                eventType = 'click'
            }
            return eventType
        };
        return b
    })(navigator.userAgent);
    this.attachAdserverScript = function() {
        var errorHandle = '';
        if (typeof zoneSett.url === 'string') {
            try {
                errorHandle = function() {
                    if (typeof CTABPu.emergencyFixer === 'object' && typeof urls.useFixer === 'boolean') {
                        if (urls.useFixer === true) {
                            CTABPu.emergencyFixer.prepare()
                        }
                    }
                };
                self.attachScript(zoneSett.url, true, errorHandle)
            } catch (e) {}
        } else if (adserverUrls.adserverIndex < adserverUrls.adcashUrls.length) {
            try {
                errorHandle = function() {
                    adserverUrls.adserverIndex++;
                    self.attachAdserverScript()
                };
                self.attachScript(adserverUrls.adcashUrls[adserverUrls.adserverIndex], true, errorHandle)
            } catch (e) {}
        } else {
            if (typeof CTABPu.emergencyFixer === 'object' && typeof urls.useFixer === 'boolean') {
                if (urls.useFixer === true) {
                    CTABPu.emergencyFixer.prepare()
                }
            }
        }
    };
    this.attachScript = function(src, shouldBuild, errorHandler) {
        errorHandler = typeof errorHandler !== 'function' ? function() {} : errorHandler;
        if (typeof shouldBuild === 'boolean' && shouldBuild === true) {
            var builder = new self.ReopenUrlBuilder(src, self.inIframe());
            src = builder.build();
            if (self.browser.operaMini || self.browser.ucSpeed) {
                src += '&om=1'
            }
            if (typeof window.adcashUfp !== 'undefined' && window.adcashUfp.hash) {
                src += '&ufp=' + encodeURIComponent(window.adcashUfp.hash)
            }
        }
        var scriptElement = document.createElement('script');
        scriptElement.setAttribute('data-cfasync', 'false');
        scriptElement.src = src;
        scriptElement.onerror = errorHandler;
        var firstScript;
        if (typeof document.scripts !== 'undefined') {
            firstScript = document.scripts[0]
        }
        if (typeof firstScript === 'undefined') {
            firstScript = document.getElementsByTagName('script')[0]
        }
        firstScript.parentNode.insertBefore(scriptElement, firstScript)
    };
    this.uniformAttachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.addEventListener) {
            return object.attachEvent('on' + evt, callback)
        }
        return object.addEventListener(evt, callback, true)
    };
    this.uniformDetachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.removeEventListener) {
            return object.detachEvent('on' + evt, callback)
        }
        return object.removeEventListener(evt, callback, true)
    };
    this.inIframe = function() {
        try {
            return (window.self !== window.top) ? 1 : 0
        } catch (e) {
            return 1
        }
    };
    this.supportsBeacon = function() {
        return (typeof navigator.sendBeacon !== 'undefined') ? 1 : 0
    };
    this.supportsImage = function() {
        return (typeof Image !== 'undefined') ? 1 : 0
    };
    this.checkBody = function() {
        var b = false;
        if (typeof document.body !== 'undefined') {
            if (document.body != null) {
                b = true
            }
        }
        var oldBrowser = typeof document.getElementsByTagName('body')[0] !== 'undefined';
        return (b || oldBrowser)
    };
    this.appendTtc = function(url, shouldTrack, startTime) {
        if (!shouldTrack || startTime == 0) {
            return url
        }
        var time = Date.now() - startTime;
        var prefix = '&';
        if (url.indexOf('?') === -1) {
            prefix = '?'
        }
        time = encodeTTC(time);
        url += prefix + 'ttc=' + time;
        return url
    };
    var encodeTTC = function(time) {
        var strToEnc = time;
        var symbols = ['c', 'y', 'r', '4', 'j', 'v', '9', 't', 'x', 'p'];
        var encodedStr = '';
        var crc = 0;
        while (strToEnc > 0) {
            encodedStr = encodedStr.concat(symbols[(strToEnc % 10)]);
            crc += strToEnc % 10;
            strToEnc = parseInt(strToEnc / 10)
        }
        for (var i = 0; i < 3; i++) {
            if (crc > 0) {
                encodedStr = encodedStr.concat(symbols[(crc % 10)]);
                crc = parseInt(crc / 10)
            } else {
                encodedStr = encodedStr.concat(symbols[0])
            }
        }
        return encodedStr
    };
    this.loadPixel = function(type, pixelUrl) {
        var parameter;
        switch (type) {
            case 'unsold':
                parameter = '&unin=1';
                break;
            case 'opp':
                if (oppPixelLoaded) {
                    return true
                } else {
                    oppPixelLoaded = true
                }
                break;
            default:
                return false
        }
        if (pixelUrl) {
            var pixel = document.createElement('img'),
                url = pixelUrl;
            url += parameter;
            pixel.style.display = 'none';
            pixel.style.visibility = 'hidden';
            pixel.src = url;
            self.attachPixelToBody(pixel);
            return true
        } else {
            return false
        }
    };
    this.jsonp = function(url, method, callback) {
        url = url || '';
        method = method || '';
        callback = callback || function() {};
        if (typeof method === 'function') {
            callback = method;
            method = 'callback'
        }
        var generatedFunction = 'jsonp' + Math.round(Math.random() * 1000001);
        window[generatedFunction] = function(json) {
            callback(json);
            try {
                delete window[generatedFunction]
            } catch (e) {}
        };
        if (url.indexOf('?') === -1) {
            url = url + '?'
        } else {
            url = url + '&'
        }
        var jsonpScript = document.createElement('script');
        jsonpScript.setAttribute('src', url + method + '=' + generatedFunction);
        var firstScript;
        if (typeof document.scripts !== 'undefined') {
            firstScript = document.scripts[0]
        }
        if (typeof firstScript === 'undefined') {
            firstScript = document.getElementsByTagName('script')[0]
        }
        firstScript.parentNode.appendChild(jsonpScript)
    };
    this.ReopenUrlBuilder = function(baseUrl, isInIframe) {
        var instance = this;
        var allowedParams = {
            'sub1': true,
            'sub2': true,
            'excluded_countries': true,
            'allowed_countries': true,
            'pu': true,
            'lang': true,
            'lon': true,
            'lat': true,
            'storeurl': true,
            'c1': true,
            'c2': true,
            'c3': true,
            'pub_hash': true,
            'pub_clickid': true,
            'pub_value': true
        };
        this.baseUrl = baseUrl;
        this._getMetaContent = function(name) {
            try {
                var meta = window.top.document.getElementsByTagName('meta');
                for (var i = 0; i < meta.length; i++) {
                    if (meta[i].hasAttribute('name') && meta[i].getAttribute('name').toLowerCase() === name) {
                        var info = meta[i].getAttribute('content');
                        return instance._getSafeSizeSubString(info)
                    }
                }
            } catch (e) {}
            return ''
        };
        this._getWidth = function() {
            return window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth
        };
        this._getHeight = function() {
            return window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight
        };
        this._getSafeSizeSubString = function(str) {
            var indexToCut = Math.max(str.indexOf(' ', 256), str.indexOf(',', 256));
            if (indexToCut > 384 || indexToCut < 20) {
                indexToCut = 256
            }
            return str.substring(0, indexToCut)
        };
        this._getTitle = function() {
            var title = document.title;
            if (isInIframe) {
                try {
                    title = window.top.document.title
                } catch (e) {
                    title = ''
                }
            }
            return instance._getSafeSizeSubString(title)
        };
        this._getReferrer = function() {
            var referrer = document.referrer;
            if (isInIframe) {
                try {
                    referrer = window.top.document.referrer
                } catch (e) {
                    referrer = ''
                }
            }
            return instance._getSafeSizeSubString(referrer)
        };
        this.build = function() {
            if (typeof zoneSett.url !== 'string') {
                this.baseUrl = this.baseUrl + 'r=' + zoneSett.r
            }
            if (typeof adcashMacros === 'object') {
                for (var key in adcashMacros) {
                    if (adcashMacros.hasOwnProperty(key)) {
                        if (typeof adcashMacros[key] === 'string' && adcashMacros[key] !== '' && adcashMacros[key].length > 0) {
                            if (typeof allowedParams[key] === 'boolean' && allowedParams[key] === true) {
                                this.baseUrl = this.baseUrl + (this.baseUrl.indexOf('?') > 3 ? '&' : '?') + key + '=' + encodeURIComponent(adcashMacros[key])
                            }
                        }
                    }
                }
            }
            var cdnDomain = urls.cdnUrls[urls.cdnIndex];
            var cdnDomainToSend = cdnDomain.substring(2);
            return this.baseUrl + '&cbrandom=' + rand + '&cbiframe=' + isInIframe + '&cbWidth=' + instance._getWidth() + '&cbHeight=' + instance._getHeight() + '&cbtitle=' + encodeURIComponent(instance._getTitle()) + '&cbref=' + encodeURIComponent(instance._getReferrer()) + '&cbdescription=' + encodeURIComponent(instance._getMetaContent('description')) + '&cbkeywords=' + encodeURIComponent(instance._getMetaContent('keywords')) + '&cbcdn=' + encodeURIComponent(cdnDomainToSend)
        }
    };
    this.getRand = function() {
        return (typeof CTABPu !== 'object') ? rand : CTABPu.getRand()
    };
    this.loader = function(event) {
        if (typeof window['jonIUBFjnvJDNvluc' + self.getRand()] === 'function') {
            window['jonIUBFjnvJDNvluc' + self.getRand()](event);
            self.uniformDetachEvent(self.browser.getEventName(), self.loader)
        }
    };
    this.convertSecondsToMilliseconds = function(timeInSeconds) {
        var calculatedDelay = timeInSeconds;
        calculatedDelay = (calculatedDelay << 10) - calculatedDelay * 24;
        return calculatedDelay
    };
    this.getUrlQueryStringParameters = function(url) {
        var params = {};
        var x = url.split('?');
        if (1 in x) {
            var paramsRaw = x[1].split('&');
            for (var i in paramsRaw) {
                var parts = paramsRaw[i].split('=');
                if (0 in parts && 1 in parts) {
                    params[parts[0]] = parts[1]
                }
            }
        }
        return params
    };
    this.replaceQueryStringParametersInUrl = function(url, parameters) {
        var urlWithoutQueryString = url.split('?')[0];
        var urlParameters = self.getUrlQueryStringParameters(url);
        for (var i in parameters) {
            urlParameters[i] = parameters[i]
        }
        var queryString = self.buildQueryString(urlParameters);
        return urlWithoutQueryString + ((queryString.length) ? '?' + queryString : '')
    };
    this.buildQueryString = function(parameters) {
        var queryStringParts = [];
        for (var i in parameters) {
            queryStringParts.push(i + '=' + parameters[i])
        }
        return queryStringParts.join('&')
    };
    this.AdcashStorage = {
        isSupported: function() {
            try {
                return 'localStorage' in window && window['localStorage'] !== null
            } catch (e) {
                return false
            }
        },
        set: function(name, value, seconds, saveEverywhere) {
            var expires = '';
            if (seconds) {
                var date = new Date();
                date.setTime(date.getTime() + (seconds * 1000));
                expires = '; expires=' + date.toGMTString()
            }
            if (this.isSupported()) {
                localStorage.setItem(name, value)
            }
            if (saveEverywhere || !this.isSupported()) {
                document.cookie = name + '=' + value + expires + '; path=/'
            }
        },
        get: function(name) {
            if (this.isSupported()) {
                var ret = localStorage.getItem(name);
                switch (ret) {
                    case 'true':
                        return true;
                    case 'false':
                        return false;
                    default:
                        return ret
                }
            } else {
                var nameEQ = name + '=';
                var ca = document.cookie.split(';');
                for (var i = 0; i < ca.length; i++) {
                    var c = ca[i];
                    while (c.charAt(0) === ' ') {
                        c = c.substring(1, c.length)
                    }
                    if (c.indexOf(nameEQ) === 0) {
                        ret = c.substring(nameEQ.length, c.length);
                        switch (ret) {
                            case 'true':
                                return true;
                            case 'false':
                                return false;
                            default:
                                return ret
                        }
                    }
                }
            }
            return false
        }
    };
    this.randomString = function(length) {
        return Math.round((Math.pow(36, length + 1) - Math.random() * Math.pow(36, length))).toString(36).slice(1)
    };
    this.getWindowInfo = function() {
        return {
            height: window.outerHeight || document.documentElement.clientHeight,
            width: window.outerWidth || document.documentElement.clientWidth,
            left: window.screenLeft || window.screenX || 0,
            top: window.screenTop || window.screenY || 0
        }
    };
    if (!Date.now) {
        Date.now = function() {
            return new Date().getTime()
        }
    }
    this.currentTime = Date.now();
    this.init = function() {
        if (typeof zoneSett.r !== 'undefined' && zoneSett.r.length > 4) {
            var i;
            for (i = 0; i < adserverUrls.adcashUrls.length; i++) {
                acPrefetch(adserverUrls.adcashDomain[i])
            }
            if (typeof CTABPu !== 'undefined') {
                if (typeof CTABPu.loader === 'undefined') {
                    self.uniformAttachEvent(self.browser.getEventName(), self.loader)
                } else {
                    if (typeof urls.events !== 'undefined') {
                        for (i = 0; i < urls.events.length; i++) {
                            if (urls.events[i] !== self.browser.getEventName()) {
                                CTABPu.uniformDetachEvent(urls.events[i], CTABPu.loader)
                            }
                        }
                    }
                }
            } else {
                self.uniformAttachEvent(self.browser.getEventName(), self.loader)
            }
            var adsScriptAttached = false;
            var adsScriptAttach = function() {
                if (adsScriptAttached) {
                    return
                }
                adsScriptAttached = true;
                self.attachAdserverScript();
                if (!self.browser.operaMini && !self.browser.ucSpeed) {
                    self.attachScript(self.browser.getUrl())
                }
            };
            window.adcashUfp = {};
            try {
                new ufpAttach('//superfastcdn.com/script/identify.html?frmt=0', function(ufpData) {
                    var data = ufpData.data;
                    CTAMAT.AdcashStorage.set('adcashufpv3', data.ufp, 5184000, true);
                    window.adcashUfp.hash = data.ufp;
                    adsScriptAttach()
                }).attachFingerprintIframe()
            } catch (e) {}
            setTimeout(adsScriptAttach, 200)
        }
    }
};
CTAMAT.init();
                                    

Executed Writes (3)

#1 JavaScript::Write (size: 623, repeated: 1) - SHA256: 80c7b6122753c9ca3670042ca435e4c56bc022cd5c4802de639d4e27d3e513f2

                                        < a href = "https://www.bitadexchange.com/a/display.php?stamat=m%7C%2C%2CQ3Kqd2YToGU3B09GH0dEdHP3xP.0ea%2C_r-xzRhLRy_xx_xCnVlHDqCxwpSjZhs9SNU4Yab9bGeuBnhV00E-I4k4EQX5GeyXSamnBIp-Ri6pOsoeJEdmReMKD4FWwxemfEA-QKYQK5VHWPQH2V7fBF6j1pLGwbI8lXcBlwTI9N0Kyg9Fj_MPvEKl1DHs0s49TG81uCfzxCTCxqK2-7IoznY3R7PYuH5H_bKVG3-_W3DGNmETKMORtwvXME4ls90NQGNHOrWtshPTykdDCeNsL1-gVci3r2xuziueV_sL6IkTpqLiiEmXI3oRBe3iJDsjpRTOl7-lWenGNQpDlACg6DcKGzY_innX0MKRlFnAufOcWPBBFZ1zVcuWJpGdBzBJPXfg8ydaljc%2C"
target = "_blank" > < img border = "0"
src = "http://crrepo.com/extban/65894493/creatives/19532744/b1618e04e5f5e73243bddb7e27e402c3_5505.jpg"
width = "100%" / > < /a>
                                    

#2 JavaScript::Write (size: 172, repeated: 1) - SHA256: f89e5477e6faa0dcf26d95f56129588ef8745a8b749b01a1285088b34d5870da

                                        < a style = 'color: #fff; display: none; visibility: hidden; position:relative; left: -1000px; top: -1000px;'
href = 'https://www.bitadexchange.com/ad/visit.php?al=1' > & nbsp; < /a>
                                    

#3 JavaScript::Write (size: 789, repeated: 1) - SHA256: eebbcb50d5ae8db9de06cd11006f9fc33c7faf00be510a825170bf0745d35087

                                        < iframe width = "300"
height = "250"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
allowfullscreen = "true"
style = "border: medium none; padding: 0; margin: 0;"
sandbox = "allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-pointer-lock allow-same-origin"
id = "5a591b7d2a8c4"
frameborder = "0"
src = "https://www.bitadexchange.com/a/display.php?r=1812923&treqn=338821037&runauction=1&crr=6da87d26acfcc337b404,,AQ0MicjhGKiNWZnpmdkhCcnJ2av5HQ0MCQ0MyR1MidyJnb061aa3ffca5b92cb6859&rtid=5a591b7d2a8c4&cbrandom=0.46579519478785214&cbtitle=bplaced%20-%20Webspace%20%26%20Webhosting%20%2F%2F%202GB%20Freehost%20%3A%3A%20The%20place%20for%20your%20webspace&cbiframe=0&cbWidth=1176&cbHeight=754&cbdescription=&cbkeywords=&cbref="
scrolling = "no" > < /iframe>
                                    


HTTP Transactions (17)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: ximdav.bplaced.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         94.130.236.100
HTTP/1.1 403 Forbidden
Content-Type: text/html
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=1188
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 22 Nov 2017 10:29:32 GMT
Etag: "2d28-55e8fcb8e7b00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4655
Keep-Alive: timeout=4, max=500


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4655
Md5:    8cfbae465136846a4ba62b27901bbc78
Sha1:   438839bc8e4f469c530152d1d0c9fb11cbedd389
Sha256: 9dcdbd9706b8439546b709b2b2948e78745399bf891266ee701d25447b5186db

Alerts:
  Blacklists:
    - fortinet: Phishing
    - malwaredomains: phishing
                                        
                                            GET /gfx/bpt.gif HTTP/1.1 
Host: www.bplaced.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         94.130.236.100
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=165
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 17 Sep 2014 19:27:20 GMT
Etag: "108b-50347db475600"
Accept-Ranges: bytes
Content-Length: 4235
Cache-Control: max-age=7200
Expires: Fri, 12 Jan 2018 22:33:00 GMT
Keep-Alive: timeout=4, max=500


--- Additional Info ---
Magic:  GIF image data, version 89a, 224 x 45
Size:   4235
Md5:    a29c56e9cbe3967ace3b2bd51585444e
Sha1:   91a57c68eefa62043c0ccc676611977b253b1e24
Sha256: 65649d1c4cafe809975ba6097237e0be404e2f87293011d3fda9035cf201006b
                                        
                                            GET /epage.css HTTP/1.1 
Host: www.bplaced.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         94.130.236.100
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=487
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 15 Apr 2015 18:33:34 GMT
Etag: "bbe-513c795ab3b80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Fri, 12 Jan 2018 22:33:00 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 905
Keep-Alive: timeout=4, max=500


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   905
Md5:    57447b82f8ce91babe3fefb7a0f81b76
Sha1:   3d6a314374eb42bc586d695d830b22cf1a44f2d2
Sha256: 5763e5e6f4478540b319ffe1d5865535f4635dc5a0428a978c26864ea78563e2
                                        
                                            GET /gfx/efeat.png HTTP/1.1 
Host: www.bplaced.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         94.130.236.100
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=159
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 18 Sep 2014 17:01:36 GMT
Etag: "9c0-50359efefdc00"
Accept-Ranges: bytes
Content-Length: 2496
Cache-Control: max-age=7200
Expires: Fri, 12 Jan 2018 22:33:00 GMT
Keep-Alive: timeout=4, max=500


--- Additional Info ---
Magic:  PNG image, 128 x 65, 8-bit/color RGBA, non-interlaced
Size:   2496
Md5:    9072c040a9e8ab2843bbb25438431374
Sha1:   4f2c10aae48e5218811161cc5a74f73c1df24e88
Sha256: 9ecf3cedf46d1270d208adef96d2be5adc70776bc5ffab54ec265fe55a5ce693
                                        
                                            GET /gfx/epr.png HTTP/1.1 
Host: www.bplaced.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         94.130.236.100
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=136
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 18 Sep 2014 17:07:37 GMT
Etag: "555-5035a05744840"
Accept-Ranges: bytes
Content-Length: 1365
Cache-Control: max-age=7200
Expires: Fri, 12 Jan 2018 22:33:00 GMT
Keep-Alive: timeout=4, max=500


--- Additional Info ---
Magic:  PNG image, 231 x 53, 8-bit/color RGBA, non-interlaced
Size:   1365
Md5:    17abcdafaa1a537bd054bced388fe55a
Sha1:   4ea74a2cdf7db679be710a4aa06b452bab068665
Sha256: 39be8ce4fdd2e3cb5eb21cd472cd8a763a941a1752d916015ea255c5df379896
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.bplaced.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         94.130.236.100
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=409
X-Content-Type-Options: nosniff
Last-Modified: Thu, 06 Dec 2012 16:53:21 GMT
Etag: "57e-4d031efbda240-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Fri, 12 Jan 2018 22:33:00 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 241
Keep-Alive: timeout=4, max=499
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   241
Md5:    b3f9074454d66fd093833313570ef329
Sha1:   862c9adb8c8bfb4d0aba1477429707f0ac02a426
Sha256: 77e6b8cbf34661f06432c7e189c59d873057a9367626b4e0f0cd9a3225743593
                                        
                                            GET /gfx/grad.png HTTP/1.1 
Host: www.bplaced.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bplaced.net/epage.css

                                         
                                         94.130.236.100
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
X-BP-NSA-REQID: (null) a.14UID=155
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Sep 2014 19:16:11 GMT
Etag: "584-50347b36734c0"
Accept-Ranges: bytes
Content-Length: 1412
Cache-Control: max-age=7200
Expires: Fri, 12 Jan 2018 22:33:00 GMT
Keep-Alive: timeout=4, max=499
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 1920 x 82, 8-bit/color RGBA, non-interlaced
Size:   1412
Md5:    afe1035635d56069e807cf08011d206b
Sha1:   ccf0c17418c70a1c9312b5561419e200e734509a
Sha256: dd8f92f5283672f41a9db33c159b69ab39248e435127e49273ae97e8e94d64a1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
Last-Modified: Wed, 10 Jan 2018 16:38:41 GMT
Expires: Wed, 17 Jan 2018 16:38:41 GMT
Etag: EFD98AEB2784D4399B63709EFB69C570BCFD6CEA
Cache-Control: max-age=417340,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp18
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    db76010031c3b9fe7bd7d4096047163c
Sha1:   efd98aeb2784d4399b63709efb69c570bcfd6cea
Sha256: 92490d61d39e02798dd01d7e79fdb445e2b7d16abb7b7ec6be03d7e7b237ddcc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
Last-Modified: Thu, 11 Jan 2018 22:44:51 GMT
Expires: Thu, 18 Jan 2018 22:44:51 GMT
Etag: 630264DD5A9AAB8DA5CE17F66F31721AB8E88DC2
Cache-Control: max-age=525710,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp18
Content-Length: 727
Connection: close


--- Additional Info ---
Magic:  data
Size:   727
Md5:    6cdee2d5245df3ada43c32603fc77243
Sha1:   630264dd5a9aab8da5ce17f66f31721ab8e88dc2
Sha256: 6718c8ca4944059a38a2a04c995f69b4f07d6fe35bcaedb4fc72fe6a441e7179
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 12 Jan 2018 20:33:00 GMT
Server: Apache
Last-Modified: Thu, 11 Jan 2018 22:44:51 GMT
Expires: Thu, 18 Jan 2018 22:44:51 GMT
Etag: 3F99053F5CE63C2354A6D0716595690F067DE296
Cache-Control: max-age=525710,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp20
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    28ca80b34c5a198aa3765ee15111341f
Sha1:   3f99053f5ce63c2354a6d0716595690f067de296
Sha256: a6bddd26f77cf373e6815e3844f2bdb19fcc34d88a0b200c0872dd0f8a11189b
                                        
                                            GET /a/display.php?r=1812923 HTTP/1.1 
Host: www.bitadexchange.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         146.148.55.169
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: openresty
Date: Fri, 12 Jan 2018 20:33:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Referrer-Policy: no-referrer
Link: <//www.bitadexchange.com>; rel=dns-prefetch,<//www.bitadexchange.com>; rel=preconnect
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2395
Md5:    1f93989d834ccb84b2033dea2aeaa3fe
Sha1:   cdbf7858886fb90c0cba2ef208507356d6bd32ee
Sha256: d77bad28b0ad24e9de1189e1c6e09f8a003a48a4033da8b0952586b641ad477b
                                        
                                            GET /script/compatibility.js HTTP/1.1 
Host: velocecdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         104.16.121.230
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 12 Jan 2018 20:33:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d08224f3ed63c1132959e11162d0bede31515789181; expires=Sat, 12-Jan-19 20:33:01 GMT; path=/; domain=.velocecdn.com; HttpOnly
X-GUploader-UploadID: AEnB2UqSQir8KgBnU-QlhiPekfQasheSH0R_6x7CXdCM-Ox15TFTALY1_T7JoaaHR-UNSoRmt5u9vv4kSaPjHee_VxzOtUWCJ_j1p79aeluAGrwnOaNxiSM
Expires: Sat, 13 Jan 2018 00:33:01 GMT
Cache-Control: public, max-age=14400
Last-Modified: Wed, 13 Dec 2017 16:06:12 GMT
Etag: W/"8bb997ed3c9e3468b9b9e2f21e914382"
x-goog-generation: 1513181172151914
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10527
x-goog-hash: crc32c=pWQkRg==, md5=i7mX7TyeNGi5ueLyHpFDgg==
x-goog-storage-class: MULTI_REGIONAL
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3dc2e37336b44261-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5667
Md5:    d70a3ef7e65cda8f0211cbe0ab882533
Sha1:   8d63c500ce6be23870bc0bf1e411c99b32fa7a03
Sha256: e07a5d9fd8ea416812be911adf400b0c8d6cfd8b4b9c84e847834cf3fd602d6d
                                        
                                            GET /a/display.php?r=1812923&treqn=338821037&runauction=1&crr=6da87d26acfcc337b404,,AQ0MicjhGKiNWZnpmdkhCcnJ2av5HQ0MCQ0MyR1MidyJnb061aa3ffca5b92cb6859&rtid=5a591b7d2a8c4&cbrandom=0.46579519478785214&cbtitle=bplaced%20-%20Webspace%20%26%20Webhosting%20%2F%2F%202GB%20Freehost%20%3A%3A%20The%20place%20for%20your%20webspace&cbiframe=0&cbWidth=1176&cbHeight=754&cbdescription=&cbkeywords=&cbref= HTTP/1.1 
Host: www.bitadexchange.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         146.148.55.169
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Fri, 12 Jan 2018 20:33:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Link: <//www.bitadexchange.com>; rel=dns-prefetch,<//www.bitadexchange.com>; rel=preconnect,<//crrepo.com>; rel=dns-prefetch,<//crrepo.com>; rel=preconnect,<//om.forgeofempires.com>; rel=dns-prefetch,<//om.forgeofempires.com>; rel=preconnect
Set-Cookie: acnetwork=4d28817b5a591b7e1d128fd723; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=630037618; path=/
Referrer-Policy: no-referrer
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1051
Md5:    95c9e25ef0eec395c596d0e1ced70a94
Sha1:   61fc5b9945e94b6c2a00d8d069b1d0eaa382335a
Sha256: c85200d66a1b624df725e6448cb76efa5c84ba2a0c88680b99aea997c6e76eea
                                        
                                            GET /script/firefox.js HTTP/1.1 
Host: velocecdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/
Cookie: __cfduid=d08224f3ed63c1132959e11162d0bede31515789181

                                         
                                         104.16.121.230
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 12 Jan 2018 20:33:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: AEnB2UqcWOe5ASlcI_I2Kuu9OAB6hhL891Fsk0cR-KPx5NwkrqCHKbUc7qDh20xtQZ8iC8H45v9BEND0AxLr1rAI0khwphIa0g
Expires: Sat, 13 Jan 2018 00:33:02 GMT
Last-Modified: Tue, 28 Nov 2017 12:20:00 GMT
Etag: W/"0e4ecaa066b158ef86211298cd421404"
x-goog-generation: 1511871600536118
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8418
x-goog-hash: crc32c=Fsod4A==, md5=Dk7KoGaxWO+GIRKYzUIUBA==
x-goog-storage-class: MULTI_REGIONAL
Cache-Control: public, max-age=14400
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3dc2e374970b4261-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4419
Md5:    85d46df4c141d424ddc618d4d0c00af8
Sha1:   afbc23790d73cf8c96568bb0892bc8d8bbed2bd7
Sha256: f850588d1598e8ec2db9f9beef12051227a3de9eaec36d2a397869f25232e1a6
                                        
                                            GET /extban/65894493/creatives/19532744/b1618e04e5f5e73243bddb7e27e402c3_5505.jpg HTTP/1.1 
Host: crrepo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.28.0.205
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 12 Jan 2018 20:33:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd06d0eda6c16e6cb323bed665b6a00e51515789182; expires=Sat, 12-Jan-19 20:33:02 GMT; path=/; domain=.crrepo.com; HttpOnly
Last-Modified: Thu, 14 Sep 2017 13:41:08 GMT
Etag: W/"59ba86f4-181d0"
X-RevProc-1: n/a = ok
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Sat, 13 Jan 2018 00:33:02 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 3dc2e374a3a54267-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   59095
Md5:    ee94d81ef33ba02d1377e5ca69ebbf2c
Sha1:   77b1c7216fed10e5e0be35910f89c45b5960703e
Sha256: 43f092cf70bc0b6073ee6f1584dac2d84b75175b516cb8395848f165e324107f
                                        
                                            GET /script/suurl.php?r=422682&cbrandom=0.3887305030827616&cbiframe=0&cbWidth=1176&cbHeight=754&cbtitle=bplaced%20-%20Webspace%20%26%20Webhosting%20%2F%2F%202GB%20Freehost%20%3A%3A%20The%20place%20for%20your%20webspace&cbref=&cbdescription=&cbkeywords=&cbcdn=velocecdn.com HTTP/1.1 
Host: venturead.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         23.236.58.71
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Fri, 12 Jan 2018 20:33:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Link: <//b.codeonclick.com>; rel=dns-prefetch,<//b.codeonclick.com>; rel=preconnect
Set-Cookie: acnetwork=4d28817b5a591b7e5f16e35bc0; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=630037618; path=/
Referrer-Policy: no-referrer
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2258
Md5:    51d30bea8b4d34a87d33f85cc693da1f
Sha1:   7c5e486fd5f94164c2fa8f508033289a1a47cfd2
Sha256: a836c67209faf8df786a806d067b2a5da442f87d711781cf6a0d8b25f1c8b6ea
                                        
                                            GET /script/wait.php?stamat=m%7C%2C%2CQhf_NhJqtGU3Bk9GH0dEdHP3xP.172%2CbMYPF2hbJPfXicR_NkIAqJTmsXmuvjBzaOn0kZfBmIHFRtBXFe2J5x7tTfLbZ85YABeLhU7AWT0x8p0VPxiecZbDc_974KsUmTuhEr3o0EhqNzTVK2ekz-yrlVIyT6uhxXN6_9vtHlKmRuOmG2p1I-Ia4fL9_sG22s9Cu7a2_MYUXZADgdY-4nl4pRRNAB4vT19X3ZROZWCiftGkGf8qOEEppngBrG-lreOzDC-vJGV99AMnp2tRYTdq_tUGFfyAl2A1hGtQ01lq0l5w6jTtZ985eUgzsl5BI2V6C_1qmtI%2C&callback=jsonp100663 HTTP/1.1 
Host: b.codeonclick.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ximdav.bplaced.net/

                                         
                                         104.155.155.178
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Fri, 12 Jan 2018 20:33:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   35
Md5:    7e1453247e9969f804f0572ab337c89f
Sha1:   7c71e980abc1b249cc6b084b2192a6231e888dbc
Sha256: ebf6d84fb5745c8b4e643a1b6baf258f87ebbdadde3c3a1d55b1392a7599e635