Overview

URLshit-around.com/sutra/in.cgi?2
IP185.104.9.20
ASNAS14576 Hosting Solution Ltd.
Location Netherlands
Report completed2017-01-11 09:22:05 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-01-112webcamgf.com/ktr/?4bLyMalware
2017-01-112fpctraffic3.com/raw/click_next.cgi?account=fpcwstPhishing
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 6 reports on ASN: AS14576 Hosting Solution Ltd.

Date UQ / IDS / BL URL IP
2017-01-18 02:17:140 - 0 - 2ipornhub.net162.244.34.22
2017-01-18 01:46:420 - 0 - 1witvipokgen.com/204.155.31.136
2017-01-18 00:56:460 - 0 - 1witvipokgen.com/204.155.31.136
2017-01-17 23:13:520 - 0 - 1witvipokgen.com204.155.31.136
2017-01-17 23:09:560 - 0 - 1witvipokgen.com204.155.31.136
2017-01-17 22:28:250 - 0 - 0witvipokgen.com/us/owuy/tmz_megyn_kelly?bhu=3cMP5UoMJWTLnSrvZjz6P4XaVPi5poRwRL2t204.155.31.136

Last 1 reports on domain: shit-around.com

Date UQ / IDS / BL URL IP
2016-12-01 00:54:210 - 1 - 0shit-around.com/sutra/in.cgi?395.211.195.144



JavaScript

Executed Scripts (8)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (25)


Request Response
GET /sutra/in.cgi?2 HTTP/1.1

Host: shit-around.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 185.104.9.20
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
Server: nginx
Date: Wed, 11 Jan 2017 08:21:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: vvmpq=3DwbADIAAgACAAbrdVj__wbrdVhAAAEAAAAG63VYAA--; expires=Thu, 11-Jan-2018 08:21:26 GMT; path=/; domain=shit-around.com
Location: http://shit-around.com/sutra/in.cgi?3
GET /sutra/in.cgi?3 HTTP/1.1

Host: shit-around.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: vvmpq=3DwbADIAAgACAAbrdVj__wbrdVhAAAEAAAAG63VYAA--
 185.104.9.20
HTTP/1.1 200 OK
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: vvmpq=tT8rADIAAgACAAbrdVj__wbrdVhAAAEAAAAG63VYMwACAAQABut1WP__But1WAA-; expires=Thu, 11-Jan-2018 08:21:26 GMT; path=/; domain=shit-around.com
Vary: Accept-Encoding
Content-Encoding: gzip
GET /favicon.ico HTTP/1.1

Host: shit-around.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: vvmpq=tT8rADIAAgACAAbrdVj__wbrdVhAAAEAAAAG63VYMwACAAQABut1WP__But1WAA-
 185.104.9.20
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Server: nginx
Date: Wed, 11 Jan 2017 08:21:27 GMT
Content-Length: 0
Connection: keep-alive
GET / HTTP/1.1

Host: teenxxxporn.club

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://shit-around.com/sutra/in.cgi?3
 185.104.9.20
HTTP/1.1 200 OK
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: from=shit-around.com; expires=Thu, 12-Jan-2017 08:21:27 GMT; Max-Age=86400; path=/ lfrom=shit-around.com; expires=Thu, 12-Jan-2017 08:21:27 GMT; Max-Age=86400; path=/ idcheck=1484122887; expires=Thu, 12-Jan-2017 08:21:27 GMT; Max-Age=86400; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
GET /favicon.ico HTTP/1.1

Host: teenxxxporn.club

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: from=shit-around.com; lfrom=shit-around.com; idcheck=1484122887
 185.104.9.20
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
Server: nginx
Date: Wed, 11 Jan 2017 08:21:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /tcms/cgi/out.php?scheme_id=1 HTTP/1.1

Host: teenxxxporn.club

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenxxxporn.club/
Cookie: from=shit-around.com; lfrom=shit-around.com; idcheck=1484122887
 185.104.9.20
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:27 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: stds_2=1; expires=Thu, 12-Jan-2017 08:21:27 GMT; Max-Age=86400; path=/
Location: http://popcash.net/world/go/27476/259846/
GET /world/go/27476/259846/ HTTP/1.1

Host: popcash.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenxxxporn.club/
 54.89.40.86
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Date: Wed, 11 Jan 2017 08:21:27 GMT
Location: http://popcash.net/world/go/27476/259846
Server: nginx/1.11.3
Content-Length: 51
Connection: keep-alive
GET /world/go/27476/259846 HTTP/1.1

Host: popcash.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenxxxporn.club/
 54.89.40.86
HTTP/1.1 200 OK
Content-Type: text/html
Date: Wed, 11 Jan 2017 08:21:27 GMT
Server: nginx/1.11.3
Content-Length: 223
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: popcash.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 54.89.40.86
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Encoding: gzip
Date: Wed, 11 Jan 2017 08:21:27 GMT
Etag: W/"57ebf42f-e98"
Server: nginx/1.11.3
Vary: Accept-Encoding
Content-Length: 1134
Connection: keep-alive
GET /world/sgo/27476/259846/bc2c87a076ca3be4/aHR0cCUzQSUyRiUyRnRlZW54eHhwb3JuLmNsdWIlMkY= HTTP/1.1

Host: popcash.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://popcash.net/world/go/27476/259846
 54.89.40.86
HTTP/1.1 303 See Other
Content-Type: text/html; charset=utf-8
Date: Wed, 11 Jan 2017 08:21:27 GMT
Location: http://finderbird.com/w/w4/
Server: nginx/1.11.3
Content-Length: 54
Connection: keep-alive
GET /w/w4/ HTTP/1.1

Host: finderbird.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://popcash.net/world/go/27476/259846
 109.206.190.49
HTTP/1.1 200 OK
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /ktr/?4bLy HTTP/1.1

Host: webcamgf.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://finderbird.com/w/w4/
 109.206.190.49
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Server: nginx
Date: Wed, 11 Jan 2017 08:21:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.26
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Wed, 11 Jan 2017 08:21:28 GMT
Cache-Control: max-age=0
Pragma: no-cache
Location: http://gfsale.com/fpcw/
GET /favicon.ico HTTP/1.1

Host: finderbird.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 109.206.190.49
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /fpcw/ HTTP/1.1

Host: gfsale.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://finderbird.com/w/w4/
 109.206.190.49
HTTP/1.1 200 OK
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: gfsale.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 109.206.190.49
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /fpcw/fpcw.php HTTP/1.1

Host: gfsale.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://gfsale.com/fpcw/
 109.206.190.49
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Server: nginx
Date: Wed, 11 Jan 2017 08:21:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.26
Location: http://fpcTraffic3.com/raw/click.cgi?account=fpcwst&track=R&backurl=http://webcamgf.com/ktr/?4b2MF
GET /raw/click.cgi?account=fpcwst&track=R&backurl=http://webcamgf.com/ktr/?4b2MF HTTP/1.1

Host: fpctraffic3.com
GET /raw/click.cgi?account=fpcwst&track=R&backurl=http://webcamgf.com/ktr/?4b2MF HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://gfsale.com/fpcw/
 66.154.1.247
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 11 Jan 2017 08:21:29 GMT
Server: Apache/2.2.16 (Debian)
Set-Cookie: num1=25446; expires=time()+5; path=/; account=fpcwst; expires=time()+5; path=/; track=R; expires=time()+5; path=/; ref=http://gfsale.com/fpcw/; expires=time()+5; path=/; niche=none; expires=time()+5; path=/; backurl=http://webcamgf.com/ktr/?4b2MF; expires=time()+5; path=/;
Location: http://fpctraffic3.com/raw/click_next.cgi?account=fpcwst
Content-Length: 321
Keep-Alive: timeout=1
Connection: Keep-Alive
GET /raw/click_next.cgi?account=fpcwst HTTP/1.1

Host: fpctraffic3.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://gfsale.com/fpcw/
Cookie: num1=25446; account=fpcwst; track=R; ref=http://gfsale.com/fpcw/; niche=none; backurl=http://webcamgf.com/ktr/?4b2MF
 66.154.1.247
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 11 Jan 2017 08:21:29 GMT
Server: Apache/2.2.16 (Debian)
Set-Cookie: times=1; rburry3_20160531_48314B=sent; path=/; expires=Fri Feb 10 08:21:29 2017 GMT
Location: http://c4tracking01.com/aff/ep.php?act=200108:FPC_NO_RON_CPM_Red&t=c&site=90&skin=c4&prog=2&c=female&l=no
Content-Length: 394
Keep-Alive: timeout=1
Connection: Keep-Alive
GET /aff/ep.php?act=200108:FPC_NO_RON_CPM_Red&t=c&site=90&skin=c4&prog=2&c=female&l=no HTTP/1.1

Host: c4tracking01.com
GET /aff/ep.php?act=200108:FPC_NO_RON_CPM_Red&t=c&site=90&skin=c4&prog=2&c=female&l=no HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://gfsale.com/fpcw/
 99.192.250.46
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Server: nginx
Date: Wed, 11 Jan 2017 08:21:29 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.6.24
Location: http://no.cam4.com/female?act=200108~FPC_NO_RON_CPM_Red&utm_source=200108&utm_medium=FPC_NO_RON_CPM_Red&utm_content=cam4bucks&utm_campaign=cam4&utm_term=http%3A%2F%2Fgfsale.com%2Ffpcw%2F
GET /favicon.ico HTTP/1.1

Host: finderbird.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 109.206.190.49
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: gfsale.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 109.206.190.49
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: nginx
Date: Wed, 11 Jan 2017 08:21:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: teenxxxporn.club

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: from=shit-around.com; lfrom=shit-around.com; idcheck=1484122887; stds_2=1
 185.104.9.20
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
Server: nginx
Date: Wed, 11 Jan 2017 08:21:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: shit-around.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: vvmpq=tT8rADIAAgACAAbrdVj__wbrdVhAAAEAAAAG63VYMwACAAQABut1WP__But1WAA-
 185.104.9.20
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Server: nginx
Date: Wed, 11 Jan 2017 08:21:30 GMT
Content-Length: 0
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: popcash.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 54.89.40.86
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Encoding: gzip
Date: Wed, 11 Jan 2017 08:21:30 GMT
Etag: W/"57ebf4c3-e98"
Server: nginx/1.11.3
Vary: Accept-Encoding
Content-Length: 1134
Connection: keep-alive
GET /female?act=200108~FPC_NO_RON_CPM_Red&utm_source=200108&utm_medium=FPC_NO_RON_CPM_Red&utm_content=cam4bucks&utm_campaign=cam4&utm_term=http%3A%2F%2Fgfsale.com%2Ffpcw%2F HTTP/1.1

Host: no.cam4.com
GET /female?act=200108~FPC_NO_RON_CPM_Red&utm_source=200108&utm_medium=FPC_NO_RON_CPM_Red&utm_content=cam4bucks&utm_campaign=cam4&utm_term=http%3A%2F%2Fgfsale.com%2Ffpcw%2F HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://gfsale.com/fpcw/