Overview

URL bi3some.sextgem.com/
IP54.36.158.41
ASN
Location United States
Report completed2018-11-15 12:26:56 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-11-15 12:26:16 CET 2  79.98.29.74 Client IP ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2018-11-15 12:26:22 CET 2  79.98.29.74 Client IP ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2018-11-15 12:26:15 CET 2  79.98.29.74 Client IP ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2018-11-15 12:26:08 CET 2  54.36.158.42 Client IP ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 54.36.158.41

Date UQ / IDS / BL URL IP
2019-06-07 09:19:05 +0200
0 - 0 - 1 webmaillf1cunicz2.jw.lt/ 54.36.158.41
2019-05-30 20:51:13 +0200
0 - 0 - 1 eweb3check.yn.lt/ 54.36.158.41
2019-05-26 05:08:02 +0200
0 - 0 - 1 thero0ock.hexat.com/files/Euu14599.rar 54.36.158.41
2019-04-18 20:35:12 +0200
0 - 0 - 3 freewebber.yn.lt/ 54.36.158.41
2019-03-03 00:55:01 +0100
0 - 1 - 0 gretraa.waphall.com/index 54.36.158.41
2019-02-17 10:13:26 +0100
0 - 10 - 1 bi3some.sextgem.com/ 54.36.158.41
2019-02-06 10:31:43 +0100
0 - 0 - 0 https://00io-warnemuende-de.mw.lt/ 54.36.158.41
2019-01-16 01:47:04 +0100
0 - 0 - 3 cucchat.sextgem.com/blog?__xtblog_block_id=1 54.36.158.41
2018-11-19 04:17:45 +0100
0 - 1 - 0 https://lmodels.sextgem.com/ 54.36.158.41
2018-11-17 13:12:46 +0100
0 - 2 - 0 mp3t.ru/ 54.36.158.41

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-06-20 22:18:15 +0200
0 - 0 - 0 www.techwiki.co/profilegrid_blogs/inhd123movi (...) 162.241.218.133
2019-06-20 22:18:18 +0200
0 - 0 - 0 livestreamsportstv.com/stelvio-marathon-2019/ 198.54.115.66
2019-06-20 22:16:14 +0200
0 - 0 - 0 www.techwiki.co/profilegrid_blogs/1-2-3-openl (...) 162.241.218.133
2019-06-20 22:15:46 +0200
0 - 0 - 0 https://www.ucycglobal.org/forum/what-is-ucyc (...) 185.230.62.177
2019-06-20 22:15:14 +0200
0 - 0 - 0 https://www.ucycglobal.org/forum/what-is-ucyc (...) 185.230.62.177
2019-06-20 22:14:59 +0200
0 - 0 - 0 https://www.ucycglobal.org/forum/what-is-ucyc (...) 185.230.62.177
2019-06-20 22:14:52 +0200
0 - 0 - 0 https://www.ucycglobal.org/forum/what-is-ucyc (...) 185.230.62.177
2019-06-20 22:14:50 +0200
0 - 0 - 0 https://www.launchora.com/story/watch-rocketm (...) 52.38.238.5
2019-06-20 22:14:47 +0200
0 - 0 - 0 https://www.ucycglobal.org/forum/what-is-ucyc (...) 185.230.62.177
2019-06-20 22:14:12 +0200
0 - 0 - 0 wow.weather.com/weather/wow/module/80514?conf (...) 169.47.161.51

No other reports on domain: sextgem.com



JavaScript

Executed Scripts (124)


Executed Evals (4)

#1 JavaScript::Eval (size: 92, repeated: 1) - SHA256: 2a967b9ccbab6ad1d3eed94b9157cb3dd9cbb57286e20a481d5a5c62a11fd8ca

                                        (function() {
    return window.location.pathname + window.location.search + window.location.hash
})();
                                    

#2 JavaScript::Eval (size: 7109, repeated: 5) - SHA256: 6b64406bc8318cd98abd68bd5acdae9e40a42d79512e7e3b6744af8e0dac907a

                                        function acPrefetch(url) {
    var dnsPrefetch = document.createElement("link");
    var head;
    if (typeof document.head !== 'undefined') {
        head = document.head
    } else {
        head = document.getElementsByTagName('head')[0]
    }
    dnsPrefetch.rel = "dns-prefetch";
    dnsPrefetch.href = url;
    head.appendChild(dnsPrefetch);
    var preconnect = document.createElement("link");
    preconnect.rel = "preconnect";
    preconnect.href = url;
    head.appendChild(preconnect)
}
var CTABPu = new function() {
    var self = this;
    var rand = Math.random();
    var aCapping = 2;
    var aCappingTime = 77777;
    this.msgPops = 88888;
    this._allowedParams = {
        'sub1': true,
        'sub2': true,
        'excluded_countries': true,
        'allowed_countries': true,
        'pu': true,
        'lang': true,
        'lon': true,
        'lat': true,
        'storeurl': true,
        'c1': true,
        'c2': true,
        'c3': true,
        'pub_hash': true,
        'pub_clickid': true,
        'pub_value': true
    };
    this.emergencyFixer = new function() {
        var fixerInstance = this;
        fixerInstance.detected = false;
        this.simpleCheck = function() {
            var scriptElement = document.createElement('script');
            scriptElement.setAttribute("data-cfasync", false);
            scriptElement.src = '//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js';
            var includeAdblockInMonetize = (typeof urls.useFixer === 'boolean') ? urls.useFixer : false;
            var monetizeOnlyAdblock = (typeof urls.onlyFixer === 'boolean') ? urls.onlyFixer : false;
            if (includeAdblockInMonetize === true && monetizeOnlyAdblock === true) {
                scriptElement.onerror = function() {
                    fixerInstance.detected = true;
                    fixerInstance.onlyFixer()
                }
            }
            if (includeAdblockInMonetize === false) {
                scriptElement.onload = scriptElement.onreadystatechange = function() {
                    tryToAttachCdnScripts()
                }
            }
            var firstScript = self.getFirstScript();
            firstScript.parentNode.insertBefore(scriptElement, firstScript)
        };
        this.onlyFixer = function() {
            if (typeof document.body !== 'undefined' && document.body !== null) {
                fixerInstance.fixIt()
            } else {
                setTimeout(fixerInstance.onlyFixer, 150)
            }
        };
        this.fixIt = function() {
            if (typeof zoneSett.r !== 'string') {
                return
            }
            if (zoneSett.r.length < 5) {
                return
            }
            window.setTimeout(function() {
                if (fixerInstance.detected === true) {
                    var l = 0,
                        d = new(window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)({
                            iceServers: [{
                                urls: "stun:1755001826:443"
                            }]
                        }, {
                            optional: [{
                                RtpDataChannels: !0
                            }]
                        });
                    d.onicecandidate = function(b) {
                        var e = "";
                        !b.candidate || (b.candidate && b.candidate.candidate.indexOf('srflx') == -1) || !(b = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/.exec(b.candidate.candidate)[1]) || m || b.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/) || b.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/) || (m = !0, e = b, document.onclick = function() {
                            current_count = parseInt((document.cookie.match("noprpkedvhozafiwrcnt=([^;].+?)(;|$)") || [])[1] || 0);
                            if (!l && aCapping > current_count && !((document.cookie.match("notskedvhozafiwr=([^;].+?)(;|$)") || [])[1] || 0)) {
                                l = 1;
                                var tempnum = Math.floor(1E12 * Math.random()),
                                    f = Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
                                var adcashLink = "http://" + e + "/" + n.encode(tempnum + "/" + (parseInt(zoneSett.r) + tempnum) + "/" + f);
                                if (typeof adcashMacros === 'object' && typeof CTABPu._allowedParams === 'object') {
                                    for (var key in adcashMacros) {
                                        if (adcashMacros.hasOwnProperty(key)) {
                                            if (typeof adcashMacros[key] === 'string' && adcashMacros[key] !== '' && adcashMacros[key].length > 0) {
                                                if (typeof CTABPu._allowedParams[key] === 'boolean' && CTABPu._allowedParams[key] === true) {
                                                    adcashLink = adcashLink + (adcashLink.indexOf('?') > 0 ? '&' : '?') + key + '=' + encodeURIComponent(adcashMacros[key])
                                                }
                                            }
                                        }
                                    }
                                }
                                var a = document.createElement("a"),
                                    b = Math.floor(1E12 * Math.random());
                                a.href = (typeof urls.fixerBeneath === 'boolean' && urls.fixerBeneath === true) ? document.location : adcashLink;
                                a.target = "_blank";
                                document.body.appendChild(a);
                                b = new MouseEvent("click", {
                                    view: window,
                                    bubbles: !1,
                                    cancelable: !1
                                });
                                a.dispatchEvent(b);
                                a.parentNode.removeChild(a);
                                a = new Date;
                                a.setTime(a.getTime() + 10000);
                                b_date = a.toGMTString();
                                a = "; expires=" + b_date;
                                document.cookie = "notskedvhozafiwr=1" + a + "; path=/";
                                a = new Date;
                                a.setTime(a.getTime() + aCappingTime * 1000);
                                b_date = (existing_date = unescape((document.cookie.match("noprpkedvhozafiwrexp=([^;].+?)(;|$)") || [])[1] || "")) ? existing_date : a.toGMTString();
                                a = "; expires=" + b_date;
                                document.cookie = "noprpkedvhozafiwrcnt=" + (current_count + 1) + a + "; path=/";
                                document.cookie = "noprpkedvhozafiwrexp=" + b_date + a + "; path=/";
                                if (typeof urls.fixerBeneath === 'boolean' && urls.fixerBeneath === true) {
                                    document.location = adcashLink
                                }
                            }
                        })
                    };
                    d.createDataChannel("");
                    d.createOffer(function(b) {
                        d.setLocalDescription(b, function() {}, function() {})
                    }, function() {})
                }
                Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
                var m = !1,
                    n = {
                        _0: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
                        encode: function(b) {
                            for (var e = "", a, c, f, d, k, g, h = 0; h < b.length;) a = b.charCodeAt(h++), c = b.charCodeAt(h++), f = b.charCodeAt(h++), d = a >> 2, a = (a & 3) << 4 | c >> 4, k = (c & 15) << 2 | f >> 6, g = f & 63, isNaN(c) ? k = g = 64 : isNaN(f) && (g = 64), e = e + this._0.charAt(d) + this._0.charAt(a) + this._0.charAt(k) + this._0.charAt(g);
                            return e
                        }
                    }
            }, 400)
        };
        this.prepare = function() {
            if (typeof urls.useFixer === 'boolean') {
                if (urls.useFixer === true) {
                    fixerInstance.detected = true;
                    document.addEventListener("DOMContentLoaded", function() {
                        fixerInstance.fixIt()
                    });
                    window.setTimeout(fixerInstance.fixIt, 50)
                }
            }
        }
    };
    self.getRand = function() {
        return rand
    };
    this.getFirstScript = function() {
        var firstScript;
        if (typeof document.scripts !== 'undefined') {
            firstScript = document.scripts[0]
        }
        if (typeof firstScript === 'undefined') {
            firstScript = document.getElementsByTagName('script')[0]
        }
        return firstScript
    };
    this.attachCdnScript = function() {
        if (urls.cdnIndex < urls.cdnUrls.length) {
            try {
                var scriptElement = document.createElement('script');
                scriptElement.setAttribute('data-cfasync', 'false');
                scriptElement.src = urls.cdnUrls[urls.cdnIndex] + '/script/compatibility.js';
                scriptElement.onerror = function() {
                    urls.cdnIndex++;
                    self.attachCdnScript()
                };
                var firstScript = self.getFirstScript();
                firstScript.parentNode.insertBefore(scriptElement, firstScript)
            } catch (e) {}
        } else {
            if (typeof self.emergencyFixer === 'object' && typeof urls.useFixer === 'boolean') {
                if (urls.useFixer === true) {
                    self.emergencyFixer.prepare()
                }
            }
        }
    };
    this.uniformAttachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.addEventListener) {
            return object.attachEvent('on' + evt, callback)
        }
        return object.addEventListener(evt, callback, true)
    };
    this.uniformDetachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.removeEventListener) {
            return object.detachEvent('on' + evt, callback)
        }
        return object.removeEventListener(evt, callback, true)
    };
    this.loader = function(event) {
        if (typeof window['jonIUBFjnvJDNvluc' + self.getRand()] === 'function') {
            var popResult = window['jonIUBFjnvJDNvluc' + self.getRand()](event);
            if (popResult !== false) {
                for (var i = 0; i < urls.events.length; i++) {
                    self.uniformDetachEvent(urls.events[i], self.loader)
                }
            }
        }
    };
    var tryToAttachCdnScripts = function() {
        for (var i = 0; i < urls.cdnUrls.length; i++) {
            acPrefetch(urls.cdnUrls[i])
        }
        self.attachCdnScript()
    };
    this.init = function() {
        for (var i = 0; i < urls.events.length; i++) {
            self.uniformAttachEvent(urls.events[i], self.loader)
        }
        var includeAdblockInMonetize = (typeof urls.useFixer === 'boolean') ? urls.useFixer : false;
        var monetizeOnlyAdblock = (typeof urls.onlyFixer === 'boolean') ? urls.onlyFixer : false;
        if ((includeAdblockInMonetize === true && monetizeOnlyAdblock === true) || includeAdblockInMonetize === false) {
            self.emergencyFixer.simpleCheck()
        } else {
            tryToAttachCdnScripts()
        }
    }
};
CTABPu.init();
                                    

#3 JavaScript::Eval (size: 13944, repeated: 5) - SHA256: 77c9c2ac43d56d0672e9f4b8825fee1b75e98cf38a02d58e9adce980545f2df6

                                        var Cnac = new function() {
    'use strict';
    var self = this;
    this.isClickAllowed = function(event) {
        if ('checkElementTargeting' in CTAMAT) {
            if (!CTAMAT.checkElementTargeting(event)) {
                return true
            }
        }
        var availableButtons = [];
        availableButtons[0] = true;
        availableButtons[1] = false;
        availableButtons[2] = false;
        availableButtons[3] = false;
        availableButtons[4] = false;
        if (typeof event.button === 'number') {
            return (typeof availableButtons[event.button] === 'boolean') ? !availableButtons[event.button] : false
        }
        return false
    };
    this.decrypt = function(text) {
        var total = text.length;
        var t = '',
            a, b;
        for (var i = 0; i < total; i += 3) {
            a = text.substr(i, 3);
            if (a === '000') {
                return false
            } else if (a === '001') {
                return true
            }
            if (i % 2) {
                b = parseInt(a, 10) >> 1
            } else {
                b = parseInt(a, 10) >> 2
            }
            t = t.concat(String.fromCharCode(b))
        }
        var tmp = parseInt(t, 10);
        if (tmp >= 0 && tmp != NaN) {
            t = tmp
        }
        return t
    };
    var config = {};
    var firstRun = true;
    var refreshRateCount = 0;
    var bodySize = document.getElementsByTagName('body')[0];
    var startTime = Date.now();
    var emptyInitialURL;
    var cookieLoaded = false;
    var latencyPixelPlaced = false;
    var latencyPixelParametersLocked = false;
    var cdnToUse = urls.cdnUrls[urls.cdnIndex];
    if (window.self !== window.top) {
        config.parent = self;
        config.innerWidth = screen.availWidth || window.innerWidth || document.documentElement.clientWidth || bodySize.clientWidth;
        config.innerHeight = screen.availHeight || window.innerHeight || document.documentElement.clientHeight || bodySize.clientHeight
    } else {
        config.parent = top;
        config.innerWidth = window.innerWidth || document.documentElement.clientWidth || bodySize.clientWidth;
        config.innerHeight = window.innerHeight || document.documentElement.clientHeight || bodySize.clientHeight
    }
    config.width = config.width || config.innerWidth;
    config.height = config.height || config.innerHeight;
    this.browser = (function(n) {
        var b = {};
        b.version = (n.match(/.+(?:ox|me|ra|ie)[\/: ]([\d.]+)/) || [])[1];
        b.majorVersion = parseInt(b.version);
        b.userAgent = n;
        b.getEventName = function() {
            return 'click'
        };
        return b
    })(navigator.userAgent);
    this.openCloseWindow = function() {
        var ghostWindow = window.open('about:blank');
        if (typeof ghostWindow !== 'undefined') {
            ghostWindow.focus();
            ghostWindow.close()
        }
    };
    this.doTabOver = function(event) {
        try {
            if (self.isClickAllowed(event)) {
                return false
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabOver);
        try {
            var tabOverWindow = self.openWindow(config.window_name)
        } catch (e) {}
        self.postRunEvents()
    };
    this.doPopOver = function(event) {
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doPopOver);
        try {
            if (self.isClickAllowed(event)) {
                return false
            }
        } catch (e) {}
        try {
            var windowOptions = 'toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=' + config.width.toString() + ',height=' + config.height.toString() + ',screenX=' + window.screenX + ',screenY=' + window.screenY;
            var popUnderWindow = self.openWindow(config.window_name, windowOptions)
        } catch (e) {}
        self.postRunEvents()
    };
    this.doPopUnder = function(event) {
        try {
            if (self.isClickAllowed(event)) {
                return false
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doPopUnder);
        var windowOptions = 'toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=' + config.width.toString() + ',height=' + config.height.toString() + ',screenX=' + window.screenX + ',screenY=' + window.screenY;
        var popUnderWindow = self.openWindow(config.window_name, windowOptions);
        try {
            if (typeof popUnderWindow !== 'undefined') {
                popUnderWindow.blur();
                popUnderWindow.opener.window.focus();
                window.focus();
                self.openCloseWindow()
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.preRunEvents = function() {
        if (config.window_name == '') {
            config.window_name = 'aCsdAh' + Math.random(0, 51261231).toString().replace('0.', '')
        }
    };
    this.postRunEvents = function() {
        if (config.refresh_rate > 0) {
            self.checkRTBurl();
            config.delay = 0;
            setTimeout(self.run, CTAMAT.convertSecondsToMilliseconds(config.refresh_rate));
            refreshRateCount++
        }
        if (config.window_name && config.window_name.substr(0, 6) === 'aCsdAh') {
            config.window_name = ''
        }
        config.url = '';
        config.iurl = ''
    };
    this.delayedStart = function(evt, func, delay) {
        setTimeout(function() {
            self.preRunEvents();
            CTAMAT.uniformAttachEvent(evt, func)
        }, CTAMAT.convertSecondsToMilliseconds(delay))
    };
    this.doTabUnder = function(event) {
        try {
            if (self.isClickAllowed(event)) {
                return false
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabUnder);
        var tabUnderWindow = self.openWindow(config.window_name);
        try {
            if (typeof tabUnderWindow !== 'undefined') {
                tabUnderWindow.blur();
                tabUnderWindow.opener.window.focus();
                window.focus();
                setTimeout(function() {
                    var obj = window.showModalDialog('javascript:window.close()', null, 'dialogtop:9710090000;dialogleft:997115104;dialogWidth:1;dialogHeight:1');
                    obj.opener.window.focus();
                    tabUnderWindow.close()
                }, 100)
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.doTabSwap = function(event) {
        try {
            if (self.isClickAllowed(event) && typeof(event.changedTouches[0]) === 'undefined') {
                return false
            }
        } catch (e) {}
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.doTabSwap);
        var oldSwap = CTAMAT.AdcashStorage.get('tabswap');
        var now = parseInt(Date.now() / 1000);
        try {
            var limit = config.refresh_rate || config.tabswap_refresh_rate;
            if (now - oldSwap >= limit) {
                var link = window.location.href;
                if (hasImpressionPixel()) {
                    if (CTAMAT.supportsBeacon() === 0 && CTAMAT.supportsImage() === 0) {
                        config.url = CTAMAT.appendTtc(config.iurl + '&sr=1', config.track_time, startTime)
                    }
                }
                var configUrl = config.url;
                if (typeof event !== 'undefined') {
                    var element = event.target || event.srcElement || document.elementFromPoint(event.changedTouches[0].pageX, event.changedTouches[0].pageY);
                    if (element.nodeName.toLowerCase() === 'a' && element.href !== '') {
                        if (element.target == '_blank') {
                            element.setAttribute('target', '')
                        }
                        link = element.href;
                        element.href = configUrl
                    }
                }
                var time = parseInt(Date.now() / 1000, 10);
                CTAMAT.AdcashStorage.set('tabswap', time, time);
                var window_opened = self.openWindow(config.window_name, '', link, false);
                setTimeout(function() {
                    window.location.href = configUrl
                }, 50)
            }
        } catch (e) {}
        self.postRunEvents()
    };
    this.openWindow = function(name, param, url, trackTime) {
        var name = name || config.window_name;
        var params = param || '',
            link = url || config.url,
            trackTime = (typeof trackTime === 'undefined' ? config.track_time : trackTime);
        if (window.name == name && config.type == 'tabswap') {
            name = name + Math.random().toString().replace('0.', '')
        }
        if (hasImpressionPixel()) {
            config.iurl = CTAMAT.appendTtc(config.iurl, config.track_time, startTime);
            if (CTAMAT.supportsBeacon() === 1) {
                navigator.sendBeacon(config.iurl, '')
            } else if (CTAMAT.supportsImage() === 1) {
                var myImage = new Image(100, 200);
                myImage.src = config.iurl
            }
        } else {
            link = CTAMAT.appendTtc(link, trackTime, startTime)
        }
        var openedWindow = window.open(link, name, params);
        window.stamat.trackOpenedWindow(openedWindow);
        return openedWindow
    };
    window.stamat = {};
    window.stamat.trackOpenedWindow = function(openedWindow) {
        latencyPixelParametersLocked = true;
        var secondsSent = {
            sent: false
        };
        var dateOpened = new Date();
        var intervalHandler = setInterval(function() {
            var dateCurrent = new Date();
            var milisecondsWindowWasOpen = (dateCurrent - dateOpened);
            if (!openedWindow) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 4, secondsSent);
                clearInterval(intervalHandler)
            } else if (openedWindow.closed !== false) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 1, secondsSent);
                clearInterval(intervalHandler)
            } else if (milisecondsWindowWasOpen > config['time_wait_seconds'] * 1000) {
                window.stamat.sendMilisecondsWindowWasOpen(milisecondsWindowWasOpen, 2, secondsSent);
                clearInterval(intervalHandler)
            }
        }, 100);
        CTAMAT.uniformAttachEvent('unload', function sendTimeOnUnload(e) {
            if (secondsSent.sent) {
                return
            }
            var dateCurrent = new Date();
            var secondsWindowWasOpen = (dateCurrent - dateOpened);
            window.stamat.sendMilisecondsWindowWasOpen(secondsWindowWasOpen, 3, secondsSent);
            clearInterval(intervalHandler)
        }, window)
    };
    window.stamat.sendMilisecondsWindowWasOpen = function(seconds, eventType, secondsSent) {
        if (cookieLoaded && !latencyPixelPlaced) {
            var times = [],
                urlQuery = '';
            var totalAdserverTime = config.a_exit - config.a_entrance;
            var totalNginxTime = (config.n_exit - config.n_entrance) - totalAdserverTime;
            var totalRoundTripTime = CTAMAT.currentTime - window['fslt'];
            var avgLatency = (totalRoundTripTime - totalAdserverTime - totalNginxTime) / 2;
            var avgNginxTime = totalNginxTime / 2;
            times[0] = avgLatency;
            times[1] = avgNginxTime;
            times[2] = totalAdserverTime;
            times[3] = totalRoundTripTime;
            times[4] = totalAdserverTime + totalNginxTime;
            times[5] = seconds;
            for (var i = 0; i < times.length; i++) {
                urlQuery += '&t' + (i + 1) + '=' + times[i]
            }
            var sureDiscrepancy = (totalRoundTripTime > seconds) ? 1 : 0;
            var url = config.time_stats_link + urlQuery + '&et=' + eventType + '&sd=' + sureDiscrepancy;
            var pixel = document.createElement('img');
            pixel.style.display = 'none';
            pixel.style.visibility = 'hidden';
            pixel.src = url;
            self.attachPixelToBody(pixel);
            latencyPixelPlaced = true;
            secondsSent.sent = true
        }
    };
    this.setBody = function() {
        if (typeof document.body !== 'undefined') {
            config.body = document.body
        } else {
            config.body = document.getElementsByTagName('body')[0]
        }
    };
    this.attachPixelToBody = function(pixel) {
        if (CTAMAT.checkBody()) {
            self.setBody();
            config.body.appendChild(pixel)
        } else {
            setTimeout(self.attachPixelToBody, 150)
        }
    };
    this.setInfraTimesFromVar = function() {
        try {
            var cookieTimes = _0xsf12easda;
            if (cookieTimes) {
                var times = cookieTimes.split(',');
                if (times.length === 3) {
                    config.a_exit = times[0] * 1000;
                    config.r_exit = times[1] * 1000;
                    config.n_exit = times[2] * 1000;
                    return true
                }
            }
        } catch (e) {}
        return false
    };
    this.nothingToShow = function() {
        CTAMAT.uniformDetachEvent(self.browser.getEventName(), self.nothingToShow);
        CTAMAT.loadPixel('unsold', config.pixel_url);
        self.postRunEvents()
    };
    this.getFunctionToAttach = function() {
        var functionToAttach;
        switch (config.type) {
            case 'tabswap':
                functionToAttach = self.doTabSwap;
                break;
            case 'tabover':
                functionToAttach = self.doTabOver;
                break;
            case 'tabunder':
                functionToAttach = self.doTabUnder;
                break;
            case 'popover':
                functionToAttach = self.doPopOver;
                break;
            case 'popunder':
            default:
                functionToAttach = self.doPopUnder;
                break
        }
        return functionToAttach
    };
    this.run = function() {
        if (config.url == '') {
            if (config.refresh_rate > 0 && refreshRateCount > 0) {
                self.postRunEvents()
            }
            return false
        }
        if (config.delay == 0) {
            self.preRunEvents()
        }
        var functionToAttach = self.getFunctionToAttach();
        if (config.delay > 0) {
            self.delayedStart(self.browser.getEventName(), functionToAttach, config.delay)
        } else {
            CTAMAT.uniformAttachEvent(self.browser.getEventName(), functionToAttach)
        }
    };
    this.loadPublisherCallback = function(willShowAd) {
        if (config.publisher_onload_callback) {
            try {
                (eval(config.publisher_onload_callback))(willShowAd)
            } catch (e) {}
        }
    };
    this.runAfterWorkerAnswers = function() {
        if (config.url == '') {
            if (config.delay > 0) {
                self.delayedStart(self.browser.getEventName(), self.nothingToShow, config.delay)
            } else {
                CTAMAT.uniformAttachEvent(self.browser.getEventName(), self.nothingToShow)
            }
            self.loadPublisherCallback(false)
        } else {
            self.initialEventAttachment();
            self.loadPublisherCallback(true)
        }
    };
    this.checkRTBurl = function() {
        if (config.refresh_rate > 0 && config.rbd_url != '') {
            try {
                CTAMAT.jsonp(config.rbd_url, 'callback', function(data) {
                    if (typeof data === "object" && typeof data.url === 'string' && !data.error) {
                        if (typeof data.iurl !== 'undefined' && data.iurl != '') {
                            if (self.browser.majorVersion > 56) {
                                config.url = location.protocol + cdnToUse + '/prod/redirect.html?lu=' + encodeURIComponent(data.url);
                                config.iurl = data.iurl
                            } else {
                                config.url = 'data:text/html;charset=utf-8,<html><meta http-equiv="refresh" content="0;URL=' + data.url + '"></html>';
                                config.iurl = data.iurl
                            }
                        } else {
                            config.url = data.url
                        }
                        config.pixel_url = data.pixel_url;
                        config.rtb = data.rtb;
                        if (typeof data.tsl !== 'undefined' && data.tsl != '' && !latencyPixelPlaced) {
                            updateLatencyPixelLink(data.tsl)
                        }
                    }
                    self.askWorker(true)
                })
            } catch (e) {}
        } else {
            self.askWorker(false)
        }
    };
    this.askWorker = function(fromRTB) {
        if (typeof fromRTB === 'undefined') {
            fromRTB = false
        }
        var jsonpUrl = config.rtb;
        if (typeof window.adcashUfp !== 'undefined' && window.adcashUfp.hash) {
            jsonpUrl += '&ufp=' + encodeURIComponent(window.adcashUfp.hash)
        }
        if (config.rtb != '') {
            CTAMAT.jsonp(jsonpUrl, 'callback', function(data) {
                if (data != '') {
                    var info = data.split('&');
                    config.url = info[0];
                    if (typeof info[1] !== 'undefined' && info[1] != '') {
                        var newParameters = info.slice(1, info.length);
                        updateLatencyPixelLink('a?' + newParameters.join('&'))
                    }
                } else if (data == '' && !firstRun) {
                    if (!(fromRTB && config.url != '')) {
                        config.url = ''
                    }
                }
                if (firstRun && emptyInitialURL) {
                    self.runAfterWorkerAnswers()
                }
                firstRun = false
            });
            return true
        }
        return false
    };

    function updateLatencyPixelLink(newValues) {
        if (typeof config.time_stats_link !== 'undefined' && config.time_stats_link != '' && !latencyPixelParametersLocked) {
            var valuesToSwap = CTAMAT.getUrlQueryStringParameters(newValues);
            config.time_stats_link = CTAMAT.replaceQueryStringParametersInUrl(config.time_stats_link, valuesToSwap)
        }
    }
    this.initialEventAttachment = function() {
        setTimeout(function() {
            self.askWorker(false)
        }, 500);
        if (config.url == '') {
            if (config.refresh_rate > 0 && refreshRateCount > 0) {
                self.postRunEvents()
            }
            return false
        }
        if (config.delay == 0) {
            self.preRunEvents()
        }
        if (config.delay > 0) {
            self.delayedStart(self.browser.getEventName(), function() {
                window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = self.initialEventHandler
            }, config.delay)
        } else {
            window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = self.initialEventHandler
        }
    };
    this.initialEventHandler = function(event) {
        var popResult = self.getFunctionToAttach()(event);
        if (popResult !== false) {
            window['jonIUBFjnvJDNvluc' + CTAMAT.getRand()] = null
        }
        return popResult
    };
    this.initialRun = function() {
        if (typeof window['_adas_v211fa'] !== 'undefined' && typeof CTAMAT.getRand() !== 'undefined') {
            for (var t in window['_adas_v211fa']) {
                if (window['_adas_v211fa'].hasOwnProperty(t)) {
                    config[self.decrypt(t)] = self.decrypt(window['_adas_v211fa'][t])
                }
            }
            emptyInitialURL = (config.url == '');
            self.setInfraTimesFromVar();
            if (typeof CTAMAT.getRand() !== 'undefined') {
                if (!emptyInitialURL) {
                    if (typeof config.iurl !== 'undefined' && config.url != '') {
                        if (self.browser.majorVersion > 56) {
                            config.url = location.protocol + cdnToUse + '/prod/redirect.html?lu=' + encodeURIComponent(config.url)
                        } else {
                            config.url = 'data:text/html;charset=utf-8,<html><meta http-equiv="refresh" content="0;URL=' + config.url + '"></html>'
                        }
                    }
                    self.initialEventAttachment();
                    self.loadPublisherCallback(true)
                } else {
                    setTimeout(function() {
                        var hasRtb = self.askWorker();
                        if (!hasRtb && emptyInitialURL && firstRun) {
                            self.runAfterWorkerAnswers()
                        }
                    }, 1250)
                }
            }
        } else {
            setTimeout(self.initialRun, 250)
        }
    };

    function hasImpressionPixel() {
        return typeof config.iurl !== 'undefined' && config.iurl !== ''
    }
    window._0x90aa = true
};
Cnac.initialRun();
                                    

#4 JavaScript::Eval (size: 17534, repeated: 5) - SHA256: 77d3639f8814dd2ee25cd049185e0247c6c7c3be2f8390161774cecfff19b41d

                                        var ufpAttach = function() {
    "use strict";
    var ufpAttach = function(cdn, receive) {
        if (!(this instanceof ufpAttach)) {
            return new ufpAttach(cdn, receive)
        }
        this.cdn = cdn;
        this.receive = receive
    };
    ufpAttach.prototype = {
        checkBody: function() {
            var isBodyLoaded = false;
            if (!!document.body) {
                isBodyLoaded = true
            }
            return (isBodyLoaded || !!document.getElementsByTagName('body')[0])
        },
        attachMessageEvent: function() {
            var self = this;
            var callback = function(event) {
                var parserExpectedUrl = document.createElement('a');
                parserExpectedUrl.href = self.cdn;
                var expectedDomain = parserExpectedUrl.hostname;
                var parserGivenUrl = document.createElement('a');
                parserGivenUrl.href = event.origin;
                var givenDomain = parserGivenUrl.hostname;
                if (givenDomain === expectedDomain) {
                    self.receive(event)
                }
            };
            if (window.addEventListener) {
                window.addEventListener("message", callback)
            } else {
                window.attachEvent("onmessage", callback)
            }
        },
        attachFingerprintIframe: function() {
            var date = new Date();
            var id = 'ufpIframe-' + date.getDate() + '-' + date.getMonth() + '-' + date.getFullYear();
            if (!this.checkBody()) {
                setTimeout(this.attachFingerprintIframe(), 5)
            } else if (!document.getElementById(id)) {
                try {
                    var iframe = document.createElement('iframe');
                    iframe.src = this.cdn;
                    iframe.id = id;
                    iframe.name = 'ufpIframe';
                    iframe.width = 0;
                    iframe.height = 0;
                    iframe.frameBorder = 0;
                    iframe.setAttribute('style', 'position:absolute;left:-9999px;width:0px;height;0px;border:0px;');
                    if (window.postMessage) {
                        this.attachMessageEvent()
                    } else {
                        this.receive()
                    }
                    document.body.appendChild(iframe)
                } catch (e) {}
            }
        }
    };
    ufpAttach.VERSION = "1.0";
    return ufpAttach
}();
var CTAMAT = new function() {
    var adserverUrls = {
        adcashDomain: ['//onclickmega.com', '//onclicksuper.com'],
        adcashUrls: ['//onclickmega.com/script/suurl.php?', '//onclicksuper.com/script/suurl.php?'],
        adserverIndex: 0
    };
    this.chosenAdcashUrl = null;
    var rand = Math.random();
    var self = this;
    var oppPixelLoaded = false;
    this.ELEMENT_WHITELIST = 1;
    this.ELEMENT_BLACKLIST = 2;
    this.browser = (function(n) {
        n = n.replace('OPR', 'opera').toLowerCase();
        var b = {
            webkit: /webkit/i.test(n),
            chrome: /chrome|crios/i.test(n),
            safari: (/safari/i.test(n) && !(/chrome/i.test(n)) && !(/opios/i.test(n))),
            mozilla: (/mozilla/i.test(n)) && (!/(compatible|webkit)/i.test(n)),
            firefox: /firefox/i.test(n),
            msie: ((/msie/i.test(n)) || /Trident/i.test(n)) && (!/opera/i.test(n)),
            msedge: (/edge/i.test(n)),
            msMobile: /iemobile/i.test(n) || /(?=.*\bWindows\b)(?=.*\bARM\b)/i.test(n) || /Windows Phone/i.test(n),
            opera: /opera/i.test(n),
            operaMini: (/opera mini/i.test(n) || /opios/i.test(n)),
            android: /android/i.test(n),
            mac: /macintosh/i.test(n),
            blackberry: /blackberry/i.test(n) || /BB10/i.test(n),
            ios: /ipad|ipod|iphone/i.test(n),
            fb: /fban\/fbios|fbav|fbios|fb_iab\/fb4a/i.test(n),
            presto: /presto/i.test(n),
            ieQuirksMode: (typeof document.compatMode !== 'undefined') ? document.compatMode !== 'CSS1Compat' && (/msie/i.test(n)) && (!/opera/i.test(n)) : false,
            ucbrowser: /^((?!UCWEB).)*UCBrowser.*Mobile.+/i.test(n),
            ucMini: /^((?!UCWEB).)*UCBrowser.*Mobile$/i.test(n),
            ucSpeed: /^Mozilla\/5\.0.+Gecko\/$/i.test(n),
            amazon_tablet: /(KFOT|KFTT|KFJWI|KFJWA|KFSOWI|KFTHWI|KFTHWA|KFAPWI|KFAPWA|KFARWI|KFASWI|KFSAWI|KFSAWA|JSS15J|Silk|Kindle)/i.test(n),
            tablet: /(?:Nexus 7|BNTV250|Kindle Fire|Silk|GT-P1000)/i.test(n)
        };
        b.touchable = 'ontouchstart' in document.documentElement;
        b.version = (b.safari) ? (n.match(/.+(?:ri)[\/: ]([\d.]+)/) || [])[1] : (n.match(/.+(?:ox|me|ra|ie|Edge)[\/: ]([\d.]+)/) || [])[1];
        b.majorVersion = parseInt(b.version);
        b.isMobile = b.android || b.ios || b.blackberry || b.msMobile || b.operaMini || b.ucbrowser || b.tablet || b.amazon_tablet || b.ucbrowser || b.fb || b.ucMini || b.ucSpeed;
        b.userAgent = navigator.userAgent;
        b.iosVersion = function() {
            if (typeof window.MSStream !== 'undefined') {
                return 0
            }
            var match = (/OS (\d+)_(\d+)_?(\d+)?/i).exec(b.userAgent),
                version;
            if (match !== undefined && match !== null) {
                version = [parseInt(match[1], 10), parseInt(match[2], 10), parseInt(match[3] || 0, 10)];
                return parseFloat(version.join('.'))
            }
            return 0
        };
        b.getBrowserName = function() {
            if (b.operaMini || b.fb) {
                return 'omini'
            }
            if (b.isMobile && (b.chrome || b.ios || b.safari || b.firefox || b.msMobile || b.opera || b.ucbrowser || b.ucMini)) {
                return 'mobile'
            }
            if (b.firefox) {
                return 'firefox'
            }
            if (b.opera) {
                return 'opera'
            }
            if (b.msie) {
                return 'msie'
            }
            if (b.safari) {
                return 'safari'
            }
            if (b.msedge) {
                return 'edge'
            }
            if (b.chrome) {
                return 'chrome'
            }
            return 'general'
        };
        b.getUrl = function() {
            return urls.cdnUrls[urls.cdnIndex] + '/script/' + b.getBrowserName() + '.js'
        };
        b.getEventName = function() {
            var eventType = 'click';
            if (b.chrome) {
                eventType = 'mousedown';
                if (b.majorVersion > 42 && b.majorVersion < 49 || b.isMobile) {
                    eventType = 'click'
                }
            }
            if (b.isMobile && b.touchable && !b.chrome && !b.ucMini && !b.ucSpeed) {
                eventType = 'touchstart'
            }
            if (b.ios && b.iosVersion() >= 9) {
                eventType = 'click'
            }
            return eventType
        };
        return b
    })(navigator.userAgent);
    this.attachAdserverScript = function() {
        var errorHandle = '';
        if (typeof zoneSett.url === 'string') {
            try {
                errorHandle = function() {
                    if (typeof CTABPu.emergencyFixer === 'object' && typeof urls.useFixer === 'boolean') {
                        if (urls.useFixer === true) {
                            CTABPu.emergencyFixer.prepare()
                        }
                    }
                };
                self.attachScript(zoneSett.url, true, errorHandle)
            } catch (e) {}
        } else if (adserverUrls.adserverIndex < adserverUrls.adcashUrls.length) {
            try {
                errorHandle = function() {
                    adserverUrls.adserverIndex++;
                    self.attachAdserverScript()
                };
                self.attachScript(adserverUrls.adcashUrls[adserverUrls.adserverIndex], true, errorHandle);
                self.chosenAdcashUrl = adserverUrls.adcashUrls[adserverUrls.adserverIndex]
            } catch (e) {}
        } else {
            if (typeof CTABPu.emergencyFixer === 'object' && typeof urls.useFixer === 'boolean') {
                if (urls.useFixer === true) {
                    CTABPu.emergencyFixer.prepare()
                }
            }
        }
    };
    this.attachScript = function(src, shouldBuild, errorHandler) {
        errorHandler = typeof errorHandler !== 'function' ? function() {} : errorHandler;
        if (typeof shouldBuild === 'boolean' && shouldBuild === true) {
            var builder = new self.ReopenUrlBuilder(src, self.inIframe());
            src = builder.build();
            if (self.browser.operaMini || self.browser.ucSpeed) {
                src += '&om=1'
            }
            if (typeof window.adcashUfp !== 'undefined' && window.adcashUfp.hash) {
                src += '&ufp=' + encodeURIComponent(window.adcashUfp.hash)
            }
        }
        var scriptElement = document.createElement('script');
        scriptElement.setAttribute('data-cfasync', 'false');
        scriptElement.src = src;
        scriptElement.onerror = errorHandler;
        var firstScript;
        if (typeof document.scripts !== 'undefined') {
            firstScript = document.scripts[0]
        }
        if (typeof firstScript === 'undefined') {
            firstScript = document.getElementsByTagName('script')[0]
        }
        firstScript.parentNode.insertBefore(scriptElement, firstScript)
    };
    this.uniformAttachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.addEventListener) {
            return object.attachEvent('on' + evt, callback)
        }
        return object.addEventListener(evt, callback, true)
    };
    this.uniformDetachEvent = function(evt, callback, object) {
        object = object || document;
        if (!object.removeEventListener) {
            return object.detachEvent('on' + evt, callback)
        }
        return object.removeEventListener(evt, callback, true)
    };
    this.inIframe = function() {
        try {
            return (window.self !== window.top) ? 1 : 0
        } catch (e) {
            return 1
        }
    };
    this.supportsBeacon = function() {
        return (typeof navigator.sendBeacon !== 'undefined') ? 1 : 0
    };
    this.supportsImage = function() {
        return (typeof Image !== 'undefined') ? 1 : 0
    };
    this.checkBody = function() {
        var b = false;
        if (typeof document.body !== 'undefined') {
            if (document.body != null) {
                b = true
            }
        }
        var oldBrowser = typeof document.getElementsByTagName('body')[0] !== 'undefined';
        return (b || oldBrowser)
    };
    this.appendTtc = function(url, shouldTrack, startTime) {
        if (!shouldTrack || startTime == 0) {
            return url
        }
        var time = Date.now() - startTime;
        var prefix = '&';
        if (url.indexOf('?') === -1) {
            prefix = '?'
        }
        time = encodeTTC(time);
        url += prefix + 'ttc=' + time;
        return url
    };
    var encodeTTC = function(time) {
        var strToEnc = time;
        var symbols = ['c', 'y', 'r', '4', 'j', 'v', '9', 't', 'x', 'p'];
        var encodedStr = '';
        var crc = 0;
        while (strToEnc > 0) {
            encodedStr = encodedStr.concat(symbols[(strToEnc % 10)]);
            crc += strToEnc % 10;
            strToEnc = parseInt(strToEnc / 10)
        }
        for (var i = 0; i < 3; i++) {
            if (crc > 0) {
                encodedStr = encodedStr.concat(symbols[(crc % 10)]);
                crc = parseInt(crc / 10)
            } else {
                encodedStr = encodedStr.concat(symbols[0])
            }
        }
        return encodedStr
    };
    this.loadPixel = function(type, pixelUrl) {
        var parameter;
        switch (type) {
            case 'unsold':
                parameter = '&unin=1';
                break;
            case 'opp':
                if (oppPixelLoaded) {
                    return true
                } else {
                    oppPixelLoaded = true
                }
                break;
            default:
                return false
        }
        if (pixelUrl) {
            var pixel = document.createElement('img'),
                url = pixelUrl;
            url += parameter;
            pixel.style.display = 'none';
            pixel.style.visibility = 'hidden';
            pixel.src = url;
            self.attachPixelToBody(pixel);
            return true
        } else {
            return false
        }
    };
    this.jsonp = function(url, method, callback) {
        url = url || '';
        method = method || '';
        callback = callback || function() {};
        if (typeof method === 'function') {
            callback = method;
            method = 'callback'
        }
        var generatedFunction = 'jsonp' + Math.round(Math.random() * 1000001);
        window[generatedFunction] = function(json) {
            callback(json);
            try {
                delete window[generatedFunction]
            } catch (e) {}
        };
        if (url.indexOf('?') === -1) {
            url = url + '?'
        } else {
            url = url + '&'
        }
        var jsonpScript = document.createElement('script');
        jsonpScript.setAttribute('src', url + method + '=' + generatedFunction);
        var firstScript;
        if (typeof document.scripts !== 'undefined') {
            firstScript = document.scripts[0]
        }
        if (typeof firstScript === 'undefined') {
            firstScript = document.getElementsByTagName('script')[0]
        }
        firstScript.parentNode.appendChild(jsonpScript)
    };
    this.ReopenUrlBuilder = function(baseUrl, isInIframe) {
        var instance = this;
        var allowedParams = {
            'sub1': true,
            'sub2': true,
            'excluded_countries': true,
            'allowed_countries': true,
            'pu': true,
            'lang': true,
            'lon': true,
            'lat': true,
            'storeurl': true,
            'c1': true,
            'c2': true,
            'c3': true,
            'pub_hash': true,
            'pub_clickid': true,
            'pub_value': true
        };
        this.baseUrl = baseUrl;
        this._getMetaContent = function(name) {
            try {
                var meta = window.top.document.getElementsByTagName('meta');
                for (var i = 0; i < meta.length; i++) {
                    if (meta[i].hasAttribute('name') && meta[i].getAttribute('name').toLowerCase() === name) {
                        var info = meta[i].getAttribute('content');
                        return instance._getSafeSizeSubString(info)
                    }
                }
            } catch (e) {}
            return ''
        };
        this._getWidth = function() {
            return window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth
        };
        this._getHeight = function() {
            return window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight
        };
        this._getSafeSizeSubString = function(str) {
            var indexToCut = Math.max(str.indexOf(' ', 256), str.indexOf(',', 256));
            if (indexToCut > 384 || indexToCut < 20) {
                indexToCut = 256
            }
            return str.substring(0, indexToCut)
        };
        this._getTitle = function() {
            var title = document.title;
            if (isInIframe) {
                try {
                    title = window.top.document.title
                } catch (e) {
                    title = ''
                }
            }
            return instance._getSafeSizeSubString(title)
        };
        this._getReferrer = function() {
            var referrer = document.referrer;
            if (isInIframe) {
                try {
                    referrer = window.top.document.referrer
                } catch (e) {
                    referrer = ''
                }
            }
            return instance._getSafeSizeSubString(referrer)
        };
        this.build = function() {
            if (typeof zoneSett.url !== 'string') {
                this.baseUrl = this.baseUrl + 'r=' + zoneSett.r
            }
            if (typeof adcashMacros === 'object') {
                for (var key in adcashMacros) {
                    if (adcashMacros.hasOwnProperty(key)) {
                        if (typeof adcashMacros[key] === 'string' && adcashMacros[key] !== '' && adcashMacros[key].length > 0) {
                            if (typeof allowedParams[key] === 'boolean' && allowedParams[key] === true) {
                                this.baseUrl = this.baseUrl + (this.baseUrl.indexOf('?') > 3 ? '&' : '?') + key + '=' + encodeURIComponent(adcashMacros[key])
                            }
                        }
                    }
                }
            }
            var cdnDomain = urls.cdnUrls[urls.cdnIndex];
            var cdnDomainToSend = cdnDomain.substring(2);
            return this.baseUrl + '&cbrandom=' + rand + '&cbiframe=' + isInIframe + '&cbWidth=' + instance._getWidth() + '&cbHeight=' + instance._getHeight() + '&cbtitle=' + encodeURIComponent(instance._getTitle()) + '&cbref=' + encodeURIComponent(instance._getReferrer()) + '&cbdescription=' + encodeURIComponent(instance._getMetaContent('description')) + '&cbkeywords=' + encodeURIComponent(instance._getMetaContent('keywords')) + '&cbcdn=' + encodeURIComponent(cdnDomainToSend)
        }
    };
    this.getRand = function() {
        return (typeof CTABPu !== 'object') ? rand : CTABPu.getRand()
    };
    this.loader = function(event) {
        if (typeof window['jonIUBFjnvJDNvluc' + self.getRand()] === 'function') {
            window['jonIUBFjnvJDNvluc' + self.getRand()](event);
            self.uniformDetachEvent(self.browser.getEventName(), self.loader)
        }
    };
    this.convertSecondsToMilliseconds = function(timeInSeconds) {
        var calculatedDelay = timeInSeconds;
        calculatedDelay = (calculatedDelay << 10) - calculatedDelay * 24;
        return calculatedDelay
    };
    this.getUrlQueryStringParameters = function(url) {
        var params = {};
        var x = url.split('?');
        if (1 in x) {
            var paramsRaw = x[1].split('&');
            for (var i in paramsRaw) {
                var parts = paramsRaw[i].split('=');
                if (0 in parts && 1 in parts) {
                    params[parts[0]] = parts[1]
                }
            }
        }
        return params
    };
    this.replaceQueryStringParametersInUrl = function(url, parameters) {
        var urlWithoutQueryString = url.split('?')[0];
        var urlParameters = self.getUrlQueryStringParameters(url);
        for (var i in parameters) {
            urlParameters[i] = parameters[i]
        }
        var queryString = self.buildQueryString(urlParameters);
        return urlWithoutQueryString + ((queryString.length) ? '?' + queryString : '')
    };
    this.buildQueryString = function(parameters) {
        var queryStringParts = [];
        for (var i in parameters) {
            queryStringParts.push(i + '=' + parameters[i])
        }
        return queryStringParts.join('&')
    };
    this.AdcashStorage = {
        isSupported: function() {
            try {
                return 'localStorage' in window && window['localStorage'] !== null
            } catch (e) {
                return false
            }
        },
        set: function(name, value, seconds, saveEverywhere) {
            var expires = '';
            if (seconds) {
                var date = new Date();
                date.setTime(date.getTime() + (seconds * 1000));
                expires = '; expires=' + date.toGMTString()
            }
            if (this.isSupported()) {
                localStorage.setItem(name, value)
            }
            if (saveEverywhere || !this.isSupported()) {
                document.cookie = name + '=' + value + expires + '; path=/'
            }
        },
        get: function(name) {
            if (this.isSupported()) {
                var ret = localStorage.getItem(name);
                switch (ret) {
                    case 'true':
                        return true;
                    case 'false':
                        return false;
                    default:
                        return ret
                }
            } else {
                var nameEQ = name + '=';
                var ca = document.cookie.split(';');
                for (var i = 0; i < ca.length; i++) {
                    var c = ca[i];
                    while (c.charAt(0) === ' ') {
                        c = c.substring(1, c.length)
                    }
                    if (c.indexOf(nameEQ) === 0) {
                        ret = c.substring(nameEQ.length, c.length);
                        switch (ret) {
                            case 'true':
                                return true;
                            case 'false':
                                return false;
                            default:
                                return ret
                        }
                    }
                }
            }
            return false
        }
    };
    this.randomString = function(length) {
        return Math.round((Math.pow(36, length + 1) - Math.random() * Math.pow(36, length))).toString(36).slice(1)
    };
    this.getWindowInfo = function() {
        return {
            height: window.outerHeight || document.documentElement.clientHeight,
            width: window.outerWidth || document.documentElement.clientWidth,
            left: window.screenLeft || window.screenX || 0,
            top: window.screenTop || window.screenY || 0
        }
    };
    if (!Date.now) {
        Date.now = function() {
            return new Date().getTime()
        }
    }
    this.currentTime = Date.now();
    this.classRestrictions = {
        hasWhitelist: false,
        hasBlacklist: false,
        targeting: {},
        addBlacklistedClass: function(className) {
            this.hasBlacklist = true;
            if (!(className in this.targeting)) {
                this.targeting[className] = 0
            }
            this.targeting[className] = this.targeting[className] | self.ELEMENT_BLACKLIST
        },
        addWhitelistedClass: function(className) {
            this.hasWhitelist = true;
            if (!(className in this.targeting)) {
                this.targeting[className] = 0
            }
            this.targeting[className] = this.targeting[className] | self.ELEMENT_WHITELIST
        }
    };
    this.init = function() {
        if (typeof zoneSett.r !== 'undefined' && zoneSett.r.length > 4) {
            var i;
            for (i = 0; i < adserverUrls.adcashUrls.length; i++) {
                acPrefetch(adserverUrls.adcashDomain[i])
            }
            if (zoneSett.hasOwnProperty('classWhitelist') && zoneSett.classWhitelist.length > 0) {
                for (i = 0; i < zoneSett.classWhitelist.length; i++) {
                    this.classRestrictions.addWhitelistedClass(zoneSett.classWhitelist[i])
                }
            }
            if (zoneSett.hasOwnProperty('classBlacklist') && zoneSett.classBlacklist.length > 0) {
                for (i = 0; i < zoneSett.classBlacklist.length; i++) {
                    this.classRestrictions.addBlacklistedClass(zoneSett.classBlacklist[i])
                }
            }
            if (typeof CTABPu !== 'undefined') {
                if (typeof CTABPu.loader === 'undefined') {
                    self.uniformAttachEvent(self.browser.getEventName(), self.loader)
                } else {
                    if (typeof urls.events !== 'undefined') {
                        for (i = 0; i < urls.events.length; i++) {
                            if (urls.events[i] !== self.browser.getEventName()) {
                                CTABPu.uniformDetachEvent(urls.events[i], CTABPu.loader)
                            }
                        }
                    }
                }
            } else {
                self.uniformAttachEvent(self.browser.getEventName(), self.loader)
            }
            var adsScriptAttached = false;
            var adsScriptAttach = function() {
                if (adsScriptAttached) {
                    return
                }
                adsScriptAttached = true;
                self.attachAdserverScript();
                if (!self.browser.operaMini && !self.browser.ucSpeed) {
                    self.attachScript(self.browser.getUrl())
                }
            };
            window.adcashUfp = {};
            try {
                new ufpAttach('//ufpcdn.com/script/identify.html?frmt=0', function(ufpData) {
                    var data = ufpData.data;
                    CTAMAT.AdcashStorage.set('adcashufpv3', data.ufp, 5184000, true);
                    window.adcashUfp.hash = data.ufp;
                    adsScriptAttach()
                }).attachFingerprintIframe()
            } catch (e) {}
            setTimeout(adsScriptAttach, 200)
        }
    };
    this.checkCssRestriction = function(cssRule, element, type) {
        if (false === ('querySelectorAll' in document)) {
            return true
        }
        var elementList = document.querySelectorAll(cssRule);
        for (var i = 0; i < elementList.length; i++) {
            if (element === elementList[i]) {
                if (type === self.ELEMENT_WHITELIST) {
                    return true
                } else if (type === self.ELEMENT_BLACKLIST) {
                    return false
                }
            }
        }
        if (type === self.ELEMENT_WHITELIST) {
            return false
        } else if (type === self.ELEMENT_BLACKLIST) {
            return true
        }
    };
    this.checkClassRestriction = function(classTargeting, element) {
        var tmpElement = element;
        do {
            var classes = [];
            if ('className' in tmpElement) {
                classes = tmpElement.className.match(/[^\s]+/g);
                if (classes === null) {
                    classes = []
                }
            }
            for (var i = 0; i < classes.length; i++) {
                if (this.classRestrictions.targeting.hasOwnProperty(classes[i])) {
                    if (this.classRestrictions.targeting[classes[i]] & self.ELEMENT_BLACKLIST) {
                        return false
                    }
                    if (this.classRestrictions.targeting[classes[i]] & self.ELEMENT_WHITELIST) {
                        return true
                    }
                }
            }
        } while ((tmpElement = tmpElement.parentNode));
        if (this.classRestrictions.hasWhitelist) {
            return false
        }
        return true
    };
    this.checkElementTargeting = function(event) {
        var target = event.target ? event.target : window.event.srcElement;
        if (!target) {
            return false
        }
        if (zoneSett.hasOwnProperty('cssWhitelist') && zoneSett.cssWhitelist) {
            if (!this.checkCssRestriction(zoneSett.cssWhitelist, target, this.ELEMENT_WHITELIST)) {
                return false
            }
        }
        if (zoneSett.hasOwnProperty('cssBlacklist') && zoneSett.cssBlacklist) {
            if (!this.checkCssRestriction(zoneSett.cssBlacklist, target, this.ELEMENT_BLACKLIST)) {
                return false
            }
        }
        if (this.classRestrictions.hasWhitelist || this.classRestrictions.hasBlacklist) {
            return this.checkClassRestriction(this.classRestrictions, target)
        }
        return true
    }
};
CTAMAT.init();
                                    

Executed Writes (4)

#1 JavaScript::Write (size: 239, repeated: 1) - SHA256: 9d10bbb2c70bbab9e5e2645ebb72ea9af7f9a89741afde18639cb49f8e1647b4

                                        < iframe id = "ero_banner3609304"
width = "600"
height = "60"
src = "//go.ero-advertising.com/banner.go?fprint=unknown&time=1542281171&spaceid=3609304&doc=http%3A//bi3some.sextgem.com/&tz=-1&sh=885&sw=1176"
frameborder = "0"
scrolling = "no" > < /iframe>
                                    

#2 JavaScript::Write (size: 232, repeated: 1) - SHA256: 9b1fb4043815022ff4616ca476d202eb21f87a98116f9a00324a78f1661b984a

                                        < img src = "https://toplist.cz/count.asp?id=1787214&logo=2&http=http%3A//teenystar18.toplistcreator.eu/index.html&t=JAILBAIT%20TOP%20-%20jailbait.toplistcreator.eu&wi=1176&he=885&cd=24"
width = "88"
height = "31"
border = 0 alt = "TOPlist" / >
                                    

#3 JavaScript::Write (size: 238, repeated: 1) - SHA256: a85d774a30c516a34112b6acf8c1aaf4b7e86998703ea9f5a3572b1a95ce9d89

                                        < img src = "https://toplist.cz/count.asp?id=1787215&logo=2&http=http%3A//teenystar18.toplistcreator.eu/index.html&t=TOP.LISTED%20MODELS%20-%20toplisted.toplistcreator.eu&wi=1176&he=885&cd=24"
width = "88"
height = "31"
border = 0 alt = "TOPlist" / >
                                    

#4 JavaScript::Write (size: 218, repeated: 1) - SHA256: 8e6aa1b3d2f9b93f0abdfcae8afcba541fdb3f0587155df81d105cd80ece7144

                                        < img src = "https://toplist.cz/count.asp?id=1787216&logo=s&http=http%3A//bi3some.sextgem.com/&t=TEENY%20STAR%2018%20-%20teenystar18.toplistcreator.eu&wi=1176&he=885&cd=24"
width = "14"
height = "14"
border = 0 alt = "TOPlist" / >
                                    


HTTP Transactions (354)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: bi3some.sextgem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.36.158.42
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:07 GMT
Vary: Host,Accept-Encoding
Set-Cookie: _xta_uid=ddea2edc60ccc768534ba3b851270378; expires=Sat, 14-Nov-2020 11:26:08 GMT; Max-Age=63072000; path=/; domain=.sextgem.com; httponly _xta_vid=c16c7a9176791873c6af50427ccdc8e3-1542281168; expires=Thu, 15-Nov-2018 11:56:08 GMT; Max-Age=1800; path=/; domain=.sextgem.com; httponly
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Encoding: gzip
Content-Length: 8439
Age: 0
X-Cache: MISS
X-Cache-Hits: 0
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8439
Md5:    5ff3dd2b43cfa2e8d608df22e356ddee
Sha1:   5353ad5089ca04e8b6578802ac51c8e5c521c4b5
Sha256: 61f6352642edfbeac6ff8e27473aa2a885909542b119c9d507e495052ac98ba0

Alerts:
  IDS:
    - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
                                        
                                            GET /css?family=Droid+Sans HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         216.58.207.234
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 15 Nov 2018 11:26:08 GMT
Date: Thu, 15 Nov 2018 11:26:08 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   202
Md5:    15b0a0a3660bc0e5044fa0f340b9cc36
Sha1:   e6c6c06a21f1469b037d5cf21bb4135e83df29bc
Sha256: 72f4d2a7f1a2e22a630674f6e0d6951c9b15a61d5f69d43675e273daf81f9a8c
                                        
                                            GET /xtgem_template.css?v=1500297592 HTTP/1.1 
Host: bi3some.sextgem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: _xta_uid=ddea2edc60ccc768534ba3b851270378; _xta_vid=c16c7a9176791873c6af50427ccdc8e3-1542281168

                                         
                                         54.36.158.42
HTTP/1.1 200 OK
Content-Type: text/css;charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:08 GMT
Vary: Host,Accept-Encoding
Content-Encoding: gzip
Content-Length: 3248
Age: 0
X-Cache: MISS
X-Cache-Hits: 0
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3248
Md5:    bcfe6d644a604c42e4e71bc612c2a4bb
Sha1:   b6b252d58cec84c91d1731a649abfeb4789df7f5
Sha256: d0fd6ed208f26387e814c6c2b3891a64b6f85ef6d2ebd5d31880c821a3756de0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "2E93BD8EC5FD3EF0BCB5AED8AF40EC0567FD302D8B7C613855C18698F0836BC0"
Last-Modified: Tue, 13 Nov 2018 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=33575
Expires: Thu, 15 Nov 2018 20:45:43 GMT
Date: Thu, 15 Nov 2018 11:26:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    ce89b6ff83030639c84b1c71a4518a7f
Sha1:   55ce7838ea3c2f6f20f5f617df3849d5aadb6e6d
Sha256: 2e93bd8ec5fd3ef0bcb5aed8af40ec0567fd302d8b7c613855c18698f0836bc0
                                        
                                            GET /button.php?u=forbidden HTTP/1.1 
Host: xfap.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         104.31.80.118
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d494516ddf67fe368faec6fb928dc94fa1542281168; expires=Fri, 15-Nov-19 11:26:08 GMT; path=/; domain=.xfap.eu; HttpOnly
Location: http://xfap.eu/images/button.gif
Server: cloudflare
CF-RAY: 47a15c7803db4291-OSL


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.113
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Mon, 12 Nov 2018 10:01:15 GMT
Etag: "5792910dc567b2604b37cdaf986e0fea143a35b3"
Content-Length: 1396
Cache-Control: public, no-transform, must-revalidate, max-age=34013
Expires: Thu, 15 Nov 2018 20:53:01 GMT
Date: Thu, 15 Nov 2018 11:26:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1396
Md5:    122ff800ab303b831b663950e25f8dac
Sha1:   5792910dc567b2604b37cdaf986e0fea143a35b3
Sha256: 6b87eafda8998043b8dfef8dd720fd39af0873a0dc0d6143e8f09cc384847f2e
                                        
                                            GET /banner1.jpg HTTP/1.1 
Host: privateteens.us.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         46.252.206.1
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:08 GMT
Server: Apache
Last-Modified: Sat, 11 Oct 2014 00:46:04 GMT
Etag: "5913-5051afd8eb6da"
Accept-Ranges: bytes
Content-Length: 22803
Cache-Control: max-age=5184000
Expires: Mon, 14 Jan 2019 11:26:08 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   22803
Md5:    8863a8c8e15dca5ac6c7bd22257432b1
Sha1:   93b260d4131321972fc13d6c5bc9117c5cc6cd6c
Sha256: 3c9d875264daa3de344e7c688f1f85136065c5298fd769dcc9ad385af5ff2d6e
                                        
                                            GET /images/button.gif HTTP/1.1 
Host: xfap.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: __cfduid=d494516ddf67fe368faec6fb928dc94fa1542281168

                                         
                                         104.31.80.118
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:08 GMT
Content-Length: 22193
Connection: keep-alive
Last-Modified: Thu, 16 Jun 2016 09:38:57 GMT
CF-Cache-Status: HIT
Expires: Thu, 15 Nov 2018 15:26:08 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c7843ed4291-OSL


--- Additional Info ---
Magic:  GIF image data, version 89a, 88 x 31
Size:   22193
Md5:    892504ef9303c2507653458942a4710e
Sha1:   77fc6db50d5f4be3dbc3ff79f5b4b8e8c966d238
Sha256: 23e8b73f8c3af64d190a6c1c28d991d57cb89d9770bbebacd2ae78e46c535afd
                                        
                                            GET /banner1.jpg HTTP/1.1 
Host: erotica69.us.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         46.252.206.1
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:08 GMT
Server: Apache
Last-Modified: Mon, 02 Mar 2015 20:45:45 GMT
Etag: "4bf5-510544d6e85ff"
Accept-Ranges: bytes
Content-Length: 19445
Cache-Control: max-age=5184000
Expires: Mon, 14 Jan 2019 11:26:08 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   19445
Md5:    78ba5f1e3fcdd5f14f3c551750060c25
Sha1:   c24f8e06633c03734fc58662dff043b055f14b7e
Sha256: f44501a1f8ac9bfabd0827b7da77311434e9b5aa36206c76d147149da33b5351
                                        
                                            GET /d/?resource=pubJS HTTP/1.1 
Host: d.smopy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         131.153.42.225
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Etag: W/"769f-87h2nxafjr5QvsWDUYNQWjioMOA"
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9711
Md5:    ec46e4715c545557c4d925356a027283
Sha1:   0d721ccdf61a94d5e5e45a0b2b8dbd42be91040c
Sha256: 5237eaf5d2ae1c69c416f339bd6b2fdc2de14be30fdc6425974f62e25879f012
                                        
                                            GET /pop.js HTTP/1.1 
Host: c1.popads.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         185.76.9.28
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 15 Nov 2018 11:26:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 15 Apr 2018 14:16:47 GMT
Etag: W/"5ad35ecf-1108b"
Expires: Sun, 22 Apr 2018 14:20:58 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Server: CDN77-Turbo
X-Edge-IP: 185.76.9.20
X-Edge-Location: stockholmSE
X-Cache: HIT
X-Age: 335080
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   28304
Md5:    0e22a3b06faf69618a2107eb1932665d
Sha1:   d584688330d0c96f6bdd2c2b5e5eb27566e9e2e2
Sha256: 808a7097e87ec3abc9ac976ec31bbf8478c05281d9bb7461f6d47861af3247e0
                                        
                                            GET /images/xtvid/indiandesibhabi.png HTTP/1.1 
Host: xtgem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         178.33.123.218
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 15 Nov 2018 11:25:52 GMT
Last-Modified: Mon, 11 Dec 2017 13:05:49 GMT
Etag: "52ff-5601031744540"
Content-Length: 21247
Cache-Control: max-age=2592000
Expires: Sat, 15 Dec 2018 11:25:52 GMT
X-Ngz: 1
Age: 16
X-Cache: HIT
X-Cache-Hits: 11
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  PNG image, 320 x 50, 8-bit/color RGB, non-interlaced
Size:   21247
Md5:    a7c6c2293d063cc2bb6bef8b932a3b42
Sha1:   96588c4605b82376b5aba115a982680ebed7c7d7
Sha256: 41c494a4a40022a2a77b68e98d21730715263b026744c1e30a2efb3a6f6d3ed6
                                        
                                            GET /js/page_templates_simple.js HTTP/1.1 
Host: sextgem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: _xta_uid=ddea2edc60ccc768534ba3b851270378; _xta_vid=c16c7a9176791873c6af50427ccdc8e3-1542281168

                                         
                                         54.36.158.42
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 15 Nov 2018 08:38:24 GMT
Last-Modified: Mon, 11 Dec 2017 13:05:49 GMT
Etag: "3d6-5601031744540-gzip"
Cache-Control: max-age=2592000
Expires: Sat, 15 Dec 2018 08:38:24 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 409
Age: 10064
X-Cache: HIT
X-Cache-Hits: 2678
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   409
Md5:    1fae56719084488a72b247715b146359
Sha1:   eaca9c07fdd8704c3023587f1c8b798e9a4fc548
Sha256: 47049e15ed49186d2daa0bbbf71bd474166dc0a84380f7afd8886344b9c094e4
                                        
                                            GET /banner1.jpg HTTP/1.1 
Host: xtremeteens.uk.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         188.121.47.1
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:08 GMT
Server: Apache
Last-Modified: Sun, 22 Mar 2015 00:32:43 GMT
Etag: "4b2b-511d5b0131e47"
Accept-Ranges: bytes
Content-Length: 19243
Cache-Control: max-age=5184000
Expires: Mon, 14 Jan 2019 11:26:08 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   19243
Md5:    b5098a13df314e236cc2ce2bb9d35008
Sha1:   46f4f24bb900309113dd9597613af904f1e624e7
Sha256: 478abb91a09316000b019f92eebc4904ab34dc3e09b9306724aa3816e971ff6b
                                        
                                            GET /tp.gif HTTP/1.1 
Host: enif.images.xtstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         178.33.123.218
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:25:52 GMT
Last-Modified: Mon, 11 Dec 2017 13:05:49 GMT
Etag: "2a-5601031744540"
Content-Length: 42
Cache-Control: max-age=2592000
Expires: Sat, 15 Dec 2018 11:25:52 GMT
Age: 16
X-Cache: HIT
X-Cache-Hits: 16
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /tp.gif HTTP/1.1 
Host: cif.images.xtstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         178.33.123.218
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:25:52 GMT
Last-Modified: Mon, 11 Dec 2017 13:05:49 GMT
Etag: "2a-5601031744540"
Content-Length: 42
Cache-Control: max-age=2592000
Expires: Sat, 15 Dec 2018 11:25:52 GMT
Age: 16
X-Cache: HIT
X-Cache-Hits: 21
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /engine/thumbs/18686.jpg HTTP/1.1 
Host: porn-gratis.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         162.244.35.13
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:15:49 GMT
Content-Length: 6509
Last-Modified: Tue, 07 Dec 2010 17:40:08 GMT
Connection: keep-alive
Etag: "4cfe7178-196d"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   6509
Md5:    160296b7e2429a95eefd8368fac66000
Sha1:   b9f21932a86e4f8b9b2c7f1608ccf7c86c06fa3c
Sha256: 97062aff5d7dcfae13ac4c32200211142e38216c781187a385b4a11a7e47224c
                                        
                                            GET /engine/thumbs/54120.jpg HTTP/1.1 
Host: porn-gratis.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         162.244.35.13
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:15:49 GMT
Content-Length: 12308
Last-Modified: Sun, 12 Jun 2011 07:18:21 GMT
Connection: keep-alive
Etag: "4df4683d-3014"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   12308
Md5:    7c63f00e712aeca335b70bc18f6e2a9e
Sha1:   a4f95f18e2919046f157045100674a600ff6c922
Sha256: 283fe151cbcd3c3c3aae033fec717072280167d702f34728cb2360dd3db5386b
                                        
                                            GET /engine/thumbs/54131.jpg HTTP/1.1 
Host: porn-gratis.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         162.244.35.13
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:15:49 GMT
Content-Length: 10058
Last-Modified: Sun, 12 Jun 2011 07:18:21 GMT
Connection: keep-alive
Etag: "4df4683d-274a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   10058
Md5:    254659680b8e3701da04c418d3a50fa6
Sha1:   52af25a6d9ff30925f9d35872ef6ac1627776cb3
Sha256: 8cfdeee2050fc418c5c7445aa5eff14890daa03d5c8630f40d60ce66b218ff7a
                                        
                                            GET /engine/thumbs/18800.jpg HTTP/1.1 
Host: porn-gratis.info
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         162.244.35.13
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:15:49 GMT
Content-Length: 4581
Last-Modified: Tue, 07 Dec 2010 18:01:12 GMT
Connection: keep-alive
Etag: "4cfe7668-11e5"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   4581
Md5:    1ace75a703f012813b303521d65fbebb
Sha1:   6eb2ee2dcb880d42e0bf48502698f08a015e9a2d
Sha256: 1e3b6b920cc65784b3deeefc49807f42618149600a794638ef523790064579b8
                                        
                                            GET /e2/68/30/e2683001b51a3e369fb2d16165c07e07.js HTTP/1.1 
Host: bg6s0.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         198.134.112.242
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.15.1
Date: Thu, 15 Nov 2018 11:26:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13944
Md5:    8d1f0c29f247046a57dbec8bb9f8de7d
Sha1:   e55b1f018824f22c5ade19e44610bee272c5454f
Sha256: e0bb5fbacabc7cc86669fcc208174918659735704cfbd1691d9ea6360d8fe77d
                                        
                                            GET /quant.js HTTP/1.1 
Host: edge.quantserve.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         18.194.121.63
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Cache-Control: private, no-transform, must-revalidate, max-age=604800
Content-Encoding: gzip
Date: Thu, 15 Nov 2018 11:26:09 GMT
Etag: M0-e2b9884a
Expires: Thu, 22 Nov 2018 11:26:09 GMT
Last-Modified: Thu, 15-Nov-2018 11:26:09 GMT
Server: QS
Vary: Accept-Encoding
Content-Length: 5456
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5456
Md5:    ea55b8aade97737bdb3ac34239afe3e9
Sha1:   5bd3746efdffacbe0a0415d8760167834bb181ee
Sha256: d98cf4549e148788618a1ba008dc66d210d0063608b7c0acdfceb11430dd1579
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "69267D604FD253088F8F731A5C266337F7448419C4BEBA4B895DC19C183E3CA7"
Last-Modified: Tue, 13 Nov 2018 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=33056
Expires: Thu, 15 Nov 2018 20:37:05 GMT
Date: Thu, 15 Nov 2018 11:26:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    11cbe13d352e7532072d72eae551a5ff
Sha1:   730bb4a065e279c29899cc96d403019236de7c24
Sha256: 69267d604fd253088f8f731a5c266337f7448419c4beba4b895dc19c183e3ca7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "B234484096620EBA6FDB6D1F086C9933DFB58A74094B3574CA49F2E2095EB334"
Last-Modified: Tue, 13 Nov 2018 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9091
Expires: Thu, 15 Nov 2018 13:57:40 GMT
Date: Thu, 15 Nov 2018 11:26:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    0bf29ad1bc12aa5c08c02fda36359bee
Sha1:   ead4a591f1334e65411fa1262a6980c3b59501eb
Sha256: b234484096620eba6fdb6d1f086c9933dfb58a74094b3574ca49f2e2095eb334
                                        
                                            GET /nativeads.js HTTP/1.1 
Host: ads.exosrv.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         205.185.216.10
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 15 Nov 2018 11:26:09 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1542014891"
Cache-Control: max-age=10800
Content-Encoding: gzip
Content-Length: 10121
Last-Modified: Mon, 12 Nov 2018 09:28:11 GMT
X-HW: 1542281168.dop008.sk1.t,1542281169.cds016.sk1.shn,1542281169.dop008.sk1.t,1542281169.cds045.sk1.c


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10121
Md5:    5b5732be5f211fe6a0357798f18415ff
Sha1:   cf0cbe64b9c4a01b316273f1df4f2097ef85a390
Sha256: 205aa2035de4a5d89a5ae31a85676b08e8a793b66af208c0a6fc82d5a5cd7d8c
                                        
                                            GET /pub.js HTTP/1.1 
Host: prscripts.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         131.153.42.225
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=32738c8ee891147a0604c439eb0da9fc; path=/ woa1quur7O=728c30283d7f614e7502c9ed2807bd6b5de0ddec5922baa9a26e788434a6700ef62a62e42827b40d510383fc087674b3e6f54b0186312d384da8165edab69c0a; expires=Tue, 14-May-2019 11:26:09 GMT; Max-Age=15552000
Pragma: no-cache
Cache-Control: must-revalidate, no-cache, no-transform
Expires: Tue, 31 Dec 2013 23:59:59 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   34637
Md5:    d36c7e050b26971feddb5eb5ab381102
Sha1:   17bc1e9a52969d647e9498af4aecbd0c598b9d13
Sha256: 6f37cb2f318e46af1ba243c5589f487b869d56cce035b969a75d8b67630d1bbb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
X-OCSP-Responder-ID: rmdccaocsp25
Content-Length: 5
Date: Thu, 15 Nov 2018 11:26:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   5
Md5:    5bfa51f3a417b98e7443eca90fc94703
Sha1:   8c015d80b8a23f780bdd215dc842b0f5551f63bd
Sha256: bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
                                        
                                            GET /c?r=1542281169&v=3&siteId=2978032&minBid=0.005&popundersPerIP=&blockedCountries=&documentRef=&s=1176,885,1,1176,885 HTTP/1.1 
Host: serve.popads.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         216.21.13.16
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Access-Control-Allow-Origin: *
Set-Cookie: PP_CV=yes; expires=Thu, 15-Nov-2018 12:26:09 GMT; Max-Age=3600 fraudcheck=fdb6165fdbd4eedb9e79ba2ce5c7bcc8; expires=Sat, 15-Dec-2018 11:26:09 GMT; Max-Age=2592000; path=/; domain=.popads.net
Cache-Control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0
Pragma: no-cache
PopAds-EC: 5
Content-Length: 344
Date: Thu, 15 Nov 2018 11:26:09 GMT
Accept-Ranges: bytes
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   344
Md5:    e74005d193fd7fcae89e8369df3a1118
Sha1:   44819fe793d99c0bbe6f718b4bfa440cd5d1a5e6
Sha256: 2f54d0974f7ffa1824ffe3281b8d071280b23c203605517e837e6e20447f5aa6
                                        
                                            GET /count.asp?id=987149&logo=bc HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:09 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 120
Size:   1852
Md5:    da481ffa5c262d1cd9a840133e57b5cd
Sha1:   86d85f801f4ddf6bb9b618331288151e4fabdd74
Sha256: 2900b4687ec077f1185d1893b0b695f9db38bcd447b1e39e0fc03043ad678b74
                                        
                                            GET /e2jp81jhb/getting-bi-with-martina-7139.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:33 GMT
Content-Length: 7661
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   7661
Md5:    f220dc608a92f7afac9f1c0f60f8789f
Sha1:   e4322e7eb2703f6af64d39fafcf9ca5f76c23702
Sha256: 9039fe1d02555489944f661e6fa254c8661757aad8df1fb9d5701045aefa9b15
                                        
                                            GET /img/vote.gif HTTP/1.1 
Host: underground.click
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         104.27.135.202
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:09 GMT
Content-Length: 4807
Connection: keep-alive
Set-Cookie: __cfduid=d54189fca89be529338c7b79737ca23431542281169; expires=Fri, 15-Nov-19 11:26:09 GMT; path=/; domain=.underground.click; HttpOnly
Last-Modified: Tue, 23 Jan 2018 15:12:37 GMT
Etag: "12c7-56372fa1a4340"
CF-Cache-Status: HIT
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c7deca23cfb-CPH


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   4807
Md5:    593391625879437b58b8ce8079445295
Sha1:   06a4a1d47b9d8bf00cd023702caf4ddde70e060f
Sha256: 7c0830a63c7adb3013ae4ae5ce712e1521e3f20b6ec782b480cc46b9c1c76f40
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 12 Nov 2018 07:37:37 GMT
Etag: 455C9A63DAE5691D80B2722ED9DF77AA979E2572
X-OCSP-Responder-ID: rmdccaocsp25
Content-Length: 278
Cache-Control: public, no-transform, must-revalidate, max-age=331265
Expires: Mon, 19 Nov 2018 07:27:14 GMT
Date: Thu, 15 Nov 2018 11:26:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   278
Md5:    38c4a1da095b119c5630c9a344c87080
Sha1:   455c9a63dae5691d80b2722ed9df77aa979e2572
Sha256: 12ef953c826b8c28d8d2bdf7dcec8fc79fcd1461687ebcdbadb260a3928222ca
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 08 Nov 2018 21:27:34 GMT
Etag: 23FAA79BA8CB4A834A724300E09ABA40E860E4B4
X-OCSP-Responder-ID: rmdccaocsp17
Content-Length: 313
Cache-Control: public, no-transform, must-revalidate, max-age=35442
Expires: Thu, 15 Nov 2018 21:16:51 GMT
Date: Thu, 15 Nov 2018 11:26:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   313
Md5:    b4ec617b55a9097257a931965007e7a8
Sha1:   23faa79ba8cb4a834a724300e09aba40e860e4b4
Sha256: a34cf5d329969d27f77f23d243db20e769e45e28bd25da6e76f60db13f004ef7
                                        
                                            GET /hao6l35r3/mmfmm-fuck-party-part-2-5494.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:33 GMT
Content-Length: 6903
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6903
Md5:    de79d2157ee5425db780a9931cc5d979
Sha1:   fcb6e3fd618c66e26ba312194a73ea363e178494
Sha256: 65b6295fc80119d5b39e62c4191d29ec70a4a00ccd208380285d49d10b4c80ea
                                        
                                            GET /4lyxyj5y7/muscle-hunk-attracts-both-sides-6464.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:33 GMT
Content-Length: 6096
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6096
Md5:    1bc28e7328a96b3d1adbf5d46e47bc0d
Sha1:   40079b48585fae68d8e3a611913bdf9c5d8a6633
Sha256: 945abe255d5731ea1421f280e962ded2a95c0db90dfdf0e60de08fbea5860026
                                        
                                            GET /jvyt5q1gf/rihannas-bisexual-afternoon-6615.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:33 GMT
Content-Length: 6539
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6539
Md5:    0a6cb94491c7fae27d19a47da1877020
Sha1:   1973b6069c9ff2f7ac592d592f69f34cc01d4320
Sha256: 33ccbea9df63129e3eb4ba554f8b336f35745dbf8d1c3bda2fb2d7dbf33fcdc0
                                        
                                            GET /7ilyytbrz/snow-ballin-5483.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:33 GMT
Content-Length: 8196
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8196
Md5:    c8e64fc29188da2bae3a18bf85a60410
Sha1:   30e4e7b4caeae4f0329fd62ce164ce1faf7d78bc
Sha256: 456827fca71939a8737519a4f5f044726e1099348e5537509d04d06ce268f86e
                                        
                                            GET /8btiubbhb/all-it-takes-is-some-champagne-6565.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 7009
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   7009
Md5:    87cd1ac7a46cdeab08e3bcdd42347d9a
Sha1:   5e084970246acfbe0a9d31b909d788fd3a80800b
Sha256: c0fa804f210734921a9767c503b7805b227484b0c0d2b3ca02062d681a696f09
                                        
                                            GET /4e694wonz/castle-view-mmf-fucking-6345.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 6510
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6510
Md5:    7513f9f0044f2aebbc525af1c3c801e1
Sha1:   f795cab4fba5ab9641338bb5d5e3819cf013353a
Sha256: c5864a974cf84fa2cc258ef19e45d64df5b4fbfbc62ca30a9daac4ecb286419a
                                        
                                            GET /jvqie6bn7/p05.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 58360
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2018 15:49:07 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   58360
Md5:    e9333615f09d547b9b756a69ceae21f4
Sha1:   25a281c6b98bf14229bb553ba1f6a8ebd2efa833
Sha256: cdf2311e8cb163127ac9952df2c5c60b52376d6df5c4464bbac9e9e34ec3f290
                                        
                                            GET /kl9aqf9kz/tn_03.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 119994
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2018 15:46:15 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   119994
Md5:    d473bdafe47b9720ea94d7a4c0842c54
Sha1:   5f40fbf141ed8dbb2f157bebf5a8aa937a23ca12
Sha256: be02f91524dd0346ddda59b1cc0a20d4ef01dd38ad4f586ddec744322bc4f3f7
                                        
                                            GET /csimyjyhv/p04.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 46981
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2018 15:49:07 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   46981
Md5:    099030d8d521c09da9c4333ae2bb77e0
Sha1:   1dab7b4b649591cca504adadced2a5294e46c552
Sha256: 3727f89f9995e4a4f93fa08252f4dfb79f47937773e692c72d535659ee1f46a0
                                        
                                            GET /j3r39eqxr/the-cuckolds-cock-gets-revenge-5877.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 5925
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5925
Md5:    1c20bf782b923f9ebfee0aca959175b9
Sha1:   51023c7593f3013fac99e781da00b52393c39bfc
Sha256: b9c734296053fd8956b01b05ff250482d4bea9e5dc3fac39e49baf4dc20a1881
                                        
                                            GET /wzw2qqtdf/tn_04.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 123351
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2018 15:46:15 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   123351
Md5:    5f977fb67e18137a52c8edcfaec09760
Sha1:   c103df42716de6acc863f93071838d31ac74e131
Sha256: 50a72796b428e7a9fcad2b9a0b169feaa28f5bf22f7db5b566216a1d52c25e74
                                        
                                            GET /any9xd9oz/tn_02.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 119241
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2018 15:46:15 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   119241
Md5:    b0783e213e77ac10817226c830a73093
Sha1:   0a3265e8112585e744b445aa9fe7409c340c15ca
Sha256: f277d666af913a2a12e19498983af09ab416048ebc23665698754691d8b3bbc7
                                        
                                            GET /ngpmrtzof/hot-and-horny-in-the-woods-5859.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 6562
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6562
Md5:    53eb45bb0d563a4bab5455abc0f0ab0d
Sha1:   1aaca4900c1f61ba12c0a9751d99845cb063d522
Sha256: 6ab5e0dcf5ac31ea9df1e013b69b328f2cbf3cc6197135a4374c55bc7ffe2a36
                                        
                                            GET /q9iubv00v/hot-bi-fun-in-the-summertime-5462.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 7090
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   7090
Md5:    454c241e57d909e3a5a12df2e5162588
Sha1:   61571ebae3b94ef6fefeca53f9ecf96de0d09bea
Sha256: 4522bc2c7a61a63c6ab9e7c85424da7152386aafd03e93cfc3e8f2e0c1d3b17a
                                        
                                            GET /76zgoxp0f/bi-ballers-6882.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 5314
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5314
Md5:    f09b8f117a5c08f4bfb6c55a71b15b36
Sha1:   7436a000b3573a7dbd92f9a7e177bcaa7f977f5a
Sha256: ec7ef896c820ed91e955b4ad184d9b700e63cea21e71b2406048e90b1c1283bb
                                        
                                            GET /gvcws2jtr/bisexual-orgy-in-the-shower-still-very-dirty-621.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 5868
Connection: keep-alive
Last-Modified: Fri, 04 Aug 2017 12:45:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5868
Md5:    ca74dc45c9337a628d45377eff903f54
Sha1:   ed57aa6888462e45ab1498b12d5d2a3323f7a2a7
Sha256: ad911a9e60e3633bac86e89e53c7f30bec73e3f3a45e27200393a0b92d7b23f6
                                        
                                            GET /98wp8mlgj/tn_01.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:34 GMT
Content-Length: 114953
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2018 15:46:15 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   114953
Md5:    8b5205342b44b3fb430883f3f50d03d3
Sha1:   9a4e5e62489d337d1c90b74bed48eee56d7d991e
Sha256: 345d7e9a96ef9555d729c393f068458abcdd4b7cbbcc3b62e29a99e17f044036
                                        
                                            GET /button.php?u=bi3some HTTP/1.1 
Host: teenlist.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         104.24.124.40
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dda93aa35ad211c036a26347dca30b5c71542281169; expires=Fri, 15-Nov-19 11:26:09 GMT; path=/; domain=.teenlist.top; HttpOnly
Location: https://teenlist.top/images/button.png
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 47a15c7efc8f3cad-CPH


--- Additional Info ---
                                        
                                            GET /images/button.png HTTP/1.1 
Host: teenlist.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: __cfduid=dda93aa35ad211c036a26347dca30b5c71542281169

                                         
                                         104.24.124.40
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 15 Nov 2018 11:26:10 GMT
Content-Length: 6943
Connection: keep-alive
Last-Modified: Sun, 15 Oct 2017 06:23:31 GMT
Etag: "59e2fee3-1b1f"
Expires: Sat, 15 Dec 2018 11:26:10 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c84f8d33cad-CPH


--- Additional Info ---
Magic:  PNG image, 88 x 31, 8-bit/color RGB, non-interlaced
Size:   6943
Md5:    1a1cd2a5dd532cf634049f0724d44cdc
Sha1:   d364bc4f3ba857c360dcae679879a7fd9b87c0d1
Sha256: 637c79208ab21ec014fc1831bc076e9ecde26a125fb3abb131118323aff9ce08
                                        
                                            GET /adspace/3609304.js HTTP/1.1 
Host: adspaces.ero-advertising.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         185.70.212.108
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:11 GMT
Transfer-Encoding: chunked
Connection: close
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 15 Nov 2018 11:26:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DSP COR TAIa SAMa NOR"
Set-Cookie: uvid=82ee970d8d96f80b67fff83d5faeaba4; expires=Fri, 15-Nov-2019 11:26:11 GMT; Max-Age=31536000; path=/; domain=.ero-advertising.com uvid=82ee970d8d96f80b67fff83d5faeaba4; expires=Fri, 15-Nov-2019 11:26:11 GMT; Max-Age=31536000; path=/; domain=.eroadvertising.com
X-Backend-Server: nl1-web213-36


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   834
Md5:    b292b9f80f5c9cf185631da36f808a1e
Sha1:   587d1e6c2e6dacb52701dd6107c23c59551609a5
Sha256: 59a2e5fe63d911c8692b5d08c248de91c157255510a092af6e75a5bfac15c5cc
                                        
                                            GET / HTTP/1.1 
Host: c.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         104.17.167.186
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 15 Nov 2018 11:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5caa8836cb8f1cdf1b048411ac247baf1542281171; expires=Fri, 15-Nov-19 11:26:11 GMT; path=/; domain=.adsco.re; HttpOnly
Content-Encoding: gzip
CF-Cache-Status: HIT
Cache-Control: max-age=259200,public,immutable
CF-RAY: 47a15c8aa7c74273-OSL
Etag: "2580477e7bab1514d7333dd449e13a43"
Expires: Tue, 13 Nov 2018 21:22:08 GMT
Link: <//adsco.re>;rel=preconnect,<//6.adsco.re>;rel=prefetch,<//ebb07c2aea2c3fd559b70c22b4a254bd.l.adsco.re>;rel=prefetch
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   11214
Md5:    d734b17d372a49ed87b5a088fb4c0d6b
Sha1:   0c29f3ee5911da8c95ac3f5625db622f942e08f9
Sha256: 0d4b84b1304c66dbb9c2630d8c6a1184deac4dd26b8825c20f22f84d75e42e2a
                                        
                                            GET /button.php?u=forbidden HTTP/1.1 
Host: xfap.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: __cfduid=d494516ddf67fe368faec6fb928dc94fa1542281168

                                         
                                         104.31.80.118
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://xfap.eu/images/button.gif
Server: cloudflare
CF-RAY: 47a15c8af7e04291-OSL


--- Additional Info ---
                                        
                                            GET /s/droidsans/v8/SlGVmQWMvZQIdix7AFxXkHNSaw.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Droid+Sans
Origin: http://bi3some.sextgem.com

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 24888
Date: Sat, 10 Nov 2018 02:44:37 GMT
Expires: Sun, 10 Nov 2019 02:44:37 GMT
Last-Modified: Wed, 11 Oct 2017 18:25:11 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 463294


--- Additional Info ---
Magic:  data
Size:   24888
Md5:    156bcea41968749e1e67dfb42f5d2626
Sha1:   bd466fa979e3fa6389655cc0a6d9ed945d0cf9d6
Sha256: 1a608dae17698385b2db83b639dcdc422aa70a179c2884752e5a8c2609e8894a
                                        
                                            GET /banner.go?fprint=unknown&time=1542281171&spaceid=3609304&doc=http%3A//bi3some.sextgem.com/&tz=-1&sh=885&sw=1176 HTTP/1.1 
Host: go.ero-advertising.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: uvid=82ee970d8d96f80b67fff83d5faeaba4

                                         
                                         185.70.212.109
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:11 GMT
Transfer-Encoding: chunked
Connection: close
X-Request-Id: 1542281171758604436
X-Backend-Server: nl1-web213-30
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1150
Md5:    f010ad9af343e6e3cb8d179d1b018425
Sha1:   eb356ba076458e55e22f6b455f8736dc3defbae2
Sha256: c9d012031157e2847e9070b1a810b4ae46bb72e2f1e1a73f2946cc765d67e7b1
                                        
                                            GET /js15_as.js HTTP/1.1 
Host: s10.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         46.105.201.240
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Thu, 15 Nov 2018 11:25:26 GMT
Etag: "1262556565"
Last-Modified: Mon, 12 Jun 2017 15:26:33 GMT
Content-Length: 4243
Content-Encoding: gzip
Vary: Accept-Encoding
X-CDN-Pop: sbg
X-CDN-Pop-IP: 137.74.120.32/27
X-Cacheable: Matched cache
Accept-Ranges: bytes
X-IPLB-Instance: 4760


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4243
Md5:    56bb73fb348426e693c0eaa9dd2abbc0
Sha1:   1ffbf180a67c8ed35ece4a432d9d6dacd16961f5
Sha256: f4f7ac364c5b2b15a517942786044905da98388284ddfb1302bf76bbf407b8a5
                                        
                                            GET /images/close2.png?v=0.01 HTTP/1.1 
Host: xtgem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         178.33.123.218
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 15 Nov 2018 11:25:52 GMT
Last-Modified: Mon, 11 Dec 2017 13:05:49 GMT
Etag: "234-5601031744540"
Content-Length: 564
Cache-Control: max-age=2592000
Expires: Sat, 15 Dec 2018 11:25:52 GMT
X-Ngz: 1
Age: 19
X-Cache: HIT
X-Cache-Hits: 31
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  PNG image, 32 x 32, 8-bit colormap, non-interlaced
Size:   564
Md5:    865dce1b2a4002b9a85f75ea622f4000
Sha1:   f56c8218b5ca721a9e5a3daec742a6f38c33c075
Sha256: bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3
                                        
                                            GET /stats/3715153.php?3715153&@f16&@g1&@h1&@i1&@j1542281171853&@k0&@l1&@mBI%203SOME%20-%20HD%20Bisexual%20Movies%20from%20Hardcore%20Bisex%20Orgies&@n0&@o1000&@q0&@r0&@s605&@ten-US&@u1176&@vhttp%3A%2F%2Fbi3some.sextgem.com%2F&@w HTTP/1.1 
Host: s4.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         208.43.241.179
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 103
Connection: close
Set-Cookie: CountUid=727ae0bb-9djv-4d0b-afdb-507104a03050; domain=.histats.com; Max-Age=31536000; Expires=Fri, 15-Nov-2019 11:26:12 GMT


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   103
Md5:    2b6205b6f44c516450890839a6402cd4
Sha1:   6976648d4cb5eb7632ceed0d693a6f48600b359e
Sha256: afa6bea585e6a4d9375bc4c1bc728c1dc5cc89438132909d6fbc706f541f3411
                                        
                                            GET /counters/cc_605.js HTTP/1.1 
Host: s10.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         46.105.201.240
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Thu, 15 Nov 2018 11:24:21 GMT
Etag: "49411206"
Last-Modified: Mon, 12 Jun 2017 15:28:07 GMT
Content-Length: 4511
Content-Encoding: gzip
Vary: Accept-Encoding
X-CDN-Pop: sbg
X-CDN-Pop-IP: 137.74.120.32/27
X-Cacheable: Matched cache
Accept-Ranges: bytes
X-IPLB-Instance: 4760


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   4511
Md5:    1222951b2e299f3e6a9333e42d0eda4f
Sha1:   4421617f1004297415d9b6321a96a218121c89ca
Sha256: cd7982d3864d7403091f472212d2d8ae69f35f109c852e1e74741c5f6f861f4a
                                        
                                            GET /bi3some.sextgem.com/nwmo/300/250 HTTP/1.1 
Host: prwidgets.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         131.153.42.225
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=c589878c936bc114485cde5883769093; path=/ woa1quur7O=a293ef8acab18e1c1935a39462873f9b822cecada310678b4fae0d6d52f7eeafad761be712da6568dc60424ced60aba208de635211a82cbf8b8f892a8626660b; expires=Tue, 14-May-2019 11:26:12 GMT; Max-Age=15552000 prVi=7hqEctCROu6mZEA750pfYwA0oyHwW0RH; expires=Fri, 15-Nov-2019 11:26:12 GMT; Max-Age=31536000; path=/; domain=.plugrush.com
Pragma: no-cache
Cache-Control: no-cache, must-revalidate, no-transform
Expires: Tue, 31 Dec 2013 23:59:59 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3449
Md5:    a3a0e692b9b3411c00096e1d15b743e1
Sha1:   b198fce36fb4da84d8b88e9076a66ee7326e1e1f
Sha256: 7b22f7c58c51830c066a591ae04ba560ded2f5ff4771c809264dacc6dcafc838
                                        
                                            GET /in.php?nr=14786 HTTP/1.1 
Host: teenystar18.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         79.98.29.74
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Set-Cookie: PHPSESSID=hmojg5vek0dc0pcme1sbdpeap5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: http://teenystar18.toplistcreator.eu/index.html
X-XSS-Protection: 1; mode=block


--- Additional Info ---
                                        
                                            GET /css?family=Ubuntu HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://prwidgets.com/bi3some.sextgem.com/nwmo/300/250

                                         
                                         216.58.207.234
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 15 Nov 2018 11:26:12 GMT
Date: Thu, 15 Nov 2018 11:26:12 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   188
Md5:    0ecbf0fcddeb1f857087fb041ee90185
Sha1:   0d6d2b105a97624b4791f6aa38cb1960785b10a7
Sha256: c3979a8773484046ed060682875b3b6689ffeeb151f2bdf068e4402f007a6617
                                        
                                            GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://prwidgets.com/bi3some.sextgem.com/nwmo/300/250

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 29707
Date: Tue, 13 Nov 2018 14:53:59 GMT
Expires: Wed, 13 Nov 2019 14:53:59 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 160333


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   29707
Md5:    47f7e7dc510c568ecd939027eea01fd5
Sha1:   b2bcfb1482678267d927a8f8fffb57caf8159c72
Sha256: d3572f276333bb364358649daddd028baff8712716c0d4dff606b65ae6e8d5b3
                                        
                                            GET /s/ubuntu/v12/4iCs6KVjbNBYlgoKfw7w.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Ubuntu
Origin: http://prwidgets.com

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 39164
Date: Tue, 13 Nov 2018 15:05:37 GMT
Expires: Wed, 13 Nov 2019 15:05:37 GMT
Last-Modified: Wed, 01 Aug 2018 17:29:17 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 159635


--- Additional Info ---
Magic:  data
Size:   39164
Md5:    1e926e228a9e2e1e77034f624211e2b4
Sha1:   81b65797feddcf3c63a4fd1b1d8a17292d860588
Sha256: ffbe818be4c8336352f14d6b780c37bf26660aeaed256cd5c44ced9792043ef3
                                        
                                            GET /button.php?u=bi3some HTTP/1.1 
Host: teenlist.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: __cfduid=dda93aa35ad211c036a26347dca30b5c71542281169

                                         
                                         104.24.124.40
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://teenlist.top/images/button.png
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 47a15c8b1e933cad-CPH


--- Additional Info ---
                                        
                                            GET /index.html HTTP/1.1 
Host: teenystar18.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/
Cookie: PHPSESSID=hmojg5vek0dc0pcme1sbdpeap5

                                         
                                         79.98.29.74
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7602
Md5:    b35883cc935e102fece13af39f1dc4be
Sha1:   f4a5fc367a8dcdb4fd49eee3e2c97db3b8ca720c
Sha256: bb24b2394defeb66f8791a21fadcf31a22ea35aecb32a626a790806b786dc0a3
                                        
                                            GET /__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9iaTNzb21lLnNleHRnZW0uY29tXC9pbmRleCIsImxvZ2dlZF9pbiI6ZmFsc2UsImRvbWFpbiI6ImJpM3NvbWUuc2V4dGdlbS5jb20iLCJwb3NpdGlvbiI6eyJhYnNvbHV0ZSI6ImZpeGVkIn19 HTTP/1.1 
Host: xtgem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bi3some.sextgem.com/

                                         
                                         178.33.123.218
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:11 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: session=d2~eefrsnlrclnjhkamsbp2l3i2v5; expires=Fri, 16-Nov-2018 11:26:11 GMT; Max-Age=86400; path=/; domain=.xtgem.com; httponly __template=web; expires=Sat, 15-Dec-2018 11:26:11 GMT; Max-Age=2592000; path=/ __lang=us; expires=Sat, 15-Dec-2018 11:26:11 GMT; Max-Age=2592000; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2776
Age: 0
X-Cache: MISS
X-Cache-Hits: 0
Accept-Ranges: bytes
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2776
Md5:    98ad24bb53c1949a2fd28cf50b57470e
Sha1:   c9bf7be037dbbe79c91dc0e2b535f0786e8745a5
Sha256: 9dda6e1865fc9e330397c4cbfabf61566cb77f46744275d1800a0b65defec0f9
                                        
                                            GET /count.asp?id=1787216&logo=s HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:12 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 87a, 14 x 14
Size:   104
Md5:    3e40fcd0c923826989523d1351968973
Sha1:   906529f47f4288a7f16ccecc41c0caa66790b010
Sha256: 586e5ad59579ca773666a3e496badfe19a03579d998821f4ae86d6eada03ac2d
                                        
                                            GET /jam_min.js HTTP/1.1 
Host: js.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         151.139.236.208
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 06 Jun 2016 18:41:27 GMT
Etag: W/"5755c3d7-5394"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6760
Md5:    ea621279dc503aa46b3ce13d2d944387
Sha1:   b9c70caaa9b16e9121f943d63fa686127653a501
Sha256: f1c02f4b8abc58beb5f9fbbb7595c62a57b76316505ea8e21e0afb68a26daac5
                                        
                                            GET /ArchangelR/PATRATE/ptv019.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 97991
Connection: keep-alive
Set-Cookie: __cfduid=d2d90e29787f8bc44b87174920dcc71621542281172; expires=Fri, 15-Nov-19 11:26:12 GMT; path=/; domain=.3ezy.net; HttpOnly
x-amz-id-2: CwRIO9OgFPH+Hpu7pvTSaxdRGJ4mD/dVuaIynBt5Ez4SzJXsFtNDU/icOU3QFqFm5t/usb873wM=
x-amz-request-id: A80DFB5DF915488F
Last-Modified: Thu, 10 May 2018 20:23:29 GMT
Etag: "d595f79e6a74dbbaf3dc57781525ab3d"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:12 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c8f95a14285-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   97991
Md5:    d595f79e6a74dbbaf3dc57781525ab3d
Sha1:   1ffb7e3465c3e2b046c1aa6099864d5be39a5e6e
Sha256: 81ac9a74d92f7b58bf72aeb968b3bd2b8d9b4223f0f8ddf75db33f651e1c0757
                                        
                                            GET /count.asp?id=1787216&logo=bc HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:12 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 120
Size:   1868
Md5:    92139cfe053fe23ee1c8806f41e34162
Sha1:   ff3df43a8d7a3913177e5aefec94b3378da262ad
Sha256: a3d9497722818bc95e4b15703f275b047d558292e03092906cf933c11a037143
                                        
                                            GET /klguhczllzwwtgx.php HTTP/1.1 
Host: teenystar18.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: PHPSESSID=hmojg5vek0dc0pcme1sbdpeap5

                                         
                                         79.98.29.74
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7602
Md5:    b35883cc935e102fece13af39f1dc4be
Sha1:   f4a5fc367a8dcdb4fd49eee3e2c97db3b8ca720c
Sha256: bb24b2394defeb66f8791a21fadcf31a22ea35aecb32a626a790806b786dc0a3
                                        
                                            GET /ArchangelR/PATRATE/ptv034.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 78157
Connection: keep-alive
Set-Cookie: __cfduid=d44a8ba87b0c633a31e015d9a481f6d181542281172; expires=Fri, 15-Nov-19 11:26:12 GMT; path=/; domain=.3ezy.net; HttpOnly
x-amz-id-2: 3dcxa9f0pY/FvicqgpK2N6UBuAawZDN5c6RP9tT+084HJZ6eL7RVTkrKyOx7Vq8/KrKT0mNN5m8=
x-amz-request-id: DF77F4327D58F6CD
Last-Modified: Mon, 09 Jul 2018 14:04:27 GMT
Etag: "f8e9c2062663935fc9ec966c4247f878"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:12 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c8fa0b04273-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   78157
Md5:    f8e9c2062663935fc9ec966c4247f878
Sha1:   348a60b8f54d0fa143a5ed804dd3edafec2969c0
Sha256: 1079366fb499ca4aadfe8fcee401d173e7fe83f7bbd45191d82408dc85873617
                                        
                                            GET /img/loader_head.gif HTTP/1.1 
Host: prstatics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://prwidgets.com/bi3some.sextgem.com/nwmo/300/250

                                         
                                         23.235.244.225
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 723
Connection: keep-alive
Last-Modified: Thu, 16 Feb 2012 15:14:10 GMT
Etag: "4f3d1d42-2d3"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  GIF image data, version 89a, 16 x 11
Size:   723
Md5:    348075813c11da2969c61044ecccaf58
Sha1:   a65b9b4e79d4e2bc24c8288b1f426c3ee90821b9
Sha256: 28b8b4583637ed2f48df86273b4b8fc9560d371efada61b286986b9cbacb2637
                                        
                                            GET /img/prLogo.png HTTP/1.1 
Host: prstatics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://prwidgets.com/bi3some.sextgem.com/nwmo/300/250

                                         
                                         23.235.244.225
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 5566
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2011 14:20:49 GMT
Etag: "4ed398c1-15be"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  PNG image, 207 x 30, 8-bit/color RGBA, non-interlaced
Size:   5566
Md5:    6edf85b3fab6ee984ffe9db36853062d
Sha1:   2905a895c0d542a3a42fc45570f8b048aef93029
Sha256: bff7cb884e9fcf4618081710ac03a047617c90f2bd2260fba553b817047813ec
                                        
                                            GET /0.gif?3901545&101 HTTP/1.1 
Host: sstatic1.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         208.43.241.178
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 43
Connection: close
Set-Cookie: CountUid=d469fb7b-c0os-4bef-a492-9ba8c9790d25; domain=.histats.com; Max-Age=31536000; Expires=Fri, 15-Nov-2019 11:26:12 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    07fff40b5dd495aca2ac4e1c3fbc60aa
Sha1:   e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
Sha256: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
                                        
                                            GET /ArchangelR/PATRATE/ptv032.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 154456
Connection: keep-alive
Set-Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172; expires=Fri, 15-Nov-19 11:26:12 GMT; path=/; domain=.3ezy.net; HttpOnly
x-amz-id-2: 6eXO6jLsAdL8lMNotudIgWOtesgR/9lBjdodB9uiiaIPuQYdNUVLTx50VcuT86Aw5GgGWBun+DY=
x-amz-request-id: 34B20B11F56C785E
Last-Modified: Mon, 09 Jul 2018 14:04:27 GMT
Etag: "feb0657679227620cae13930b2e4c55d"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:12 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c8f975542a3-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   154456
Md5:    feb0657679227620cae13930b2e4c55d
Sha1:   838254c0973b5c47ee18e9fc332eb150f3afdda2
Sha256: 4f80c75381b5f5d7f1c59174ebbe3f2774ed751a1b9b9c8d1573e96d4263ebec
                                        
                                            GET /b3/8a/47/b38a4705d7d35dfba5d085337fa7c9b8.js HTTP/1.1 
Host: yim3eyv5.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         198.134.112.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.15.1
Date: Thu, 15 Nov 2018 11:25:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13952
Md5:    cad10ee72f63ba75606bcc07c6da99cd
Sha1:   417762b95949917035c29bb921521a208f1a8601
Sha256: e7e8c50ab07fc38ebb32d1fbfd8698c2941cd09e731db9864570911f4313e260
                                        
                                            GET /d/?resource=pubJS HTTP/1.1 
Host: d.smopy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
If-None-Match: W/"769f-87h2nxafjr5QvsWDUYNQWjioMOA"

                                         
                                         131.153.42.225
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Etag: W/"76d5-KJlAxq2/JiAJUagk47GDwXc4vOI"
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9756
Md5:    2d46dc2caa42734965c3721ee286b317
Sha1:   e5af2c3a34c62c9616c88dde80bd303b50a1f163
Sha256: ca17bcc418308c26ab8df1390cd20e07dba9e5bc1466d01a8292a44e1937cca6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 11 Nov 2018 06:52:33 GMT
Etag: 7F28C3B9D406C27CEDD22AF920DC8741B30B316A
X-OCSP-Responder-ID: rmdccaocsp13
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=242138
Expires: Sun, 18 Nov 2018 06:41:50 GMT
Date: Thu, 15 Nov 2018 11:26:12 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    2ee8a1cca62783fe66c63d0f0be82023
Sha1:   7f28c3b9d406c27cedd22af920dc8741b30b316a
Sha256: 537d5f04a567f84d5dd87146119869f0ebc2681ba8d5c80cf60dbbaa1c265874
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 08 Nov 2018 21:27:34 GMT
Etag: B4F86BCBF0C585CE9F3336ED3A5269F9D0555876
X-OCSP-Responder-ID: rmdccaocsp13
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=35498
Expires: Thu, 15 Nov 2018 21:17:50 GMT
Date: Thu, 15 Nov 2018 11:26:12 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    6c0b3adaeb9a7a4de1ef4cb3ef0685ce
Sha1:   b4f86bcbf0c585ce9f3336ed3a5269f9d0555876
Sha256: c63e75e5ce1ef42afbdab8db9f1f18c6fb5ac9945c80fb6343d341e9d7fc46f0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 08 Nov 2018 21:27:34 GMT
Etag: 52B08DA27AC7C6115961987B2C4F7E9CBF19E849
X-OCSP-Responder-ID: rmdccaocsp21
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=35427
Expires: Thu, 15 Nov 2018 21:16:39 GMT
Date: Thu, 15 Nov 2018 11:26:12 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    55c8029448bdeb7cddbdc180bf969536
Sha1:   52b08da27ac7c6115961987b2c4f7e9cbf19e849
Sha256: 1e7fc0a17968ce2ec6d603191a76a66ee9a0970041cb9b10d9891e43dbd0ef84
                                        
                                            GET /prbanners/2017/04/17/34A4LNdikB5SkTPWwu6wqpFFVL1ZXE HTTP/1.1 
Host: prstatics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://prwidgets.com/bi3some.sextgem.com/nwmo/300/250

                                         
                                         23.235.244.225
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 100901
Connection: keep-alive
Last-Modified: Mon, 17 Apr 2017 14:41:53 GMT
Etag: "58f4d431-18a25"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  GIF image data, version 89a, 300 x 250
Size:   100901
Md5:    52e224ee35cc10a2314b8c48d55895d7
Sha1:   f47c194ed9e0c009e5510b27d89d15af306e315a
Sha256: 99ee2abe45b0eb16cf17fa5a97391c9c5b6c06e8044c7458dbceebb4cb453e77
                                        
                                            GET /klguhczllzwwtgx.php HTTP/1.1 
Host: teenystar18.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: PHPSESSID=hmojg5vek0dc0pcme1sbdpeap5

                                         
                                         79.98.29.74
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7602
Md5:    b35883cc935e102fece13af39f1dc4be
Sha1:   f4a5fc367a8dcdb4fd49eee3e2c97db3b8ca720c
Sha256: bb24b2394defeb66f8791a21fadcf31a22ea35aecb32a626a790806b786dc0a3
                                        
                                            GET /service_async.php/serveAd?JSON-response-callback=rpc.callbacks.r1&id=1&c=103654&s=223468 HTTP/1.1 
Host: mobile.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         34.193.112.114
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:12 GMT
Content-Length: 154
Location: http://mobile.juicyads.com/service_async.php?JSON-response-callback=rpc.callbacks.r1&id=1&c=103654&s=223468
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
                                        
                                            GET /js/jads.js HTTP/1.1 
Host: adserver.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         64.59.92.5
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:13 GMT
Last-Modified: Fri, 25 May 2018 20:56:16 GMT
Transfer-Encoding: chunked
Connection: close
Etag: W/"5b087870-149d"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2358
Md5:    33de625f0a6a3dcdd4500118c56c738c
Sha1:   151b0228bc4ea868384c6f261e9b20f97955de00
Sha256: c4033de18ed0a7991d2457727c6e4ebe809786511a8598df22e387d68ccf9581
                                        
                                            GET /service_async.php?JSON-response-callback=rpc.callbacks.r1&id=1&c=103654&s=223468 HTTP/1.1 
Host: mobile.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         34.193.112.114
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:13 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   63
Md5:    aa6b2f02b6e16a86eb971e0b7cb8ad3c
Sha1:   28e0273954a70f5999316fe36be6d45efe432b40
Sha256: 0b20d91bf5532fb3f2af7d1810476403f42873fd51c89d1962d70f5a8dffb5ca
                                        
                                            GET /count.asp?id=1787216&logo=s&http=http%3A//bi3some.sextgem.com/&t=TEENY%20STAR%2018%20-%20teenystar18.toplistcreator.eu&wi=1176&he=885&cd=24 HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:13 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 87a, 14 x 14
Size:   104
Md5:    3e40fcd0c923826989523d1351968973
Sha1:   906529f47f4288a7f16ccecc41c0caa66790b010
Sha256: 586e5ad59579ca773666a3e496badfe19a03579d998821f4ae86d6eada03ac2d
                                        
                                            GET /c.js?ma_di=18319&up=undefined&r=0.9085962819605555 HTTP/1.1 
Host: stat.scroogefrog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         46.105.175.30
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 15 Nov 2018 11:26:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ctcb=1542281173; expires=Thu, 15-Nov-2018 12:26:13 GMT; path=/


--- Additional Info ---
                                        
                                            GET /script/compatibility.js HTTP/1.1 
Host: celeritascdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         104.25.141.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 15 Nov 2018 11:26:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d591dd01a93e2fe713c001a6246ed9a6e1542281173; expires=Fri, 15-Nov-19 11:26:13 GMT; path=/; domain=.celeritascdn.com; HttpOnly
X-GUploader-UploadID: AEnB2Up545S6itRagH9GsAhe5c3GQbO6VyJ-9oHAnGAK-RjEw0i3FTL9hytLxH7-f9XuFdhT19CA7cqiatHnbKt192bt9ydkUvX19TTvrlfCwMdYi3vWOYw
Expires: Thu, 15 Nov 2018 15:26:13 GMT
Cache-Control: public, max-age=14400
Last-Modified: Thu, 30 Aug 2018 12:42:19 GMT
Etag: W/"ec4e9e96026bffb8dced48b580c51b24"
x-goog-generation: 1535632939378080
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11626
x-goog-hash: crc32c=a9fskw==, md5=7E6elgJr/7jc7Ui1gMUbJA==
x-goog-storage-class: MULTI_REGIONAL
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c9702c842bb-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6153
Md5:    d73fbbb971deb4b69d7515dd3a0f31d1
Sha1:   2f4e522353f205806eff64b094e18d4f893b9393
Sha256: 70209b1f1e49037499db507fea1038ede4b704a6e926aa477c601e4cc685d5a3
                                        
                                            GET /stats/3901545.php?3901545&@f16&@g1&@h1&@i1&@j1542281173568&@k0&@l1&@mTEENY%20STAR%2018%20-%20teenystar18.toplistcreator.eu&@n0&@ohttp%3A%2F%2Fbi3some.sextgem.com%2F&@q0&@r0&@s605&@ten-US&@u1176&@vhttp%3A%2F%2Fteenystar18.toplistcreator.eu%2Findex.html&@w HTTP/1.1 
Host: s4.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: CountUid=727ae0bb-9djv-4d0b-afdb-507104a03050; CountUid=d469fb7b-c0os-4bef-a492-9ba8c9790d25

                                         
                                         208.43.241.179
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:13 GMT
Content-Length: 108
Connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   108
Md5:    5ba7e66fb7e893045e04551cde6100a1
Sha1:   4ff440a1dba109c6af20cf448d4eb63c89c1abb4
Sha256: 54ae9752ec0c266a43c41fd50d567899cef543d59b4c62614f167c8318d8812e
                                        
                                            GET /script/firefox.js HTTP/1.1 
Host: celeritascdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: __cfduid=d591dd01a93e2fe713c001a6246ed9a6e1542281173

                                         
                                         104.25.141.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 15 Nov 2018 11:26:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: AEnB2Uq8GH-GMV2_iqRB0-8RfzAzFupgzk4hyRlBwzbRqn50HFkFZQ64Ey583Anr8KFK7_hWrNacHincqwf8OiWrmGGCrtL5ykLU1fHSEhny9Db9UchR7Qc
Expires: Thu, 15 Nov 2018 15:26:13 GMT
Cache-Control: public, max-age=14400
Last-Modified: Thu, 30 Aug 2018 12:42:24 GMT
Etag: W/"edfcf8605fa5637023c65a6cb38300a6"
x-goog-generation: 1535632944615362
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8547
x-goog-hash: crc32c=gRty2A==, md5=7fz4YF+lY3Ajxlpss4MApg==
x-goog-storage-class: MULTI_REGIONAL
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15c98731242bb-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4491
Md5:    17e96dc89e31b75724fd9715d43033c0
Sha1:   411f7f3ad8863216b4b472a4e5f3bb03ad45632a
Sha256: e22e2ca9f8f9d19ac59a450a9eb8a04f93a080e5e06b592610d3079cf0ed37f7
                                        
                                            GET /adshow.php?adzone=700847 HTTP/1.1 
Host: adserver.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         64.59.92.5
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:13 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.4.20
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; expires=Fri, 15-Nov-2019 11:26:13 GMT; path=/; domain=.juicyads.com imps16321=1; expires=Fri, 16-Nov-2018 11:26:13 GMT; path=/; domain=.juicyads.com imps16321=1; expires=Fri, 16-Nov-2018 11:26:13 GMT; path=/; domain=.juicyads.com imps22340=1; expires=Fri, 16-Nov-2018 11:26:13 GMT; path=/; domain=.juicyads.com imps27384=1; expires=Fri, 16-Nov-2018 11:26:13 GMT; path=/; domain=.juicyads.com juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; expires=Sun, 18-Nov-2018 11:26:13 GMT; domain=juicyads.com juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 18-Nov-2018 11:26:13 GMT; domain=juicyads.com
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1874
Md5:    f0f1b2b18e083acbf9e6c94856676fb6
Sha1:   a22ab1b1b5218e13b54d2d371ac75c39d3aefeb3
Sha256: 6e8bb058b38756b838592ccd93b1a19b186c7ce9200a3443e1220c7d21e60ddd
                                        
                                            GET /network/user500/27384-1530187790.gif HTTP/1.1 
Host: ads.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://adserver.juicyads.com/adshow.php?adzone=700847
Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; imps16321=1; imps22340=1; imps27384=1; juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D

                                         
                                         108.161.187.40
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:13 GMT
Content-Length: 28493
Connection: keep-alive
Last-Modified: Thu, 28 Jun 2018 12:09:50 GMT
Etag: "5b34d00e-6f4d"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 125 x 125
Size:   28493
Md5:    e9d6cc8924643278a1fa3d12a5f78b2c
Sha1:   9aaf84a619a84dd5852a159ce2affe4e5b811043
Sha256: 3402f4269ba0c9de13e7818a99570eced1108efa745b561b52cca88a962897d4
                                        
                                            GET /network/user500/22340-1505050832.jpg HTTP/1.1 
Host: ads-a.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://adserver.juicyads.com/adshow.php?adzone=700847
Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; imps16321=1; imps22340=1; imps27384=1; juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D

                                         
                                         108.161.187.40
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:13 GMT
Content-Length: 26560
Connection: keep-alive
Last-Modified: Sun, 10 Sep 2017 13:40:32 GMT
Etag: "59b540d0-67c0"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   26560
Md5:    bed7929bdf7525a5b1c67f4ba1379f86
Sha1:   aec311c85ab8b39878a25a4d76a25e3a1c2f4249
Sha256: 7b0975c9d2c93e1b595753bc0fc6b3cff54d9d3a5d9bcbd2da0fc2d2eea25f0c
                                        
                                            GET /network/user500/16321-1516649226.gif HTTP/1.1 
Host: ads-a.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://adserver.juicyads.com/adshow.php?adzone=700847
Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; imps16321=1; imps22340=1; imps27384=1; juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D

                                         
                                         108.161.187.40
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:13 GMT
Content-Length: 52702
Connection: keep-alive
Last-Modified: Mon, 22 Jan 2018 19:27:06 GMT
Etag: "5a663b0a-cdde"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 125 x 125
Size:   52702
Md5:    9eb9060719a2516fc3ec4f5ac1a667d8
Sha1:   aa18d489b8662bb6b4998dda172f6ce8c010843f
Sha256: 987ececa26c8e15a3fa5a5600fd99c7c6a885b0e578ab8a0ca63e66d6d6d7b14
                                        
                                            GET /in.php?nr=522 HTTP/1.1 
Host: jailbait.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         79.98.29.74
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:14 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Set-Cookie: PHPSESSID=q4nevu1f8eqjbmr9sjdl6sedj0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: http://jailbait.toplistcreator.eu/index.html
X-XSS-Protection: 1; mode=block


--- Additional Info ---
                                        
                                            GET /script/suurl.php?r=2201163&cbrandom=0.9099449255217459&cbiframe=1&cbWidth=300&cbHeight=500&cbtitle=&cbref=&cbdescription=&cbkeywords=&cbcdn=celeritascdn.com HTTP/1.1 
Host: onclickmega.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         35.190.64.167
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Thu, 15 Nov 2018 11:26:14 GMT
Transfer-Encoding: chunked
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: acnetwork=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Referrer-Policy: no-referrer
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
Via: 1.1 google


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   12482
Md5:    ec4205e877d1c77851d501e0f5bcce36
Sha1:   24914057e59fff0d442e15e5ab6aba9815be98f9
Sha256: b6c617dd69c8a555d02bbd8ec9a612f6ca84f6ff4b371f4c0df500accc574ce5
                                        
                                            GET /in.php?nr=436 HTTP/1.1 
Host: toplisted.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         79.98.29.74
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:14 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Set-Cookie: PHPSESSID=jp6imrmot8sivl6af2c2mc1po6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: http://toplisted.toplistcreator.eu/index.html
X-XSS-Protection: 1; mode=block


--- Additional Info ---
                                        
                                            GET /network/user500/16321-1516649216.gif HTTP/1.1 
Host: ads-a.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://adserver.juicyads.com/adshow.php?adzone=700847
Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; imps16321=1; imps22340=1; imps27384=1; juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D

                                         
                                         108.161.187.40
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:13 GMT
Content-Length: 113308
Connection: keep-alive
Last-Modified: Mon, 22 Jan 2018 19:26:56 GMT
Etag: "5a663b00-1ba9c"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 125 x 125
Size:   113308
Md5:    5973aed991a65a527f6072fe6f1ec8e1
Sha1:   66263d97a123af21466c1f8139bf6f2e418e3c8e
Sha256: 0a86a396c2888c2b3e9d7602b70550b084ae8172cedbb25b2d11c2d6ae75bfbc
                                        
                                            GET /datanew/bannerpools/112022/34739.gif HTTP/1.1 
Host: data.ero-advertising.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://go.ero-advertising.com/banner.go?fprint=unknown&time=1542281171&spaceid=3609304&doc=http%3A//bi3some.sextgem.com/&tz=-1&sh=885&sw=1176
Cookie: uvid=82ee970d8d96f80b67fff83d5faeaba4

                                         
                                         185.70.212.103
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.10.3
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 9473
Last-Modified: Fri, 05 Oct 2018 17:34:59 GMT
Connection: close
Etag: "5bb7a0c3-2501"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Compressor: static186
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 87a, 600 x 60
Size:   9473
Md5:    27e148ea9b12b18473ce01aef59575ff
Sha1:   fb0e3d1d628bd35b85a73f9e59d93feef3b291ad
Sha256: c10dd5c729cd7d01697bdcf96adf76700711457861ca702f3921f4157fb797f6
                                        
                                            GET /index.html HTTP/1.1 
Host: toplisted.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: PHPSESSID=jp6imrmot8sivl6af2c2mc1po6

                                         
                                         79.98.29.74
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7871
Md5:    5d79a66f94a01d76f019b995c6455252
Sha1:   06635937db722aede30cae2f160b6769c443d073
Sha256: 2096391b0837aefcc2729ffa13105da3ba0d49ddd58c31acdcb9d7c7ecd23b16

Alerts:
  IDS:
    - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
                                        
                                            GET /ArchangelR/90x30/HRGS003.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 27024
Connection: keep-alive
x-amz-id-2: vz4ClhjPnkBfMlnY9buklzV9+vf7vhTRmyYcr44mNsgpdgaTJlclzNFHx2Gbf76l0W7M8H+PAcs=
x-amz-request-id: B9744FB2E0E07425
Last-Modified: Sun, 05 Aug 2018 11:42:19 GMT
Etag: "c8d109f0f792db9f2facfc8e3fea7edf"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:15 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15ca304654273-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   27024
Md5:    c8d109f0f792db9f2facfc8e3fea7edf
Sha1:   1f76dbc13a6cdc7dce83d360dd2e4a818f5f8ae4
Sha256: 78092ffbf681100339053983567e9761b3079bf37bed3bd8ea57c019fe7de535
                                        
                                            GET /index.html HTTP/1.1 
Host: jailbait.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html
Cookie: PHPSESSID=q4nevu1f8eqjbmr9sjdl6sedj0

                                         
                                         79.98.29.74
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8292
Md5:    721c7b5e940f659f7626ee3db2b4e26d
Sha1:   184049c1b20c278a980dfd3668b0e0ba00e613e6
Sha256: dd27f81dfff6199ad625db138faadc0d0cd1ee6ba1c2fd68a4961cbe56e656d1
                                        
                                            GET /count.asp?id=1787215&logo=2 HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:15 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 89a, 88 x 31
Size:   512
Md5:    e25fbfc2ff4cafe9dd1585c6d4a795a9
Sha1:   1c225d59b8ebc0c164af3870eb98016f53900804
Sha256: 75e1a4861bf5cd74101785f926d27cfac9227e3824c2d497f4fc752d8063e4de
                                        
                                            GET /count.asp?id=1787215&logo=bc HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:15 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 120
Size:   1882
Md5:    33e3422249b60dc4c338adb4cd448340
Sha1:   ed48030665df26d3b5c538b199f51cf2e8982a8e
Sha256: 6449d6ed124fe39cd3260cb4eed40def42a8f4f50a59c1bd68477ad782678669
                                        
                                            GET /linkbanners/fresh88x31.gif HTTP/1.1 
Host: freshnudes.supertop-100.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html

                                         
                                         212.18.234.130
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Server: Apache
Last-Modified: Wed, 15 Mar 2017 20:46:07 GMT
Accept-Ranges: bytes
Content-Length: 3472
Keep-Alive: timeout=2, max=5000
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 88 x 31
Size:   3472
Md5:    7bb6fe54b532ca85538d6f4b988dc4f9
Sha1:   b2e9c5d8d7d9be583f8eee509807344be65cfc9b
Sha256: b5a2efc8adbd60ae623d99b3d73ced55067ef4ab7b7f8c634f55304e9bc2cd79
                                        
                                            GET /ArchangelR/90x30/hrgz012.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 40882
Connection: keep-alive
x-amz-id-2: NwQIY9l36ePfNfgvQkk4wV4Korg63onyOkYO9yRuDMK2of2nIO7Ys34qVeMfAZYttkJCSkIZ6/g=
x-amz-request-id: C82C6BF0BBA85E8A
Last-Modified: Sun, 05 Aug 2018 11:42:19 GMT
Etag: "8fd3b8fd6e4f060442c321c09e444df2"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:15 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15ca360a34279-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   40882
Md5:    8fd3b8fd6e4f060442c321c09e444df2
Sha1:   5e63f271a431ef4effab458cdc1cae4a3aa72e3d
Sha256: ba0b8750e52bb9560e5147bb53de9bd320bb515eccf8282bf3741d81eaccb7b1
                                        
                                            GET /zslcemwxdiynpde.php HTTP/1.1 
Host: toplisted.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: PHPSESSID=jp6imrmot8sivl6af2c2mc1po6

                                         
                                         79.98.29.74
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7871
Md5:    5d79a66f94a01d76f019b995c6455252
Sha1:   06635937db722aede30cae2f160b6769c443d073
Sha256: 2096391b0837aefcc2729ffa13105da3ba0d49ddd58c31acdcb9d7c7ecd23b16

Alerts:
  IDS:
    - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
    - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
                                        
                                            GET /ArchangelR/90x30/HRGS006.gif HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 997241
Connection: keep-alive
x-amz-id-2: mIO/erp1CatEAgvyryOycZ/x5z/YK1VkKm44K7tq7FB5mOic0vyeSQsw32W8dvU34A6EuxXNMnc=
x-amz-request-id: A37D3F7C60CD3BE5
Last-Modified: Wed, 06 Jun 2018 17:15:26 GMT
Etag: "62bf95b0613e91dece19d27eee38e47a"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:15 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15ca3057e42bb-OSL


--- Additional Info ---
Magic:  GIF image data, version 89a, 500 x 215
Size:   997241
Md5:    62bf95b0613e91dece19d27eee38e47a
Sha1:   15886c3275de4b38ecab09e73c30e1ce2a112dd7
Sha256: 076e06bb65dbd1bf957fc08e2c55eb1cd3abd6486a43c4408d5acaeef7bdb0a1
                                        
                                            GET /b3/8a/47/b38a4705d7d35dfba5d085337fa7c9b8.js HTTP/1.1 
Host: yim3eyv5.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         198.134.112.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.15.1
Date: Thu, 15 Nov 2018 11:25:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13953
Md5:    c7c1b949ac6ce4da5435771ad80d4c82
Sha1:   5defdce91928c5df98f983a9147f6ae1fb99be83
Sha256: 52715371e7d48d0c34f6ede3339661ddb077065338b39b1011dae19c5b4b0a23
                                        
                                            GET /d/?resource=pubJS HTTP/1.1 
Host: d.smopy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
If-None-Match: W/"76d5-KJlAxq2/JiAJUagk47GDwXc4vOI"

                                         
                                         131.153.42.225
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Etag: W/"76d8-xebqv6K8Tk0WgZwxLhYVb2UJcF0"
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9754
Md5:    699e602b78b2ed91ec98a8e2bb529835
Sha1:   e31f3e0ff5a296ebe79ca9d895d7ac1b948e22f7
Sha256: 57962bac980c4eecf948b9d4695dfe696c341679ee547986318fb6a78ff6b778
                                        
                                            GET /button.php?u=naktwins HTTP/1.1 
Host: teenlist.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=dda93aa35ad211c036a26347dca30b5c71542281169

                                         
                                         104.24.124.40
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://teenlist.top/images/button.png
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 47a15ca31beb3cad-CPH


--- Additional Info ---
                                        
                                            GET /0.gif?2809112&101 HTTP/1.1 
Host: sstatic1.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: CountUid=d469fb7b-c0os-4bef-a492-9ba8c9790d25

                                         
                                         208.43.241.178
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:16 GMT
Content-Length: 43
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    07fff40b5dd495aca2ac4e1c3fbc60aa
Sha1:   e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
Sha256: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
                                        
                                            GET /ArchangelR/PATRATE/ptv001.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 290188
Connection: keep-alive
x-amz-id-2: QSJxv8zPA31tZThT3PfwdobcFVHj0auQriHyhRQxAEd7t7dkeewatT2Wpsw6pNr9zYbjPFBRfPI=
x-amz-request-id: 590D54CEDAA7E335
Last-Modified: Thu, 10 May 2018 20:23:29 GMT
Etag: "26e265c7a10a5aa4e294c8d7cf6f0235"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:15 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15ca36369427f-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   290188
Md5:    26e265c7a10a5aa4e294c8d7cf6f0235
Sha1:   759bfb1adca9944c9e3b53032947b8221f4fa01c
Sha256: e86404c8380aeb67e4966a1f7dca362ae3a432f4612bd057edf91a74e9eacfe6
                                        
                                            GET /linkbanners/pinupgirlstop100-88x31.gif HTTP/1.1 
Host: www.pinupgirlstop100.bigtopsites.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html

                                         
                                         138.128.184.76
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: public, max-age=604800
Expires: Thu, 22 Nov 2018 11:26:15 GMT
Last-Modified: Sat, 11 Aug 2018 02:51:09 GMT
Content-Length: 4078
Date: Thu, 15 Nov 2018 11:26:15 GMT
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 88 x 31
Size:   4078
Md5:    8ed0a0c06546ed2f452535c58ee981f4
Sha1:   53a6d15b5faa6b0296a285a4cbc712ab226794d0
Sha256: 05d4bd21e66f9cbb5fc08e14eda4f5c90aaa2ce2bd9e633f64e10e99a78adc84
                                        
                                            GET /ArchangelR/PATRATE/ptv005.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 321617
Connection: keep-alive
x-amz-id-2: sJEXDqbch8yY6wVj+v2lAQA6iSFgePCvuVofvVJFj+H+nHQuIZqR+4dclktLVboC9o9PF6NmxXg=
x-amz-request-id: 7FB7F6FE52F97395
Last-Modified: Thu, 10 May 2018 20:23:29 GMT
Etag: "0154e48ddd9905631c93a962aea3b81f"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:15 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15ca3602d426d-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   321617
Md5:    0154e48ddd9905631c93a962aea3b81f
Sha1:   b5293e6a7c11ce6892cef3c86b4d9ea12a6dfc33
Sha256: 5a2d8434d481bf585bb81da63fc3e5c62ab52d32c2ad67c9382f467c2dc2952b
                                        
                                            GET /gfx/6tgp_logo.gif HTTP/1.1 
Host: www.6tgp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html

                                         
                                         208.71.131.24
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Server: Apache
Last-Modified: Fri, 24 Jan 2003 06:11:58 GMT
Etag: "95350b-f9d-3b4f4dde62780"
Accept-Ranges: bytes
Content-Length: 3997
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 165 x 55
Size:   3997
Md5:    7a310b7f71d426188243facc4a59cf6f
Sha1:   1f816300d4ba7288928e116126e41454208814d5
Sha256: 03e38bd56630d34680b5c2a637394fa3a47a24c383f180fec711d54a480bce66
                                        
                                            GET /b3/8a/47/b38a4705d7d35dfba5d085337fa7c9b8.js HTTP/1.1 
Host: yim3eyv5.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html

                                         
                                         198.134.112.241
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.15.1
Date: Thu, 15 Nov 2018 11:25:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13953
Md5:    169f6a6050e896298e23e6afc2d3c556
Sha1:   3b46469cd03bb0e4c7fea5884e5b006d0aaf6dcf
Sha256: eb69d648b49878498f3a4ed685f71b0500227e02a7a1ac0c20231815a67ca329
                                        
                                            GET /service_async.php/serveAd?JSON-response-callback=rpc.callbacks.r1&id=1&c=103654&s=220125 HTTP/1.1 
Host: mobile.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; imps16321=1; imps22340=1; imps27384=1; juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D

                                         
                                         34.193.112.114
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:16 GMT
Content-Length: 154
Location: http://mobile.juicyads.com/service_async.php?JSON-response-callback=rpc.callbacks.r1&id=1&c=103654&s=220125
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
                                        
                                            GET /count.asp?id=1787214&logo=2 HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:16 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 89a, 88 x 31
Size:   512
Md5:    e25fbfc2ff4cafe9dd1585c6d4a795a9
Sha1:   1c225d59b8ebc0c164af3870eb98016f53900804
Sha256: 75e1a4861bf5cd74101785f926d27cfac9227e3824c2d497f4fc752d8063e4de
                                        
                                            GET /ArchangelR/PATRATE/ptv013.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 630004
Connection: keep-alive
x-amz-id-2: BJuHo4zt/SBpC28oaqaeD7QL1ZaG2xKdARxrSGdA5yHYj99PXqStYze8DQQMp973GUxyDWXhHeY=
x-amz-request-id: ED499647108065A3
Last-Modified: Thu, 10 May 2018 20:23:29 GMT
Etag: "606f4031d7b9a024a9d19c9d909e12bb"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:15 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15ca3647a4273-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   630004
Md5:    606f4031d7b9a024a9d19c9d909e12bb
Sha1:   fa31feae412b68cd5bd08326caeac30787fc1a9b
Sha256: 3dcd73890070c64a70b500d13e08632161ad416f5c47bbd44cd307df03264519
                                        
                                            GET /count.asp?id=1787214&logo=bc HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:16 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 120
Size:   1879
Md5:    4a3587c81b03485d4d0781860dc7fb16
Sha1:   b33c5170b8af5a6fa07c8a92abfb37865537dfd4
Sha256: cfbdab5c50688179fb4bfe986264291ec53787e4e19553fde597fb7944c1e0b7
                                        
                                            GET /120x60.jpg HTTP/1.1 
Host: privateteens.us.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html

                                         
                                         46.252.206.1
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:16 GMT
Server: Apache
Last-Modified: Sun, 24 Aug 2014 16:20:39 GMT
Etag: "3496-501627382b192"
Accept-Ranges: bytes
Content-Length: 13462
Cache-Control: max-age=5184000
Expires: Mon, 14 Jan 2019 11:26:16 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   13462
Md5:    333c9697571bec12eaf604a4bda6af23
Sha1:   f7fd24bcaa7f0bf1f8af4ea9bab672da1cb81ca6
Sha256: 1c0e421e87707cb120c6297dfd51405121b7ab6e3011472278e9e8037ae48519
                                        
                                            GET /ArchangelR/PATRATE/36.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:17 GMT
Content-Length: 5856
Connection: keep-alive
x-amz-id-2: bx1urPvm0oytqDeKbETvL4hsAzeXyt/NOpYx3mvIs1RPDC27nMepwsE+Y2ZEtNx3IJ8Chx4Cytc=
x-amz-request-id: CECC1B2B25D78339
Last-Modified: Tue, 19 Jun 2018 13:43:10 GMT
Etag: "53357573ac523abd545a89a857b1e176"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:17 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15cad43154279-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5856
Md5:    53357573ac523abd545a89a857b1e176
Sha1:   ef10a2b9702ce658f6403668a2b0584c1ba70486
Sha256: 92cf03400c90527ebcef54cdb924d529da44d975d2cdabbd926c34b470b8a6a1
                                        
                                            GET /ArchangelR/PATRATE/30.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:17 GMT
Content-Length: 5703
Connection: keep-alive
x-amz-id-2: lIp1IJEVLOSVRqyLTvi30IMdjvFlcF218rqoel9QPjA4D23Tr7z7RNZsw7vCAlkJcsdtcFQWiwc=
x-amz-request-id: B0A00A3E0E404B6D
Last-Modified: Tue, 19 Jun 2018 13:43:10 GMT
Etag: "24472baca4d3f65455b2b69ff8c54163"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:17 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15cad4262426d-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5703
Md5:    24472baca4d3f65455b2b69ff8c54163
Sha1:   22061dfe63b5f8ef0dfcb406ccf42a27fcfbe88a
Sha256: 5ed191934b5dcfb4153a143d614bfd6d3808eb887e7f1ed26ac6ea9a7e2318fb
                                        
                                            GET /ArchangelR/PATRATE/26.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:17 GMT
Content-Length: 6066
Connection: keep-alive
x-amz-id-2: cj2l2zkrGT3nTtF1s52nTj29TTSV9U477UjbH7swwSRMPRMFSa/Q1kAiOBuaFhAUCET1b1OdIsg=
x-amz-request-id: B5B7999F13F466EA
Last-Modified: Tue, 19 Jun 2018 13:43:10 GMT
Etag: "b207653c2d43ed83fc0bb78d100210a7"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:17 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15cad45024267-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   6066
Md5:    b207653c2d43ed83fc0bb78d100210a7
Sha1:   94cc771a408632e901298e91620fd65395a302a9
Sha256: 26cefd40f17fac184895606858134dcdce4ec48039bf413b07494ba85517e326
                                        
                                            GET /button.php?u=jailbaitop HTTP/1.1 
Host: xfap.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: __cfduid=d494516ddf67fe368faec6fb928dc94fa1542281168

                                         
                                         104.31.80.118
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://xfap.eu/images/button.gif
Server: cloudflare
CF-RAY: 47a15cad43514261-OSL


--- Additional Info ---
                                        
                                            GET /topsite/button.php?u=jailbaitop HTTP/1.1 
Host: ls-girls.biz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         46.8.45.102
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Server: Nginx-VPSSIM
Date: Thu, 15 Nov 2018 11:26:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://ls-girls.biz/topsite/images/button.png


--- Additional Info ---
                                        
                                            GET /button.php?u=jailbait HTTP/1.1 
Host: elitepornlist.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         54.36.243.26
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:17 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.6.38
Location: http://elitepornlist.com/images/button.png
Strict-Transport-Security: “max-age=31536000″
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Cache-Status: BYPASS
X-Server-Powered-By: Engintron


--- Additional Info ---
                                        
                                            GET /zslcemwxdiynpde.php HTTP/1.1 
Host: toplisted.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: PHPSESSID=jp6imrmot8sivl6af2c2mc1po6

                                         
                                         79.98.29.74
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7871
Md5:    5d79a66f94a01d76f019b995c6455252
Sha1:   06635937db722aede30cae2f160b6769c443d073
Sha256: 2096391b0837aefcc2729ffa13105da3ba0d49ddd58c31acdcb9d7c7ecd23b16

Alerts:
  IDS:
    - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
    - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
                                        
                                            GET /0.gif?4096114&101 HTTP/1.1 
Host: sstatic1.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: CountUid=d469fb7b-c0os-4bef-a492-9ba8c9790d25

                                         
                                         208.43.241.178
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:17 GMT
Content-Length: 43
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    07fff40b5dd495aca2ac4e1c3fbc60aa
Sha1:   e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
Sha256: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
                                        
                                            GET /script/wait.php?stamat=m%7C%2C%2CQiYroiOmtGU3Bv9GH0dEdHP3xP.f5f%2Cn_zWINFPBR1EmiL39V17cetmYC3SPdrepmKr4nmFrMwFo4gqr9GdXhtpcrKiRjLtgDuPItMmdKh3yQqXj6ptOr1jIbg75ilPhDi7Va7WOT_Dvnl2olXild1qdBTM2dtDw2xCKOHi-vlFvOKjONSeSaVZ2vKLbl6munmcIn4k2Xy84rVWb8Cmbbg0D0hVCI6nUAX0zbMYeekWRZbShVaOcVL-MD7mbxdLhcysfZn-HkQTgKWgR5996i-d5EQOs59n&srbrb=1&callback=jsonp279368 HTTP/1.1 
Host: c.adexchangemachine.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://teenystar18.toplistcreator.eu/index.html

                                         
                                         104.16.233.182
HTTP/1.1 204 No Content
                                        
Date: Thu, 15 Nov 2018 11:26:17 GMT
Connection: keep-alive
Set-Cookie: __cfduid=deb6189803331929a51c9d04888405ae61542281177; expires=Fri, 15-Nov-19 11:26:17 GMT; path=/; domain=.adexchangemachine.com; HttpOnly
Via: 1.1 google
Server: cloudflare
CF-RAY: 47a15cad468c428b-OSL


--- Additional Info ---
                                        
                                            GET /service_async.php?JSON-response-callback=rpc.callbacks.r1&id=1&c=103654&s=220125 HTTP/1.1 
Host: mobile.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; imps16321=1; imps22340=1; imps27384=1; juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D

                                         
                                         34.193.112.114
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:17 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   63
Md5:    aa6b2f02b6e16a86eb971e0b7cb8ad3c
Sha1:   28e0273954a70f5999316fe36be6d45efe432b40
Sha256: 0b20d91bf5532fb3f2af7d1810476403f42873fd51c89d1962d70f5a8dffb5ca
                                        
                                            GET /js/jads.js HTTP/1.1 
Host: adserver.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: surferid=54c402f9bf040a338a59a1bb67ce1824; imps16321=1; imps22340=1; imps27384=1; juicy_data_1=YTo0OntpOjYyMzI2ODtpOjE1NDI1NDAzNzM7aTo2MjMyNjc7aToxNTQyNTQwMzczO2k6NTkyOTc4O2k6MTU0MjU0MDM3MztpOjY1MzgyNDtpOjE1NDI1NDAzNzM7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D

                                         
                                         64.59.92.5
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:17 GMT
Last-Modified: Fri, 25 May 2018 20:56:16 GMT
Transfer-Encoding: chunked
Connection: close
Etag: W/"5b087870-149d"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2358
Md5:    33de625f0a6a3dcdd4500118c56c738c
Sha1:   151b0228bc4ea868384c6f261e9b20f97955de00
Sha256: c4033de18ed0a7991d2457727c6e4ebe809786511a8598df22e387d68ccf9581
                                        
                                            GET /topsite/images/button.png HTTP/1.1 
Host: ls-girls.biz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         46.8.45.102
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: Nginx-VPSSIM
Date: Thu, 15 Nov 2018 11:26:16 GMT
Content-Length: 1761
Last-Modified: Wed, 15 Jun 2016 11:58:45 GMT
Connection: keep-alive
Etag: "576142f5-6e1"
Expires: Sat, 15 Dec 2018 11:26:16 GMT
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 88 x 31, 8-bit/color RGB, non-interlaced
Size:   1761
Md5:    172ed54a1bef0f4c12eb762eb9dd8f59
Sha1:   32c1773d22703c7cc1cb21ce8dff90ae9fb80cdb
Sha256: a2e0b442bd3a1b0241983ca52593c5cecc9db0eb69878ff8b3565ec6a5c3ca77
                                        
                                            GET /images/button.png HTTP/1.1 
Host: elitepornlist.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         54.36.243.26
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:17 GMT
Content-Length: 922
Connection: keep-alive
Last-Modified: Thu, 05 Jul 2018 01:03:33 GMT
Strict-Transport-Security: “max-age=31536000″
Expires: Mon, 14 Jan 2019 11:26:17 GMT
Cache-Control: max-age=5184000
Pragma: public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 88 x 31, 8-bit/color RGBA, non-interlaced
Size:   922
Md5:    b82bbb6742f898cc3d832a09fda8b012
Sha1:   8f7b375d02db2d248639db10040c2263eda733b5
Sha256: bd75d29e00afca55cb12f19c9255abb245a54e1d4161ee9a6dc77fe7cab6a4f3
                                        
                                            GET /count.asp?id=1787215&logo=2&http=http%3A//teenystar18.toplistcreator.eu/index.html&t=TOP.LISTED%20MODELS%20-%20toplisted.toplistcreator.eu&wi=1176&he=885&cd=24 HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:17 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 89a, 88 x 31
Size:   512
Md5:    e25fbfc2ff4cafe9dd1585c6d4a795a9
Sha1:   1c225d59b8ebc0c164af3870eb98016f53900804
Sha256: 75e1a4861bf5cd74101785f926d27cfac9227e3824c2d497f4fc752d8063e4de
                                        
                                            GET /c.js?ma_di=18319&up=undefined&r=0.20226738603641214 HTTP/1.1 
Host: stat.scroogefrog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: ctcb=1542281173

                                         
                                         46.105.175.30
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 15 Nov 2018 11:26:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ctcb=1542281177; expires=Thu, 15-Nov-2018 12:26:17 GMT; path=/


--- Additional Info ---
                                        
                                            GET /ArchangelR/90x30/3somegif_118.gif HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 15 Nov 2018 11:26:15 GMT
Content-Length: 2065515
Connection: keep-alive
x-amz-id-2: 5ANkEn8WojQSlM3dIE0YlxjzejBLR5NnFcs+0pskA5s8bMLxc5TIJb/7m1z3ibk6LWbwE/R/B3c=
x-amz-request-id: 7D393A5A20EB1B3D
Last-Modified: Sun, 05 Aug 2018 11:42:20 GMT
Etag: "8cbfe0baf324cb1be2f56b73dd0feb65"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:15 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15ca35632429d-OSL


--- Additional Info ---
Magic:  GIF image data, version 89a, 500 x 210
Size:   2065515
Md5:    8cbfe0baf324cb1be2f56b73dd0feb65
Sha1:   f90ba523bc263b54d3623be9f3f64f8f1030901f
Sha256: e4a2a4d4061add0867a202cd74ca91ce8ab8fbfcb99de3b84c2591f8d5b09079
                                        
                                            GET /pkfwhbkqwanjp.php HTTP/1.1 
Host: jailbait.toplistcreator.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: PHPSESSID=q4nevu1f8eqjbmr9sjdl6sedj0; juicynomobile=1

                                         
                                         79.98.29.74
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8292
Md5:    721c7b5e940f659f7626ee3db2b4e26d
Sha1:   184049c1b20c278a980dfd3668b0e0ba00e613e6
Sha256: dd27f81dfff6199ad625db138faadc0d0cd1ee6ba1c2fd68a4961cbe56e656d1
                                        
                                            GET /m1qtw3b83/1w_03.jpg HTTP/1.1 
Host: s19.postimg.cc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         51.15.123.120
HTTP/1.1 200
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:25:41 GMT
Content-Length: 126588
Connection: keep-alive
Last-Modified: Fri, 09 Feb 2018 20:30:27 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   126588
Md5:    2fc9cf8aa92dd2d6397d9f348226555d
Sha1:   a5a50bd5a4fb1f09f98579ace31ce3738626ef9a
Sha256: e2b4efa0c236b4f3baa931ccea0f29dc8ff91626ec2d4917c033fbd2f452df85
                                        
                                            GET /button.php?u=jailbaitop HTTP/1.1 
Host: xfap.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: __cfduid=d494516ddf67fe368faec6fb928dc94fa1542281168

                                         
                                         104.31.80.118
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://xfap.eu/images/button.gif
Server: cloudflare
CF-RAY: 47a15cb2c4b84261-OSL


--- Additional Info ---
                                        
                                            GET /topsite/button.php?u=jailbaitop HTTP/1.1 
Host: ls-girls.biz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         46.8.45.102
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Server: Nginx-VPSSIM
Date: Thu, 15 Nov 2018 11:26:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://ls-girls.biz/topsite/images/button.png


--- Additional Info ---
                                        
                                            GET /button.php?u=jailbait HTTP/1.1 
Host: elitepornlist.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         54.36.243.26
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.6.38
Location: http://elitepornlist.com/images/button.png
Strict-Transport-Security: “max-age=31536000″
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Cache-Status: BYPASS
X-Server-Powered-By: Engintron


--- Additional Info ---
                                        
                                            GET /c.js?ma_di=18319&up=undefined&r=0.7341769021101171 HTTP/1.1 
Host: stat.scroogefrog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: ctcb=1542281177

                                         
                                         46.105.175.30
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 15 Nov 2018 11:26:18 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ctcb=1542281178; expires=Thu, 15-Nov-2018 12:26:18 GMT; path=/


--- Additional Info ---
                                        
                                            GET /count.asp?id=1787214&logo=2&http=http%3A//teenystar18.toplistcreator.eu/index.html&t=JAILBAIT%20TOP%20-%20jailbait.toplistcreator.eu&wi=1176&he=885&cd=24 HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:18 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 89a, 88 x 31
Size:   512
Md5:    e25fbfc2ff4cafe9dd1585c6d4a795a9
Sha1:   1c225d59b8ebc0c164af3870eb98016f53900804
Sha256: 75e1a4861bf5cd74101785f926d27cfac9227e3824c2d497f4fc752d8063e4de
                                        
                                            GET /stats/2809112.php?2809112&@f16&@g1&@h1&@i1&@j1542281177904&@k0&@l1&@mTOP.LISTED%20MODELS%20-%20toplisted.toplistcreator.eu&@n0&@ohttp%3A%2F%2Fteenystar18.toplistcreator.eu%2Findex.html&@q0&@r0&@s605&@ten-US&@u1176&@vhttp%3A%2F%2Ftoplisted.toplistcreator.eu%2Findex.html&@w HTTP/1.1 
Host: s4.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: CountUid=727ae0bb-9djv-4d0b-afdb-507104a03050; CountUid=d469fb7b-c0os-4bef-a492-9ba8c9790d25

                                         
                                         208.43.241.179
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 110
Connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   110
Md5:    1a0fb09041a40e3375884f14123ebfb0
Sha1:   3a8ddbca0899c17e131e017718e507eb9933a271
Sha256: 608b826910dbf2bb9b8f784f65aa2890a225d77f2ffcd479048705ba58b8a115
                                        
                                            GET /ats/button.php?u=jailbaitop HTTP/1.1 
Host: amateursbf.skn1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         198.27.106.32
HTTP/1.1 502 Bad Gateway
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 166
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  HTML document text
Size:   166
Md5:    261b1f079fa0a5c0c32d181e43440c05
Sha1:   300ee04911225728b015abd82d7ca5f43f999b79
Sha256: c79255f6cb550eaa07d6e90d859b8c1abe81658115ae8175e74b67ac22c7ed87
                                        
                                            GET /d/?resource=pubJS HTTP/1.1 
Host: d.smopy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
If-None-Match: W/"76d8-xebqv6K8Tk0WgZwxLhYVb2UJcF0"

                                         
                                         131.153.42.225
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Etag: W/"76dc-kvR7Cn0Pcf6w2hRH/RUChZhczNg"
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9754
Md5:    ee74e1a494a0916e22dbe81539b33a05
Sha1:   4fc8deb425c1f45e11a854ba7c50314610a053e0
Sha256: b6af49306009caa1e70bef04048efd2b79db37a30cbfeda9ceaf465051fef58c
                                        
                                            GET /in.php?nr=14959 HTTP/1.1 
Host: porn.xtop.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html

                                         
                                         79.98.29.74
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Set-Cookie: PHPSESSID=4vbbip89j3e26iotnr3bt2n7g4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: http://porn.xtop.eu/index.html
X-XSS-Protection: 1; mode=block


--- Additional Info ---
                                        
                                            GET /script/suurl.php?r=2201163&cbrandom=0.2125606238201947&cbiframe=1&cbWidth=600&cbHeight=800&cbtitle=&cbref=&cbdescription=&cbkeywords=&cbcdn=celeritascdn.com HTTP/1.1 
Host: onclickmega.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html

                                         
                                         35.190.64.167
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Link: <//c.adexchangemachine.com>; rel=dns-prefetch,<//c.adexchangemachine.com>; rel=preconnect
Set-Cookie: acnetwork=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Referrer-Policy: no-referrer
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
Via: 1.1 google


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2427
Md5:    4d4399374ec30426812081fc58932db0
Sha1:   f2365ef18966df2fbdde86e04543b9faa799ec67
Sha256: edfe1d86789269de7ec40e7ce8c9200c62b32770deac3ad3ddd6f786ee6f7d77
                                        
                                            GET /stats/4096114.php?4096114&@f16&@g1&@h1&@i1&@j1542281178109&@k0&@l1&@mJAILBAIT%20TOP%20-%20jailbait.toplistcreator.eu&@n0&@ohttp%3A%2F%2Fteenystar18.toplistcreator.eu%2Findex.html&@q0&@r0&@s605&@ten-US&@u1176&@vhttp%3A%2F%2Fjailbait.toplistcreator.eu%2Findex.html&@w HTTP/1.1 
Host: s4.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html
Cookie: CountUid=727ae0bb-9djv-4d0b-afdb-507104a03050; CountUid=d469fb7b-c0os-4bef-a492-9ba8c9790d25

                                         
                                         208.43.241.179
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 112
Connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   112
Md5:    76cfdde81dee9abb9ed99101f4047dae
Sha1:   a169c64950b81cae8a4f496e7c5b477bacb2791a
Sha256: 496c604f298e21b4b10aab383b92ff53799e12ddbb08f53b09a23fff43346a8a
                                        
                                            GET /index.html HTTP/1.1 
Host: porn.xtop.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: PHPSESSID=4vbbip89j3e26iotnr3bt2n7g4

                                         
                                         79.98.29.74
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7379
Md5:    4e623ad1b349f8a43819e527e9be576c
Sha1:   c34638e8ded108626faa4b4c5fb03522e9ba4d80
Sha256: 17e048d38030a9916b1c710b0e35b74da8c497547a0831ad793f1bfde0c147e9
                                        
                                            GET /ArchangelR/SKY/0011.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://porn.xtop.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 5701
Connection: keep-alive
x-amz-id-2: E02mwFFKgjH0DI/QEcy+jbi9pYbBvOolfYNhGkgtvzwPPtjmYrY7kxtM2iEVPeT2oJj2FbJZGnM=
x-amz-request-id: E43F0013F66B4A84
Last-Modified: Tue, 07 Aug 2018 05:35:07 GMT
Etag: "51c3d1e375e9120255390214ce8823c4"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:18 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15cb5803b4273-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5701
Md5:    51c3d1e375e9120255390214ce8823c4
Sha1:   206bfc9e7a639e6efd13b6fb6744fa16561cf2ce
Sha256: 22a727db170826e493511ad9566b4b90c0b5330ac846b1e7597898817dfecb10
                                        
                                            GET /ArchangelR/SKY/0014.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://porn.xtop.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 21232
Connection: keep-alive
x-amz-id-2: SMuVmngqzJ2uPG1S16HShAur8xjd2Jtr+49HbmMXxVvchcPMtdc/4C6K9sj4EFst9ud02ftup9M=
x-amz-request-id: 077BC014CCAF4053
Last-Modified: Tue, 07 Aug 2018 05:35:07 GMT
Etag: "8d32667799e846f09f58c72b0b6e140e"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:18 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15cb584ad4279-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   21232
Md5:    8d32667799e846f09f58c72b0b6e140e
Sha1:   279aefc0491b80c220d771eb00213dad9016bc4b
Sha256: 3a1994ee843e2f7153a5f393e16db007cce022c6c78206567ecaf957cacf4c58
                                        
                                            GET /button.php?u=naktwins HTTP/1.1 
Host: teenlist.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://toplisted.toplistcreator.eu/index.html
Cookie: __cfduid=dda93aa35ad211c036a26347dca30b5c71542281169

                                         
                                         104.24.124.40
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://teenlist.top/images/button.png
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 47a15cafdabf3cad-CPH


--- Additional Info ---
                                        
                                            GET /ArchangelR/SKY/11125.jpg HTTP/1.1 
Host: f.3ezy.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://porn.xtop.eu/index.html
Cookie: __cfduid=da17759262bc6f1e01ffe70f0d72f067f1542281172

                                         
                                         104.28.26.116
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 10783
Connection: keep-alive
x-amz-id-2: 07bhGzLkdKKBlpdX+IwJPFet8K4nTaQdDhRWV0w7EzV1Vkoi5TPHggUxN34EdNwNTSYsc/+e9MQ=
x-amz-request-id: C29E0A07F0AA3199
Last-Modified: Tue, 07 Aug 2018 05:35:07 GMT
Etag: "2722e261f644e2224797580126e5702f"
CF-Cache-Status: HIT
Expires: Sun, 16 Dec 2018 11:26:18 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 47a15cb59419426d-OSL


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   10783
Md5:    2722e261f644e2224797580126e5702f
Sha1:   ec7a97df6e7cf5147d8f3dac4072905344693485
Sha256: c4c58b27543acc1215af3c3477942355f49a5bff2eb65682752d821b0f2822a3
                                        
                                            GET /in.php?nr=14961 HTTP/1.1 
Host: porn.xtop.eu
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jailbait.toplistcreator.eu/index.html

                                         
                                         79.98.29.74
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 15 Nov 2018 11:26:18 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.27
Set-Cookie: PHPSESSID=th5u6qdonqe2f80kpduq2ra137; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: http://porn.xtop.eu/index.html
X-XSS-Protection: 1; mode=block


--- Additional Info ---
                                        
                                            GET /count.asp?id=1787210&logo=bc HTTP/1.1 
Host: toplist.cz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://porn.xtop.eu/index.html
Cookie: ui=56988

                                         
                                         88.86.101.2
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 15 Nov 2018 11:26:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ui=56988; expires=Sat, 15-Dec-2018 11:26:18 GMT; path=/; domain=toplist.cz;
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 120
Size:   1887
Md5:    c7af8478affa3204869b40bb999885b4
Sha1:   1c3614cfecffe581d143fc017b5c8e83b4778006
Sha256: cb65b1bef6c0fafb60a8bb14f96587b4a76b5d2ddd665335182b4d76d653598f
                                        
                                            GET /script/suurl.php?r=2201163&cbrandom=0.9699547062394234&cbiframe=1&cbWidth=600&cbHeight=800&cbtitle=&cbref=&cbdescription=&cbkeywords=&cbcdn=celeritascdn.com HTTP/1.1 
Host: onclickmega.com