Overview

URL bc.vc/YLS5c7
IP104.28.30.81
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-05-29 22:47:15 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-05-29 2 bc.vc/YLS5c7 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.28.30.81

Date UQ / IDS / BL URL IP
2018-06-20 21:09:50 +0200
0 - 0 - 1 www.vidaplaystation.com.br/took/dropbox/us-mg (...) 104.28.30.81
2018-06-20 20:07:23 +0200
0 - 0 - 1 www.vidaplaystation.com.br/took/dropbox/us-mg (...) 104.28.30.81
2018-06-08 16:57:01 +0200
0 - 0 - 0 bc.vc/ucyfJTW 104.28.30.81
2018-05-31 00:14:24 +0200
0 - 0 - 1 bc.vc/4847/http:/turbobit.net/edmsu3xrx5wo/id (...) 104.28.30.81
2018-05-23 13:54:05 +0200
0 - 0 - 0 bc.vc/Q7a4LQJ 104.28.30.81
2018-03-31 14:47:25 +0200
0 - 1 - 0 bc.vc/xDNpJNC 104.28.30.81
2018-03-07 06:17:16 +0100
0 - 0 - 0 bc.vc/rA6E8xm 104.28.30.81
2018-01-08 09:47:25 +0100
0 - 0 - 1 bc.vc/25091/http:/ul.to/cy1yzhdx 104.28.30.81
2018-01-06 05:10:03 +0100
0 - 0 - 1 bc.vc/6OUNms 104.28.30.81
2018-01-05 10:11:13 +0100
0 - 0 - 1 bc.vc/8jCp7oDAILY 104.28.30.81

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2018-11-16 11:14:45 +0100
0 - 1 - 14 soapcrone.top/ 104.27.144.35
2018-11-16 11:09:02 +0100
0 - 1 - 0 https://n-a-s-p-d.pw/e29481e9-a792-46a8-bbf0- (...) 104.31.64.120
2018-11-16 11:07:58 +0100
0 - 0 - 0 https://www.theknot.com/us/italy-vs-australia (...) 104.16.208.249
2018-11-16 11:02:39 +0100
0 - 0 - 1 www.kernsafe.com/product/totalmounter.aspx 104.24.29.20
2018-11-16 10:42:29 +0100
0 - 0 - 0 burt.ns.cloudflare.com/ 173.245.59.79
2018-11-16 10:39:37 +0100
0 - 0 - 0 ocsp.globalsign.com 104.18.21.226
2018-11-16 10:38:57 +0100
0 - 0 - 0 https://www.theknot.com/us/france-vs-argentin (...) 104.16.208.249
2018-11-16 10:30:27 +0100
0 - 0 - 0 nina.ns.cloudflare.com/ 173.245.58.136
2018-11-16 10:29:25 +0100
0 - 2 - 0 https://etodoro.ga/mypush1/index-redir3-adult (...) 104.18.41.212
2018-11-16 10:27:26 +0100
0 - 0 - 1 https://tinyurl.com/ybwnw4to 104.20.218.42

Last 10 reports on domain: bc.vc

Date UQ / IDS / BL URL IP
2018-11-08 21:21:16 +0100
0 - 0 - 0 bc.vc/fly/ajax.php?wds=50f1cfb53414785befcbe0 (...) 172.64.202.12
2018-10-05 07:41:48 +0200
0 - 0 - 1 bc.vc/Na7Tv8L 104.18.42.124
2018-08-15 16:29:44 +0200
0 - 0 - 0 bc.vc/82Vtjs1 172.64.161.8
2018-08-02 18:10:46 +0200
0 - 0 - 0 bc.vc/82Vtjs1 104.27.129.229
2018-07-26 08:22:19 +0200
0 - 0 - 1 bc.vc/qlZN0E 172.64.136.7
2018-06-27 18:07:31 +0200
2 - 0 - 0 bc.vc/JfF1m3P 104.27.170.229
2018-06-08 16:57:01 +0200
0 - 0 - 0 bc.vc/ucyfJTW 104.28.30.81
2018-05-31 00:14:24 +0200
0 - 0 - 1 bc.vc/4847/http:/turbobit.net/edmsu3xrx5wo/id (...) 104.28.30.81
2018-05-30 18:57:53 +0200
0 - 0 - 1 bc.vc/F0745I 104.28.31.81
2018-05-29 14:05:32 +0200
0 - 0 - 1 bc.vc/oYEWFr 104.28.31.81


JavaScript

Executed Scripts (21)


Executed Evals (5)

#1 JavaScript::Eval (size: 265, repeated: 1) - SHA256: fdd2120c37da9ce7a58d96be9ef6cb106c1040561b6801c70718faf6fc342e8c

                                        ({
    'bg': [-50, -50, 50, 115],
    '0': [-135, -147, 20, 14],
    '1': [-135, -135, 20, 9],
    '2': [-135, -117, 20, 13],
    '3': [-135, -100, 20, 14],
    '4': [-135, -84, 20, 15],
    '5': [-135, -70, 20, 13],
    '6': [-135, -53, 20, 15],
    '7': [-135, -38, 20, 14],
    '8': [-135, -23, 20, 14],
    '9': [-135, -7, 20, 15],
    ',': [-135, 0, 23, 7]
})
                                    

#2 JavaScript::Eval (size: 264, repeated: 1) - SHA256: 39579f75bcf62085fff19d2e37ddf70e9cf240fdb343e46ee527e3521ab5bb7c

                                        ({
    'bg': [0, -50, 50, 115],
    '0': [-115, 0, 20, 14],
    '1': [-115, -17, 20, 9],
    '2': [-115, -31, 20, 13],
    '3': [-115, -47, 20, 13],
    '4': [-115, -62, 20, 15],
    '5': [-115, -78, 20, 13],
    '6': [-115, -93, 20, 15],
    '7': [-115, -109, 20, 14],
    '8': [-115, -124, 20, 14],
    '9': [-115, -139, 20, 15],
    ',': [-112, -154, 23, 7]
})
                                    

#3 JavaScript::Eval (size: 262, repeated: 1) - SHA256: ff0504e3bd7c9ca7030953a039cc9622891cd31e22cedc2c9d33f8bbb607c74f

                                        ({
    'bg': [0, 0, 115, 50],
    '0': [0, -165, 14, 20],
    '1': [-17, -165, 9, 20],
    '2': [-31, -165, 14, 20],
    '3': [-47, -165, 13, 20],
    '4': [-62, -165, 15, 20],
    '5': [-78, -165, 13, 20],
    '6': [-93, -165, 15, 20],
    '7': [-109, -165, 14, 20],
    '8': [-124, -165, 14, 20],
    '9': [-139, -165, 15, 20],
    ',': [-102, -131, 7, 23]
})
                                    

#4 JavaScript::Eval (size: 5258, repeated: 1) - SHA256: 847f6a895681edae9f59251c842a9184de97150e61648bfc22fff5bf6b869622

                                        function QCDone(d) {
    try {
        document.getElementById('ci_SW').value = d.SW
    } catch (e) {}
    try {
        document.getElementById('ci_SH').value = d.SH
    } catch (e) {}
    try {
        document.getElementById('ci_SAH').value = d.SAH
    } catch (e) {}
    try {
        document.getElementById('ci_WX').value = d.WX
    } catch (e) {}
    try {
        document.getElementById('ci_WY').value = d.WY
    } catch (e) {}
    try {
        document.getElementById('ci_WW').value = d.WW
    } catch (e) {}
    try {
        document.getElementById('ci_WH').value = d.WH
    } catch (e) {}
    try {
        document.getElementById('ci_CW').value = d.CW
    } catch (e) {}
    try {
        document.getElementById('ci_WIW').value = d.WIW
    } catch (e) {}
    try {
        document.getElementById('ci_WIH').value = d.WIH
    } catch (e) {}
    try {
        document.getElementById('ci_WFC').value = d.WFC
    } catch (e) {}
    try {
        document.getElementById('ci_PL').value = d.PL
    } catch (e) {}
    try {
        document.getElementById('ci_DRF').value = d.DRF
    } catch (e) {}
    try {
        document.getElementById('ci_NP').value = d.NP
    } catch (e) {}
    try {
        document.getElementById('ci_PT').value = d.PT
    } catch (e) {}
    try {
        document.getElementById('ci_NB').value = d.NB
    } catch (e) {}
    try {
        document.getElementById('ci_NG').value = d.NG
    } catch (e) {}
    try {
        document.getElementById('ci_DM').value = d.DM
    } catch (e) {}
    try {
        document.getElementById('ci_CF').value = d.CF
    } catch (e) {}
    try {
        document.getElementById('ci_NW').value = d.NW
    } catch (e) {}
}
var QC = {};
try {
    QC.SW = window.screen.width;
    QC.SH = window.screen.height
} catch (e) {
    QC.SW = -1;
    QC.SH = -1
}
try {
    QC.SAH = window.screen.availHeight
} catch (e) {
    QC.SAH = -1
}
try {
    QC.WX = window.screenX;
    QC.WY = window.screenY
} catch (e) {
    QC.WX = -1;
    QC.WY = -1
}
try {
    QC.WW = window.outerWidth;
    QC.WH = window.outerHeight
} catch (e) {
    QC.WW = -1;
    QC.WH = -1
}
try {
    QC.WIW = window.innerWidth;
    QC.WIH = window.innerHeight
} catch (e) {
    QC.WIW = -1;
    QC.WIH = -1
}
try {
    QC.CW = document.documentElement.clientWidth
} catch (e) {
    QC.CW = -1
}
try {
    QC.WFC = window.top.frames.length
} catch (e) {
    QC.WFC = -1
}
try {
    QC.PL = document.location.href
} catch (e) {
    QC.PL = ''
}
try {
    QC.DRF = document.referrer
} catch (e) {
    QC.DRF = ''
}
try {
    QC.NP = (!(navigator.plugins instanceof PluginArray) || navigator.plugins.length == 0) ? 0 : 1
} catch (e) {
    QC.NP = -1
}
try {
    QC.PT = window.callPhantom !== undefined || window._phantom !== undefined ? 1 : 0
} catch (e) {
    QC.PT = -1
}
try {
    QC.NB = typeof navigator.sendBeacon === "function" ? 1 : 0
} catch (e) {
    QC.NB = -1
}
try {
    QC.NG = navigator.geolocation !== undefined ? 1 : 0
} catch (e) {
    QC.NG = -1
}
try {
    QC.NW = 'webdriver' in navigator ? 1 : 0
} catch (e) {
    QC.NW = -1
}
QC.CF = 0;
try {
    var FlashDetect = new function() {
        var self = this;
        self.installed = false;
        self.raw = "";
        self.major = -1;
        self.minor = -1;
        self.revision = -1;
        self.revisionStr = "";
        var activeXDetectRules = [{
            "name": "ShockwaveFlash.ShockwaveFlash.7",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash.6",
            "version": function(obj) {
                var version = "6,0,21";
                try {
                    obj.AllowScriptAccess = "always";
                    version = getActiveXVersion(obj)
                } catch (err) {}
                return version
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }];
        var getActiveXVersion = function(activeXObj) {
            var version = -1;
            try {
                version = activeXObj.GetVariable("\$version")
            } catch (err) {}
            return version
        };
        var getActiveXObject = function(name) {
            var obj = -1;
            try {
                obj = new ActiveXObject(name)
            } catch (err) {
                obj = {
                    activeXError: true
                }
            }
            return obj
        };
        var parseActiveXVersion = function(str) {
            var versionArray = str.split(",");
            return {
                "raw": str,
                "major": parseInt(versionArray[0].split(" ")[1], 10),
                "minor": parseInt(versionArray[1], 10),
                "revision": parseInt(versionArray[2], 10),
                "revisionStr": versionArray[2]
            }
        };
        var parseStandardVersion = function(str) {
            var descParts = str.split(/ +/);
            var majorMinor = descParts[2].split(/\./);
            var revisionStr = descParts[3];
            return {
                "raw": str,
                "major": parseInt(majorMinor[0], 10),
                "minor": parseInt(majorMinor[1], 10),
                "revisionStr": revisionStr,
                "revision": parseRevisionStrToInt(revisionStr)
            }
        };
        var parseRevisionStrToInt = function(str) {
            return parseInt(str.replace(/[a-zA-Z]/g, ""), 10) || self.revision
        };
        self.majorAtLeast = function(version) {
            return self.major >= version
        };
        self.minorAtLeast = function(version) {
            return self.minor >= version
        };
        self.revisionAtLeast = function(version) {
            return self.revision >= version
        };
        self.versionAtLeast = function(major) {
            var properties = [self.major, self.minor, self.revision];
            var len = Math.min(properties.length, arguments.length);
            for (i = 0; i < len; i++) {
                if (properties[i] >= arguments[i]) {
                    if (i + 1 < len && properties[i] == arguments[i]) {
                        continue
                    } else {
                        return true
                    }
                } else {
                    return false
                }
            }
        };
        self.FlashDetect = function() {
            if (navigator.plugins && navigator.plugins.length > 0) {
                var type = 'application/x-shockwave-flash';
                var mimeTypes = navigator.mimeTypes;
                if (mimeTypes && mimeTypes[type] && mimeTypes[type].enabledPlugin && mimeTypes[type].enabledPlugin.description) {
                    var version = mimeTypes[type].enabledPlugin.description;
                    var versionObj = parseStandardVersion(version);
                    self.raw = versionObj.raw;
                    self.major = versionObj.major;
                    self.minor = versionObj.minor;
                    self.revisionStr = versionObj.revisionStr;
                    self.revision = versionObj.revision;
                    self.installed = true
                }
            } else if (navigator.appVersion.indexOf("Mac") == -1 && window.execScript) {
                var version = -1;
                for (var i = 0; i < activeXDetectRules.length && version == -1; i++) {
                    var obj = getActiveXObject(activeXDetectRules[i].name);
                    if (!obj.activeXError) {
                        self.installed = true;
                        version = activeXDetectRules[i].version(obj);
                        if (version != -1) {
                            var versionObj = parseActiveXVersion(version);
                            self.raw = versionObj.raw;
                            self.major = versionObj.major;
                            self.minor = versionObj.minor;
                            self.revision = versionObj.revision;
                            self.revisionStr = versionObj.revisionStr
                        }
                    }
                }
            }
        }()
    };
    if (FlashDetect.major > 0) {
        QC.CF = 1
    }
} catch (e) {
    QC.CF = 2
}
try {
    QCDone(QC)
} catch (e) {
    console.log(e)
}
                                    

#5 JavaScript::Eval (size: 20, repeated: 1) - SHA256: e9776e2e5c0dc6ace2f77bc3e2447b8e591fe28648279c789e2e93c8f0e6dd15

                                        wid.style. = '-50px'
                                    

Executed Writes (0)



HTTP Transactions (32)


Request Response
                                        
                                            GET /YLS5c7 HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; expires=Wed, 29-May-19 20:46:42 GMT; path=/; domain=.bc.vc; HttpOnly _kei_=1; expires=Tue, 29-May-2018 21:00:00 GMT; Max-Age=1030; path=/
X-Powered-By: PHP/5.6.30-0+deb8u1
X-Frame-Options: allowall
Server: cloudflare
CF-RAY: 422bcfdb13734279-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2432
Md5:    14fa6bc6032db59b8da3db8f076425a2
Sha1:   51ea7e2342ae6a91e091062e1dc0e4a0dc3e9b4f
Sha256: 852a509479d42ed53500aa5948e2a805161cc417cf92a2885f0b8dad1d24fa58

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /css/style.css HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 11 Jun 2017 22:21:04 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 422bcfdc33a64279-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3507
Md5:    8d13d760c79cb30c922dad80630de0b1
Sha1:   b60fbdc05b6a65d27ea4b15661c4465bf5bed53b
Sha256: f710dd2a34b844c40038729c023bfdd9d10c591dfb89ca9d763c403267444335
                                        
                                            GET /css/kfk.css HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:39 GMT
Etag: W/"59084eef-cd"
X-Frame-Options: allowall
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 422bcfdc43aa4279-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   167
Md5:    934d36587f2ff7e50eb47d5b51ee9217
Sha1:   e5ff1e021825f7f4b36d0006f7a348390b4bac8d
Sha256: 1abc04c11016d45b3c780663a0dd98c94d55292342ccbee810867afea87c1058
                                        
                                            GET /css/bottom.css HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:39 GMT
Etag: W/"59084eef-be"
X-Frame-Options: allowall
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 422bcfdc4171426d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   164
Md5:    d18b8a7db9c4102ece48efa83e2325d4
Sha1:   b14fa13bf0dad94da67b86dca4527626764bd489
Sha256: 98ca1375c7d3c455d1f1a59140ae975c42f5fb55af305821e80a63215cfce659
                                        
                                            GET /js/jquery.libs.js HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:43 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 422bcfdc53b14279-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7762
Md5:    ce6b43a7f57270c599e099be45bf3245
Sha1:   c2bc745de2cf74200520055a5239317c75d4598e
Sha256: f7f89ed1f05306ab4809fca0260e61303efa3451de8b24951795531d47ce78a1
                                        
                                            GET /js/jquery.min.js HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:43 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 422bcfdc50734291-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   27176
Md5:    b9ce259ec1665a1caa6e1fadd5d7358a
Sha1:   f930485641cff5f09af81a791786700dee43d726
Sha256: 810ddeea370d274695632e621706b196fdf13f5ca47a9413cc7a47060321dce7
                                        
                                            GET /js/po_v7.min.js?v=1 HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 May 2018 13:49:45 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 422bcfdc6056427f-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1824
Md5:    d7afe926642793b9edfedb2fadebc7cc
Sha1:   0404457ddcb67cb3b82ac22adc36d293556f2714
Sha256: 196d7dc12f4cef3e935229f011bfc00373de1ed70561c56c2613b355de336245
                                        
                                            GET /js/app.v5.js HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 07 Aug 2017 14:31:23 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 422bcfdc64b742af-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   655
Md5:    f8665607f296ec743e9c5a379725d125
Sha1:   beda4bf37aba5bec796ff1a6a7eff356522cb0b1
Sha256: ff841edc0e86149dfb92734a63866405293f89e95252eccd6d52a813b5fd00c5
                                        
                                            GET /images/logo.png HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/css/style.css
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Content-Length: 5014
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:39 GMT
Etag: "59084eef-1396"
X-Frame-Options: allowall
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 00:46:42 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 422bcfde420f426d-OSL


--- Additional Info ---
Magic:  PNG image, 60 x 60, 8-bit/color RGBA, non-interlaced
Size:   5014
Md5:    e0c1cd9701213beacca580cc6b3d515a
Sha1:   9adb002d674195be592b175c7509cab21d24d666
Sha256: d218dfcf6f36270ee2eb138d72c747e83aecf95421c9f72fcbd1d4b466f91bea
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
If-Modified-Since: Fri, 03 Oct 2014 00:48:42 GMT

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Tue, 29 May 2018 19:00:24 GMT
Expires: Tue, 29 May 2018 21:00:24 GMT
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 14386
Cache-Control: public, max-age=7200
Age: 6378


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14386
Md5:    b3de885583a477d4e31568948d6bebd7
Sha1:   2ce8d853244dde551c41d5207d6f71c567bde8c6
Sha256: e1bb5aa555a0d875e2a67884ceaa0629e08994a8aabadc2fac5b6915793dbf75
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    8bea57b01181f2728a450b142f42a8fc
Sha1:   bb6c8efccee84f652d31de967346f759d67f8729
Sha256: 0595842189f47f09007e89c8955542cda852ed45dda36f410da6e9d010f96a3a
                                        
                                            GET /tab.js HTTP/1.1 
Host: widgets.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7

                                         
                                         185.225.208.133
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Tue, 29 May 2018 20:46:42 GMT
Last-Modified: Sun, 27 May 2018 23:27:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"5b0b3ef4-6eea"
Expires: Wed, 30 May 2018 20:46:42 GMT
Cache-Control: max-age=86400, private
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   18876
Md5:    a7f70d987282781428eb52616d4b422c
Sha1:   b43215746aca03ac7b78d1913c8877e5c3eb0809
Sha256: 41dc86e65466ed91e6fb165a8fe4a8179dde847f02e0824cc305b4eb5f098ce2
                                        
                                            GET /r/collect?v=1&_v=j68&a=1941101686&t=pageview&_s=1&dl=http%3A%2F%2Fbc.vc%2FYLS5c7&ul=en-us&de=UTF-8&dt=http%3A%2F%2Fwww.multiupload.nl%2FAI0XHI2IXE&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=IEBAAEQ~&jid=1623840380&gjid=1337462909&cid=80096333.1527626804&tid=UA-12855174-12&_gid=48934658.1527626804&_r=1&cd2=24528&z=875497460 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Tue, 29 May 2018 20:46:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 May 2018 20:46:43 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    6bf50ec404fb4a8b4a94be8390d11938
Sha1:   0caaab7704d6221abc5e0342909a4928cee50b1c
Sha256: 63b592179b1e9a528344ce1d430b9479fc55f43420a468ec35aaeaa9dff911cf
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 28 May 2018 14:05:53 GMT
Etag: B5E11B99D7F73F92FB01B303F04C53072E09FF25
X-OCSP-Responder-ID: rmdccaocsp32
Content-Length: 280
Cache-Control: public, no-transform, must-revalidate, max-age=1800
Expires: Tue, 29 May 2018 21:16:44 GMT
Date: Tue, 29 May 2018 20:46:44 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   280
Md5:    2e420c0011b383f06bb8378c85a17b1f
Sha1:   b5e11b99d7f73f92fb01b303f04c53072e09ff25
Sha256: 7d1f635ce9c885eb7e68359ac1d026dd896b5e800b0d3827585b33a257e40650
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 29 May 2018 09:10:02 GMT
Etag: AF25C1516EDD346E7A3ECFE170B0CFB7CF4FE83F
X-OCSP-Responder-ID: rmdccaocsp32
Content-Length: 314
Cache-Control: public, no-transform, must-revalidate, max-age=947
Expires: Tue, 29 May 2018 21:02:31 GMT
Date: Tue, 29 May 2018 20:46:44 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   314
Md5:    55f6b392e6e1c3d36c1220e83304bcd9
Sha1:   af25c1516edd346e7a3ecfe170b0cfb7cf4fe83f
Sha256: 2713d1daa39551406ee764c8c6389662e23084fe45293418a92fb96f3a0990bd
                                        
                                            GET /pingjs/?k=s7popkb7yn2l&t=http%3Awww.multiupload.nlAI0XHI2IXE&c=t&y=&a=0&d=0&v=22&r=7980 HTTP/1.1 
Host: whos.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7

                                         
                                         67.202.94.93
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Tue, 29 May 2018 20:46:44 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   53
Md5:    8a19db553f9d31c43f2c32a5d7a8ae22
Sha1:   768ce96b9be7a70c90d6edb28fcb96faab419a7b
Sha256: 819940682b34b0dbd784849e62130ca878f4f35a670b16d25653c8b0578ec034
                                        
                                            GET /gtag/js?id=UA-12855174-12 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7

                                         
                                         216.58.211.8
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Access-Control-Allow-Origin: http://www.googletagmanager.com
Access-Control-Allow-Headers: Cache-Control
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 29 May 2018 20:46:43 GMT
Expires: Tue, 29 May 2018 20:46:43 GMT
Cache-Control: private, max-age=900
Server: Google Tag Manager (scaffolding)
X-XSS-Protection: 1; mode=block
Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   22858
Md5:    bb42b409f15978f07a7065092bc08948
Sha1:   3d730c88624c2b71742038c8ba71a08660465f55
Sha256: 62d8d3a27cc3b414b6fb21187ba53ddf527f9340aae22853cf35cd26d369f3c4
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7
If-Modified-Since: Tue, 06 Jun 2017 00:25:39 GMT

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Tue, 29 May 2018 19:01:33 GMT
Expires: Tue, 29 May 2018 21:01:33 GMT
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 14386
Cache-Control: public, max-age=7200
Age: 6311
Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14386
Md5:    b3de885583a477d4e31568948d6bebd7
Sha1:   2ce8d853244dde551c41d5207d6f71c567bde8c6
Sha256: e1bb5aa555a0d875e2a67884ceaa0629e08994a8aabadc2fac5b6915793dbf75
                                        
                                            GET /earn.php?z=3&oid=24528&subid=24528&title=http://www.multiupload.nl/AI0XHI2IXE HTTP/1.1 
Host: bcvcrdr.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7

                                         
                                         104.28.11.186
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 29 May 2018 20:46:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=de7e5faa9c513fe1c1e13d4a19a6fdf0b1527626804; expires=Wed, 29-May-19 20:46:44 GMT; path=/; domain=.bcvcrdr.xyz; HttpOnly; Secure PHPSESSID=tvd0ug4d3umf9d57pmo7ro9d90; path=/
X-Powered-By: PHP/5.6.30-0+deb8u1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: allowall
Access-Control-Allow-Origin: *
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 422bcfe6de5642a9-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   116
Md5:    c44ff1327dc7f58afd19e38637c798c6
Sha1:   8318f5f7cfba7a792a015dd41433cd8414521dca
Sha256: 762c817fd0aefc4668ec5f9935fb5eaf8a5d8a4e4c3eafb96e6ed0daa6ac4a78
                                        
                                            GET /r/collect?v=1&_v=j68&a=1941101686&t=pageview&_s=1&dl=http%3A%2F%2Fbc.vc%2FYLS5c7&ul=en-us&de=UTF-8&dt=http%3A%2F%2Fwww.multiupload.nl%2FAI0XHI2IXE&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=aEDAAUQ~&jid=527391249&gjid=87073180&cid=80096333.1527626804&tid=UA-12855174-12&_gid=48934658.1527626804&_r=1&gtm=u4s&z=1398912288 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/YLS5c7

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Tue, 29 May 2018 20:46:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "94EBAA9083C68DF483C6CE761066304DE945BBAF1C3DD7DED7E991ACC8450372"
Last-Modified: Sun, 27 May 2018 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7764
Expires: Tue, 29 May 2018 22:56:08 GMT
Date: Tue, 29 May 2018 20:46:44 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    441fa36a24a558610b033f6c14afc2e2
Sha1:   2d445b13f8a924ed87c372957462e4c1b9a426ab
Sha256: 94ebaa9083c68df483c6ce761066304de945bbaf1c3dd7ded7e991acc8450372
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.121
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Sun, 27 May 2018 08:04:02 GMT
Etag: "2aa947a6dcf8439ba2ec4e4b582e4369988001f1"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=38748
Expires: Wed, 30 May 2018 07:32:32 GMT
Date: Tue, 29 May 2018 20:46:44 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    f171ce162de73b1ce2d7184f6dd0c930
Sha1:   2aa947a6dcf8439ba2ec4e4b582e4369988001f1
Sha256: 2a5c53a0deeb91a9455cc2036668680f9cb56c7c30c6dd2307acd8138684d672
                                        
                                            GET /4/13821/ HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         188.72.213.220
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 29 May 2018 20:46:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: SeenToday=1; expires=Wed, 30-May-2018 20:46:44 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Wed, 30-May-2018 20:46:44 GMT; Max-Age=86400; path=/ oaidts=1527626804; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/ OAID=1298a56c84cf7e957d619648ff165a0c; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/ OAID=1298a56c84cf7e957d619648ff165a0c; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/ exsdsf=1527626804 pbk3=152a537b704918498f4f78024751b7da6561107165232024192; expires=Tue, 29-May-2018 20:56:44 GMT; Max-Age=600 ltm_afu=1; expires=Wed, 30-May-2018 20:46:44 GMT; Max-Age=86400; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
X-Used-AdExchange: 1
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4154
Md5:    7080d215812ae2246611895f537fb84f
Sha1:   58d772032050cf55b10e673270566202dee17488
Sha256: 50de56bd8c6c5821fa6fdcd46c743e307036df8bfd195d99db7db3f694cac8b9
                                        
                                            GET /?r=%2Fmb%2Fhan&zoneid=13821&pbk3=152a537b704918498f4f78024751b7da6561107165232024192&empty=0&auction_id=c6d79721-d9e2-4f72-9ed7-08c5403bd3fd&uuid=d71e6055-f0f5-4a65-9ca7-1c721d088f1c&ad_scheme=1&rotation_type=2&ppucounter=0&first_visit=0&on_test=0&offer_views=0&ab_test=1393&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=640&wfc=1&pl=https%3A%2F%2Frotumal.com%2F4%2F13821%2F&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&id=4fa228d883fd862ca427b9bdc3a2ca14&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=1&fs=1&timeout=0 HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://rotumal.com/4/13821/
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1527626804; OAID=1298a56c84cf7e957d619648ff165a0c; ltm_afu=1

                                         
                                         188.72.213.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 29 May 2018 20:46:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: f3d5bb63c9dbdcfb475795d659c65a4e=aQf8GKcVbpttRhwuK4NPFUU8Kz1nOasLmpOI9pfUJDw; expires=Tue, 05-Jun-2018 20:46:44 GMT; Max-Age=604800 OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Wed, 30-May-2018 20:46:44 GMT; Max-Age=86400; path=/ ppucnt=1; expires=Wed, 30-May-2018 20:46:44 GMT; Max-Age=86400; path=/ ppucntstart=1527626804; expires=Wed, 30-May-2018 20:46:44 GMT; Max-Age=86400; path=/ allcnt=1; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/ OAID=1298a56c84cf7e957d619648ff165a0c; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/ _OACCAP[960689]=1; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/ _OACBLOCK[960689]=1527626804; expires=Thu, 28-Jun-2018 20:46:44 GMT; Max-Age=2592000; path=/ _OXCCLK[960689]=1; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/ _OXPCLK[102397]=1; expires=Wed, 29-May-2019 20:46:44 GMT; Max-Age=31536000; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://girrrly.com/visit.php?c=4689&k=bdad90f97735b3b8afed12766ef6056b&bannerid=1634587&campaignid=960689&zoneid=13821&zoneid=13821
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d41ff16929e1df6f96939d8513734a0501527626802; _kei_=1; _ga=GA1.2.80096333.1527626804; _gid=GA1.2.48934658.1527626804; _gat=1; _gat_gtag_UA_12855174_12=1

                                         
                                         104.28.30.81
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Tue, 29 May 2018 20:46:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 28 Jul 2017 08:55:16 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Expires: Tue, 05 Jun 2018 20:46:45 GMT
Cache-Control: public, max-age=604800
Server: cloudflare
CF-RAY: 422bcfea76734279-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5425
Md5:    ee9e411232f516ba2571ea044f7c242b
Sha1:   f937da91770cf4e94b1b4ff3f0ede9bc812c0bac
Sha256: 0fb8c80c3ee1f5e65ce733aa2d0196011c104204a621ac69e2f35f9830518be9
                                        
                                            GET /visit.php?c=4689&k=bdad90f97735b3b8afed12766ef6056b&bannerid=1634587&campaignid=960689&zoneid=13821&zoneid=13821 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         78.31.67.23
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 29 May 2018 20:46:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: fc_t_4689=1527626804_1527626804_1527626804_1527626804_1527626804; expires=Fri, 29-Jun-2018 20:46:44 GMT; Max-Age=2678399; path=/ fc_n_4689=1_1_1_1_1; expires=Fri, 29-Jun-2018 20:46:44 GMT; Max-Age=2678399; path=/ c=3syz1ew31zgkz0; expires=Thu, 28-Jun-2018 20:46:44 GMT; Max-Age=2591999; path=/ k=d296f32b556f791d19c5e8691796fae2; expires=Thu, 28-Jun-2018 20:46:44 GMT; Max-Age=2591999; path=/
Cache-Control: no-cache
Location: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech Information Systems AS&lang=en&ref_domain=&os=Windows 7&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Expires: Tue, 29 May 2018 20:46:44 GMT


--- Additional Info ---
                                        
                                            GET /sex/multi/maingame/sexbadoo/sexbadoo_n64w2?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5= HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: fc_t_4689=1527626804_1527626804_1527626804_1527626804_1527626804; fc_n_4689=1_1_1_1_1; c=3syz1ew31zgkz0; k=d296f32b556f791d19c5e8691796fae2

                                         
                                         78.31.67.23
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 29 May 2018 20:46:45 GMT
Content-Length: 178
Location: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Connection: keep-alive
Expires: Tue, 29 May 2018 20:46:44 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  HTML document text
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5= HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: fc_t_4689=1527626804_1527626804_1527626804_1527626804_1527626804; fc_n_4689=1_1_1_1_1; c=3syz1ew31zgkz0; k=d296f32b556f791d19c5e8691796fae2

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 29 May 2018 20:46:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: lfc_t_580_4689=1527626805_1527626805_1527626805_1527626805_1527626805; expires=Fri, 29-Jun-2018 20:46:45 GMT; Max-Age=2678400; path=/ lfc_n_580_4689=1_1_1_1_1; expires=Fri, 29-Jun-2018 20:46:45 GMT; Max-Age=2678400; path=/
Expires: Tue, 29 May 2018 20:46:44 GMT
Cache-Control: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   113607
Md5:    4e329061b8798b9b351afeb20492f8bd
Sha1:   5e214b0461903438b64e65c482eddf10413998ab
Sha256: 9a07090e1dfe120c80050bef99c385997fa640ff919f1655b56117f88ee3ab2a
                                        
                                            GET /ctrack.php?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&sr=1176_885&t=0.15165633929853073 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527626804_1527626804_1527626804_1527626804_1527626804; fc_n_4689=1_1_1_1_1; c=3syz1ew31zgkz0; k=d296f32b556f791d19c5e8691796fae2; lfc_t_580_4689=1527626805_1527626805_1527626805_1527626805_1527626805; lfc_n_580_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 29 May 2018 20:46:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Tue, 29 May 2018 20:46:44 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ffce86e7c036f733c99e4aac1951d1f0
Sha1:   9d27322a607424247d05b3aa22ed8a9bbf3977ca
Sha256: adc1673711c18a8770805224a7c110405cb60a6e933d56f47a7b36585fe37fcc
                                        
                                            GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=

                                         
                                         172.217.22.170
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 30211
Date: Fri, 18 May 2018 16:33:15 GMT
Expires: Sat, 18 May 2019 16:33:15 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 965610


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   30211
Md5:    fbe55d62ddbb07d455db91c42719fa95
Sha1:   45b95c6f258886c2c52463472f93a00eeda53ea9
Sha256: f578c28becf81938d728f30836a507879e448d27461a2db119d7fb6d456f2fd1
                                        
                                            GET /lib/ajax/lp_timing.php?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&d=531_0&t=0.1428840685020638 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1ew31zgkz0&k=d296f32b556f791d19c5e8691796fae2&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527626804_1527626804_1527626804_1527626804_1527626804; fc_n_4689=1_1_1_1_1; c=3syz1ew31zgkz0; k=d296f32b556f791d19c5e8691796fae2; lfc_t_580_4689=1527626805_1527626805_1527626805_1527626805_1527626805; lfc_n_580_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 29 May 2018 20:46:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 29 May 2018 20:46:44 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ffce86e7c036f733c99e4aac1951d1f0
Sha1:   9d27322a607424247d05b3aa22ed8a9bbf3977ca
Sha256: adc1673711c18a8770805224a7c110405cb60a6e933d56f47a7b36585fe37fcc