Overview

URL bc.vc/F0745I
IP104.28.31.81
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-05-30 18:57:53 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-05-30 2 bc.vc/F0745I Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.28.31.81

Date UQ / IDS / BL URL IP
2018-11-03 06:49:06 +0100
0 - 0 - 0 https://desenepenet.xyz/Actiune/traffik-2018 104.28.31.81
2018-08-04 16:28:24 +0200
0 - 0 - 0 https://desenepenet.xyz/groaza/the-tag-along- (...) 104.28.31.81
2018-05-29 14:05:32 +0200
0 - 0 - 1 bc.vc/oYEWFr 104.28.31.81
2018-05-22 19:08:35 +0200
0 - 0 - 0 bc.vc 104.28.31.81
2018-04-06 22:39:11 +0200
0 - 0 - 0 bc.vc/Na7Tv8L 104.28.31.81
2018-03-20 22:46:24 +0100
0 - 0 - 1 bc.vc/9B4XFbR 104.28.31.81
2018-03-14 17:47:14 +0100
0 - 0 - 0 bc.vc/rLMebiP 104.28.31.81
2018-03-02 02:30:48 +0100
0 - 0 - 0 bc.vc/5haWN10 104.28.31.81
2018-01-11 02:03:40 +0100
0 - 0 - 1 bc.vc/fqekAU 104.28.31.81
2018-01-11 01:39:32 +0100
0 - 0 - 1 bc.vc/L42fhx 104.28.31.81

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2018-11-15 05:39:58 +0100
0 - 0 - 1 moraxdwed.ru/files/REBOOT_HACK_3.0_1CPAUR.exeee 104.24.111.194
2018-11-15 05:37:08 +0100
0 - 0 - 0 https://www.theknot.com/us/all-blacks-vs-irel (...) 104.16.208.249
2018-11-15 05:36:24 +0100
2 - 2 - 5 smut.space/video/58591/woodman-casting-ashley (...) 104.28.29.233
2018-11-15 05:29:19 +0100
0 - 0 - 14 www0.123hulu.bz/watch/awkward-season-2/episod (...) 104.31.85.150
2018-11-15 05:26:39 +0100
1 - 0 - 9 https://cabletvpack.com/rhodeisland 104.27.131.191
2018-11-15 05:26:25 +0100
0 - 0 - 0 https://www.bluetriangle.com/digital-experien (...) 104.24.5.111
2018-11-15 05:25:39 +0100
3 - 2 - 6 https://danden.com/?p=2498 104.27.175.91
2018-11-15 05:25:34 +0100
3 - 2 - 6 https://danden.com/?p=1826 104.27.175.91
2018-11-15 05:25:33 +0100
3 - 3 - 6 https://danden.com/?p=3842 104.27.175.91
2018-11-15 05:25:31 +0100
3 - 2 - 6 https://danden.com/?p=1596 104.27.175.91

Last 10 reports on domain: bc.vc

Date UQ / IDS / BL URL IP
2018-11-08 21:21:16 +0100
0 - 0 - 0 bc.vc/fly/ajax.php?wds=50f1cfb53414785befcbe0 (...) 172.64.202.12
2018-10-05 07:41:48 +0200
0 - 0 - 1 bc.vc/Na7Tv8L 104.18.42.124
2018-08-15 16:29:44 +0200
0 - 0 - 0 bc.vc/82Vtjs1 172.64.161.8
2018-08-02 18:10:46 +0200
0 - 0 - 0 bc.vc/82Vtjs1 104.27.129.229
2018-07-26 08:22:19 +0200
0 - 0 - 1 bc.vc/qlZN0E 172.64.136.7
2018-06-27 18:07:31 +0200
2 - 0 - 0 bc.vc/JfF1m3P 104.27.170.229
2018-06-08 16:57:01 +0200
0 - 0 - 0 bc.vc/ucyfJTW 104.28.30.81
2018-05-31 00:14:24 +0200
0 - 0 - 1 bc.vc/4847/http:/turbobit.net/edmsu3xrx5wo/id (...) 104.28.30.81
2018-05-29 22:47:15 +0200
0 - 0 - 1 bc.vc/YLS5c7 104.28.30.81
2018-05-29 14:05:32 +0200
0 - 0 - 1 bc.vc/oYEWFr 104.28.31.81


JavaScript

Executed Scripts (20)


Executed Evals (5)

#1 JavaScript::Eval (size: 265, repeated: 1) - SHA256: fdd2120c37da9ce7a58d96be9ef6cb106c1040561b6801c70718faf6fc342e8c

                                        ({
    'bg': [-50, -50, 50, 115],
    '0': [-135, -147, 20, 14],
    '1': [-135, -135, 20, 9],
    '2': [-135, -117, 20, 13],
    '3': [-135, -100, 20, 14],
    '4': [-135, -84, 20, 15],
    '5': [-135, -70, 20, 13],
    '6': [-135, -53, 20, 15],
    '7': [-135, -38, 20, 14],
    '8': [-135, -23, 20, 14],
    '9': [-135, -7, 20, 15],
    ',': [-135, 0, 23, 7]
})
                                    

#2 JavaScript::Eval (size: 264, repeated: 1) - SHA256: 39579f75bcf62085fff19d2e37ddf70e9cf240fdb343e46ee527e3521ab5bb7c

                                        ({
    'bg': [0, -50, 50, 115],
    '0': [-115, 0, 20, 14],
    '1': [-115, -17, 20, 9],
    '2': [-115, -31, 20, 13],
    '3': [-115, -47, 20, 13],
    '4': [-115, -62, 20, 15],
    '5': [-115, -78, 20, 13],
    '6': [-115, -93, 20, 15],
    '7': [-115, -109, 20, 14],
    '8': [-115, -124, 20, 14],
    '9': [-115, -139, 20, 15],
    ',': [-112, -154, 23, 7]
})
                                    

#3 JavaScript::Eval (size: 262, repeated: 1) - SHA256: ff0504e3bd7c9ca7030953a039cc9622891cd31e22cedc2c9d33f8bbb607c74f

                                        ({
    'bg': [0, 0, 115, 50],
    '0': [0, -165, 14, 20],
    '1': [-17, -165, 9, 20],
    '2': [-31, -165, 14, 20],
    '3': [-47, -165, 13, 20],
    '4': [-62, -165, 15, 20],
    '5': [-78, -165, 13, 20],
    '6': [-93, -165, 15, 20],
    '7': [-109, -165, 14, 20],
    '8': [-124, -165, 14, 20],
    '9': [-139, -165, 15, 20],
    ',': [-102, -131, 7, 23]
})
                                    

#4 JavaScript::Eval (size: 5258, repeated: 1) - SHA256: 847f6a895681edae9f59251c842a9184de97150e61648bfc22fff5bf6b869622

                                        function QCDone(d) {
    try {
        document.getElementById('ci_SW').value = d.SW
    } catch (e) {}
    try {
        document.getElementById('ci_SH').value = d.SH
    } catch (e) {}
    try {
        document.getElementById('ci_SAH').value = d.SAH
    } catch (e) {}
    try {
        document.getElementById('ci_WX').value = d.WX
    } catch (e) {}
    try {
        document.getElementById('ci_WY').value = d.WY
    } catch (e) {}
    try {
        document.getElementById('ci_WW').value = d.WW
    } catch (e) {}
    try {
        document.getElementById('ci_WH').value = d.WH
    } catch (e) {}
    try {
        document.getElementById('ci_CW').value = d.CW
    } catch (e) {}
    try {
        document.getElementById('ci_WIW').value = d.WIW
    } catch (e) {}
    try {
        document.getElementById('ci_WIH').value = d.WIH
    } catch (e) {}
    try {
        document.getElementById('ci_WFC').value = d.WFC
    } catch (e) {}
    try {
        document.getElementById('ci_PL').value = d.PL
    } catch (e) {}
    try {
        document.getElementById('ci_DRF').value = d.DRF
    } catch (e) {}
    try {
        document.getElementById('ci_NP').value = d.NP
    } catch (e) {}
    try {
        document.getElementById('ci_PT').value = d.PT
    } catch (e) {}
    try {
        document.getElementById('ci_NB').value = d.NB
    } catch (e) {}
    try {
        document.getElementById('ci_NG').value = d.NG
    } catch (e) {}
    try {
        document.getElementById('ci_DM').value = d.DM
    } catch (e) {}
    try {
        document.getElementById('ci_CF').value = d.CF
    } catch (e) {}
    try {
        document.getElementById('ci_NW').value = d.NW
    } catch (e) {}
}
var QC = {};
try {
    QC.SW = window.screen.width;
    QC.SH = window.screen.height
} catch (e) {
    QC.SW = -1;
    QC.SH = -1
}
try {
    QC.SAH = window.screen.availHeight
} catch (e) {
    QC.SAH = -1
}
try {
    QC.WX = window.screenX;
    QC.WY = window.screenY
} catch (e) {
    QC.WX = -1;
    QC.WY = -1
}
try {
    QC.WW = window.outerWidth;
    QC.WH = window.outerHeight
} catch (e) {
    QC.WW = -1;
    QC.WH = -1
}
try {
    QC.WIW = window.innerWidth;
    QC.WIH = window.innerHeight
} catch (e) {
    QC.WIW = -1;
    QC.WIH = -1
}
try {
    QC.CW = document.documentElement.clientWidth
} catch (e) {
    QC.CW = -1
}
try {
    QC.WFC = window.top.frames.length
} catch (e) {
    QC.WFC = -1
}
try {
    QC.PL = document.location.href
} catch (e) {
    QC.PL = ''
}
try {
    QC.DRF = document.referrer
} catch (e) {
    QC.DRF = ''
}
try {
    QC.NP = (!(navigator.plugins instanceof PluginArray) || navigator.plugins.length == 0) ? 0 : 1
} catch (e) {
    QC.NP = -1
}
try {
    QC.PT = window.callPhantom !== undefined || window._phantom !== undefined ? 1 : 0
} catch (e) {
    QC.PT = -1
}
try {
    QC.NB = typeof navigator.sendBeacon === "function" ? 1 : 0
} catch (e) {
    QC.NB = -1
}
try {
    QC.NG = navigator.geolocation !== undefined ? 1 : 0
} catch (e) {
    QC.NG = -1
}
try {
    QC.NW = 'webdriver' in navigator ? 1 : 0
} catch (e) {
    QC.NW = -1
}
QC.CF = 0;
try {
    var FlashDetect = new function() {
        var self = this;
        self.installed = false;
        self.raw = "";
        self.major = -1;
        self.minor = -1;
        self.revision = -1;
        self.revisionStr = "";
        var activeXDetectRules = [{
            "name": "ShockwaveFlash.ShockwaveFlash.7",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash.6",
            "version": function(obj) {
                var version = "6,0,21";
                try {
                    obj.AllowScriptAccess = "always";
                    version = getActiveXVersion(obj)
                } catch (err) {}
                return version
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }];
        var getActiveXVersion = function(activeXObj) {
            var version = -1;
            try {
                version = activeXObj.GetVariable("\$version")
            } catch (err) {}
            return version
        };
        var getActiveXObject = function(name) {
            var obj = -1;
            try {
                obj = new ActiveXObject(name)
            } catch (err) {
                obj = {
                    activeXError: true
                }
            }
            return obj
        };
        var parseActiveXVersion = function(str) {
            var versionArray = str.split(",");
            return {
                "raw": str,
                "major": parseInt(versionArray[0].split(" ")[1], 10),
                "minor": parseInt(versionArray[1], 10),
                "revision": parseInt(versionArray[2], 10),
                "revisionStr": versionArray[2]
            }
        };
        var parseStandardVersion = function(str) {
            var descParts = str.split(/ +/);
            var majorMinor = descParts[2].split(/\./);
            var revisionStr = descParts[3];
            return {
                "raw": str,
                "major": parseInt(majorMinor[0], 10),
                "minor": parseInt(majorMinor[1], 10),
                "revisionStr": revisionStr,
                "revision": parseRevisionStrToInt(revisionStr)
            }
        };
        var parseRevisionStrToInt = function(str) {
            return parseInt(str.replace(/[a-zA-Z]/g, ""), 10) || self.revision
        };
        self.majorAtLeast = function(version) {
            return self.major >= version
        };
        self.minorAtLeast = function(version) {
            return self.minor >= version
        };
        self.revisionAtLeast = function(version) {
            return self.revision >= version
        };
        self.versionAtLeast = function(major) {
            var properties = [self.major, self.minor, self.revision];
            var len = Math.min(properties.length, arguments.length);
            for (i = 0; i < len; i++) {
                if (properties[i] >= arguments[i]) {
                    if (i + 1 < len && properties[i] == arguments[i]) {
                        continue
                    } else {
                        return true
                    }
                } else {
                    return false
                }
            }
        };
        self.FlashDetect = function() {
            if (navigator.plugins && navigator.plugins.length > 0) {
                var type = 'application/x-shockwave-flash';
                var mimeTypes = navigator.mimeTypes;
                if (mimeTypes && mimeTypes[type] && mimeTypes[type].enabledPlugin && mimeTypes[type].enabledPlugin.description) {
                    var version = mimeTypes[type].enabledPlugin.description;
                    var versionObj = parseStandardVersion(version);
                    self.raw = versionObj.raw;
                    self.major = versionObj.major;
                    self.minor = versionObj.minor;
                    self.revisionStr = versionObj.revisionStr;
                    self.revision = versionObj.revision;
                    self.installed = true
                }
            } else if (navigator.appVersion.indexOf("Mac") == -1 && window.execScript) {
                var version = -1;
                for (var i = 0; i < activeXDetectRules.length && version == -1; i++) {
                    var obj = getActiveXObject(activeXDetectRules[i].name);
                    if (!obj.activeXError) {
                        self.installed = true;
                        version = activeXDetectRules[i].version(obj);
                        if (version != -1) {
                            var versionObj = parseActiveXVersion(version);
                            self.raw = versionObj.raw;
                            self.major = versionObj.major;
                            self.minor = versionObj.minor;
                            self.revision = versionObj.revision;
                            self.revisionStr = versionObj.revisionStr
                        }
                    }
                }
            }
        }()
    };
    if (FlashDetect.major > 0) {
        QC.CF = 1
    }
} catch (e) {
    QC.CF = 2
}
try {
    QCDone(QC)
} catch (e) {
    console.log(e)
}
                                    

#5 JavaScript::Eval (size: 20, repeated: 1) - SHA256: e9776e2e5c0dc6ace2f77bc3e2447b8e591fe28648279c789e2e93c8f0e6dd15

                                        wid.style. = '-50px'
                                    

Executed Writes (0)



HTTP Transactions (44)


Request Response
                                        
                                            GET /F0745I HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; expires=Thu, 30-May-19 16:57:19 GMT; path=/; domain=.bc.vc; HttpOnly _kei_=1; expires=Wed, 30-May-2018 21:00:00 GMT; Max-Age=14793; path=/
X-Powered-By: PHP/5.6.30-0+deb8u1
X-Frame-Options: allowall
Server: cloudflare
CF-RAY: 4232bd3675c0429d-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2439
Md5:    947d458b6df6fad07a87a1acea5aed6d
Sha1:   1377b63979988a61d688d1e76db707f6ae44c3c4
Sha256: fbdb63684714e4a6554db5a7193cfe772c9288227e059dd21701d26b92e3f202

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /css/style.css HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 11 Jun 2017 22:21:04 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 4232bd38762b429d-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3507
Md5:    8d13d760c79cb30c922dad80630de0b1
Sha1:   b60fbdc05b6a65d27ea4b15661c4465bf5bed53b
Sha256: f710dd2a34b844c40038729c023bfdd9d10c591dfb89ca9d763c403267444335
                                        
                                            GET /css/kfk.css HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:39 GMT
Etag: W/"59084eef-cd"
X-Frame-Options: allowall
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 4232bd38706942af-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   167
Md5:    934d36587f2ff7e50eb47d5b51ee9217
Sha1:   e5ff1e021825f7f4b36d0006f7a348390b4bac8d
Sha256: 1abc04c11016d45b3c780663a0dd98c94d55292342ccbee810867afea87c1058
                                        
                                            GET /js/po_v7.min.js?v=1 HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 May 2018 13:49:45 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 4232bd388630429d-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1824
Md5:    d7afe926642793b9edfedb2fadebc7cc
Sha1:   0404457ddcb67cb3b82ac22adc36d293556f2714
Sha256: 196d7dc12f4cef3e935229f011bfc00373de1ed70561c56c2613b355de336245
                                        
                                            GET /js/app.v5.js HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 07 Aug 2017 14:31:23 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 4232bd38907042af-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   655
Md5:    f8665607f296ec743e9c5a379725d125
Sha1:   beda4bf37aba5bec796ff1a6a7eff356522cb0b1
Sha256: ff841edc0e86149dfb92734a63866405293f89e95252eccd6d52a813b5fd00c5
                                        
                                            GET /js/jquery.libs.js HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:43 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 4232bd38928e428b-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7762
Md5:    ce6b43a7f57270c599e099be45bf3245
Sha1:   c2bc745de2cf74200520055a5239317c75d4598e
Sha256: f7f89ed1f05306ab4809fca0260e61303efa3451de8b24951795531d47ce78a1
                                        
                                            GET /css/bottom.css HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:39 GMT
Etag: W/"59084eef-be"
X-Frame-Options: allowall
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 4232bd3893194291-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   164
Md5:    d18b8a7db9c4102ece48efa83e2325d4
Sha1:   b14fa13bf0dad94da67b86dca4527626764bd489
Sha256: 98ca1375c7d3c455d1f1a59140ae975c42f5fb55af305821e80a63215cfce659
                                        
                                            GET /js/jquery.min.js HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:43 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Server: cloudflare
CF-RAY: 4232bd3893184291-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   27176
Md5:    b9ce259ec1665a1caa6e1fadd5d7358a
Sha1:   f930485641cff5f09af81a791786700dee43d726
Sha256: 810ddeea370d274695632e621706b196fdf13f5ca47a9413cc7a47060321dce7
                                        
                                            GET /images/logo.png HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/css/style.css
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Content-Length: 5014
Connection: keep-alive
Last-Modified: Tue, 02 May 2017 09:18:39 GMT
Etag: "59084eef-1396"
X-Frame-Options: allowall
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 30 May 2018 20:57:19 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 4232bd3a20c042af-OSL


--- Additional Info ---
Magic:  PNG image, 60 x 60, 8-bit/color RGBA, non-interlaced
Size:   5014
Md5:    e0c1cd9701213beacca580cc6b3d515a
Sha1:   9adb002d674195be592b175c7509cab21d24d666
Sha256: d218dfcf6f36270ee2eb138d72c747e83aecf95421c9f72fcbd1d4b466f91bea
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I
If-Modified-Since: Fri, 03 Oct 2014 00:48:42 GMT

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Wed, 30 May 2018 15:04:44 GMT
Expires: Wed, 30 May 2018 17:04:44 GMT
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 14386
Age: 6755
Cache-Control: public, max-age=7200


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14386
Md5:    b3de885583a477d4e31568948d6bebd7
Sha1:   2ce8d853244dde551c41d5207d6f71c567bde8c6
Sha256: e1bb5aa555a0d875e2a67884ceaa0629e08994a8aabadc2fac5b6915793dbf75
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    f6abc55ee4dea125dff804133ead7f84
Sha1:   50c6c0be3a4bb61603bd4077486ed7d706f260c7
Sha256: 284cb4914f8deb738bc832bd0a34eae49946c63bebef17abbafdf2d4eb3125fc
                                        
                                            GET /tab.js HTTP/1.1 
Host: widgets.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I

                                         
                                         50.23.131.235
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Wed, 30 May 2018 16:57:19 GMT
Last-Modified: Sun, 27 May 2018 23:27:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"5b0b3ef4-6eea"
Expires: Thu, 31 May 2018 16:57:19 GMT
Cache-Control: max-age=86400, private
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   18876
Md5:    a7f70d987282781428eb52616d4b422c
Sha1:   b43215746aca03ac7b78d1913c8877e5c3eb0809
Sha256: 41dc86e65466ed91e6fb165a8fe4a8179dde847f02e0824cc305b4eb5f098ce2
                                        
                                            GET /r/collect?v=1&_v=j68&a=1965390648&t=pageview&_s=1&dl=http%3A%2F%2Fbc.vc%2FF0745I&ul=en-us&de=UTF-8&dt=http%3A%2F%2Fwww.mediafire.com%2F%3F79307032x2671c9&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=IEBAAEQ~&jid=183433933&gjid=1350535773&cid=1244062783.1527699440&tid=UA-12855174-12&_gid=1043194241.1527699440&_r=1&cd2=10184&z=1910350376 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Wed, 30 May 2018 16:57:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    6bf50ec404fb4a8b4a94be8390d11938
Sha1:   0caaab7704d6221abc5e0342909a4928cee50b1c
Sha256: 63b592179b1e9a528344ce1d430b9479fc55f43420a468ec35aaeaa9dff911cf
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 28 May 2018 14:05:53 GMT
Etag: B5E11B99D7F73F92FB01B303F04C53072E09FF25
X-OCSP-Responder-ID: rmdccaocsp25
Content-Length: 280
Cache-Control: public, no-transform, must-revalidate, max-age=1797
Expires: Wed, 30 May 2018 17:27:17 GMT
Date: Wed, 30 May 2018 16:57:20 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   280
Md5:    2e420c0011b383f06bb8378c85a17b1f
Sha1:   b5e11b99d7f73f92fb01b303f04c53072e09ff25
Sha256: 7d1f635ce9c885eb7e68359ac1d026dd896b5e800b0d3827585b33a257e40650
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 29 May 2018 09:10:02 GMT
Etag: AF25C1516EDD346E7A3ECFE170B0CFB7CF4FE83F
X-OCSP-Responder-ID: rmdccaocsp25
Content-Length: 314
Cache-Control: public, no-transform, must-revalidate, max-age=879
Expires: Wed, 30 May 2018 17:11:59 GMT
Date: Wed, 30 May 2018 16:57:20 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   314
Md5:    55f6b392e6e1c3d36c1220e83304bcd9
Sha1:   af25c1516edd346e7a3ecfe170b0cfb7cf4fe83f
Sha256: 2713d1daa39551406ee764c8c6389662e23084fe45293418a92fb96f3a0990bd
                                        
                                            GET /pingjs/?k=s7popkb7yn2l&t=http%3Awww.mediafire.com%3F79307032x2671c9&c=t&y=&a=0&d=0&v=22&r=6158 HTTP/1.1 
Host: whos.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I

                                         
                                         67.202.94.93
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Wed, 30 May 2018 16:57:20 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   53
Md5:    188f18b12e50ebdd4d52d5516ad6b26e
Sha1:   66bd1048673fdf74518bb7b4af7be47fab23ad60
Sha256: 6564809b7317d641f03c3a348017cc1737dafb8e1f31da75b150a21fbadd429f
                                        
                                            GET /gtag/js?id=UA-12855174-12 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I

                                         
                                         216.58.211.8
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Access-Control-Allow-Origin: http://www.googletagmanager.com
Access-Control-Allow-Headers: Cache-Control
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Wed, 30 May 2018 16:57:20 GMT
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: private, max-age=900
Server: Google Tag Manager (scaffolding)
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   22858
Md5:    bb42b409f15978f07a7065092bc08948
Sha1:   3d730c88624c2b71742038c8ba71a08660465f55
Sha256: 62d8d3a27cc3b414b6fb21187ba53ddf527f9340aae22853cf35cd26d369f3c4
                                        
                                            GET /earn.php?z=3&oid=10184&subid=10184&title=http://www.mediafire.com/?79307032x2671c9 HTTP/1.1 
Host: bcvcrdr.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I

                                         
                                         104.28.11.186
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 30 May 2018 16:57:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d4064704431a68be7a4a09cde311488e81527699440; expires=Thu, 30-May-19 16:57:20 GMT; path=/; domain=.bcvcrdr.xyz; HttpOnly; Secure PHPSESSID=5rfifrk3m1odf8d82s2kp7mb84; path=/
X-Powered-By: PHP/5.6.30-0+deb8u1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: allowall
Access-Control-Allow-Origin: *
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4232bd3fff184279-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   116
Md5:    c44ff1327dc7f58afd19e38637c798c6
Sha1:   8318f5f7cfba7a792a015dd41433cd8414521dca
Sha256: 762c817fd0aefc4668ec5f9935fb5eaf8a5d8a4e4c3eafb96e6ed0daa6ac4a78
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Wed, 30 May 2018 14:58:51 GMT
Expires: Wed, 30 May 2018 16:58:51 GMT
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 14386
Cache-Control: public, max-age=7200
Age: 7109
Alt-Svc: quic=":443"; ma=2592000; v="43,42,41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14386
Md5:    b3de885583a477d4e31568948d6bebd7
Sha1:   2ce8d853244dde551c41d5207d6f71c567bde8c6
Sha256: e1bb5aa555a0d875e2a67884ceaa0629e08994a8aabadc2fac5b6915793dbf75
                                        
                                            GET /r/collect?v=1&_v=j68&a=1965390648&t=pageview&_s=1&dl=http%3A%2F%2Fbc.vc%2FF0745I&ul=en-us&de=UTF-8&dt=http%3A%2F%2Fwww.mediafire.com%2F%3F79307032x2671c9&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=aEDAAUQ~&jid=441995234&gjid=903141228&cid=1244062783.1527699440&tid=UA-12855174-12&_gid=1043194241.1527699440&_r=1&gtm=u4s&z=1838562813 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bc.vc/F0745I

                                         
                                         216.58.207.238
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Wed, 30 May 2018 16:57:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Alt-Svc: quic=":443"; ma=2592000; v="43,42,41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         195.159.219.11
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "94EBAA9083C68DF483C6CE761066304DE945BBAF1C3DD7DED7E991ACC8450372"
Last-Modified: Sun, 27 May 2018 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11455
Expires: Wed, 30 May 2018 20:08:15 GMT
Date: Wed, 30 May 2018 16:57:20 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    441fa36a24a558610b033f6c14afc2e2
Sha1:   2d445b13f8a924ed87c372957462e4c1b9a426ab
Sha256: 94ebaa9083c68df483c6ce761066304de945bbaf1c3dd7ded7e991acc8450372
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.122
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Sun, 27 May 2018 08:07:03 GMT
Etag: "e7dfc1026df9aab76f36c3834cc1ad092724b99e"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=5001
Expires: Wed, 30 May 2018 18:20:42 GMT
Date: Wed, 30 May 2018 16:57:21 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    89d343c0699bee671584a66c8c9b90ae
Sha1:   e7dfc1026df9aab76f36c3834cc1ad092724b99e
Sha256: 826fafded951f93f8afde8c3ca7a9d7f7a7545fe0914a2f5f582f9531d7860d9
                                        
                                            GET /4/13821/ HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         188.72.213.220
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: SeenToday=1; expires=Thu, 31-May-2018 16:57:21 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Thu, 31-May-2018 16:57:21 GMT; Max-Age=86400; path=/ oaidts=1527699441; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/ OAID=be91ee88f6545066330c402356facb6d; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/ OAID=be91ee88f6545066330c402356facb6d; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/ exsdsf=1527699441 pbk3=4d01cf977ff8d1f1a43033bf034b49ea6561419138513085553; expires=Wed, 30-May-2018 17:07:21 GMT; Max-Age=600 ltm_afu=1; expires=Thu, 31-May-2018 16:57:21 GMT; Max-Age=86400; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
X-Used-AdExchange: 1
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4161
Md5:    04860a3b4e03162962ff13f6fc97cf1a
Sha1:   e2edb78e4bb390b326f492851a082ba2a4fa7456
Sha256: fa586a79b1a3f5c876b92ccd38c71348741d1bd5e11cc04ecf3ae683235486a6
                                        
                                            GET /?r=%2Fmb%2Fhan&zoneid=13821&pbk3=4d01cf977ff8d1f1a43033bf034b49ea6561419138513085553&empty=0&auction_id=00deb5cb-6dd6-4664-bae6-07e989e2349b&uuid=748f155a-97af-4261-a7a7-aabb9cbdb3c1&ad_scheme=1&rotation_type=2&ppucounter=0&first_visit=0&on_test=0&offer_views=0&ab_test=1393&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=640&wfc=1&pl=https%3A%2F%2Frotumal.com%2F4%2F13821%2F&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&id=aca101c623166365f2216a540db903cb&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=1&fs=1&timeout=0 HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://rotumal.com/4/13821/
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1527699441; OAID=be91ee88f6545066330c402356facb6d; ltm_afu=1

                                         
                                         188.72.213.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: f3d5bb63c9dbdcfb475795d659c65a4e=9EzXMPAiRh7C987edd3LORlusmyAuqzsYgWjaYph6ik; expires=Wed, 06-Jun-2018 16:57:21 GMT; Max-Age=604800 OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Thu, 31-May-2018 16:57:21 GMT; Max-Age=86400; path=/ ppucnt=1; expires=Thu, 31-May-2018 16:57:21 GMT; Max-Age=86400; path=/ ppucntstart=1527699441; expires=Thu, 31-May-2018 16:57:21 GMT; Max-Age=86400; path=/ allcnt=1; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/ OAID=be91ee88f6545066330c402356facb6d; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/ _OACCAP[960689]=1; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/ _OACBLOCK[960689]=1527699441; expires=Fri, 29-Jun-2018 16:57:21 GMT; Max-Age=2592000; path=/ _OXCCLK[960689]=1; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/ _OXPCLK[102397]=1; expires=Thu, 30-May-2019 16:57:21 GMT; Max-Age=31536000; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://girrrly.com/visit.php?c=4689&k=bdad90f97735b3b8afed12766ef6056b&bannerid=1634587&campaignid=960689&zoneid=13821&zoneid=13821
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d945a4ff54b27868c3adb34deeeb6fc891527699439; _kei_=1; _ga=GA1.2.1244062783.1527699440; _gid=GA1.2.1043194241.1527699440; _gat=1; _gat_gtag_UA_12855174_12=1

                                         
                                         104.28.31.81
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Wed, 30 May 2018 16:57:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 28 Jul 2017 08:55:16 GMT
X-Frame-Options: allowall
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Expires: Wed, 06 Jun 2018 16:57:21 GMT
Cache-Control: public, max-age=604800
Server: cloudflare
CF-RAY: 4232bd445099429d-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5425
Md5:    ee9e411232f516ba2571ea044f7c242b
Sha1:   f937da91770cf4e94b1b4ff3f0ede9bc812c0bac
Sha256: 0fb8c80c3ee1f5e65ce733aa2d0196011c104204a621ac69e2f35f9830518be9
                                        
                                            GET /visit.php?c=4689&k=bdad90f97735b3b8afed12766ef6056b&bannerid=1634587&campaignid=960689&zoneid=13821&zoneid=13821 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         78.31.67.23
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; expires=Sat, 30-Jun-2018 16:57:21 GMT; Max-Age=2678400; path=/ fc_n_4689=1_1_1_1_1; expires=Sat, 30-Jun-2018 16:57:21 GMT; Max-Age=2678400; path=/ c=3syz1eyfwzbaz0; expires=Fri, 29-Jun-2018 16:57:21 GMT; Max-Age=2592000; path=/ k=1fc078ac75546a50f3b708ac866a6470; expires=Fri, 29-Jun-2018 16:57:21 GMT; Max-Age=2592000; path=/
Cache-Control: no-cache
Location: http://girrrly.com//sex/multi/maingame/angame/chooseyour?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech Information Systems AS&lang=en&ref_domain=&os=Windows 7&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Expires: Wed, 30 May 2018 16:57:20 GMT


--- Additional Info ---
                                        
                                            GET //sex/multi/maingame/angame/chooseyour?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5= HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470

                                         
                                         78.31.67.23
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 178
Location: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Connection: keep-alive
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  HTML document text
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5= HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; expires=Sat, 30-Jun-2018 16:57:21 GMT; Max-Age=2678400; path=/ lfc_n_395_4689=1_1_1_1_1; expires=Sat, 30-Jun-2018 16:57:21 GMT; Max-Age=2678400; path=/
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4248
Md5:    a02d3bc1c69ff155e6764d2158901006
Sha1:   24c5332bd5de60c3654b7d6fa3446e83705f32ec
Sha256: d2685ad6b195c312cb3bb27bf84ac906cce03d98b8eecac6227f5a98b72cd6e6
                                        
                                            GET /ctrack.php?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&sr=1176_885&t=0.14704203861627496 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Wed, 30 May 2018 16:57:20 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ffce86e7c036f733c99e4aac1951d1f0
Sha1:   9d27322a607424247d05b3aa22ed8a9bbf3977ca
Sha256: adc1673711c18a8770805224a7c110405cb60a6e933d56f47a7b36585fe37fcc
                                        
                                            GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=

                                         
                                         216.58.207.234
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 30211
Date: Tue, 29 May 2018 23:31:31 GMT
Expires: Wed, 29 May 2019 23:31:31 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 62750


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   30211
Md5:    fbe55d62ddbb07d455db91c42719fa95
Sha1:   45b95c6f258886c2c52463472f93a00eeda53ea9
Sha256: f578c28becf81938d728f30836a507879e448d27461a2db119d7fb6d456f2fd1
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/nami_@2X.png HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 210
Last-Modified: Wed, 11 May 2016 04:52:54 GMT
Connection: keep-alive
Etag: "5732baa6-d2"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 32 x 32, 2-bit colormap, non-interlaced
Size:   210
Md5:    05317491a9e26324335c7533cf5483d7
Sha1:   2252438e116b1dc115471496df72b8367827ff30
Sha256: fca6444ee3d5bad3c153dee51f9b50e920891f131d31b255955208dc69f93cb8
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/3.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 7678
Last-Modified: Thu, 18 Jan 2018 11:53:02 GMT
Connection: keep-alive
Etag: "5a608a9e-1dfe"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   7678
Md5:    759d38e4eaa12d9ef6cc245a4ac4dd13
Sha1:   0da175db0dbeb101ac4cdc667b755fc583d48d25
Sha256: d4062d9d23041a9cdd7038c6204cc94862f8e3e9132051a70135db9d49b1dcf0
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/1.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 7959
Last-Modified: Thu, 18 Jan 2018 11:53:08 GMT
Connection: keep-alive
Etag: "5a608aa4-1f17"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   7959
Md5:    555b1e6c66dc2e68eedde56f2fcb034e
Sha1:   6ff8ef9b68223ee4feddfe5dfadd8649ec1b8a06
Sha256: b2a9199965a9750190f7519cfd7fc622cd106760d656b2789bd440872ad5be95
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/2.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 7983
Last-Modified: Thu, 18 Jan 2018 11:53:10 GMT
Connection: keep-alive
Etag: "5a608aa6-1f2f"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   7983
Md5:    43b1d044910caf288662cf13f5541f2e
Sha1:   05862bb820cbcfea9f03e4337ff4ab411093c996
Sha256: 34c53686e529d3e547f65bdd1da0d12c80d1f61ec1aabf8f461dbe1d93131087
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/5.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 14236
Last-Modified: Thu, 18 Jan 2018 11:53:04 GMT
Connection: keep-alive
Etag: "5a608aa0-379c"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   14236
Md5:    dcf7ce381fd0a5745f0e234cce743a5b
Sha1:   5d5617f60db4e6f6654267fd1445e2bd42051c0c
Sha256: ea262d8abdc79dee58c48b27df1b6f99b5d8d06111a0407b6b4e64379e0a861b
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/4.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 8071
Last-Modified: Thu, 18 Jan 2018 11:53:02 GMT
Connection: keep-alive
Etag: "5a608a9e-1f87"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8071
Md5:    bee6922218b06051e899835242546323
Sha1:   4a4a709e878eb424cdb9e1e791ceb4fd60709119
Sha256: aa1439d4f328d536da869e1c7ea429e3385f960fb42de28e86b0834df66cd274
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/right.png HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 28900
Last-Modified: Thu, 18 Jan 2018 11:53:08 GMT
Connection: keep-alive
Etag: "5a608aa4-70e4"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 266 x 400, 8-bit colormap, non-interlaced
Size:   28900
Md5:    5acf080de7a0a99e478cc0db643d7552
Sha1:   78a41c0a905051119b9021bc31a3df1145678c6e
Sha256: 00fc155fbc65dbb8cf527e08a427819a4352601c51b0ea99d9d9c3e581cad5dc
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/left.png HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 31170
Last-Modified: Thu, 18 Jan 2018 11:53:06 GMT
Connection: keep-alive
Etag: "5a608aa2-79c2"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 231 x 400, 8-bit colormap, non-interlaced
Size:   31170
Md5:    780df4a1b70e2f4807517a22fd15b89d
Sha1:   2dd1a7ec4ca0ef088f289a86d44cfc9ed3ad68d9
Sha256: dca3ee04ed21f18ff297f6cd45bde4202b0c0a14b7b60e5fad30f2ba21f7cb4a
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/6.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 14083
Last-Modified: Thu, 18 Jan 2018 11:53:04 GMT
Connection: keep-alive
Etag: "5a608aa0-3703"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   14083
Md5:    4f2396faf7770f8b551ff7a968cf80aa
Sha1:   13e36aec840908ce34f2c9d08211caffc41a6df6
Sha256: ec26820deb6eff5b55007607f4ea35e506fe15991cf2273057903275e11d4205
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/7.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 8497
Last-Modified: Thu, 18 Jan 2018 11:53:04 GMT
Connection: keep-alive
Etag: "5a608aa0-2131"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   8497
Md5:    54fe13d7bdd9a8fb5378c557e25c8152
Sha1:   b1b11177a9dc69e88d294e5a800ebbc2ec65431d
Sha256: 75a53c9229143e8b7696a957c4ec968200e99583d1922e58d9a20d6835c75aa4
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/8.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 9049
Last-Modified: Thu, 18 Jan 2018 11:53:04 GMT
Connection: keep-alive
Etag: "5a608aa0-2359"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   9049
Md5:    68409363d0f584638c551192b1af8af2
Sha1:   e3b5d2cc8c32259144dbc67359ccea063611dc85
Sha256: 236a3ba34da3db66eb83dfcd71a88087638da8844c9229ded6c8c1bc457847b8
                                        
                                            GET /sex/multi/maingame/angame/chooseyour/9.jpg HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:21 GMT
Content-Length: 10508
Last-Modified: Thu, 18 Jan 2018 11:53:04 GMT
Connection: keep-alive
Etag: "5a608aa0-290c"
Expires: Wed, 30 May 2018 16:57:20 GMT
Cache-Control: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   10508
Md5:    e63015ba2b261691058b7751be64352f
Sha1:   b7e095a12d5b2753b2a066f490602b7d9b00cf92
Sha256: bdc828636f1de7b70e6fffe5cd1e84dfa8aadc6e212a01d8b660dc31fcdc61ac
                                        
                                            GET /lib/ajax/lp_timing.php?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&d=460_0&t=0.3877918703466111 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/angame/chooseyour/?c=3syz1eyfwzbaz0&k=1fc078ac75546a50f3b708ac866a6470&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527699441_1527699441_1527699441_1527699441_1527699441; fc_n_4689=1_1_1_1_1; c=3syz1eyfwzbaz0; k=1fc078ac75546a50f3b708ac866a6470; lfc_t_395_4689=1527699441_1527699441_1527699441_1527699441_1527699441; lfc_n_395_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 30 May 2018 16:57:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 30 May 2018 16:57:21 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ffce86e7c036f733c99e4aac1951d1f0
Sha1:   9d27322a607424247d05b3aa22ed8a9bbf3977ca
Sha256: adc1673711c18a8770805224a7c110405cb60a6e933d56f47a7b36585fe37fcc