Overview

URL bc.vc/4847/http:/turbobit.net/edmsu3xrx5wo/idm.full.zip.html
IP104.28.30.81
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-05-31 00:14:24 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-05-31 2 bc.vc/4847/http:/turbobit.net/edmsu3xrx5wo/idm.full.zip.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.28.30.81

Date UQ / IDS / BL URL IP
2018-06-20 21:09:50 +0200
0 - 0 - 1 www.vidaplaystation.com.br/took/dropbox/us-mg (...) 104.28.30.81
2018-06-20 20:07:23 +0200
0 - 0 - 1 www.vidaplaystation.com.br/took/dropbox/us-mg (...) 104.28.30.81
2018-06-08 16:57:01 +0200
0 - 0 - 0 bc.vc/ucyfJTW 104.28.30.81
2018-05-29 22:47:15 +0200
0 - 0 - 1 bc.vc/YLS5c7 104.28.30.81
2018-05-23 13:54:05 +0200
0 - 0 - 0 bc.vc/Q7a4LQJ 104.28.30.81
2018-03-31 14:47:25 +0200
0 - 1 - 0 bc.vc/xDNpJNC 104.28.30.81
2018-03-07 06:17:16 +0100
0 - 0 - 0 bc.vc/rA6E8xm 104.28.30.81
2018-01-08 09:47:25 +0100
0 - 0 - 1 bc.vc/25091/http:/ul.to/cy1yzhdx 104.28.30.81
2018-01-06 05:10:03 +0100
0 - 0 - 1 bc.vc/6OUNms 104.28.30.81
2018-01-05 10:11:13 +0100
0 - 0 - 1 bc.vc/8jCp7oDAILY 104.28.30.81

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2018-11-16 11:14:45 +0100
0 - 1 - 14 soapcrone.top/ 104.27.144.35
2018-11-16 11:09:02 +0100
0 - 1 - 0 https://n-a-s-p-d.pw/e29481e9-a792-46a8-bbf0- (...) 104.31.64.120
2018-11-16 11:07:58 +0100
0 - 0 - 0 https://www.theknot.com/us/italy-vs-australia (...) 104.16.208.249
2018-11-16 11:02:39 +0100
0 - 0 - 1 www.kernsafe.com/product/totalmounter.aspx 104.24.29.20
2018-11-16 10:42:29 +0100
0 - 0 - 0 burt.ns.cloudflare.com/ 173.245.59.79
2018-11-16 10:39:37 +0100
0 - 0 - 0 ocsp.globalsign.com 104.18.21.226
2018-11-16 10:38:57 +0100
0 - 0 - 0 https://www.theknot.com/us/france-vs-argentin (...) 104.16.208.249
2018-11-16 10:30:27 +0100
0 - 0 - 0 nina.ns.cloudflare.com/ 173.245.58.136
2018-11-16 10:29:25 +0100
0 - 2 - 0 https://etodoro.ga/mypush1/index-redir3-adult (...) 104.18.41.212
2018-11-16 10:27:26 +0100
0 - 0 - 1 https://tinyurl.com/ybwnw4to 104.20.218.42

Last 10 reports on domain: bc.vc

Date UQ / IDS / BL URL IP
2018-11-08 21:21:16 +0100
0 - 0 - 0 bc.vc/fly/ajax.php?wds=50f1cfb53414785befcbe0 (...) 172.64.202.12
2018-10-05 07:41:48 +0200
0 - 0 - 1 bc.vc/Na7Tv8L 104.18.42.124
2018-08-15 16:29:44 +0200
0 - 0 - 0 bc.vc/82Vtjs1 172.64.161.8
2018-08-02 18:10:46 +0200
0 - 0 - 0 bc.vc/82Vtjs1 104.27.129.229
2018-07-26 08:22:19 +0200
0 - 0 - 1 bc.vc/qlZN0E 172.64.136.7
2018-06-27 18:07:31 +0200
2 - 0 - 0 bc.vc/JfF1m3P 104.27.170.229
2018-06-08 16:57:01 +0200
0 - 0 - 0 bc.vc/ucyfJTW 104.28.30.81
2018-05-30 18:57:53 +0200
0 - 0 - 1 bc.vc/F0745I 104.28.31.81
2018-05-29 22:47:15 +0200
0 - 0 - 1 bc.vc/YLS5c7 104.28.30.81
2018-05-29 14:05:32 +0200
0 - 0 - 1 bc.vc/oYEWFr 104.28.31.81


JavaScript

Executed Scripts (8)


Executed Evals (1)

#1 JavaScript::Eval (size: 5258, repeated: 1) - SHA256: 847f6a895681edae9f59251c842a9184de97150e61648bfc22fff5bf6b869622

                                        function QCDone(d) {
    try {
        document.getElementById('ci_SW').value = d.SW
    } catch (e) {}
    try {
        document.getElementById('ci_SH').value = d.SH
    } catch (e) {}
    try {
        document.getElementById('ci_SAH').value = d.SAH
    } catch (e) {}
    try {
        document.getElementById('ci_WX').value = d.WX
    } catch (e) {}
    try {
        document.getElementById('ci_WY').value = d.WY
    } catch (e) {}
    try {
        document.getElementById('ci_WW').value = d.WW
    } catch (e) {}
    try {
        document.getElementById('ci_WH').value = d.WH
    } catch (e) {}
    try {
        document.getElementById('ci_CW').value = d.CW
    } catch (e) {}
    try {
        document.getElementById('ci_WIW').value = d.WIW
    } catch (e) {}
    try {
        document.getElementById('ci_WIH').value = d.WIH
    } catch (e) {}
    try {
        document.getElementById('ci_WFC').value = d.WFC
    } catch (e) {}
    try {
        document.getElementById('ci_PL').value = d.PL
    } catch (e) {}
    try {
        document.getElementById('ci_DRF').value = d.DRF
    } catch (e) {}
    try {
        document.getElementById('ci_NP').value = d.NP
    } catch (e) {}
    try {
        document.getElementById('ci_PT').value = d.PT
    } catch (e) {}
    try {
        document.getElementById('ci_NB').value = d.NB
    } catch (e) {}
    try {
        document.getElementById('ci_NG').value = d.NG
    } catch (e) {}
    try {
        document.getElementById('ci_DM').value = d.DM
    } catch (e) {}
    try {
        document.getElementById('ci_CF').value = d.CF
    } catch (e) {}
    try {
        document.getElementById('ci_NW').value = d.NW
    } catch (e) {}
}
var QC = {};
try {
    QC.SW = window.screen.width;
    QC.SH = window.screen.height
} catch (e) {
    QC.SW = -1;
    QC.SH = -1
}
try {
    QC.SAH = window.screen.availHeight
} catch (e) {
    QC.SAH = -1
}
try {
    QC.WX = window.screenX;
    QC.WY = window.screenY
} catch (e) {
    QC.WX = -1;
    QC.WY = -1
}
try {
    QC.WW = window.outerWidth;
    QC.WH = window.outerHeight
} catch (e) {
    QC.WW = -1;
    QC.WH = -1
}
try {
    QC.WIW = window.innerWidth;
    QC.WIH = window.innerHeight
} catch (e) {
    QC.WIW = -1;
    QC.WIH = -1
}
try {
    QC.CW = document.documentElement.clientWidth
} catch (e) {
    QC.CW = -1
}
try {
    QC.WFC = window.top.frames.length
} catch (e) {
    QC.WFC = -1
}
try {
    QC.PL = document.location.href
} catch (e) {
    QC.PL = ''
}
try {
    QC.DRF = document.referrer
} catch (e) {
    QC.DRF = ''
}
try {
    QC.NP = (!(navigator.plugins instanceof PluginArray) || navigator.plugins.length == 0) ? 0 : 1
} catch (e) {
    QC.NP = -1
}
try {
    QC.PT = window.callPhantom !== undefined || window._phantom !== undefined ? 1 : 0
} catch (e) {
    QC.PT = -1
}
try {
    QC.NB = typeof navigator.sendBeacon === "function" ? 1 : 0
} catch (e) {
    QC.NB = -1
}
try {
    QC.NG = navigator.geolocation !== undefined ? 1 : 0
} catch (e) {
    QC.NG = -1
}
try {
    QC.NW = 'webdriver' in navigator ? 1 : 0
} catch (e) {
    QC.NW = -1
}
QC.CF = 0;
try {
    var FlashDetect = new function() {
        var self = this;
        self.installed = false;
        self.raw = "";
        self.major = -1;
        self.minor = -1;
        self.revision = -1;
        self.revisionStr = "";
        var activeXDetectRules = [{
            "name": "ShockwaveFlash.ShockwaveFlash.7",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash.6",
            "version": function(obj) {
                var version = "6,0,21";
                try {
                    obj.AllowScriptAccess = "always";
                    version = getActiveXVersion(obj)
                } catch (err) {}
                return version
            }
        }, {
            "name": "ShockwaveFlash.ShockwaveFlash",
            "version": function(obj) {
                return getActiveXVersion(obj)
            }
        }];
        var getActiveXVersion = function(activeXObj) {
            var version = -1;
            try {
                version = activeXObj.GetVariable("\$version")
            } catch (err) {}
            return version
        };
        var getActiveXObject = function(name) {
            var obj = -1;
            try {
                obj = new ActiveXObject(name)
            } catch (err) {
                obj = {
                    activeXError: true
                }
            }
            return obj
        };
        var parseActiveXVersion = function(str) {
            var versionArray = str.split(",");
            return {
                "raw": str,
                "major": parseInt(versionArray[0].split(" ")[1], 10),
                "minor": parseInt(versionArray[1], 10),
                "revision": parseInt(versionArray[2], 10),
                "revisionStr": versionArray[2]
            }
        };
        var parseStandardVersion = function(str) {
            var descParts = str.split(/ +/);
            var majorMinor = descParts[2].split(/\./);
            var revisionStr = descParts[3];
            return {
                "raw": str,
                "major": parseInt(majorMinor[0], 10),
                "minor": parseInt(majorMinor[1], 10),
                "revisionStr": revisionStr,
                "revision": parseRevisionStrToInt(revisionStr)
            }
        };
        var parseRevisionStrToInt = function(str) {
            return parseInt(str.replace(/[a-zA-Z]/g, ""), 10) || self.revision
        };
        self.majorAtLeast = function(version) {
            return self.major >= version
        };
        self.minorAtLeast = function(version) {
            return self.minor >= version
        };
        self.revisionAtLeast = function(version) {
            return self.revision >= version
        };
        self.versionAtLeast = function(major) {
            var properties = [self.major, self.minor, self.revision];
            var len = Math.min(properties.length, arguments.length);
            for (i = 0; i < len; i++) {
                if (properties[i] >= arguments[i]) {
                    if (i + 1 < len && properties[i] == arguments[i]) {
                        continue
                    } else {
                        return true
                    }
                } else {
                    return false
                }
            }
        };
        self.FlashDetect = function() {
            if (navigator.plugins && navigator.plugins.length > 0) {
                var type = 'application/x-shockwave-flash';
                var mimeTypes = navigator.mimeTypes;
                if (mimeTypes && mimeTypes[type] && mimeTypes[type].enabledPlugin && mimeTypes[type].enabledPlugin.description) {
                    var version = mimeTypes[type].enabledPlugin.description;
                    var versionObj = parseStandardVersion(version);
                    self.raw = versionObj.raw;
                    self.major = versionObj.major;
                    self.minor = versionObj.minor;
                    self.revisionStr = versionObj.revisionStr;
                    self.revision = versionObj.revision;
                    self.installed = true
                }
            } else if (navigator.appVersion.indexOf("Mac") == -1 && window.execScript) {
                var version = -1;
                for (var i = 0; i < activeXDetectRules.length && version == -1; i++) {
                    var obj = getActiveXObject(activeXDetectRules[i].name);
                    if (!obj.activeXError) {
                        self.installed = true;
                        version = activeXDetectRules[i].version(obj);
                        if (version != -1) {
                            var versionObj = parseActiveXVersion(version);
                            self.raw = versionObj.raw;
                            self.major = versionObj.major;
                            self.minor = versionObj.minor;
                            self.revision = versionObj.revision;
                            self.revisionStr = versionObj.revisionStr
                        }
                    }
                }
            }
        }()
    };
    if (FlashDetect.major > 0) {
        QC.CF = 1
    }
} catch (e) {
    QC.CF = 2
}
try {
    QCDone(QC)
} catch (e) {
    console.log(e)
}
                                    

Executed Writes (0)



HTTP Transactions (18)


Request Response
                                        
                                            GET /4847/http:/turbobit.net/edmsu3xrx5wo/idm.full.zip.html HTTP/1.1 
Host: bc.vc
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.28.30.81
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 30 May 2018 22:13:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d3ff5ae911a8765de5cec38d1fdb3d6e11527718432; expires=Thu, 30-May-19 22:13:52 GMT; path=/; domain=.bc.vc; HttpOnly _kei_=1; expires=Thu, 31-May-2018 21:00:00 GMT; Max-Age=82200; path=/
X-Powered-By: PHP/5.6.30-0+deb8u1
Location: https://bcvcrdr.xyz/earn.php?z=49&subid=-61
X-Frame-Options: allowall
Server: cloudflare
CF-RAY: 42348cede51f42a9-OSL


--- Additional Info ---
Magic:  ASCII HTML document text
Size:   118
Md5:    5ffd7b345659a4a2791f77a3045204fd
Sha1:   df2a2eba18117db2a4999dec47991ee454709c71
Sha256: 8652da731061200c14b10285fdfb36265d421a7a827d3079c76cd044ece20019

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 28 May 2018 14:05:53 GMT
Etag: B5E11B99D7F73F92FB01B303F04C53072E09FF25
X-OCSP-Responder-ID: rmdccaocsp24
Content-Length: 280
Cache-Control: public, no-transform, must-revalidate, max-age=1800
Expires: Wed, 30 May 2018 22:43:53 GMT
Date: Wed, 30 May 2018 22:13:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   280
Md5:    2e420c0011b383f06bb8378c85a17b1f
Sha1:   b5e11b99d7f73f92fb01b303f04c53072e09ff25
Sha256: 7d1f635ce9c885eb7e68359ac1d026dd896b5e800b0d3827585b33a257e40650
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 29 May 2018 09:10:02 GMT
Etag: AF25C1516EDD346E7A3ECFE170B0CFB7CF4FE83F
X-OCSP-Responder-ID: rmdccaocsp24
Content-Length: 314
Cache-Control: public, no-transform, must-revalidate, max-age=655
Expires: Wed, 30 May 2018 22:24:48 GMT
Date: Wed, 30 May 2018 22:13:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   314
Md5:    55f6b392e6e1c3d36c1220e83304bcd9
Sha1:   af25c1516edd346e7a3ecfe170b0cfb7cf4fe83f
Sha256: 2713d1daa39551406ee764c8c6389662e23084fe45293418a92fb96f3a0990bd
                                        
                                            GET /earn.php?z=49&subid=-61 HTTP/1.1 
Host: bcvcrdr.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.28.10.186
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 30 May 2018 22:13:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=deb9fcadb0fd8a46134d065f251ebf0951527718433; expires=Thu, 30-May-19 22:13:53 GMT; path=/; domain=.bcvcrdr.xyz; HttpOnly; Secure PHPSESSID=o95bkht5mtdreau371a4q13lj2; path=/
X-Powered-By: PHP/5.6.30-0+deb8u1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: allowall
Access-Control-Allow-Origin: *
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 42348cf29ca14255-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   116
Md5:    c44ff1327dc7f58afd19e38637c798c6
Sha1:   8318f5f7cfba7a792a015dd41433cd8414521dca
Sha256: 762c817fd0aefc4668ec5f9935fb5eaf8a5d8a4e4c3eafb96e6ed0daa6ac4a78
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bcvcrdr.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=deb9fcadb0fd8a46134d065f251ebf0951527718433; PHPSESSID=o95bkht5mtdreau371a4q13lj2

                                         
                                         104.28.10.186
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Wed, 30 May 2018 22:13:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 06 Jun 2018 22:13:53 GMT
Cache-Control: public, max-age=604800
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 42348cf3cd424255-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   132
Md5:    3fc464548b95ecd8e756ba077d36005d
Sha1:   7a7c90afb8f4a277627f47d7212b74d52fe4161a
Sha256: 1de8437511861ae6510412a9e96793ee6543eff46e70683d64f1a92c54720f74
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "8D937B7346DFD69075D04FBD44AAA1B482B14FE8F7DCA867AD65D190CB52F60B"
Last-Modified: Wed, 30 May 2018 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=27091
Expires: Thu, 31 May 2018 05:45:24 GMT
Date: Wed, 30 May 2018 22:13:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    d5100205220338ec7b0fba68c3a737a6
Sha1:   0cdba92d3b1365741030e96ef69efca2dedae07e
Sha256: 8d937b7346dfd69075d04fbd44aaa1b482b14fe8f7dca867ad65d190cb52f60b
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.121
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Sun, 27 May 2018 08:07:03 GMT
Etag: "e7dfc1026df9aab76f36c3834cc1ad092724b99e"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=24948
Expires: Thu, 31 May 2018 05:09:42 GMT
Date: Wed, 30 May 2018 22:13:54 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    89d343c0699bee671584a66c8c9b90ae
Sha1:   e7dfc1026df9aab76f36c3834cc1ad092724b99e
Sha256: 826fafded951f93f8afde8c3ca7a9d7f7a7545fe0914a2f5f582f9531d7860d9
                                        
                                            GET /4/13821/ HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         188.72.213.220
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: SeenToday=1; expires=Thu, 31-May-2018 22:13:54 GMT; Max-Age=86400; path=/ OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Thu, 31-May-2018 22:13:54 GMT; Max-Age=86400; path=/ oaidts=1527718434; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31536000; path=/ OAID=8e217ad201f14da0af04c6639510ddc8; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31536000; path=/ OAID=8e217ad201f14da0af04c6639510ddc8; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31536000; path=/ exsdsf=1527718434 pbk3=082e452f65a613b446750ee7bbaed8b36561500713194324353; expires=Wed, 30-May-2018 22:23:54 GMT; Max-Age=600 ltm_afu=1; expires=Thu, 31-May-2018 22:13:54 GMT; Max-Age=86400; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
X-Used-AdExchange: 1
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4160
Md5:    97d02e362e394c3251999a481c33891f
Sha1:   c6a1faf8a67f712c7d786697195932a8b585d147
Sha256: 33598c0c136ec35b8989d8a818388e8c951c1e1bd6ccdb00102c2f6ed7b99f8a
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1527718434; OAID=8e217ad201f14da0af04c6639510ddc8; ltm_afu=1

                                         
                                         188.72.213.220
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:54 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---
                                        
                                            GET /?r=%2Fmb%2Fhan&zoneid=13821&pbk3=082e452f65a613b446750ee7bbaed8b36561500713194324353&empty=0&auction_id=70358250-63ac-450e-b7d0-d86edd3110e1&uuid=581945c4-edb3-4671-b64c-7b7ed3272c22&ad_scheme=1&rotation_type=2&ppucounter=0&first_visit=0&on_test=0&offer_views=0&ab_test=1393&adparams=bm9qcz0w&ip=f3d5bb63c9dbdcfb475795d659c65a4e&sw=1176&sh=885&sah=855&wx=-4&wy=-4&ww=1184&wh=863&cw=1176&wiw=1176&wih=754&wfc=0&pl=https%3A%2F%2Frotumal.com%2F4%2F13821%2F&drf=&np=1&pt=0&nb=0&ng=1&dm=undefined&cf=1&nw=0&id=6882079597a140c33d0cd0afc2acbe3c&co=1&rf=0&hs=d01d492f13aec958676a3d4656a2a36c&ix=0&fs=1&timeout=0 HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://rotumal.com/4/13821/
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1527718434; OAID=8e217ad201f14da0af04c6639510ddc8; ltm_afu=1

                                         
                                         188.72.213.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *, *
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: f3d5bb63c9dbdcfb475795d659c65a4e=xLHai4OGepo6uPsQTE9H2PLmcoXOhMwuq7H1FURh92s; expires=Wed, 06-Jun-2018 22:13:55 GMT; Max-Age=604800 OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; expires=Thu, 31-May-2018 22:13:54 GMT; Max-Age=86399; path=/ ppucnt=1; expires=Thu, 31-May-2018 22:13:54 GMT; Max-Age=86399; path=/ ppucntstart=1527718434; expires=Thu, 31-May-2018 22:13:54 GMT; Max-Age=86399; path=/ allcnt=1; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31535999; path=/ OAID=8e217ad201f14da0af04c6639510ddc8; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31535999; path=/ _OACCAP[960689]=1; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31535999; path=/ _OACBLOCK[960689]=1527718434; expires=Fri, 29-Jun-2018 22:13:54 GMT; Max-Age=2591999; path=/ _OXCCLK[960689]=1; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31535999; path=/ _OXPCLK[102397]=1; expires=Thu, 30-May-2019 22:13:54 GMT; Max-Age=31535999; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://girrrly.com/visit.php?c=4689&k=bdad90f97735b3b8afed12766ef6056b&bannerid=1634587&campaignid=960689&zoneid=13821&zoneid=13821
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
                                        
                                            GET /visit.php?c=4689&k=bdad90f97735b3b8afed12766ef6056b&bannerid=1634587&campaignid=960689&zoneid=13821&zoneid=13821 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         78.31.67.23
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: fc_t_4689=1527718435_1527718435_1527718435_1527718435_1527718435; expires=Sat, 30-Jun-2018 22:13:55 GMT; Max-Age=2678400; path=/ fc_n_4689=1_1_1_1_1; expires=Sat, 30-Jun-2018 22:13:55 GMT; Max-Age=2678400; path=/ c=3syz1f1qbzgkz0; expires=Fri, 29-Jun-2018 22:13:55 GMT; Max-Age=2592000; path=/ k=333c32e459fb93b7c388a9a1327b864d; expires=Fri, 29-Jun-2018 22:13:55 GMT; Max-Age=2592000; path=/
Cache-Control: no-cache
Location: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech Information Systems AS&lang=en&ref_domain=&os=Windows 7&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Expires: Wed, 30 May 2018 22:13:54 GMT


--- Additional Info ---
                                        
                                            GET /sex/multi/maingame/sexbadoo/sexbadoo_n64w2?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5= HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: fc_t_4689=1527718435_1527718435_1527718435_1527718435_1527718435; fc_n_4689=1_1_1_1_1; c=3syz1f1qbzgkz0; k=333c32e459fb93b7c388a9a1327b864d

                                         
                                         78.31.67.23
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:55 GMT
Content-Length: 178
Location: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Connection: keep-alive
Expires: Wed, 30 May 2018 22:13:54 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  HTML document text
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5= HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: fc_t_4689=1527718435_1527718435_1527718435_1527718435_1527718435; fc_n_4689=1_1_1_1_1; c=3syz1f1qbzgkz0; k=333c32e459fb93b7c388a9a1327b864d

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: lfc_t_580_4689=1527718435_1527718435_1527718435_1527718435_1527718435; expires=Sat, 30-Jun-2018 22:13:55 GMT; Max-Age=2678400; path=/ lfc_n_580_4689=1_1_1_1_1; expires=Sat, 30-Jun-2018 22:13:55 GMT; Max-Age=2678400; path=/
Expires: Wed, 30 May 2018 22:13:54 GMT
Cache-Control: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   113609
Md5:    fe920344d14d81fe08f903acf4783be8
Sha1:   d69c43de8401c35c355490fe6197612d54566f61
Sha256: 6c8970afb56c0e4c9eb91197887261aa017fad4a6964459d8db12fe278530362
                                        
                                            GET /ctrack.php?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&sr=1176_885&t=0.6488940208360151 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527718435_1527718435_1527718435_1527718435_1527718435; fc_n_4689=1_1_1_1_1; c=3syz1f1qbzgkz0; k=333c32e459fb93b7c388a9a1327b864d; lfc_t_580_4689=1527718435_1527718435_1527718435_1527718435_1527718435; lfc_n_580_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Wed, 30 May 2018 22:13:54 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ffce86e7c036f733c99e4aac1951d1f0
Sha1:   9d27322a607424247d05b3aa22ed8a9bbf3977ca
Sha256: adc1673711c18a8770805224a7c110405cb60a6e933d56f47a7b36585fe37fcc
                                        
                                            GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=

                                         
                                         216.58.211.10
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 30211
Date: Tue, 29 May 2018 23:31:31 GMT
Expires: Wed, 29 May 2019 23:31:31 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 81744


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   30211
Md5:    fbe55d62ddbb07d455db91c42719fa95
Sha1:   45b95c6f258886c2c52463472f93a00eeda53ea9
Sha256: f578c28becf81938d728f30836a507879e448d27461a2db119d7fb6d456f2fd1
                                        
                                            GET /lib/ajax/lp_timing.php?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&d=635_0&t=0.1766639784451426 HTTP/1.1 
Host: girrrly.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://girrrly.com/sex/multi/maingame/sexbadoo/sexbadoo_n64w2/?c=3syz1f1qbzgkz0&k=333c32e459fb93b7c388a9a1327b864d&country_code=NO&country_name=Norway&region=Akershus&city=Skedsmokorset&isp=PowerTech%20Information%20Systems%20AS&lang=en&ref_domain=&os=Windows%207&osv=&browser=Firefox&browserv=3&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&t1=1634587&t2=960689&t3=&t4=13821&t5=&t6=&t7=&t8=&t9=&t10=&t11=&t12=&t13=&t14=&t15=13821&et1=&et2=&et3=&et4=&et5=
Cookie: fc_t_4689=1527718435_1527718435_1527718435_1527718435_1527718435; fc_n_4689=1_1_1_1_1; c=3syz1f1qbzgkz0; k=333c32e459fb93b7c388a9a1327b864d; lfc_t_580_4689=1527718435_1527718435_1527718435_1527718435_1527718435; lfc_n_580_4689=1_1_1_1_1

                                         
                                         78.31.67.23
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 30 May 2018 22:13:54 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ffce86e7c036f733c99e4aac1951d1f0
Sha1:   9d27322a607424247d05b3aa22ed8a9bbf3977ca
Sha256: adc1673711c18a8770805224a7c110405cb60a6e933d56f47a7b36585fe37fcc
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bcvcrdr.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=deb9fcadb0fd8a46134d065f251ebf0951527718433; PHPSESSID=o95bkht5mtdreau371a4q13lj2

                                         
                                         104.28.10.186
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Wed, 30 May 2018 22:13:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Wed, 06 Jun 2018 22:13:56 GMT
Cache-Control: public, max-age=604800
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 42348d066ff04255-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   132
Md5:    3fc464548b95ecd8e756ba077d36005d
Sha1:   7a7c90afb8f4a277627f47d7212b74d52fe4161a
Sha256: 1de8437511861ae6510412a9e96793ee6543eff46e70683d64f1a92c54720f74
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: rotumal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SeenToday=1; OAGEO5580f=13%7CNO%7C02%7CLORENSKOG%7CXDSL%7CBROADNET+AS%7C%7C11329%7C43703%7C%3F%7C578205; oaidts=1527718434; OAID=8e217ad201f14da0af04c6639510ddc8; ltm_afu=1; f3d5bb63c9dbdcfb475795d659c65a4e=xLHai4OGepo6uPsQTE9H2PLmcoXOhMwuq7H1FURh92s; ppucnt=1; ppucntstart=1527718434; allcnt=1; _OACCAP[960689]=1; _OACBLOCK[960689]=1527718434; _OXCCLK[960689]=1; _OXPCLK[102397]=1

                                         
                                         188.72.213.220
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Wed, 30 May 2018 22:13:56 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
Pragma: public


--- Additional Info ---