not-a-virus:HEUR:AdWare.Win32.Dotdo.gen (Kaspersky), Dropped:Application.Generic.1693143 (AdAware), Trojan.NSIS.StartPage.FD (Lavasoft MAS)Behaviour: Trojan, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 56c39a1dcef4a7f6755c63f70391094a
SHA1: 115d16ecd7fc98e0b6c31433ffef205bf1ed3560
SHA256: c4129598dfcac8dae8065f858ce5409104f2412159553db5c48a3003fb727bb5
SSDeep: 12288:qP6loS8dLkwrxfBMLEracHo6Br/aZX7qTp0xCKtvs7aHeDoqfNTuscRfkc:w62LdL1ViMH/wAp0xfuaPa6r
Size: 830408 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Installshield Software Corporation
Created at: 2009-12-06 00:50:52
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Dropped creates the following process(es):No processes have been created.The Dropped injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
No files have been created.
Registry activity
Dropped PE files
MD5 | File path |
---|---|
8b9031f5b50d41bc99adf692e8807f2a | c:\Program Files\Pentameter\glaciated.exe |
8b9031f5b50d41bc99adf692e8807f2a | c:\Program Files\Sweetener\glaciated.exe |
04bf135c23f1ae399952112497915f94 | c:\Program Files\Sweetener\settings.dll |
e2684e24f0e9b6e80a50389ef0121bc8 | c:\Program Files\dissuade\dissuade.exe |
87a27e7fcc8d22a489ac22074890233c | c:\Program Files\hasidim\heinrichs.exe |
b9380b0bea8854fd9f93cc1fda0dfeac | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll |
b3d9028f33c0d4e352c4212d5edcf0eb | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjB2BC.tmp\115033.exe |
0daaf37d35dec581f8ffcb517c312840 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjB2BC.tmp\26646.exe |
f97126915a1616f517bfdf9d4626194b | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjB2BC.tmp\49411.exe |
9e60773c5a631af05ff7ac4dbe01927f | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjB2BC.tmp\54198.exe |
77314ee74a19615770c9e96f55b84b9d | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjB2BC.tmp\NMcohort.exe |
a7fea62c5d309d8b362d82b5a650ac0a | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjB2BC.tmp\cohort.exe |
8b9031f5b50d41bc99adf692e8807f2a | c:\Users\"%CurrentUserName%"\AppData\Local\glaciated.exe |
8b9031f5b50d41bc99adf692e8807f2a | c:\Windows\witchy.exe |
HOSTS file anomalies
The Dropped modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 1094 bytes in size. The following strings are added to the hosts file listed below:
127.0.0.1 | validation.sls.microsoft.com |
162.222.193.86 | aoaomo.tremorhub.com |
188.95.50.62 | bobomo.tremorhub.com |
162.222.193.86 | www.howcast.com |
162.222.193.86 | howcast.com |
192.192.3.8 | www.virustotal.com |
192.192.3.8 | virustotal.com |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Delete the original Dropped file.
- Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 23628 | 24064 | 4.46394 | 856b32eb77dfd6fb67f21d6543272da5 |
.rdata | 28672 | 4764 | 5120 | 3.4982 | dc77f8a1e6985a4361c55642680ddb4f |
.data | 36864 | 154712 | 1024 | 3.3278 | 7922d4ce117d7d5b3ac2cffe4b0b5e4f |
.ndata | 192512 | 65536 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 258048 | 33944 | 34304 | 2.97823 | dc440d19566b71fb909decc41f1762b6 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://d32y1g8ebsdjp3.cloudfront.net/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 | |
hxxp://d32y1g8ebsdjp3.cloudfront.net/jquery.min.js | |
hxxp://aoaomo.tremorhub.com/wp-content/themes/howcast/images/icons/love.png | |
hxxp://ww.ladaubert.pw/a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 | 162.222.193.17 |
hxxp://ww1.ladaubert.pw/a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 | 188.95.50.96 |
hxxp://aoaomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 | |
hxxp://bobomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 | |
hxxp://d32y1g8ebsdjp3.cloudfront.net/amg.php | |
hxxp://aoaomo.tremorhub.com/o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 | |
hxxp://bobomo.tremorhub.com/o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 | |
hxxp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png | 67.202.94.94 |
hxxp://a5f50dedef.site.internapcdn.net/page-1.html?lid=937115 | |
hxxp://a5f50dedef.site.internapcdn.net/page-2.html?lid=937115 | |
hxxp://vi.ivids.net/report3.php?lid=937115 | 109.201.148.40 |
hxxp://ivids.net/jwplayer1.js | 162.222.194.11 |
hxxp://whos.amung.us/draw/?w=colored&n=2482&c=000000ffffff&p= | 67.202.94.94 |
hxxp://whos.amung.us/draw/?w=colored&n=2521&c=000000ffffff&p= | 67.202.94.94 |
hxxp://vi.ivids.net/bck.php?1489623962000 | 109.201.148.40 |
hxxp://a5f50dedef.site.internapcdn.net/page-1.htm?lid=937115 | |
hxxp://a5f50dedef.site.internapcdn.net/page-2.htm?lid=937115 | |
hxxp://vi.ivids.net/bck.php?1489623965000 | 109.201.148.40 |
hxxp://www.statcounter.com.cdnga.net/counter/counter.js | 174.35.61.213 |
hxxp://ivids.net/player1.swf | 162.222.194.11 |
hxxp://c.statcounter.com/t.php?sc_project=10675947&java=1&security=299981d6&u1=E7B0A1AC3FB14F5D7ED93655281D1DFE&sc_random=0.578439388503037&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1916&h=902&camefrom=http://www.everclips.net/page-2.html?lid=937115&u=http://www.everclips.net/page-2.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 | 104.20.3.47 |
hxxp://c.statcounter.com/t.php?sc_project=10675947&java=1&security=299981d6&u1=BD2B1393CD4E4FFE22787D912B7C5D2D&sc_random=0.08525973389069952&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1916&h=902&camefrom=http://www.ivids.net/page-1.html?lid=937115&u=http://www.ivids.net/page-1.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 | 104.20.3.47 |
hxxp://www-google-analytics.l.google.com/analytics.js | |
hxxp://a5f50dedef.site.internapcdn.net/css1.css | |
hxxp://a5f50dedef.site.internapcdn.net/img/logo.png | |
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j49&a=2009820665&t=pageview&_s=1&dl=http://www.ivids.net/page-1.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=529385969&gjid=1659227578&cid=1157917606.1489623983&tid=UA-74694740-2&_r=1&z=873997192 | |
hxxp://a5f50dedef.site.internapcdn.net/img/lbg.png | |
hxxp://a5f50dedef.site.internapcdn.net/style.css | |
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j49&a=1612319237&t=pageview&_s=1&dl=http://www.everclips.net/page-2.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1443758657&gjid=463850582&cid=1465818909.1489623989&tid=UA-74694740-2&_r=1&z=1031565432 | |
hxxp://a5f50dedef.site.internapcdn.net/img/bgg.png | |
hxxp://cs28.wpc.thetacdn.net/5/10/logo.png | |
hxxp://ivids.net/ova-jw.swf | 162.222.194.11 |
hxxp://vi.ivids.net/crossdomain.xml | 109.201.148.40 |
hxxp://vi.ivids.net/v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hxxp://www.ivids.net/1.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos ivids.net&LR_FORMAT=application/x-shockwave-flash | 109.201.148.40 |
hxxp://vi.ivids.net/v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hxxp://www.everclips.net/2.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos at everclips.net - 2&LR_FORMAT=application/x-shockwave-flash | 109.201.148.40 |
hxxp://thumb.none1366649718.netdna-cdn.com/crossdomain.xml | |
hxxp://thumb.none1366649718.netdna-cdn.com/abcd.mp4 | |
hxxp://ww1.ladaubert.pw/a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489624018000 | 188.95.50.96 |
hxxp://ww.ladaubert.pw/a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489624018000 | 162.222.193.17 |
hxxp://www.ivids.net/img/lbg.png | 95.172.71.44 |
hxxp://vi.everclips.net/v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hxxp://www.everclips.net/2.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos at everclips.net - 2&LR_FORMAT=application/x-shockwave-flash | 109.201.148.40 |
hxxp://www.howcast.com/wp-content/themes/howcast/images/icons/love.png | |
hxxp://www.ladaubert.pw/amg.php | 52.222.174.127 |
hxxp://widgets.amung.us/draw/?w=colored&n=2482&c=000000ffffff&p= | 67.202.94.93 |
hxxp://www.google-analytics.com/analytics.js | 216.58.214.206 |
hxxp://vi.everclips.net/crossdomain.xml | 109.201.148.40 |
hxxp://www.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 | 52.222.174.127 |
hxxp://www.ivids.net/page-1.htm?lid=937115 | 95.172.71.44 |
hxxp://www.google-analytics.com/r/collect?v=1&_v=j49&a=1612319237&t=pageview&_s=1&dl=http://www.everclips.net/page-2.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1443758657&gjid=463850582&cid=1465818909.1489623989&tid=UA-74694740-2&_r=1&z=1031565432 | 216.58.214.206 |
hxxp://www.everclips.net/page-2.html?lid=937115 | 95.172.71.39 |
hxxp://everclips.net/ova-jw.swf | 162.222.194.11 |
hxxp://109.201.148.40/bck.php?1489623965000 | |
hxxp://widgets.amung.us/draw/?w=colored&n=2521&c=000000ffffff&p= | 67.202.94.93 |
hxxp://www.everclips.net/page-2.htm?lid=937115 | 95.172.71.39 |
hxxp://www.ivids.net/css1.css | 95.172.71.44 |
hxxp://everclips.net/player1.swf | 162.222.194.11 |
hxxp://thm.vidvib.com/abcd.mp4 | 94.31.29.128 |
hxxp://thm.vidvib.com/crossdomain.xml | 94.31.29.128 |
hxxp://vi.everclips.net/report3.php?lid=937115 | 109.201.148.40 |
hxxp://www.ivids.net/page-1.html?lid=937115 | 95.172.71.44 |
hxxp://www.google-analytics.com/r/collect?v=1&_v=j49&a=2009820665&t=pageview&_s=1&dl=http://www.ivids.net/page-1.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=529385969&gjid=1659227578&cid=1157917606.1489623983&tid=UA-74694740-2&_r=1&z=873997192 | 216.58.214.206 |
hxxp://www.everclips.net/style.css | 95.172.71.39 |
hxxp://www.ivids.net/img/logo.png | 95.172.71.44 |
hxxp://www.statcounter.com/counter/counter.js | 174.35.61.213 |
hxxp://l.longtailvideo.com/5/10/logo.png | 93.184.221.48 |
hxxp://109.201.148.40/bck.php?1489623962000 | |
hxxp://www.ladaubert.pw/jquery.min.js | 52.222.174.127 |
hxxp://everclips.net/jwplayer1.js | 162.222.194.11 |
hxxp://www.everclips.net/img/bgg.png | 95.172.71.39 |
hxxp://www.everclips.net/img/logo.png | 95.172.71.39 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /5/10/logo.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://everclips.net/player1.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: l.longtailvideo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: image/png
Date: Thu, 16 Mar 2017 00:26:38 GMT
Etag: "3015243340"
Expires: Thu, 23 Mar 2017 00:26:38 GMT
Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT
Server: ECAcc (vie/F29C)
X-Cache: HIT
Content-Length: 1845
.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP....0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......cv..9sv...3g....A-.).8j......J..*.Ge9.@....Y u(.....k.Nt.3..yR....~*]. ...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !.....Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9kL....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j.}S...@.EmE./.....U.u.-.U\..../B......;..Q......@.9....=.'.~Jm0t<c.]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{......>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'....x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`...8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.bi..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se
<<< skipped >>>
GET /t.php?sc_project=10675947&java=1&security=299981d6&u1=BD2B1393CD4E4FFE22787D912B7C5D2D&sc_random=0.08525973389069952&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1916&h=902&camefrom=http://VVV.ivids.net/page-1.html?lid=937115&u=http://VVV.ivids.net/page-1.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: c.statcounter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:20 GMT
Content-Type: image/gif
Content-Length: 49
Connection: keep-alive
Set-Cookie: __cfduid=dcb9b922d38a2c4ecba5f30497ba13d751489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=/; domain=.statcounter.com; HttpOnly
P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc10675947.1489623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.statcounter.com
Set-Cookie: is_visitor_unique=1489623980369982738; expires=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com
Server: cloudflare-nginx
CF-RAY: 340394945691648d-FRA
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:20 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Set-Cookie: __cfduid=dcb9b922d38a2c4ecba5f30497ba13d751489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=/; domain=.statcounter.com; HttpOnly..P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Set-Cookie: is_unique=sc10675947.1489623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.statcounter.com..Set-Cookie: is_visitor_unique=1489623980369982738; expires=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com..Server: cloudflare-nginx..CF-RAY: 340394945691648d-FRA..GIF89a...................!.......,...........T..;..
GET /jwplayer1.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:22:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 02 Jun 2016 05:31:59 GMT
ETag: "4403af-25d37-53444eccf91c0"
Accept-Ranges: bytes
Content-Length: 154935
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:22:59 GMT
Connection: close
Content-Type: text/javascriptvar dtn = Date.parse(new Date().toString());..document.write(unescape(>>
'
GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489624018000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ww1.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:49 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.533580HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:26:49 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive:
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.533580..
GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: aoaomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:05 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 928
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html<html>..<head>..<title>a</title>..</head>>>
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..},
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r=' Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
6:05 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1
Accept: */*
Referer: hXXp://aoaomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: aoaomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:06 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 3
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:06 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......
GET /ova-jw.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://everclips.net/player1.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: everclips.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:23:36 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 19 Jan 2017 19:35:40 GMT
ETag: "4403b3-3c1d9-54677a3665b00"
Accept-Ranges: bytes
Content-Length: 246233
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:23:36 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS.....x......U.8<!3....<..L.y..$.D.<..L.@&.g&.A....f.HOW..=>>
...E.e.U.._aYWq........CV.... . .]q.G.VpV.|..s..[...N....}..f.....s.=.
...s...64D?......?....p4..%...K.D.H....t.`........boO.......6......]tQ
..m=..u....|...u..5.v...u W2.e.,d.Y.7 .....V..h.X).i.Z.G...z.l.l...4..
z'...Z....y#.Bs=s....;<.....y....c..:e...wf5s\....s..2Y.>-.E..f.
.S....7....b..*9...i.V..@...x......J.p......P&W....,.....Z..........x.
0.e}g...l.hSf....!..v{..........._-...w.......R2.>...K..l.....).Gf.
..9.6.l.x..a.~..1....j3j!.k....Z..<'c....:.!x...e.&3.....X.b.,..F..
Kt.......:J.d.UK..m.I..e.f.;o.t..Q.Ly..[.I)(..e .)...9.V....T%..~....*
....LA..LT.9.u......LOOf.9..2y}F..>.eB^.p..f.d..(.J...h...&.}M..LN.
Hwd...~1{_,.3.Y....}..>....-..........k.F.....o./.=0H_..d.6...%5W..
.t1.q.<......"SV'-Z......Qt..s.._.U.a.......;<0W,..z.c....y.....
z..........=.~g..q1V.Z .17Ej..6.sz.wv.(K.zH/......l..R.R..*p.s...je...
3&.B.d.g...k.......9...j...x..%.\)...............:.|...}y]-X.J..6...\.
.....Q...M..<5 z:..j.0)..y.B.Z..q.N..k......5....~.Uo.}..W..s....._
...t_.q...z.....).b.F..w.<.*....|P.",y ."...w...t....2.C...........
.~.*..s.....%..<eX.5.%.:....D .......n....`......k..............:..
...'.Uf5.kU.>I.....|. /..YM.d%.w..~"C...x.....C.f.Y.......n..2.O.Sf
........}.?W...\6.n.G.....p4O .[w. ....\%.^M@.,hR/...........F.L....
}.....:v......^2..s.....c.W....]......f..Q............[....-!f5.?x(..x
.(Oe...A.......A/..;....wm....v.#.Ew.H......>5..M7.....Q v...2.N?..
....u..Il:.....Y..:8..M...."...6..6..ZH^~......>....69f.H......
GET /draw/?w=colored&n=2521&c=000000ffffff&p= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/amg.php
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Cookie: uid=CgH9JFjJ25lwChXl9mt9Ag==
Connection: Keep-Alive
Host: widgets.amung.us
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:01 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: close
Content-Disposition: filename=wau-widget.png
Expires: Sat, 15 Apr 2017 00:26:01 GMT
Cache-Control: max-age=25920005e3...PNG........IHDR...Q...........p....vPLTE...EEEYYY......???......>>
,,,...AAA...............;<=$$$......abdWXZ...444............GGG....
..'((..."""222.........uvyEFG......<<<...kln...NNN>>>
;............~~.vwx...hhi.........OPQ.........iii......uvv...opp......
UVV...RRR......WWW............bcc...ijj}~~......dee......QQQ~~~.......
........]^^PPP.........TTTaaa......___......zzz{{{III...HHHrss........
.kllJJJDDD|||BBB...............LLLeee...CCC......NOO.........@@@tttkkk
vvv:::......FFF.....................;;;.........?@@666ppprrr......111.
........888..................000...lll......XYZ(((&&&hhhfff cdeZ[\78
8...dddccc.........nnn.........ZZZXXXVVV[[[mmm^^^\\\]]]```gggxxxjjj.P.
.....tRNS.@..f....IDATH...wS.A.........J.h..k.E.t)v.Q......@...X...dQA
.`.% %H..Z..A....;B.........{....Mr.EQ.......b..eM....G..........R....
N..r....s...,.G.........;#~wvR.MG{........c.......Y.V.4..4.@Mc..g..{.I
m..[=..m...'#W......JUS...^U......]...z. T..a.R.,.I..@....%,..X.P.|Ax.
xF.F...>U(......O`1_Y....=|.Gfs..=..s..0..........(.}....f..-0..,..
..3e..l.2.iJS.. .. 4M'.2%.6s9qlj@.....8.4..M...1S.R....s....g..tL,....
8u..@{.".G..Q.....c....;....=..;.=...P-G.........`.g.F....1,E3 h.T*.'O
...J.D.F...9...h.=.;.R.v.l..d....L@...X..A...m..H.l...q=2.3...%.@$..J.
....H......0.0@4i...^8...o^.\j.u..}6..q=...7J.".R.I..}xr..Bo.\[...&.6.
1...n.[].....q...u....p...0D.x..M......YE^.q....qX...=.B....dK..{.....
2...l\.."......<|.........[0.>....a#..$...v:....iTS.\b.B7......\
.?w....o8..B.W_..?...N{Z.=.......N5r...."%;{.3H#.=....9....h....IE
GET /ova-jw.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://everclips.net/player1.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: everclips.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:23:36 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 19 Jan 2017 19:35:40 GMT
ETag: "4403b3-3c1d9-54677a3665b00"
Accept-Ranges: bytes
Content-Length: 246233
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:23:36 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS.....x......U.8<!3....<..L.y..$.D.<..L.@&.g&.A....f.HOW..=>>
...E.e.U.._aYWq........CV.... . .]q.G.VpV.|..s..[...N....}..f.....s.=.
...s...64D?......?....p4..%...K.D.H....t.`........boO.......6......]tQ
..m=..u....|...u..5.v...u W2.e.,d.Y.7 .....V..h.X).i.Z.G...z.l.l...4..
z'...Z....y#.Bs=s....;<.....y....c..:e...wf5s\....s..2Y.>-.E..f.
.S....7....b..*9...i.V..@...x......J.p......P&W....,.....Z..........x.
0.e}g...l.hSf....!..v{..........._-...w.......R2.>...K..l.....).Gf.
..9.6.l.x..a.~..1....j3j!.k....Z..<'c....:.!x...e.&3.....X.b.,..F..
Kt.......:J.d.UK..m.I..e.f.;o.t..Q.Ly..[.I)(..e .)...9.V....T%..~....*
....LA..LT.9.u......LOOf.9..2y}F..>.eB^.p..f.d..(.J...h...&.}M..LN.
Hwd...~1{_,.3.Y....}..>....-..........k.F.....o./.=0H_..d.6...%5W..
.t1.q.<......"SV'-Z......Qt..s.._.U.a.......;<0W,..z.c....y.....
z..........=.~g..q1V.Z .17Ej..6.sz.wv.(K.zH/......l..R.R..*p.s...je...
3&.B.d.g...k.......9...j...x..%.\)...............:.|...}y]-X.J..6...\.
.....Q...M..<5 z:..j.0)..y.B.Z..q.N..k......5....~.Uo.}..W..s....._
...t_.q...z.....).b.F..w.<.*....|P.",y ."...w...t....2.C...........
.~.*..s.....%..<eX.5.%.:....D .......n....`......k..............:..
...'.Uf5.kU.>I.....|. /..YM.d%.w..~"C...x.....C.f.Y.......n..2.O.Sf
........}.?W...\6.n.G.....p4O .[w. ....\%.^M@.,hR/...........F.L....
}.....:v......^2..s.....c.W....]......f..Q............[....-!f5.?x(..x
.(Oe...A.......A/..;....wm....v.#.Ew.H......>5..M7.....Q v...2.N?..
....u..Il:.....Y..:8..M...."...6..6..ZH^~......>....69f.H......
GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Wed, 15 Mar 2017 23:55:27 GMT
Expires: Thu, 16 Mar 2017 01:55:27 GMT
Last-Modified: Thu, 02 Mar 2017 00:20:42 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 12156
Cache-Control: public, max-age=7200
Age: 1853.............w.8.0.{......Du...lR.SJ)...-...#Kj......M.....I..a.}.....>>
]"......\U.j:.I.<r....=y*............f....T..h......c.,i....T[h.Fb,
U.{..8r.u<hwX.............a.....N.....Oz..`.=.....-.on..y.5q0=..w..
3p.^o..y..n..........NN.>...z.C!.U...q=.....Q.Lon.....k..._......./
z<.J\.n6.y.H%.h...?....8^..?....s#....El.o}....F.rAi...en.X..^.....
........T..L...........7....z..a.....A_(.c..H...k,`.......l.5.k>.5.
..g.....Y|9..49.y..2.......eQ..MW:....b.......M........(....pD.9.K.'I.
.u}...WW.:...e#>.....Z)...j}......$..d.U`O..H... ...:....f......y..
..o.-.Gj2....o......:.YZzZ.2xs.q....S..?.7...Y..XE[]5J*..L.|.W-[h Z.8R
W*.T...X.$gI.....B...-b.6E...@..~.J2...I.....\^.o...r..._..2.OG.%.y...
!Z....4......1...:&.....3..t...!|................S.n/.b...[,..lZX.9.Px
C...8|.io{<..G..'}.p>..xoMc....5..{w.e...~...`..`t..}.......uU#X
.. .;.J.k@].p...r...:@..h...OD.U..L./o>gW.....j......J.B../..`. Z..
............e...>T.Y. .:.z.T.&......(...E..$NEV.|.k..94.uy.........
p...4}=."|...I.]R..o..............L....h0.2..N..a...8.....!~}......-}W
..a......a .>.Z...HI...g.D<.y.1...$...<....a..R..1....R.."'..
.9n.Q..1..lyN..,rF.n..Vi}.J...s..]./;........y....I......<....`-HI.
.........k..8...{.8...4.1)....(..2..1.7w..q.......M...7Z.V.f^..-*..qK@
!.HN..|J ......mA..A f.....CA.9yE.....*...#N.....0.../../..a0t=......h
:.........c...'...o.rz.............V.,L'...U.........^u2.....A........
8.O.s...R.hw..V......v=W.X=Q..C.84..S.%.Y\..H..V.1..Mz..........J..R..
......'....*Z......Ba...........f.z....1..k..d..C>)."..R!..#'H.
GET /r/collect?v=1&_v=j49&a=1612319237&t=pageview&_s=1&dl=http://VVV.everclips.net/page-2.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1443758657&gjid=463850582&cid=1465818909.1489623989&tid=UA-74694740-2&_r=1&z=1031565432 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Thu, 16 Mar 2017 00:26:30 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Thu, 16 Mar 2017 00:26:30 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..
GET /cwidget/iebrowser1/000000ffffff.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/amg.php
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 303 See Other
Date: Thu, 16 Mar 2017 00:26:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hXXp://widgets.amung.us/draw/?w=colored&n=2482&c=000000ffffff&p=
Set-Cookie: uid=CgH9IFjJ25m5dhxswux8Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/0..
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.everclips.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:30:14 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 11 Nov 2014 03:08:25 GMT
ETag: "a1b01-52-5078c97abfc40"
Accept-Ranges: bytes
Content-Length: 82
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/xml<cross-domain-policy>.. <allow-access-from domain="*"/>
..</cross-domain-policy>....
GET /v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hXXp://VVV.everclips.net/2.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos at everclips.net - 2&LR_FORMAT=application/x-shockwave-flash HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://everclips.net/ova-jw.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.everclips.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:30:14 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Content-Length: 559
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/xml<?xml version="1.0" encoding="UTF-8"?>..<VAST version="2.0"&g>>
t;<Ad id="1"><Wrapper><AdSystem>1</AdSystem>&l
t;VASTAdTagURI><![CDATA[hXXp://we1sb-oi9ft.ads.tremorhub.com/ad/
tag?adCode=we1sb-64jyd&playerWidth=645&playerHeight=380&playerPosition
=1&mediaTitle=Entertainment_videos_at_everclips.net_-_2&mediaDesc=Watc
h_Entertainment_videos_at_everclips.net_-_2&mediaId=&mediaUrl=[CONTENT
_MEDIA_URL]&srcPageUrl=hXXp://VVV.everclips.net/2.html&contentLength=[
CONTENT_LENGTH]]]></VASTAdTagURI><Impression/><Creat
ives><Creative></Creative></Creatives></Wrappe
r></Ad></VAST>..HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017
00:30:14 GMT..Server: Apache/2.2.15 (CentOS)..X-Powered-By: PHP/5.3.3
..Cache-Control: no-store, no-cache, must-revalidate, max-age=0..Pragm
a: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Cache-Control: po
st-check=0, pre-check=0..Content-Length: 559..Keep-Alive: timeout=5..C
onnection: Keep-Alive..Content-Type: text/xml..<?xml version="1.0"
encoding="UTF-8"?>..<VAST version="2.0"><Ad id="1"><
Wrapper><AdSystem>1</AdSystem><VASTAdTagURI><!
[CDATA[hXXp://we1sb-oi9ft.ads.tremorhub.com/ad/tag?adCode=we1sb-64jyd&
playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertain
ment_videos_at_everclips.net_-_2&mediaDesc=Watch_Entertainment_videos_
at_everclips.net_-_2&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=
hXXp://VVV.everclips.net/2.html&contentLength=[CONTENT_LENGTH]]]&g
GET /player1.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:23:24 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT
ETag: "4403c4-1bb61-4fbe0230ad080"
Accept-Ranges: bytes
Content-Length: 113505
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:23:24 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....>>
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T.....
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
GET /wp-content/themes/howcast/images/icons/love.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.howcast.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:04 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT
ETag: "1000000029c8c-7f-5417580d56100;548e03ca5164a"
Accept-Ranges: bytes
Content-Length: 127
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR................s....gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....IDATx.b...L.`..`.>....jg.....IEND.B`.HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:04 GMT..Server: Apache/2.2.22 (
Win64) PHP/5.3.13..Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT..ETag:
"1000000029c8c-7f-5417580d56100;548e03ca5164a"..Accept-Ranges: bytes.
.Content-Length: 127..Keep-Alive: timeout=5, max=100..Connection: Keep
-Alive..Content-Type: image/png...PNG........IHDR................s....
gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...L.`.
.`.>....jg.....IEND.B`...
GET /img/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.everclips.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1489623980.E7B0A1AC3FB14F5D7ED93655281D1DFE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1465818909.1489623989
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:29 GMT
Content-Type: image/png
Content-Length: 2813
Connection: keep-alive
Last-Modified: Sat, 01 Nov 2014 03:24:47 GMT
ETag: "a1d83-afd-506c3a7ca5dc0"
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-001.fra004.internap.com
Accept-Ranges: bytes.PNG........IHDR.......L........@....gAMA....7.......tEXtSoftware.Adob>>
e ImageReadyq.e<....IDATx..\.OTW.G......]../.E.~..(6M.[:.......`V..
...i..&U.Y!..c"D.......tE.d...d?......;..0..s..s.}.;/8../7f.{...9..<
;o..[~.. ..H=...0.j.....Tc.-^....*0..12...Qcl...i.v.......(......`l..e
..`..`.1...2..1..16....-..S....[c....9......m....?..g.1.....w.(,......
\\^......< ..~~....?o\/*x....y.\..T.s...@...>h.....`R0....w.i..
vX.QRAY.n.3..?......qZ...n..z..kcl.:...2o... ..!;3t....1......m.{.....
....53.'S.1.n..Z.....K ?........E...*b.G....~...q..=....S.U..8...~y.k|
.....s.N...B...j.....Cy.6.>...X.eL..%N.6.g:>........:cf..@.(....
.TKx....J.........G.1.!)...Aa.@.....]]...V.A.&....&.7.....I.`8.L.:....
.P.{.......:.P....@..3.'.........K.....7.6@a.w...L........]....|.}....
..........u...r...Y........u.!Z...!..7p........Sc%.....A.....M.y.F..}.
...T.g...~J'.....o$..>y.2.]Un1.t.l.;5........c..g.....j.ZV.A..a....
..!6..8........h.n.;...'. ..n......o...ZR..)...Kf..`.m..XA...&.6..b...
.o....8<hx..7../?-..$k.....}.xl.C..BtE..z..~/j...3....ax.M......].r
..1..Y.._..m..h..>}w..@.....%....*g....m.5..B~H........AJ.$7j.`....
...{K.........8v.....g..........3h..{.C'n..E.mj.....R.%"t..........%.
aW.)!..S$.".S..D6B......|W.3.C..$ $...0........c....zO..].}..@..]..u..
..F.....U.M[....`>....Y.S.[.jl8@.........P.pX/@..%3..M.....SF'n..|.
Xw.b...j%...{Z...b../..].=L...nl|J?....<.You......[d..n..Z.%.'.....
..l....:.p..H..?@o-.....#i.bG-u.....i.5/.q0d..W":.n...l........r.....}
.,..P..&.....pw....6.1K...........WSO....<e......x&...:.. ..mz.
GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ww.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:05 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.794646HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:26:05 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive:
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.794646..
GET /report3.php?lid=937115 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:28 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:28 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8......
GET /report3.php?lid=937115 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:32 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8..
GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ww1.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:25:50 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.519350HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:25:50 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive:
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.519350..
GET /ova-jw.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/player1.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:23:36 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 19 Jan 2017 19:35:40 GMT
ETag: "4403b3-3c1d9-54677a3665b00"
Accept-Ranges: bytes
Content-Length: 246233
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:23:36 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS.....x......U.8<!3....<..L.y..$.D.<..L.@&.g&.A....f.HOW..=>>
...E.e.U.._aYWq........CV.... . .]q.G.VpV.|..s..[...N....}..f.....s.=.
...s...64D?......?....p4..%...K.D.H....t.`........boO.......6......]tQ
..m=..u....|...u..5.v...u W2.e.,d.Y.7 .....V..h.X).i.Z.G...z.l.l...4..
z'...Z....y#.Bs=s....;<.....y....c..:e...wf5s\....s..2Y.>-.E..f.
.S....7....b..*9...i.V..@...x......J.p......P&W....,.....Z..........x.
0.e}g...l.hSf....!..v{..........._-...w.......R2.>...K..l.....).Gf.
..9.6.l.x..a.~..1....j3j!.k....Z..<'c....:.!x...e.&3.....X.b.,..F..
Kt.......:J.d.UK..m.I..e.f.;o.t..Q.Ly..[.I)(..e .)...9.V....T%..~....*
....LA..LT.9.u......LOOf.9..2y}F..>.eB^.p..f.d..(.J...h...&.}M..LN.
Hwd...~1{_,.3.Y....}..>....-..........k.F.....o./.=0H_..d.6...%5W..
.t1.q.<......"SV'-Z......Qt..s.._.U.a.......;<0W,..z.c....y.....
z..........=.~g..q1V.Z .17Ej..6.sz.wv.(K.zH/......l..R.R..*p.s...je...
3&.B.d.g...k.......9...j...x..%.\)...............:.|...}y]-X.J..6...\.
.....Q...M..<5 z:..j.0)..y.B.Z..q.N..k......5....~.Uo.}..W..s....._
...t_.q...z.....).b.F..w.<.*....|P.",y ."...w...t....2.C...........
.~.*..s.....%..<eX.5.%.:....D .......n....`......k..............:..
...'.Uf5.kU.>I.....|. /..YM.d%.w..~"C...x.....C.f.Y.......n..2.O.Sf
........}.?W...\6.n.G.....p4O .[w. ....\%.^M@.,hR/...........F.L....
}.....:v......^2..s.....c.W....]......f..Q............[....-!f5.?x(..x
.(Oe...A.......A/..;....wm....v.#.Ew.H......>5..M7.....Q v...2.N?..
....u..Il:.....Y..:8..M...."...6..6..ZH^~......>....69f.H......
GET /draw/?w=colored&n=2482&c=000000ffffff&p= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/amg.php
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Cookie: uid=CgH9IFjJ25m5dhxswux8Ag==
Connection: Keep-Alive
Host: widgets.amung.us
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:01 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: close
Content-Disposition: filename=wau-widget.png
Expires: Sat, 15 Apr 2017 00:26:01 GMT
Cache-Control: max-age=259200064e...PNG........IHDR...Q...........p.....PLTE...EEE...???AAA.........>>
...;<=...***zzz~~~...abdWXZ............"""...............GGG...'((.
........222.........uvyEFGLLL...,,,.........<<<......kln...NN
N>>>...............QQQ...~~.vwx...hhi.........OPQ............
...ooo.........iii......uvv...opp......UVV............bbb......bcc...i
jj}~~......dee...........................]^^PPP.........TTTaaa......RR
R......{{{III...HHHrss.........kllJJJDDD|||......YYY............NOO...
......@@@tttkkkvvv:::qqq..................FFFWWW..................;;;.
........?@@888666ppprrrSSS............BBBCCC...111..................00
0...lll......XYZ(((&&&hhhfff cdeZ[\788...dddccc.........nnn.........
ZZZXXXVVV[[[mmm^^^\\\]]]```gggxxxjjj........tRNS.@..f..._IDATH....S.A.
.....]"EM.".".....b......(Q1g.rHGlk#".@EIl..OA...$....#..>0C.......
..M&9.a.[......... ....Y.........2.b..Z_.B...7...r.5-".S.!Q......?....
*.b..R....#....n....X>.M&Su.{B.;<.W.$...yk3..uY).%.^.x^.>.Ldl
EO...'......<)4..>.....w.r..............23D.f:..7.S..Wi-..i.....
.7...\.Dk.L......s%...38..T.....i....c.SN.....;....I.z.q..=......`.<
;v4....aY6.........X'...`.0.e....4..<..D.Y......{.N.v..C)B...oC.$.s
h ..P........\..Id....q.f.....5.j.oX'.Y.r.Epfy. ,.K.....^..BY..E".".`.
V....q.\....x........9...8n........EN.S.s....'c.....H.V...@.L..dD....V
.0!$.....A..6."0..5.@..go%..(.\.r......1..?2/....6..P...../Y.;..P.3i..
.591d....9l...PHF.Z.M[5].5..-h.p..A.f...#...aC....2X.#..........8..z.r
ww.V..V./9.E.q.N.7 ....1.b#.gU....lR.$.i...r....o.........>..P}
GET /bck.php?1489623962000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:29 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:29 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8......
GET /bck.php?1489623965000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:32 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8..
GET /cwidget/iebrowser1/000000ffffff.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/amg.php
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 303 See Other
Date: Thu, 16 Mar 2017 00:26:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hXXp://widgets.amung.us/draw/?w=colored&n=2521&c=000000ffffff&p=
Set-Cookie: uid=CgH9JFjJ25lwChXl9mt9Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/0..
GET /counter/counter.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.statcounter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:19 GMT
Server: PWS/8.2.0.7
X-Px: ht h0-s1210.p11-fra.cdngp.net
ETag: W/"576924c5-654e"
Cache-Control: max-age=43200
Expires: Thu, 16 Mar 2017 03:56:59 GMT
Age: 30560
Content-Length: 9529
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Tue, 21 Jun 2016 11:28:05 GMT
Connection: keep-alive...........]{s....*....F.,.-..o..M6....$...eQ$%s,.Z..c-}..u7@..<3{u>>
..?....@.h4..B.y..Z...Q..9..............]...K.%.<L....f...U...\..i.
<..g.f.%.q........O.J.CH..v.....N.H.M..zQ-J..`.'f.*~0....sj....C...
.....l....di|..4t..H........-...;.P.f^...EM....4..I.=.~....e..e..W>
.]..Wt...v..I..Wym.;...y....'....W._;.}.f..#...'.4Lj.:...bv.....&Z.p.&
.&.5.n#sN....X'[..........5-h.n.x..G.5....h...mp.....5..[..G.}.~....&.
...d.%i..G..4....b..h......<.q..c... J....{bTZ\M.w.r.1.Bf...y.l....
v.gQ...v.e./O.....Fi..H..;.Z.Y.a{Os-.A..c.b.c.{.a.....bln|{..t.....:|.
....~......R.eEV..-:h.xwS...Zf..*cHC,...K....p..4i.9.k>..P6[.Q.....
.$|...._.;...Em..itPa......P..Gj.. .5. G..1m.....Ee...F70..ZUU&.&.?.&
gt;..r.Opc.........MQ<....=9(.v..^.Z<.;C....{....v..v:..N..{8.V;
........a.......v'.......w:...y..... ..^v../.8....W..7...o..IBV..%e...
c.Qt...6M.k.".j.o.E[.;..(#.$...#..T*. .......K/M..S..X.;(`..v.Fx||4...
..............#_.y..]./.y...?.....U...... ..].@...JX....v.?.H.ha8.b.*.
.EE.tx,j.....,.H..;.^...Ps....\.D.A...._..M...`.K...$k....^......j5t..
.......J.G,kt..6:}.I....v%..g.).([......Rlh.F.E..P(...h.U...:.@k>D.
..y.($V.P..B.u[n...[.@u2...;r^.E./..u....-k.......u....K....w...`U....
g^.l....*.1N.....8|.b..R.N.N..yq.s......?..m.m~..^...m.<cT. ....g.c
...E.-.?...O.|O. /Z*l...../46..;......h...8..p....m......&..MD.[.f\...
.'..e..C.*.n..#.....-...h.M..Lj$.....@O....h.,6<,.:..8,.OA...V.`.Pa
[..~v3.Qn...7W..^@[...../ m.t..%.......r$...>-k...{..U .h.r.._...UN
....3../....O..N.............p....5.<....2GM..C3|.q^w.....,....
GET /page-1.html?lid=937115 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-005.fra004.internap.com
Content-Encoding: gzip1040.............\.O.J.....?......I..$..h.n.........cOb.c.{......;.G..>>
0...v....9....9...........\hJ$z.meoW.ZB...&................p... ....C.
.}.nX.7......l_01....~ .W.P.S.....P....=....r....>..Z..QD5....7..&,
n.LS.ke.Q.P.}<'e.:....(O.|..V.......U.{...<.k#.....~....5~.Mai..
V....}Kh.v-I8.B[....o.....[8\;D............,...`I.....3..Z=..s.hI.F.Q%
..V,1p.b.O.>./[2M......Z-..na..Q....z..lD[..?..it.A....a.}/...o...
..:.-Um.a..........E.....:..0,W.35....\..P..............M..i&..`%9..&m
.....^.....c... .g@)x./........w$..{..H.."Wv.....gD.p*TY.u%m...J.u..X]
....6k..L..jk;..Q`....kq.....t=s..}.s.@S...?PS....B.*....A.v5..0....qo
..f...5._r...\:....5.O1..FZ-.u..B. S.{.. .kt.....U...5W]>b.:&e.....
c....."..A... ... .....t..S...ae]&Y.....v...MhZ.^....c.j.\...W.^(.3...
...5tE...fN....z}..Kr....=.rI~.....U...]....\.M.`...8.d..=...d...d,0.r
H..a.9....#...7X].....H...-...l.C6....T....d....s...;...7.7......k.`e.
........fJ....7De; ~....s8.).o^ ..d...3c...Q.m.j.:..Hx...A.".8."...,%6
..... ....B$.-....gX.c<.ZC*.....?.v..~..(7%Me.r$T..K..C...;.G@%R(.F
..t.j2..3(.t.}../.L2:..>.T....y.e..s..2wC.(r. ....lLt. .~.....X3...
xNW.....L..#.I..Bx..$.1V|'..L'(....1.*...!...,..d..,........3...E?JhX.
.$...r.....S}....N:._.....`..N d.Rg.m2.R\n........(1........C.0].S`UQ.
.D.6............?..]....l7.o.z.......ldQ....mR....O..........N..O.....
..~..|v..F.T..uQ.........O'Z..N...N.............1Y......ft.Sbu........
.&.3...g.....,.D=.. k.o6....Z...-...;6....E..uY0..d.%?1..&.w.....>.
.....YA..'.....k.V.c...M........w..E.o^. ..D.$K$...!...e...s)&.F.,
GET /page-1.htm?lid=937115 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:05 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-005.fra004.internap.com
Content-Encoding: gzip11e8.............\ks.....U..>...98..Gb;(T..K... .93T*.....Y.z.q..&g>>
t;k....qD..{k.P$V...W..{.n?...3c..PD..G.....\......_c{. .m.>.~..}..
.G(...H.(rt....5c.xc.k(....G,..BW"q.....'....CW..~.nOl3T]..S..3.h.y.*.
I......X4...t..P..%L"n.9....v"...(.c/......un....7_y...B....V...&-.i..
H.iw..7..F...6...^hG......0m~bG...1. ..;....!....a.,..Z.F..G..L...8z:.
.t....5u.......n......V....j42...d.H...f...l.....T...,...]..@.^..T...p
lS..v5.S........v...q.c...T...\G.. ....r,C%.R.aD..v.8[.#.4..eB..V.....
.........>....y..x.......P8..y.}CBtb...G.a....*.0=#...Rc..J........
.U..~..N....F...7/2..HT .G.......g...2<..t.?...j..a. .Va.......JCa.
.F......'.~FO:*...w=.C.."PC... .........2.lj..7.e...0....r.e.7...x.o..
3..M..JI.P...zJ.S.....s.H.. ...rO.@~....C? u$.`.....%....V>.%%_.|h.
...?..H...5................NpR.S;.Q. ...Z.....u0......JM&....Ogv!..Rh.
..B.;.g.....|1;..B]...0..b.....{f..~.......I....w'A!....v.?/$aW...q\H.
j..{......5t..H&m..e.QH.|.b.:..T..r e\..].V....N........tG4....&v.'..9
8..3.T ..T.R..c....c....F........S.....R{.X.~ .....S$..l..PjH.q... ..(
...Dz.CJlw....G..@g.HB_.1.s?B....i..\...W...'..CVG.)i)3.#...,...(.p.0:
.*.Z...=.......A....E^.za.q2....z}y.c......\.CU..]ukk.[.1..D..&Y3.TI.9
..$..{.k.$A.F.7V.d"c.wb..l.2.... L%p`...... P.....I.7....L..~....#a..o
_.r..o...1.... ...G..zD0...(S...G%.N.,%...V....h......'.b.......)....t
.........>|~.......gG.a.v[..H........[:jnO|n..z...........O...;9|w.
<......g.?..hK.T..mQ.......N...............R[..N.N...`.>5.c]yf..
).:.....$....b.0?7..kkId.....aY...}>3..b=Kl.........?yd...\.k..
GET /css1.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1489623980.BD2B1393CD4E4FFE22787D912B7C5D2D.1.1.1.1.1.1.1.1.1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Nov 2014 09:13:53 GMT
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-005.fra004.internap.com
Content-Encoding: gzip293.............U[O.0.~.R..G5.IM.B/.>.(..P..i......cG.{a...s..]7..0>>
..G....s..w<.........6 ...!..f.o3.||6...&...(...^{..F....t.>X.]L
of...zr.= _.aT....Ae.|.r...@.S.{97b.F_r...M~...9..........#H...W.oi(y.
.....B;.@.....j.y.ke.9M.|.J..N...<8n.2...P.......>_.N...{U.....R
jb.<......oEF.I)..Bm.7...I..`.q28........Y......-P..y..V..rk.....$.
p}..z.2.I..sy..|.7..ehx..Nl..@.?9q...V<.......Z.D.8 TY`..9P..H3m,..
...A1.L..Ba.p.8..~.=m..~(@...Y...T.a..IT.X#.B...F/...50.3j..da...H..2.
.....f..s\..q.....k.I..4.2..6..4....;(. .Rb(.........Z.,/..S....lur.*.
. ..B.....X....Jc3.P.x...I.$...)..`..F..iZ..E.pK...{F...&.....i..ja1&g
t;..s.&X..Q..~....v...*m...3.Dq".|oo%.MpTn..qU..~..-.q......0..HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:22 GMT..Content-Type: text/css.
.Transfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Enco
ding..Last-Modified: Mon, 10 Nov 2014 09:13:53 GMT..Server: CDCE..X-IN
AP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-005.fra004.internap.c
om..Content-Encoding: gzip..293.............U[O.0.~.R..G5.IM.B/.>.(
..P..i......cG.{a...s..]7..0..G....s..w<.........6 ...!..f.o3.||6..
.&...(...^{..F....t.>X.]Lof...zr.= _.aT....Ae.|.r...@.S.{97b.F_r...
M~...9..........#H...W.oi(y......B;.@.....j.y.ke.9M.|.J..N...<8n.2.
..P.......>_.N...{U.....Rjb.<......oEF.I)..Bm.7...I..`.q28......
..Y......-P..y..V..rk.....$.p}..z.2.I..sy..|.7..ehx..Nl..@.?9q...V<
.......Z.D.8 TY`..9P..H3m,.....A1.L..Ba.p.8..~.=m..~(@...Y...T.a..IT.X
#.B...F/...50.3j..da...H..2......f..s\..q.....k.I..4.2..6..4....;(
GET /img/lbg.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1489623980.BD2B1393CD4E4FFE22787D912B7C5D2D.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1157917606.1489623983; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:25 GMT
Content-Type: image/png
Content-Length: 200
Connection: keep-alive
Last-Modified: Thu, 21 Nov 2013 20:06:42 GMT
ETag: "a1c85-c8-4ebb56fac1880"
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-005.fra004.internap.com
Accept-Ranges: bytes.PNG........IHDR.......L......O......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<...ZIDATx.b.R.b .....tV.....Z&.'B..!.;......qn...h:
.z!N.T@.l..4#......|..-..z...D..g.f.![.....O...........IEND.B`.HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:25 GMT..Content-Type: image/png
..Content-Length: 200..Connection: keep-alive..Last-Modified: Thu, 21
Nov 2013 20:06:42 GMT..ETag: "a1c85-c8-4ebb56fac1880"..Server: CDCE..X
-INAP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-005.fra004.interna
p.com..Accept-Ranges: bytes...PNG........IHDR.......L......O......gAMA
....7.......tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.b.R.b .....t
V.....Z&.'B..!.;......qn...h:.z!N.T@.l..4#......|..-..z...D..g.f.![...
..O...........IEND.B`...
GET /img/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1489623980.BD2B1393CD4E4FFE22787D912B7C5D2D.1.1.1.1.1.1.1.1.1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:22 GMT
Content-Type: image/png
Content-Length: 2536
Connection: keep-alive
Last-Modified: Thu, 10 Jul 2014 23:39:15 GMT
ETag: "a1c81-9e8-4fddf55270ec0"
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-005.fra004.internap.com
Accept-Ranges: bytes.PNG........IHDR.......L.....3.......gAMA....7.......tEXtSoftware.Adob>>
e ImageReadyq.e<...zIDATx..]]S.W..N.......7.NE.........(...H.8S..V.
....H;j.v..%.3...^.`...3...3....7.6......>..r..n...$....a`M.ys.9.y.
.,..U.[..a.a9M..8M .....4.`..8..4...i...:M2MXd.&J..{..K....=.?........
m.....!sX...M!.5.}...){.....].r..l.U..Vv9.afH.......Wr.i[FEX..v...;...
. Y.=."d.bjy..L,.......Ph..$..I.B...]W...}.3*.B.....-..&....!..gT..{.q
.`...hv.........i..8M ....#~z.|]......}a.......5y..!..&...NzV........&
gt;1....wb..A.E.|g..j....J7m./.w].Df.v.N.FN.}.%...#........g.7...G.wW.
.8"............SGe...x...M..%kV.%.B...7........gz.....K.....d.Da......
../........=).....G?. ..<...Q...k0...v.B.....fn4.:._a...|...J7.g.(:
...&..k.1.i......&.;........@....y.z..|[....w-....}.......c5....I=..J.
..j...5...."MV..[..8.Qw....w..........Ec}..~J.9m...A..v.?...m...FvU.;
....~...r...g..x=....... .....>V....9...~.....!.u.J.FZ.iB.L.T..S./L
..*.q1..|..8.2.z1..5{....kdg....h.S..k...8.K.v.....Y..-.o.E@S..F.oo|.
o.2.6.B...6..)m.T..Y........).O..........Q.'`.M.*J..p.tGW.....FO.C.=..
....b...*O..@....p*].h..Z.}.~....*G.....n$...D.....Q..4Y..8L..;...K...
Z..H1...ai.t.*yL...`-)2E..ip..C.d.&$*....p..[{.......4Ez..Gf.V..T.D[..
..g....Rm......u(Y.o@HT.*>?;}..D2ks...6>-\.)}Rb..ky......Pc.....
.-.\..?..s......319....^..D.i.C.....s.z.[..\...GJ...'8...Hi.s......-.S
.#...1...)..._S.V.ocE.\..cB.*Y.Z..B..%..r..73.8..p....P.U..\......2.2u
....S.....iQ.............P.y...{ 7i......v.s..N..-....K]\v.%..Vo$.P..&
lt;....}....Wb..9..7.p..$4=N Mj..0..4gj..Hie..5;-......6...8..m.(.
GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489624018000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ww1.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:49 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.906885..
GET /player1.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: everclips.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:23:18 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT
ETag: "4403c4-1bb61-4fbe0230ad080"
Accept-Ranges: bytes
Content-Length: 113505
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:23:18 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....>>
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T.....
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:30:12 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 11 Nov 2014 03:08:25 GMT
ETag: "a1b01-52-5078c97abfc40"
Accept-Ranges: bytes
Content-Length: 82
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/xml<cross-domain-policy>.. <allow-access-from domain="*"/>
..</cross-domain-policy>....
GET /v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hXXp://VVV.ivids.net/1.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos ivids.net&LR_FORMAT=application/x-shockwave-flash HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:30:12 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Content-Length: 533
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/xml<?xml version="1.0" encoding="UTF-8"?>..<VAST version="2.0"&g>>
t;<Ad id="1"><Wrapper><AdSystem>1</AdSystem>&l
t;VASTAdTagURI><![CDATA[hXXp://we1sb-oi9ft.ads.tremorhub.com/ad/
tag?adCode=we1sb-64jyd&playerWidth=645&playerHeight=380&playerPosition
=1&mediaTitle=Entertainment_videos_ivids.net&mediaDesc=Watch_Entertain
ment_videos_ivids.net&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl
=hXXp://VVV.ivids.net/1.html&contentLength=[CONTENT_LENGTH]]]></
VASTAdTagURI><Impression/><Creatives><Creative>&l
t;/Creative></Creatives></Wrapper></Ad></VAST&
gt;..HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:30:12 GMT..Server: Apa
che/2.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store,
no-cache, must-revalidate, max-age=0..Pragma: no-cache..Expires: Sat,
26 Jul 1997 05:00:00 GMT..Cache-Control: post-check=0, pre-check=0..C
ontent-Length: 533..Keep-Alive: timeout=5..Connection: Keep-Alive..Con
tent-Type: text/xml..<?xml version="1.0" encoding="UTF-8"?>..<
;VAST version="2.0"><Ad id="1"><Wrapper><AdSystem>
;1</AdSystem><VASTAdTagURI><![CDATA[hXXp://we1sb-oi9ft.
ads.tremorhub.com/ad/tag?adCode=we1sb-64jyd&playerWidth=645&playerHeig
ht=380&playerPosition=1&mediaTitle=Entertainment_videos_ivids.net&medi
aDesc=Watch_Entertainment_videos_ivids.net&mediaId=&mediaUrl=[CONTENT_
MEDIA_URL]&srcPageUrl=hXXp://VVV.ivids.net/1.html&contentLength=[CONTE
NT_LENGTH]]]></VASTAdTagURI><Impression/><Creati
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: thm.vidvib.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:50 GMT
Content-Type: application/xml
Content-Length: 82
Connection: keep-alive
Last-Modified: Fri, 20 Jun 2014 22:54:54 GMT
ETag: "1000000015848-52-4fc4c61b7eb80"
Server: NetDNA-cache/2.2
Expires: Sun, 11 Mar 2018 00:26:50 GMT
Cache-Control: max-age=31104000
X-Cache: HIT
Accept-Ranges: bytes<cross-domain-policy>.. <allow-access-from domain="*"/>
..</cross-domain-policy>....
GET /abcd.mp4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://everclips.net/player1.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: thm.vidvib.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:50 GMT
Content-Type: video/mp4
Content-Length: 2929
Connection: keep-alive
Last-Modified: Mon, 16 Jan 2017 22:18:32 GMT
ETag: "a0a000000009298-b71-5463d905b4731"
Server: NetDNA-cache/2.2
Expires: Sun, 11 Mar 2018 00:26:50 GMT
Cache-Control: max-age=31104000
X-Cache: HIT
Accept-Ranges: bytes....ftypmp42....mp41isom...Duuid\...2.B..ae........(6.3.9600.16477 (wi>>
nblue_gdr.131126-1957)....mdat.................3../..aP.pAr.2H..*=4Mic
rosoft H.264 Encoder V1.5.3..............sC....B.5l.src:3 h:100 w:100
fps:29.970 pf:66 lvl:1 b:0 bqp:3 gop:90 idr:90 slc:1 cmp:0 rc:1 qp:26
rate:100000 peak:0 buff:37500 ref:2 srch:32 asrch:1 subp:1 par:6 3 3 r
nd:0 cabac:0 lp:2 ctnt:0 aud:1 lat:0 wrk:4 vui:1 lyr:1 <<.....ke
..K....P..#...}......o....... .=......x..6..J.4......pBA..........x ..
..[.....^.V._....J..rb..w&......^'..(.|Q.w...J...'.r.x.q........&..G..
..] 3MR...E!:/..."H{.........K....{...z7.....!.'.u\z.e...W.>..o..;.
.......)!..\..._.h..R...)...0.....D/h....~..g. ....P3.2..:.......S4.b.
.8........{eh...YOHT.!.N....t...?.J\/Wfc@]..c>.u..... [{H.#....W..0
.......iiiiik..........0....a....(.....0....a....(.....0....a....(....
.0....a....(.....0....a...x.'Y7.@.....0...7a..._.2............y..9..&~
.OJ..[....".....|.n.F.'`.Z.......0...ga...^#...<.#f.L.).n...Z.4..`s
..1./.......}.W=..I.W\.!u.....@.AN.E..ny.....-...X.4...^.a.6..$..DTk.H
.j.......0....a........4<.S.. .........^.K...\..YY6..._..L....X...8
>..WY1%.$.>.$..L.U.....c._.8..c.......c..MzIx..3..f...:..z}|..G.
...?.4RP..j.&O..C"....r>.....0....a...W...d~^a...W.t.j..S.*..7).&&.
....9).3..8[U...9.}.O..r.T...%.:O.....q..Gt.~7I..>....V..QT.uL.....
j.U:}.......>.e`7p.4...p!q....w.E. ..LC......!.J.E.Ia..ANG....... .
........0....a...W./5......*....H...B......0....a...W....z.......0....
a...W....z.......0....a...W....z.......0....a...W....z.......0....
GET /wp-content/themes/howcast/images/icons/love.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.howcast.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:04 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT
ETag: "1000000029c8c-7f-5417580d56100;548e03ca5164a"
Accept-Ranges: bytes
Content-Length: 127
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR................s....gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....IDATx.b...L.`..`.>....jg.....IEND.B`.HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:04 GMT..Server: Apache/2.2.22 (
Win64) PHP/5.3.13..Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT..ETag:
"1000000029c8c-7f-5417580d56100;548e03ca5164a"..Accept-Ranges: bytes.
.Content-Length: 127..Keep-Alive: timeout=5, max=100..Connection: Keep
-Alive..Content-Type: image/png...PNG........IHDR................s....
gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...L.`.
.`.>....jg.....IEND.B`...
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: thm.vidvib.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:52 GMT
Content-Type: application/xml
Content-Length: 82
Connection: keep-alive
Last-Modified: Fri, 20 Jun 2014 22:54:54 GMT
ETag: "1000000015848-52-4fc4c61b7eb80"
Server: NetDNA-cache/2.2
Expires: Sun, 11 Mar 2018 00:26:52 GMT
Cache-Control: max-age=31104000
X-Cache: HIT
Accept-Ranges: bytes<cross-domain-policy>.. <allow-access-from domain="*"/>
..</cross-domain-policy>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017
00:26:52 GMT..Content-Type: application/xml..Content-Length: 82..Conne
ction: keep-alive..Last-Modified: Fri, 20 Jun 2014 22:54:54 GMT..ETag:
"1000000015848-52-4fc4c61b7eb80"..Server: NetDNA-cache/2.2..Expires:
Sun, 11 Mar 2018 00:26:52 GMT..Cache-Control: max-age=31104000..X-Cach
e: HIT..Accept-Ranges: bytes..<cross-domain-policy>.. <all
ow-access-from domain="*"/>..</cross-domain-policy>..
GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Wed, 15 Mar 2017 23:55:27 GMT
Expires: Thu, 16 Mar 2017 01:55:27 GMT
Last-Modified: Thu, 02 Mar 2017 00:20:42 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 12156
Cache-Control: public, max-age=7200
Age: 1855.............w.8.0.{......Du...lR.SJ)...-...#Kj......M.....I..a.}.....>>
]"......\U.j:.I.<r....=y*............f....T..h......c.,i....T[h.Fb,
U.{..8r.u<hwX.............a.....N.....Oz..`.=.....-.on..y.5q0=..w..
3p.^o..y..n..........NN.>...z.C!.U...q=.....Q.Lon.....k..._......./
z<.J\.n6.y.H%.h...?....8^..?....s#....El.o}....F.rAi...en.X..^.....
........T..L...........7....z..a.....A_(.c..H...k,`.......l.5.k>.5.
..g.....Y|9..49.y..2.......eQ..MW:....b.......M........(....pD.9.K.'I.
.u}...WW.:...e#>.....Z)...j}......$..d.U`O..H... ...:....f......y..
..o.-.Gj2....o......:.YZzZ.2xs.q....S..?.7...Y..XE[]5J*..L.|.W-[h Z.8R
W*.T...X.$gI.....B...-b.6E...@..~.J2...I.....\^.o...r..._..2.OG.%.y...
!Z....4......1...:&.....3..t...!|................S.n/.b...[,..lZX.9.Px
C...8|.io{<..G..'}.p>..xoMc....5..{w.e...~...`..`t..}.......uU#X
.. .;.J.k@].p...r...:@..h...OD.U..L./o>gW.....j......J.B../..`. Z..
............e...>T.Y. .:.z.T.&......(...E..$NEV.|.k..94.uy.........
p...4}=."|...I.]R..o..............L....h0.2..N..a...8.....!~}......-}W
..a......a .>.Z...HI...g.D<.y.1...$...<....a..R..1....R.."'..
.9n.Q..1..lyN..,rF.n..Vi}.J...s..]./;........y....I......<....`-HI.
.........k..8...{.8...4.1)....(..2..1.7w..q.......M...7Z.V.f^..-*..qK@
!.HN..|J ......mA..A f.....CA.9yE.....*...#N.....0.../../..a0t=......h
:.........c...'...o.rz.............V.,L'...U.........^u2.....A........
8.O.s...R.hw..V......v=W.X=Q..C.84..S.%.Y\..H..V.1..Mz..........J..R..
......'....*Z......Ba...........f.z....1..k..d..C>)."..R!..#'H.
GET /r/collect?v=1&_v=j49&a=2009820665&t=pageview&_s=1&dl=http://VVV.ivids.net/page-1.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=529385969&gjid=1659227578&cid=1157917606.1489623983&tid=UA-74694740-2&_r=1&z=873997192 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Thu, 16 Mar 2017 00:26:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Thu, 16 Mar 2017 00:26:25 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..
GET /5/10/logo.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://everclips.net/player1.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: l.longtailvideo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: image/png
Date: Thu, 16 Mar 2017 00:26:38 GMT
Etag: "3015243340"
Expires: Thu, 23 Mar 2017 00:26:38 GMT
Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT
Server: ECAcc (vie/F29C)
X-Cache: HIT
Content-Length: 1845.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP...>>
.0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......c
v..9sv...3g....A-.).8j......J..*.Ge9.@....Y u(.....k.Nt.3..yR....~*].
...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !..
...Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{
.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9k
L....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j
.}S...@.EmE./.....U.u.-.U\..../B......;..Q......@.9....=.'.~Jm0t<c.
]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...
........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0
.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...
S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j
.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O
.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{..
....>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'.
...x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`.
..8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..
t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.
q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'
.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......
j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.b
i..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se
GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: aoaomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:05 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 928
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html<html>..<head>..<title>a</title>..</head>>>
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..},
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r=' Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
6:05 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1
Accept: */*
Referer: hXXp://aoaomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: aoaomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:06 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 3
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:06 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......
GET /report3.php?lid=937115 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.everclips.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:28 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:28 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8......
GET /report3.php?lid=937115 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: vi.everclips.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:32 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8..
GET /counter/counter.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.statcounter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:19 GMT
Server: PWS/8.2.0.7
X-Px: ht h0-s1210.p11-fra.cdngp.net
ETag: W/"576924c5-654e"
Cache-Control: max-age=43200
Expires: Thu, 16 Mar 2017 03:56:59 GMT
Age: 30560
Content-Length: 9529
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Tue, 21 Jun 2016 11:28:05 GMT
Connection: keep-alive...........]{s....*....F.,.-..o..M6....$...eQ$%s,.Z..c-}..u7@..<3{u>>
..?....@.h4..B.y..Z...Q..9..............]...K.%.<L....f...U...\..i.
<..g.f.%.q........O.J.CH..v.....N.H.M..zQ-J..`.'f.*~0....sj....C...
.....l....di|..4t..H........-...;.P.f^...EM....4..I.=.~....e..e..W>
.]..Wt...v..I..Wym.;...y....'....W._;.}.f..#...'.4Lj.:...bv.....&Z.p.&
.&.5.n#sN....X'[..........5-h.n.x..G.5....h...mp.....5..[..G.}.~....&.
...d.%i..G..4....b..h......<.q..c... J....{bTZ\M.w.r.1.Bf...y.l....
v.gQ...v.e./O.....Fi..H..;.Z.Y.a{Os-.A..c.b.c.{.a.....bln|{..t.....:|.
....~......R.eEV..-:h.xwS...Zf..*cHC,...K....p..4i.9.k>..P6[.Q.....
.$|...._.;...Em..itPa......P..Gj.. .5. G..1m.....Ee...F70..ZUU&.&.?.&
gt;..r.Opc.........MQ<....=9(.v..^.Z<.;C....{....v..v:..N..{8.V;
........a.......v'.......w:...y..... ..^v../.8....W..7...o..IBV..%e...
c.Qt...6M.k.".j.o.E[.;..(#.$...#..T*. .......K/M..S..X.;(`..v.Fx||4...
..............#_.y..]./.y...?.....U...... ..].@...JX....v.?.H.ha8.b.*.
.EE.tx,j.....,.H..;.^...Ps....\.D.A...._..M...`.K...$k....^......j5t..
.......J.G,kt..6:}.I....v%..g.).([......Rlh.F.E..P(...h.U...:.@k>D.
..y.($V.P..B.u[n...[.@u2...;r^.E./..u....-k.......u....K....w...`U....
g^.l....*.1N.....8|.b..R.N.N..yq.s......?..m.m~..^...m.<cT. ....g.c
...E.-.?...O.|O. /Z*l...../46..;......h...8..p....m......&..MD.[.f\...
.'..e..C.*.n..#.....-...h.M..Lj$.....@O....h.,6<,.:..8,.OA...V.`.Pa
[..~v3.Qn...7W..^@[...../ m.t..%.......r$...>-k...{..U .h.r.._...UN
....3../....O..N.............p....5.<....2GM..C3|.q^w.....,....
GET /5/10/logo.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/player1.swf
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: l.longtailvideo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: image/png
Date: Thu, 16 Mar 2017 00:26:38 GMT
Etag: "3015243340"
Expires: Thu, 23 Mar 2017 00:26:38 GMT
Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT
Server: ECAcc (vie/F29C)
X-Cache: HIT
Content-Length: 1845.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP...>>
.0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......c
v..9sv...3g....A-.).8j......J..*.Ge9.@....Y u(.....k.Nt.3..yR....~*].
...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !..
...Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{
.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9k
L....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j
.}S...@.EmE./.....U.u.-.U\..../B......;..Q......@.9....=.'.~Jm0t<c.
]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...
........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0
.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...
S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j
.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O
.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{..
....>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'.
...x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`.
..8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..
t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.
q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'
.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......
j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.b
i..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se
GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ww1.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:25:50 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 124
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.37976HTTP/1.1 200 OK.
.Date: Thu, 16 Mar 2017 00:25:50 GMT..Server: Apache/2.2.22 (Win64) PH
P/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 124..Keep-Alive: t
imeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...P
NG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs..
........o.d....IDAT.Wc...?......5......IEND.B`.37976..
GET /player1.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115
x-flash-version: 23,0,0,185
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:23:18 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT
ETag: "4403c4-1bb61-4fbe0230ad080"
Accept-Ranges: bytes
Content-Length: 113505
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:23:18 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....>>
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T.....
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: bobomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:25:50 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 928
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html<html>..<head>..<title>a</title>..</head>>>
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..},
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r=' Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
5:50 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1
Accept: */*
Referer: hXXp://bobomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: bobomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:25:51 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 3
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:25:51 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......
GET /jwplayer1.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: everclips.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 08:22:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 02 Jun 2016 05:31:59 GMT
ETag: "4403af-25d37-53444eccf91c0"
Accept-Ranges: bytes
Content-Length: 154935
Cache-Control: max-age=2592000, public
Expires: Thu, 15 Feb 2018 08:22:59 GMT
Connection: close
Content-Type: text/javascriptvar dtn = Date.parse(new Date().toString());..document.write(unescape(>>
'
GET /bck.php?1489623962000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:30 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:30 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8......
GET /bck.php?1489623965000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:29:32 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8..
GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: ww.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:04 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.549079HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:26:04 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive:
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.549079..
GET /homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 790
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Encoding: gzip
Date: Thu, 16 Mar 2017 00:16:17 GMT
Vary: Accept-Encoding
Age: 566
X-Cache: Hit from cloudfront
Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: -sXZBpkLr8ZxrYJmK0IlZbJcrKkjEaxocTqwlemj4dzUfPsAgD53Ig==...........U]O.0.}G.?.?.V%vK....hk...64..4..I..,...4T.....@...&.......>>
...........!Jl......Gc.=.....M..t.a....h..Z#C...g.pbm.....h....l..]9..
K[~zE.C#.....`.<..3a9..n.a}\.....V....R.}|.....:...A*0...BA.../.X..
....{.....Q$ Y.7..DZiS1*.7a...!k.C...t.@.....X*.w1.:_.iUC^.L.....Qh..B
..hscX.F...\.%...?.9?............X<.s...#(0@nS....51.Yf1*L... .U..K
C..*...e6..(...d.L.&.].T...U...j......,h"d.....c.i\.K....p...y...\FE.8
...8.....m.M.v:Sq...4..I!..*..Mu.R..6..... 5"Oy(Z... Bn..].x... ...s..
B..{.w...~j4.....5q..K.....p(R....1.......$..|.0..r@:p......_.b.n.'.X;
d.%.....=[r...]W2xmI..T......q.u..5".&).Z..F4O....:....=.....5X.M$L..@
H:MA.>V..0k...K....eV....-[........ ...O....z..P../....h....s=...y.
..L.#.Gf...-.V.zy;7;.fr..n.....j.{.0.B`../.......<.]{...kF...m..y..
.Gj.....fA3..EAF..........B.....HTTP/1.1 200 OK..Content-Type: text/ht
ml..Content-Length: 790..Connection: keep-alive..Server: Apache/2.2.22
(Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Encoding: gzip.
.Date: Thu, 16 Mar 2017 00:16:17 GMT..Vary: Accept-Encoding..Age: 566.
.X-Cache: Hit from cloudfront..Via: 1.1 e4a44efc4b3241dc23019df63a1f64
5c.cloudfront.net (CloudFront)..X-Amz-Cf-Id: -sXZBpkLr8ZxrYJmK0IlZbJcr
KkjEaxocTqwlemj4dzUfPsAgD53Ig==.............U]O.0.}G.?.?.V%vK....hk...
64..4..I..,...4T.....@...&..................!Jl......Gc.=.....M..t.a..
..h..Z#C...g.pbm.....h....l..]9..K[~zE.C#.....`.<..3a9..n.a}\.....V
....R.}|.....:...A*0...BA.../.X......{.....Q$ Y.7..DZiS1*.7a...!k.C...
t.@.....X*.w1.:_.iUC^.L.....Qh..B..hscX.F...\.%...?.9?............
GET /jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 934
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
Last-Modified: Tue, 17 Jan 2017 23:02:27 GMT
ETag: "b0000003c0a95-a9d-546524b401cbb"
Accept-Ranges: bytes
Content-Encoding: gzip
Date: Thu, 16 Mar 2017 00:12:55 GMT
Age: 783
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: N4_B6QTQFx2FjBKZXrePEgGqPzNjv1v-RFd5djnxl5mq_ebSmH3a3g==...........UMo.8......t....$....)v...@{.m....I.)R.H;F............%....>>
.....p.\..&G#,.....C .6dZY*..0h.I.6<.n...*m.n .eeo.k.....Q.>.o..
.E0....6p.C..x..k....2....xA.....^....<.FJ^2h.N1 ..l.%X3..... $R...
..z.E.....zA*}$V.&.*r...F.<...LN..5.V..V)...x.Xm..'...o...P.|...Vdg
....ZD0.L....a........'..'V.F.}.3.g.f3D.H.P..i..6?.....$55{......w}N..
B....L...#p.*c.....u.D.8$K.h&...........`|b'..#...a|....u).@.a0gTL....
..D.Q.Z..KL..Or....~..../.i15vZ.<.P(......1....}F..=.......:.`-.\..
......1..6.a.....2.*vj...}..J....uG........D.*m..=..i.[.9;#x.>(E[Zq
{.g..j..#.......Z/..%m....<4R.h\.?a..."....[.."l].@....p .=IM...{..
~..........(.g.......z..~.G..O}..............cR...m....Z../:#.aR.Z..8!
7..,[..c5...p..&.../....Fl..a.?.D.......#...0]..bgp...!.~..s=../....Jp
8..72..yT.....~.2.....:.B.x.P.u..............|6Z.q".....?}...N....t..6
..6J..'M)T.%G.n.v.-38Bp.n#....m.^<...0....p.`...7.m.{...........,..
fqx.m..i.....WB3..f.Jh._..|COs..g....;...$....HTTP/1.1 200 OK..Conte
nt-Type: application/javascript..Content-Length: 934..Connection: keep
-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..Last-Modified: Tue,
17 Jan 2017 23:02:27 GMT..ETag: "b0000003c0a95-a9d-546524b401cbb"..Acc
ept-Ranges: bytes..Content-Encoding: gzip..Date: Thu, 16 Mar 2017 00:1
2:55 GMT..Age: 783..Vary: Accept-Encoding..X-Cache: Hit from cloudfron
t..Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFron
t)..X-Amz-Cf-Id: N4_B6QTQFx2FjBKZXrePEgGqPzNjv1v-RFd5djnxl5mq_ebSmH3a3
g==.............UMo.8......t....$....)v...@{.m....I.)R.H;F........
GET /amg.php HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 359
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Date: Thu, 16 Mar 2017 00:25:40 GMT
Age: 20
X-Cache: Hit from cloudfront
Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: puMSTLvIVAFfwbVcoFJQJPhAIOXr28VyJMLVelFCUUhlh49vmMB2eg==...<script type="text/javascript">setInterval( "vwu()", 200000);
function vwu(){if(document.images){document.images['viewers'].src = 'h
ttp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png?' Date.parse
(new Date().toString());}}</script><div style="visibility:hid
den"><img name="viewers" src="hXXp://whos.amung.us/cwidget/iebro
wser1/000000ffffff.png"></div>HTTP/1.1 200 OK..Content-Type:
text/html..Content-Length: 359..Connection: keep-alive..Server: Apache
/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Date: Thu, 16 Ma
r 2017 00:25:40 GMT..Age: 20..X-Cache: Hit from cloudfront..Via: 1.1 e
4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)..X-Amz-Cf-
Id: puMSTLvIVAFfwbVcoFJQJPhAIOXr28VyJMLVelFCUUhlh49vmMB2eg==.....<s
cript type="text/javascript">setInterval( "vwu()", 200000);function
vwu(){if(document.images){document.images['viewers'].src = 'hXXp://wh
os.amung.us/cwidget/iebrowser1/000000ffffff.png?' Date.parse(new Dat
e().toString());}}</script><div style="visibility:hidden">
<img name="viewers" src="hXXp://whos.amung.us/cwidget/iebrowser1/00
0000ffffff.png"></div>..
GET /t.php?sc_project=10675947&java=1&security=299981d6&u1=E7B0A1AC3FB14F5D7ED93655281D1DFE&sc_random=0.578439388503037&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1916&h=902&camefrom=http://VVV.everclips.net/page-2.html?lid=937115&u=http://VVV.everclips.net/page-2.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: c.statcounter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:20 GMT
Content-Type: image/gif
Content-Length: 49
Connection: keep-alive
Set-Cookie: __cfduid=d763e6536a7d3afd3b39c3b352116794c1489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=/; domain=.statcounter.com; HttpOnly
P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc10675947.1489623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.statcounter.com
Set-Cookie: is_visitor_unique=1489623980103633089; expires=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com
Server: cloudflare-nginx
CF-RAY: 340394940681648d-FRAGIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Date
: Thu, 16 Mar 2017 00:26:20 GMT..Content-Type: image/gif..Content-Leng
th: 49..Connection: keep-alive..Set-Cookie: __cfduid=d763e6536a7d3afd3
b39c3b352116794c1489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=
/; domain=.statcounter.com; HttpOnly..P3P: policyref="hXXp://VVV.statc
ounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"..Expire
s: Mon, 26 Jul 1997 05:00:00 GMT..Set-Cookie: is_unique=sc10675947.148
9623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.stat
counter.com..Set-Cookie: is_visitor_unique=1489623980103633089; expire
s=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com..Serv
er: cloudflare-nginx..CF-RAY: 340394940681648d-FRA..GIF89a............
.......!.......,...........T..;..
GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: bobomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:25:50 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 928
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html<html>..<head>..<title>a</title>..</head>>>
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..},
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r=' Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
5:50 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1
Accept: */*
Referer: hXXp://bobomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: bobomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:25:51 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 3
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:25:51 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......
GET /homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 790
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Encoding: gzip
Date: Thu, 16 Mar 2017 00:16:17 GMT
Age: 566
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)
X-Amz-Cf-Id: x6R7-mR9KfKr0_IhKuSx4PfZPcuLyYKvQjv3eJK9v0iF1sAITyhlbQ==...........U]O.0.}G.?.?.V%vK....hk...64..4..I..,...4T.....@...&.......>>
...........!Jl......Gc.=.....M..t.a....h..Z#C...g.pbm.....h....l..]9..
K[~zE.C#.....`.<..3a9..n.a}\.....V....R.}|.....:...A*0...BA.../.X..
....{.....Q$ Y.7..DZiS1*.7a...!k.C...t.@.....X*.w1.:_.iUC^.L.....Qh..B
..hscX.F...\.%...?.9?............X<.s...#(0@nS....51.Yf1*L... .U..K
C..*...e6..(...d.L.&.].T...U...j......,h"d.....c.i\.K....p...y...\FE.8
...8.....m.M.v:Sq...4..I!..*..Mu.R..6..... 5"Oy(Z... Bn..].x... ...s..
B..{.w...~j4.....5q..K.....p(R....1.......$..|.0..r@:p......_.b.n.'.X;
d.%.....=[r...]W2xmI..T......q.u..5".&).Z..F4O....:....=.....5X.M$L..@
H:MA.>V..0k...K....eV....-[........ ...O....z..P../....h....s=...y.
..L.#.Gf...-.V.zy;7;.fr..n.....j.{.0.B`../.......<.]{...kF...m..y..
.Gj.....fA3..EAF..........B.....HTTP/1.1 200 OK..Content-Type: text/ht
ml..Content-Length: 790..Connection: keep-alive..Server: Apache/2.2.22
(Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Encoding: gzip.
.Date: Thu, 16 Mar 2017 00:16:17 GMT..Age: 566..Vary: Accept-Encoding.
.X-Cache: Hit from cloudfront..Via: 1.1 d79148f01e44f5598c15bdd5ce1c19
97.cloudfront.net (CloudFront)..X-Amz-Cf-Id: x6R7-mR9KfKr0_IhKuSx4PfZP
cuLyYKvQjv3eJK9v0iF1sAITyhlbQ==.............U]O.0.}G.?.?.V%vK....hk...
64..4..I..,...4T.....@...&..................!Jl......Gc.=.....M..t.a..
..h..Z#C...g.pbm.....h....l..]9..K[~zE.C#.....`.<..3a9..n.a}\.....V
....R.}|.....:...A*0...BA.../.X......{.....Q$ Y.7..DZiS1*.7a...!k.C...
t.@.....X*.w1.:_.iUC^.L.....Qh..B..hscX.F...\.%...?.9?............
GET /jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 934
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
Last-Modified: Tue, 17 Jan 2017 23:02:27 GMT
ETag: "b0000003c0a95-a9d-546524b401cbb"
Accept-Ranges: bytes
Content-Encoding: gzip
Date: Thu, 16 Mar 2017 00:12:55 GMT
Age: 783
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)
X-Amz-Cf-Id: OJ5fx_UUhV3PBbAnKpj99yAGIFlmHCyzWxlb1K6WLhp-SDQq4cTCqA==...........UMo.8......t....$....)v...@{.m....I.)R.H;F............%....>>
.....p.\..&G#,.....C .6dZY*..0h.I.6<.n...*m.n .eeo.k.....Q.>.o..
.E0....6p.C..x..k....2....xA.....^....<.FJ^2h.N1 ..l.%X3..... $R...
..z.E.....zA*}$V.&.*r...F.<...LN..5.V..V)...x.Xm..'...o...P.|...Vdg
....ZD0.L....a........'..'V.F.}.3.g.f3D.H.P..i..6?.....$55{......w}N..
B....L...#p.*c.....u.D.8$K.h&...........`|b'..#...a|....u).@.a0gTL....
..D.Q.Z..KL..Or....~..../.i15vZ.<.P(......1....}F..=.......:.`-.\..
......1..6.a.....2.*vj...}..J....uG........D.*m..=..i.[.9;#x.>(E[Zq
{.g..j..#.......Z/..%m....<4R.h\.?a..."....[.."l].@....p .=IM...{..
~..........(.g.......z..~.G..O}..............cR...m....Z../:#.aR.Z..8!
7..,[..c5...p..&.../....Fl..a.?.D.......#...0]..bgp...!.~..s=../....Jp
8..72..yT.....~.2.....:.B.x.P.u..............|6Z.q".....?}...N....t..6
..6J..'M)T.%G.n.v.-38Bp.n#....m.^<...0....p.`...7.m.{...........,..
fqx.m..i.....WB3..f.Jh._..|COs..g....;...$....HTTP/1.1 200 OK..Conte
nt-Type: application/javascript..Content-Length: 934..Connection: keep
-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..Last-Modified: Tue,
17 Jan 2017 23:02:27 GMT..ETag: "b0000003c0a95-a9d-546524b401cbb"..Acc
ept-Ranges: bytes..Content-Encoding: gzip..Date: Thu, 16 Mar 2017 00:1
2:55 GMT..Age: 783..Vary: Accept-Encoding..X-Cache: Hit from cloudfron
t..Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFron
t)..X-Amz-Cf-Id: OJ5fx_UUhV3PBbAnKpj99yAGIFlmHCyzWxlb1K6WLhp-SDQq4cTCq
A==.............UMo.8......t....$....)v...@{.m....I.)R.H;F........
GET /amg.php HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.ladaubert.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 359
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Date: Thu, 16 Mar 2017 00:25:40 GMT
Age: 20
X-Cache: Hit from cloudfront
Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 9A9uHGW-LZ1GJwFbTlDQtk-wtUEFvI4DT4YC_gEE_2Zx31xN3PQD4A==...<script type="text/javascript">setInterval( "vwu()", 200000);
function vwu(){if(document.images){document.images['viewers'].src = 'h
ttp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png?' Date.parse
(new Date().toString());}}</script><div style="visibility:hid
den"><img name="viewers" src="hXXp://whos.amung.us/cwidget/iebro
wser1/000000ffffff.png"></div>HTTP/1.1 200 OK..Content-Type:
text/html..Content-Length: 359..Connection: keep-alive..Server: Apache
/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Date: Thu, 16 Ma
r 2017 00:25:40 GMT..Age: 20..X-Cache: Hit from cloudfront..Via: 1.1 d
79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)..X-Amz-Cf-
Id: 9A9uHGW-LZ1GJwFbTlDQtk-wtUEFvI4DT4YC_gEE_2Zx31xN3PQD4A==.....<s
cript type="text/javascript">setInterval( "vwu()", 200000);function
vwu(){if(document.images){document.images['viewers'].src = 'hXXp://wh
os.amung.us/cwidget/iebrowser1/000000ffffff.png?' Date.parse(new Dat
e().toString());}}</script><div style="visibility:hidden">
<img name="viewers" src="hXXp://whos.amung.us/cwidget/iebrowser1/00
0000ffffff.png"></div>..
GET /page-2.html?lid=937115 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.everclips.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-001.fra004.internap.com
Content-Encoding: gzipe22.............[{o.8.......Z.q..-...N."M.mpi....-.".$..........7$%Z..>>
..w84A...c.3.........tq... ....e..k]J.&........e....1......QHI.]..tb9d
.t.( ...S3.b.h..]....'x.E......6...&S.......@.Y...$Zk..0m...o<....1
M. .......R.@E1..o.i.[i.&$..73Zf.....vo...YD..-5..N..^.)..Y..7{....x.K
..@-*....^.....X.>..O..X..b/.`-...H."L.._..:..>I...sh.E./...l.f.
....N........;.)M.......... ...XXQ.V. .;O\.n.E._.ZY......1.nH8!q..n v.
7.g............a..i.!nkJ.....a.....,]q.UP.a.*.hwBL..{a.....,..e#._.e.3
.0...?~....?F...4.[~d.5...t.....u..*....(..;.9K..^X.....b.._.Jr......&
lt;.X...@.*..i...o.........K...E.1" G.cF~....6.....4...VA@m....uEU.Ol:
/..`B`..V/.C..$.7...`&..(.!...[[Xp....k7l..(..0..t..S..DYh5B2C..D...Ed
r.Q..... . .^.I...Z..F...g.z......r.M..r.R..Uj...R..i..=Z..I>...X..
...~..4.C...J.....NhT.. 3...I.*..K..O*UpX..V.U......~^..l..U..U.......
K../..GQ.. .C ......-.[..oEW..|.}K.@...... NI...)..<..k..7.R...p..d
m...4..._<G.....G.2../.Q....le..s....9MPFH..S....Ue.*pF.....J.d.u.z
.....7../.?S`...P..<CJ......\..n>..zW....Pq..c.Y...l......k ..u.
....fB.k.....[.Xe....Y-.Bv..A..2..g...h..,g.....k.:.s..........-.3...!
.?[o.0MH"...Xtx...p...l'.Q...b.......B*.pQK......,..?...E....r..:....U
...c?Jj.....}........^..4.Y...3......W1...]xT..S...w........0b.....F.B
..2.^...'..-.~.%..9:9;...........}pX... .........n7.4.1.,V........_..B
i.............Og_N...1..h...aD.......O.u......~<8.\x)........._..t.
.i.V......#a.E.&S........wc..C.yC....fo.[Kth."Phb.\....a.c= H...s...r=
.p....D..~\ .;:.....7..l3.Y.[.....h.2..T....x.mq/....I....lWXr....
GET /page-2.htm?lid=937115 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.everclips.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:05 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-001.fra004.internap.com
Content-Encoding: gzip10af.............\is....lW.?."Y.\. .C.)A..Rl..U..d..R...... ..(......>>
..2.....J"0..{.{.{.po"b....#..J.[..e.O...8h.........../.I.cg........M.
.ta..n.B."t..##t....@.J,....OyZ..(4t...4.b*B.u.H..j....E.....4..y..S..
x$.......2F%...(.:.t.^.r3R.PL.p..U..4..D...|..B..-.6....?M...c.#}...._
....zg...|.#'v|O..N....'v.~.&.1w..x...)....-.....6:....m.M=k.9t....l..
..l..x.>.s?p[<.j..o.g..N...J...8.........k'...?.Z..uQ~.jL.k ....
.......c.......zb...qC.i..7%%.|4......#...[...8.W.!..0bt.xA....1M...0.
.aq.4X.......~..g.......o....O:..k..5.....3.~.W...$.*=0}#!eSi..K%.n.T.
.......ou..b.0..j.v.Mf...jeo$....~.}s.....~. ........HW...0...m.....\a
..........Z....!..b...D..P...TV.......1.*.l.x.? ....(.%......0.)..)..7
r.. ..S&B..x........a..I,v...Vp. . .fd:...(.I.9h...D..I.}..?.k.C..D..C
....#5....zb..9...BXI6 ..l..&X.I.V.a....$.....<q[.*n*uY42.\>.;."
.h.9j[."o...Q7...b>..R_...0..r.....gn..^.....a...2...4,...y.t.q....
el'I.......7/.9.my-{$.j..^...%_$.-...j.Q.I.Tk.... -U.4kjY. .6. .h.bg.:
.N:4$q....S...H...EN...'..bA.F.v..........f.R..X........S..Q..^K...'1$
..1..a".!.SY....j>y.H.X^....y.....K0.}nc...E.\....A.7.....k...)....
.H1.......L........V3....R.l..h~7C...B...f...c...;......B..ke;. ..1XAV
.'~3.LJ..C..L.sVX......?Q.e.g%p...|.r!\..T.T...%.....L.ZrzXGi...!.2..h
~..D.H..../i......5Z.P4@. e........M.S.!...m..\....W....x....;.'..x6..
|/.S..Q....p....|<......O..>.......t......Go.t..q.1..cR.........
.O.w/..;9zw...........o....eZ..Q7......O....[T.........2O..N.O.....l.'
....>SRk.......DHk....}..P.k\L.^..[..&.....F.......7.d.qg(....$
GET /style.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.everclips.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1489623980.E7B0A1AC3FB14F5D7ED93655281D1DFE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1465818909.1489623989
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:29 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 05 Dec 2014 02:43:45 GMT
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-001.fra004.internap.com
Content-Encoding: gzip2e0.............VQO.0.~.R...j*.......T.lh@%..moN.&.N.9n.U.......j.4..G>>
n...w..}....E.v<>._.h...@.6.}.x'....pr6.$.......zmH.HoP...z.t|9.
N..g...|.....`...-.......$.i..\.)....;.....@g/....E..g/.A..\..}C....O.
j;.V..^.Q.0...b.R.Mi".=)s7p.\.....e.5.@.{.....?}....<.......J..D.I&
gt;5.zo..-...a....k..:.J........~.j.eT..t...w.....@......yG=..J...{...
..m. .\.A.7U...t..^..G. .....uqx.<...6..<Q..".... ....(oD.)mP.8.
~..1e.....e.....n..o....$....z.3.5..=.J.)....7.V...0.{rF5O......I.>
."?K....P..W~a..c.......{,4....H>ht...n.,..Ki]..vu.R..Kj...n|..va.K
...J8.KD.....c.G.....x.FV.x...N.....)g.`..E..4...,....k.>..Jh......
i..jf...........2f..i......U.m....l..#.|k.V0.#..zU.*E.g....V.K.%..I..`
...... ...%:.......^.)..x.[Y5.....r....X..O.S.s*Y.)...@....'.-.;f.....
0..HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:29 GMT..Content-Type:
text/css..Transfer-Encoding: chunked..Connection: keep-alive..Vary: A
ccept-Encoding..Last-Modified: Fri, 05 Dec 2014 02:43:45 GMT..Server:
CDCE..X-INAP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-001.fra004.
internap.com..Content-Encoding: gzip..2e0.............VQO.0.~.R...j*..
.....T.lh@%..moN.&.N.9n.U.......j.4..Gn...w..}....E.v<>._.h...@.
6.}.x'....pr6.$.......zmH.HoP...z.t|9.N..g...|.....`...-.......$.i..\.
)....;.....@g/....E..g/.A..\..}C....O.j;.V..^.Q.0...b.R.Mi".=)s7p.\...
..e.5.@.{.....?}....<.......J..D.I>5.zo..-...a....k..:.J........
~.j.eT..t...w.....@......yG=..J...{.....m. .\.A.7U...t..^..G. .....uqx
.<...6..<Q..".... ....(oD.)mP.8.~..1e.....e.....n..o....$...
GET /img/bgg.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.everclips.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1489623980.E7B0A1AC3FB14F5D7ED93655281D1DFE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1465818909.1489623989; _gat=1
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:26:32 GMT
Content-Type: image/png
Content-Length: 198
Connection: keep-alive
Last-Modified: Fri, 31 Oct 2014 16:20:09 GMT
ETag: "a1d82-c6-506ba5ee06040"
Server: CDCE
X-INAP-Cache-Status: HIT
X-INAP-Server: cdce-fra004-001.fra004.internap.com
Accept-Ranges: bytes.PNG........IHDR.......L.....0f......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<...XIDATx.b.R.b....p.Z..00.'O...r...;...`r'^....4n!
7\h..4I...wZ";..=...<.*e.`..-..`J..)......m....?N....IEND.B`.HTTP/1
.1 200 OK..Date: Thu, 16 Mar 2017 00:26:32 GMT..Content-Type: image/pn
g..Content-Length: 198..Connection: keep-alive..Last-Modified: Fri, 31
Oct 2014 16:20:09 GMT..ETag: "a1d82-c6-506ba5ee06040"..Server: CDCE..
X-INAP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-001.fra004.intern
ap.com..Accept-Ranges: bytes...PNG........IHDR.......L.....0f......gAM
A....7.......tEXtSoftware.Adobe ImageReadyq.e<...XIDATx.b.R.b....p.
Z..00.'O...r...;...`r'^....4n!7\h..4I...wZ";..=...<.*e.`..-..`J..).
.....m....?N....IEND.B`...
The Dropped connects to the servers at the folowing location(s):
Map
Strings from Dumps
heinrichs.exe_4012:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
uDSSh
uDSSh
Gw2.Hw
Gw2.Hw
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegEnumKeyA
RegEnumKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
verifying installer: %d%%
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
... %d%%
... %d%%
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
RegDeleteKeyExA
RegDeleteKeyExA
%s=%s
%s=%s
*?|/":
*?|/":
ers\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll
ers\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll
"%Program Files%\Pentameter\glaciated.exe"
"%Program Files%\Pentameter\glaciated.exe"
ExecCmd.dll
ExecCmd.dll
.reloc
.reloc
EnumWindows
EnumWindows
Kernel32.DLL
Kernel32.DLL
%Program Files%
%Program Files%
\Pentameter\glaciated.exe"
\Pentameter\glaciated.exe"
\ExecCmd.dll
\ExecCmd.dll
%SystemRoot%\
%SystemRoot%\
eq glaciated.exe" | %SystemRoot%\
eq glaciated.exe" | %SystemRoot%\
\find /I "glaciated.exe"
\find /I "glaciated.exe"
\Pentameter\glaciated.exe
\Pentameter\glaciated.exe
\glaciated.exe"
\glaciated.exe"
$$\wininit.ini
$$\wininit.ini
e%uy%u
e%uy%u
=m.pJod
=m.pJod
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp
nseF547.tmp
nseF547.tmp
rogram Files\Pentameter\glaciated.exe"
rogram Files\Pentameter\glaciated.exe"
ecCmd.dll
ecCmd.dll
ciated.exe" | %SystemRoot%\System32\find /I "glaciated.exe"
ciated.exe" | %SystemRoot%\System32\find /I "glaciated.exe"
\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp
\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp
"%Program Files%\hasidim\heinrichs.exe"
"%Program Files%\hasidim\heinrichs.exe"
%Program Files%\hasidim
%Program Files%\hasidim
heinrichs.exe
heinrichs.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nszD7A9.tmp
ers\"%CurrentUserName%"\AppData\Local\Temp\nszD7A9.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
%Program Files%\hasidim\heinrichs.exe
%Program Files%\hasidim\heinrichs.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Windows\
Windows\
Nullsoft Install System v2.46
Nullsoft Install System v2.46
idim\heinrichs.exe"
idim\heinrichs.exe"
meter\glaciated.exe"
meter\glaciated.exe"
dw20.exe_364:
.text
.text
`.data
`.data
.rsrc
.rsrc
WerReportCloseHandle
WerReportCloseHandle
WerReportAddDump
WerReportAddDump
WerReportSubmit
WerReportSubmit
WerReportSetUIOption
WerReportSetUIOption
WerReportAddFile
WerReportAddFile
WerReportSetParameter
WerReportSetParameter
WerReportCreate
WerReportCreate
dw20.pdb
dw20.pdb
_amsg_exit
_amsg_exit
MSVCR80.dll
MSVCR80.dll
_crt_debugger_hook
_crt_debugger_hook
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
ReportEventW
ReportEventW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
e\wer.dll
e\wer.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
%d.%d.%d.%d
%d.%d.%d.%d
Microsoft .NET Error Reporting Shim
Microsoft .NET Error Reporting Shim
2.0.50727.4927 (NetFXspW7.050727-4900)
2.0.50727.4927 (NetFXspW7.050727-4900)
dw20.exe
dw20.exe
.NET Framework
.NET Framework
2.0.50727.4927
2.0.50727.4927
svchost.exe_668:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
msvcrt.dll
msvcrt.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
RPCRT4.dll
ole32.dll
ole32.dll
ntdll.dll
ntdll.dll
_amsg_exit
_amsg_exit
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
GetProcessHeap
GetProcessHeap
svchost.pdb
svchost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Services.SvcHost"
name="Microsoft.Windows.Services.SvcHost"
Host Process for Windows Services
Host Process for Windows Services
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
\PIPE\
\PIPE\
Host Process for Windows Services
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
svchost.exe
svchost.exe
Windows
Windows
Operating System
Operating System
6.1.7600.16385
6.1.7600.16385
dw20.exe_1652:
.text
.text
`.data
`.data
.rsrc
.rsrc
WerReportCloseHandle
WerReportCloseHandle
WerReportAddDump
WerReportAddDump
WerReportSubmit
WerReportSubmit
WerReportSetUIOption
WerReportSetUIOption
WerReportAddFile
WerReportAddFile
WerReportSetParameter
WerReportSetParameter
WerReportCreate
WerReportCreate
dw20.pdb
dw20.pdb
_amsg_exit
_amsg_exit
MSVCR80.dll
MSVCR80.dll
_crt_debugger_hook
_crt_debugger_hook
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
ReportEventW
ReportEventW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
e\wer.dll
e\wer.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
%d.%d.%d.%d
%d.%d.%d.%d
Microsoft .NET Error Reporting Shim
Microsoft .NET Error Reporting Shim
2.0.50727.4927 (NetFXspW7.050727-4900)
2.0.50727.4927 (NetFXspW7.050727-4900)
dw20.exe
dw20.exe
.NET Framework
.NET Framework
2.0.50727.4927
2.0.50727.4927
dw20.exe_1956:
.text
.text
`.data
`.data
.rsrc
.rsrc
WerReportCloseHandle
WerReportCloseHandle
WerReportAddDump
WerReportAddDump
WerReportSubmit
WerReportSubmit
WerReportSetUIOption
WerReportSetUIOption
WerReportAddFile
WerReportAddFile
WerReportSetParameter
WerReportSetParameter
WerReportCreate
WerReportCreate
dw20.pdb
dw20.pdb
_amsg_exit
_amsg_exit
MSVCR80.dll
MSVCR80.dll
_crt_debugger_hook
_crt_debugger_hook
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
ReportEventW
ReportEventW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
e\wer.dll
e\wer.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
%d.%d.%d.%d
%d.%d.%d.%d
Microsoft .NET Error Reporting Shim
Microsoft .NET Error Reporting Shim
2.0.50727.4927 (NetFXspW7.050727-4900)
2.0.50727.4927 (NetFXspW7.050727-4900)
dw20.exe
dw20.exe
.NET Framework
.NET Framework
2.0.50727.4927
2.0.50727.4927
dw20.exe_1572:
.text
.text
`.data
`.data
.rsrc
.rsrc
WerReportCloseHandle
WerReportCloseHandle
WerReportAddDump
WerReportAddDump
WerReportSubmit
WerReportSubmit
WerReportSetUIOption
WerReportSetUIOption
WerReportAddFile
WerReportAddFile
WerReportSetParameter
WerReportSetParameter
WerReportCreate
WerReportCreate
dw20.pdb
dw20.pdb
_amsg_exit
_amsg_exit
MSVCR80.dll
MSVCR80.dll
_crt_debugger_hook
_crt_debugger_hook
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
ReportEventW
ReportEventW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
e\wer.dll
e\wer.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
%d.%d.%d.%d
%d.%d.%d.%d
Microsoft .NET Error Reporting Shim
Microsoft .NET Error Reporting Shim
2.0.50727.4927 (NetFXspW7.050727-4900)
2.0.50727.4927 (NetFXspW7.050727-4900)
dw20.exe
dw20.exe
.NET Framework
.NET Framework
2.0.50727.4927
2.0.50727.4927
taskeng.exe_2208:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
USER32.dll
USER32.dll
msvcrt.dll
msvcrt.dll
ntdll.dll
ntdll.dll
API-MS-Win-Core-Debug-L1-1-0.dll
API-MS-Win-Core-Debug-L1-1-0.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-File-L1-1-0.dll
API-MS-Win-Core-File-L1-1-0.dll
API-MS-Win-Core-Handle-L1-1-0.dll
API-MS-Win-Core-Handle-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll
API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-ThreadPool-L1-1-0.dll
API-MS-Win-Core-ThreadPool-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
RPCRT4.dll
RPCRT4.dll
KERNEL32.dll
KERNEL32.dll
d:\w7rtm\admin\wmi\jobs\server\session\session\main.cpp
d:\w7rtm\admin\wmi\jobs\server\session\session\main.cpp
Session::ChannelMsgReceived
Session::ChannelMsgReceived
d:\w7rtm\admin\wmi\jobs\server\session\session\session.cpp
d:\w7rtm\admin\wmi\jobs\server\session\session\session.cpp
d:\w7rtm\admin\wmi\jobs\server\session\session\clientchannel2.cpp
d:\w7rtm\admin\wmi\jobs\server\session\session\clientchannel2.cpp
d:\w7rtm\admin\wmi\jobs\server\engine\task.cpp
d:\w7rtm\admin\wmi\jobs\server\engine\task.cpp
d:\w7rtm\admin\wmi\jobs\server\engine\comhandlerbase.cpp
d:\w7rtm\admin\wmi\jobs\server\engine\comhandlerbase.cpp
StopJobMsg
StopJobMsg
StartJobMsg
StartJobMsg
ClientPipeName
ClientPipeName
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\w7rtm\admin\wmi\jobs\common\xml\taskxmlreader.cpp
d:\w7rtm\admin\wmi\jobs\common\xml\taskxmlreader.cpp
TaskScheduler.log
TaskScheduler.log
j%Xf;
j%Xf;
d:\w7rtm\admin\wmi\jobs\server\engine\action.cpp
d:\w7rtm\admin\wmi\jobs\server\engine\action.cpp
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
SspiCli.dll
SspiCli.dll
XmlLite.dll
XmlLite.dll
MPR.dll
MPR.dll
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegCreateKeyExW
RegCreateKeyExW
FindExecutableW
FindExecutableW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
EnumThreadWindows
EnumThreadWindows
EnumWindows
EnumWindows
GetProcessWindowStation
GetProcessWindowStation
_wcmdln
_wcmdln
_amsg_exit
_amsg_exit
GetProcessHeap
GetProcessHeap
SetProcessShutdownParameters
SetProcessShutdownParameters
TaskEng.pdb
TaskEng.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.WMI.TaskScheduler.TaskEng"
name="Microsoft.Windows.WMI.TaskScheduler.TaskEng"
8 8$8(878
8 8$8(878
3=4Z4w4
3=4Z4w4
=!=(=0=4=?=>>
=!=(=0=4=?=>>
5 5U5_5
5 5U5_5
5b6u6
5b6u6
-131J1X1o1}1
-131J1X1o1}1
=$=
=$=
Password
Password
hXXp://schemas.microsoft.com/windows/2004/02/mit/task
hXXp://schemas.microsoft.com/windows/2004/02/mit/task
Aieframe.dll
Aieframe.dll
%SystemRoot%\SYSTEM32\cmd.exe
%SystemRoot%\SYSTEM32\cmd.exe
%SystemRoot%\System32\Tasks
%SystemRoot%\System32\Tasks
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake
WindowSeconds
WindowSeconds
InitializeCmdlineProcessing()
InitializeCmdlineProcessing()
pCrimson provider registration failed for taskeng, hr=0x%x
pCrimson provider registration failed for taskeng, hr=0x%x
CATCH_KNOWN: %S ==> hr=0x%x [%S(),%d,%S]
CATCH_KNOWN: %S ==> hr=0x%x [%S(),%d,%S]
InteractiveTokenOrPassword
InteractiveTokenOrPassword
Aurl
Aurl
%d.%d
%d.%d
%s, (%d)
%s, (%d)
hXXp://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout
hXXp://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout
hXXp://schemas.microsoft.com/cdo/configuration/smtpauthenticate
hXXp://schemas.microsoft.com/cdo/configuration/smtpauthenticate
hXXp://schemas.microsoft.com/cdo/configuration/sendusing
hXXp://schemas.microsoft.com/cdo/configuration/sendusing
hXXp://schemas.microsoft.com/cdo/configuration/smtpserver
hXXp://schemas.microsoft.com/cdo/configuration/smtpserver
201ef99a-7fa0-444c-9399-19ba84f12a1a
201ef99a-7fa0-444c-9399-19ba84f12a1a
C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe
6.1.7601.17514 (win7sp1_rtm.101119-1850)
6.1.7601.17514 (win7sp1_rtm.101119-1850)
taskeng.exe
taskeng.exe
Windows
Windows
Operating System
Operating System
6.1.7601.17514
6.1.7601.17514