Dropped.Application.Generic.1693143_56c39a1dce

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Dropped creates the following process(es):No processes have been created.The Dropped injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

No files have been created.

Registry activity

Dropped PE files

HOSTS file anomalies

The Dropped modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 1094 bytes in size. The following strings are added to the hosts file listed below:

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Delete the original Dropped file.
   
2. Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
   
3. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
4. Reboot the computer.
   

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /5/10/logo.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://everclips.net/player1.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: l.longtailvideo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=604800

Content-Type: image/png

Date: Thu, 16 Mar 2017 00:26:38 GMT

Etag: "3015243340"

Expires: Thu, 23 Mar 2017 00:26:38 GMT

Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT

Server: ECAcc (vie/F29C)

X-Cache: HIT

Content-Length: 1845

.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP....0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......cv..9sv...3g....A-.).8j......J..*.Ge9.@....Y u(.....k.Nt.3..yR....~*]. ...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !.....Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9kL....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j.}S...@.EmE./.....U.u.-.U\..../B......;..Q......@.9....=.'.~Jm0t<c.]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{......>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'....x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`...8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.bi..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se

<<< skipped >>>

GET /t.php?sc_project=10675947&java=1&security=299981d6&u1=BD2B1393CD4E4FFE22787D912B7C5D2D&sc_random=0.08525973389069952&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1916&h=902&camefrom=http://VVV.ivids.net/page-1.html?lid=937115&u=http://VVV.ivids.net/page-1.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: c.statcounter.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:20 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Set-Cookie: __cfduid=dcb9b922d38a2c4ecba5f30497ba13d751489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=/; domain=.statcounter.com; HttpOnly

P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Set-Cookie: is_unique=sc10675947.1489623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.statcounter.com

Set-Cookie: is_visitor_unique=1489623980369982738; expires=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com

Server: cloudflare-nginx

CF-RAY: 340394945691648d-FRA

GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:20 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Set-Cookie: __cfduid=dcb9b922d38a2c4ecba5f30497ba13d751489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=/; domain=.statcounter.com; HttpOnly..P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Set-Cookie: is_unique=sc10675947.1489623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.statcounter.com..Set-Cookie: is_visitor_unique=1489623980369982738; expires=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com..Server: cloudflare-nginx..CF-RAY: 340394945691648d-FRA..GIF89a...................!.......,...........T..;..

GET /jwplayer1.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:22:59 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 02 Jun 2016 05:31:59 GMT

ETag: "4403af-25d37-53444eccf91c0"

Accept-Ranges: bytes

Content-Length: 154935

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:22:59 GMT

Connection: close

Content-Type: text/javascript
var dtn = Date.parse(new Date().toString());..document.write(unescape(
'
>>

GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489624018000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww1.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:49 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 125

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.533580HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:26:49 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive: 
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.533580..

GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: aoaomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:05 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 928

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
<html>..<head>..<title>a</title>..</head&gt
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r='   Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
6:05 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
>>

GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1

Accept: */*

Referer: hXXp://aoaomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: aoaomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:06 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 3

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: text/html
...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:06 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
 3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......

GET /ova-jw.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://everclips.net/player1.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: everclips.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:23:36 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 19 Jan 2017 19:35:40 GMT

ETag: "4403b3-3c1d9-54677a3665b00"

Accept-Ranges: bytes

Content-Length: 246233

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:23:36 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS.....x......U.8<!3....<..L.y..$.D.<..L.@&.g&.A....f.HOW..=
...E.e.U.._aYWq........CV.... . .]q.G.VpV.|..s..[...N....}..f.....s.=.
...s...64D?......?....p4..%...K.D.H....t.`........boO.......6......]tQ
..m=..u....|...u..5.v...u W2.e.,d.Y.7 .....V..h.X).i.Z.G...z.l.l...4..
z'...Z....y#.Bs=s....;<.....y....c..:e...wf5s\....s..2Y.>-.E..f.
.S....7....b..*9...i.V..@...x......J.p......P&W....,.....Z..........x.
0.e}g...l.hSf....!..v{..........._-...w.......R2.>...K..l.....).Gf.
..9.6.l.x..a.~..1....j3j!.k....Z..<'c....:.!x...e.&3.....X.b.,..F..
Kt.......:J.d.UK..m.I..e.f.;o.t..Q.Ly..[.I)(..e .)...9.V....T%..~....*
....LA..LT.9.u......LOOf.9..2y}F..>.eB^.p..f.d..(.J...h...&.}M..LN.
Hwd...~1{_,.3.Y....}..>....-..........k.F.....o./.=0H_..d.6...%5W..
.t1.q.<......"SV'-Z......Qt..s.._.U.a.......;<0W,..z.c....y.....
z..........=.~g..q1V.Z .17Ej..6.sz.wv.(K.zH/......l..R.R..*p.s...je...
3&.B.d.g...k.......9...j...x..%.\)...............:.|...}y]-X.J..6...\.
.....Q...M..<5 z:..j.0)..y.B.Z..q.N..k......5....~.Uo.}..W..s....._
...t_.q...z.....).b.F..w.<.*....|P.",y ."...w...t....2.C...........
.~.*..s.....%..<eX.5.%.:....D .......n....`......k..............:..
...'.Uf5.kU.>I.....|. /..YM.d%.w..~"C...x.....C.f.Y.......n..2.O.Sf
........}.?W...\6.n.G.....p4O .[w. ....\%.^M@.,hR/...........F.L....
}.....:v......^2..s.....c.W....]......f..Q............[....-!f5.?x(..x
.(Oe...A.......A/..;....wm....v.#.Ew.H......>5..M7.....Q v...2.N?..
....u..Il:.....Y..:8..M...."...6..6..ZH^~......>....69f.H......
>>

GET /draw/?w=colored&n=2521&c=000000ffffff&p= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/amg.php

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Cookie: uid=CgH9JFjJ25lwChXl9mt9Ag==

Connection: Keep-Alive

Host: widgets.amung.us

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:01 GMT

Content-Type: image/png

Transfer-Encoding: chunked

Connection: close

Content-Disposition: filename=wau-widget.png

Expires: Sat, 15 Apr 2017 00:26:01 GMT

Cache-Control: max-age=2592000
5e3...PNG........IHDR...Q...........p....vPLTE...EEEYYY......???......
,,,...AAA...............;<=$$$......abdWXZ...444............GGG....
..'((..."""222.........uvyEFG......<<<...kln...NNN>>&gt
;............~~.vwx...hhi.........OPQ.........iii......uvv...opp......
UVV...RRR......WWW............bcc...ijj}~~......dee......QQQ~~~.......
........]^^PPP.........TTTaaa......___......zzz{{{III...HHHrss........
.kllJJJDDD|||BBB...............LLLeee...CCC......NOO.........@@@tttkkk
vvv:::......FFF.....................;;;.........?@@666ppprrr......111.
........888..................000...lll......XYZ(((&&&hhhfff   cdeZ[\78
8...dddccc.........nnn.........ZZZXXXVVV[[[mmm^^^\\\]]]```gggxxxjjj.P.
.....tRNS.@..f....IDATH...wS.A.........J.h..k.E.t)v.Q......@...X...dQA
.`.% %H..Z..A....;B.........{....Mr.EQ.......b..eM....G..........R....
N..r....s...,.G.........;#~wvR.MG{........c.......Y.V.4..4.@Mc..g..{.I
m..[=..m...'#W......JUS...^U......]...z. T..a.R.,.I..@....%,..X.P.|Ax.
xF.F...>U(......O`1_Y....=|.Gfs..=..s..0..........(.}....f..-0..,..
..3e..l.2.iJS.. .. 4M'.2%.6s9qlj@.....8.4..M...1S.R....s....g..tL,....
8u..@{.".G..Q.....c....;....=..;.=...P-G.........`.g.F....1,E3 h.T*.'O
...J.D.F...9...h.=.;.R.v.l..d....L@...X..A...m..H.l...q=2.3...%.@$..J.
....H......0.0@4i...^8...o^.\j.u..}6..q=...7J.".R.I..}xr..Bo.\[...&.6.
1...n.[].....q...u....p...0D.x..M......YE^.q....qX...=.B....dK..{.....
2...l\.."......<|.........[0.>....a#..$...v:....iTS.\b.B7......\
.?w....o8..B.W_..?...N{Z.=.......N5r...."%;{.3H#.=....9....h....IE
>>

GET /ova-jw.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://everclips.net/player1.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: everclips.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:23:36 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 19 Jan 2017 19:35:40 GMT

ETag: "4403b3-3c1d9-54677a3665b00"

Accept-Ranges: bytes

Content-Length: 246233

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:23:36 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS.....x......U.8<!3....<..L.y..$.D.<..L.@&.g&.A....f.HOW..=
...E.e.U.._aYWq........CV.... . .]q.G.VpV.|..s..[...N....}..f.....s.=.
...s...64D?......?....p4..%...K.D.H....t.`........boO.......6......]tQ
..m=..u....|...u..5.v...u W2.e.,d.Y.7 .....V..h.X).i.Z.G...z.l.l...4..
z'...Z....y#.Bs=s....;<.....y....c..:e...wf5s\....s..2Y.>-.E..f.
.S....7....b..*9...i.V..@...x......J.p......P&W....,.....Z..........x.
0.e}g...l.hSf....!..v{..........._-...w.......R2.>...K..l.....).Gf.
..9.6.l.x..a.~..1....j3j!.k....Z..<'c....:.!x...e.&3.....X.b.,..F..
Kt.......:J.d.UK..m.I..e.f.;o.t..Q.Ly..[.I)(..e .)...9.V....T%..~....*
....LA..LT.9.u......LOOf.9..2y}F..>.eB^.p..f.d..(.J...h...&.}M..LN.
Hwd...~1{_,.3.Y....}..>....-..........k.F.....o./.=0H_..d.6...%5W..
.t1.q.<......"SV'-Z......Qt..s.._.U.a.......;<0W,..z.c....y.....
z..........=.~g..q1V.Z .17Ej..6.sz.wv.(K.zH/......l..R.R..*p.s...je...
3&.B.d.g...k.......9...j...x..%.\)...............:.|...}y]-X.J..6...\.
.....Q...M..<5 z:..j.0)..y.B.Z..q.N..k......5....~.Uo.}..W..s....._
...t_.q...z.....).b.F..w.<.*....|P.",y ."...w...t....2.C...........
.~.*..s.....%..<eX.5.%.:....D .......n....`......k..............:..
...'.Uf5.kU.>I.....|. /..YM.d%.w..~"C...x.....C.f.Y.......n..2.O.Sf
........}.?W...\6.n.G.....p4O .[w. ....\%.^M@.,hR/...........F.L....
}.....:v......^2..s.....c.W....]......f..Q............[....-!f5.?x(..x
.(Oe...A.......A/..;....wm....v.#.Ew.H......>5..M7.....Q v...2.N?..
....u..Il:.....Y..:8..M...."...6..6..ZH^~......>....69f.H......
>>

GET /analytics.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload

Timing-Allow-Origin: *

Date: Wed, 15 Mar 2017 23:55:27 GMT

Expires: Thu, 16 Mar 2017 01:55:27 GMT

Last-Modified: Thu, 02 Mar 2017 00:20:42 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 12156

Cache-Control: public, max-age=7200

Age: 1853
.............w.8.0.{......Du...lR.SJ)...-...#Kj......M.....I..a.}.....
]"......\U.j:.I.<r....=y*............f....T..h......c.,i....T[h.Fb,
U.{..8r.u<hwX.............a.....N.....Oz..`.=.....-.on..y.5q0=..w..
3p.^o..y..n..........NN.>...z.C!.U...q=.....Q.Lon.....k..._......./
z<.J\.n6.y.H%.h...?....8^..?....s#....El.o}....F.rAi...en.X..^.....
........T..L...........7....z..a.....A_(.c..H...k,`.......l.5.k>.5.
..g.....Y|9..49.y..2.......eQ..MW:....b.......M........(....pD.9.K.'I.
.u}...WW.:...e#>.....Z)...j}......$..d.U`O..H... ...:....f......y..
..o.-.Gj2....o......:.YZzZ.2xs.q....S..?.7...Y..XE[]5J*..L.|.W-[h Z.8R
W*.T...X.$gI.....B...-b.6E...@..~.J2...I.....\^.o...r..._..2.OG.%.y...
!Z....4......1...:&.....3..t...!|................S.n/.b...[,..lZX.9.Px
C...8|.io{<..G..'}.p>..xoMc....5..{w.e...~...`..`t..}.......uU#X
.. .;.J.k@].p...r...:@..h...OD.U..L./o>gW.....j......J.B../..`. Z..
............e...>T.Y. .:.z.T.&......(...E..$NEV.|.k..94.uy.........
p...4}=."|...I.]R..o..............L....h0.2..N..a...8.....!~}......-}W
..a......a .>.Z...HI...g.D<.y.1...$...<....a..R..1....R.."'..
.9n.Q..1..lyN..,rF.n..Vi}.J...s..]./;........y....I......<....`-HI.
.........k..8...{.8...4.1)....(..2..1.7w..q.......M...7Z.V.f^..-*..qK@
!.HN..|J ......mA..A f.....CA.9yE.....*...#N.....0.../../..a0t=......h
:.........c...'...o.rz.............V.,L'...U.........^u2.....A........
8.O.s...R.hw..V......v=W.X=Q..C.84..S.%.Y\..H..V.1..Mz..........J..R..
......'....*Z......Ba...........f.z....1..k..d..C>)."..R!..#'H.
>>

GET /r/collect?v=1&_v=j49&a=1612319237&t=pageview&_s=1&dl=http://VVV.everclips.net/page-2.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1443758657&gjid=463850582&cid=1465818909.1489623989&tid=UA-74694740-2&_r=1&z=1031565432 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Thu, 16 Mar 2017 00:26:30 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Thu, 16 Mar 2017 00:26:30 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..

GET /cwidget/iebrowser1/000000ffffff.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/amg.php

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: whos.amung.us

Connection: Keep-Alive

HTTP/1.1 303 See Other

Date: Thu, 16 Mar 2017 00:26:01 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Location: hXXp://widgets.amung.us/draw/?w=colored&n=2482&c=000000ffffff&p=

Set-Cookie: uid=CgH9IFjJ25m5dhxswux8Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/
0..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.everclips.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:30:14 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Tue, 11 Nov 2014 03:08:25 GMT

ETag: "a1b01-52-5078c97abfc40"

Accept-Ranges: bytes

Content-Length: 82

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/xml
<cross-domain-policy>..    <allow-access-from domain="*"/>
..</cross-domain-policy>....


GET /v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hXXp://VVV.everclips.net/2.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos at everclips.net - 2&LR_FORMAT=application/x-shockwave-flash HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://everclips.net/ova-jw.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.everclips.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1465818909.1489623989; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:30:14 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Cache-Control: post-check=0, pre-check=0

Content-Length: 559

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/xml
<?xml version="1.0" encoding="UTF-8"?>..<VAST version="2.0"&g
t;<Ad id="1"><Wrapper><AdSystem>1</AdSystem>&l
t;VASTAdTagURI><![CDATA[hXXp://we1sb-oi9ft.ads.tremorhub.com/ad/
tag?adCode=we1sb-64jyd&playerWidth=645&playerHeight=380&playerPosition
=1&mediaTitle=Entertainment_videos_at_everclips.net_-_2&mediaDesc=Watc
h_Entertainment_videos_at_everclips.net_-_2&mediaId=&mediaUrl=[CONTENT
_MEDIA_URL]&srcPageUrl=hXXp://VVV.everclips.net/2.html&contentLength=[
CONTENT_LENGTH]]]></VASTAdTagURI><Impression/><Creat
ives><Creative></Creative></Creatives></Wrappe
r></Ad></VAST>..HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017
 00:30:14 GMT..Server: Apache/2.2.15 (CentOS)..X-Powered-By: PHP/5.3.3
..Cache-Control: no-store, no-cache, must-revalidate, max-age=0..Pragm
a: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Cache-Control: po
st-check=0, pre-check=0..Content-Length: 559..Keep-Alive: timeout=5..C
onnection: Keep-Alive..Content-Type: text/xml..<?xml version="1.0" 
encoding="UTF-8"?>..<VAST version="2.0"><Ad id="1"><
Wrapper><AdSystem>1</AdSystem><VASTAdTagURI><!
[CDATA[hXXp://we1sb-oi9ft.ads.tremorhub.com/ad/tag?adCode=we1sb-64jyd&
playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertain
ment_videos_at_everclips.net_-_2&mediaDesc=Watch_Entertainment_videos_
at_everclips.net_-_2&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=
hXXp://VVV.everclips.net/2.html&contentLength=[CONTENT_LENGTH]]]&g
>>

GET /player1.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:23:24 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT

ETag: "4403c4-1bb61-4fbe0230ad080"

Accept-Ranges: bytes

Content-Length: 113505

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:23:24 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T..... 
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
>>

GET /wp-content/themes/howcast/images/icons/love.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.howcast.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:04 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT

ETag: "1000000029c8c-7f-5417580d56100;548e03ca5164a"

Accept-Ranges: bytes

Content-Length: 127

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR................s....gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....IDATx.b...L.`..`.>....jg.....IEND.B`.HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:04 GMT..Server: Apache/2.2.22 (
Win64) PHP/5.3.13..Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT..ETag:
 "1000000029c8c-7f-5417580d56100;548e03ca5164a"..Accept-Ranges: bytes.
.Content-Length: 127..Keep-Alive: timeout=5, max=100..Connection: Keep
-Alive..Content-Type: image/png...PNG........IHDR................s....
gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...L.`.
.`.>....jg.....IEND.B`...

GET /img/logo.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.everclips.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1489623980.E7B0A1AC3FB14F5D7ED93655281D1DFE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1465818909.1489623989

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:29 GMT

Content-Type: image/png

Content-Length: 2813

Connection: keep-alive

Last-Modified: Sat, 01 Nov 2014 03:24:47 GMT

ETag: "a1d83-afd-506c3a7ca5dc0"

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-001.fra004.internap.com

Accept-Ranges: bytes
.PNG........IHDR.......L........@....gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....IDATx..\.OTW.G......]../.E.~..(6M.[:.......`V..
...i..&U.Y!..c"D.......tE.d...d?......;..0..s..s.}.;/8../7f.{...9..&lt
;o..[~.. ..H=...0.j.....Tc.-^....*0..12...Qcl...i.v.......(......`l..e
..`..`.1...2..1..16....-..S....[c....9......m....?..g.1.....w.(,......
\\^......<  ..~~....?o\/*x....y.\..T.s...@...>h.....`R0....w.i..
vX.QRAY.n.3..?......qZ...n..z..kcl.:...2o... ..!;3t....1......m.{.....
....53.'S.1.n..Z.....K ?........E...*b.G....~...q..=....S.U..8...~y.k|
.....s.N...B...j.....Cy.6.>...X.eL..%N.6.g:>........:cf..@.(....
.TKx....J.........G.1.!)...Aa.@.....]]...V.A.&....&.7.....I.`8.L.:....
.P.{.......:.P....@..3.'.........K.....7.6@a.w...L........]....|.}....
..........u...r...Y........u.!Z...!..7p........Sc%.....A.....M.y.F..}.
...T.g...~J'.....o$..>y.2.]Un1.t.l.;5........c..g.....j.ZV.A..a....
..!6..8........h.n.;...'. ..n......o...ZR..)...Kf..`.m..XA...&.6..b...
.o....8<hx..7../?-..$k.....}.xl.C..BtE..z..~/j...3....ax.M......].r
..1..Y.._..m..h..>}w..@.....%....*g....m.5..B~H........AJ.$7j.`....
...{K.........8v.....g..........3h..{.C'n..E.mj.....R.%"t..........%. 
aW.)!..S$.".S..D6B......|W.3.C..$ $...0........c....zO..].}..@..]..u..
..F.....U.M[....`>....Y.S.[.jl8@.........P.pX/@..%3..M.....SF'n..|.
Xw.b...j%...{Z...b../..].=L...nl|J?....<.You......[d..n..Z.%.'.....
..l....:.p..H..?@o-.....#i.bG-u.....i.5/.q0d..W":.n...l........r.....}
.,..P..&.....pw....6.1K...........WSO....<e......x&...:.. ..mz.
>>

GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:05 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 125

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.794646HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:26:05 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive: 
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.794646..

GET /report3.php?lid=937115 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:28 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:28 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8......


GET /report3.php?lid=937115 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:32 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8..

GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww1.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:25:50 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 125

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.519350HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:25:50 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive: 
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.519350..

GET /ova-jw.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/player1.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:23:36 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 19 Jan 2017 19:35:40 GMT

ETag: "4403b3-3c1d9-54677a3665b00"

Accept-Ranges: bytes

Content-Length: 246233

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:23:36 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS.....x......U.8<!3....<..L.y..$.D.<..L.@&.g&.A....f.HOW..=
...E.e.U.._aYWq........CV.... . .]q.G.VpV.|..s..[...N....}..f.....s.=.
...s...64D?......?....p4..%...K.D.H....t.`........boO.......6......]tQ
..m=..u....|...u..5.v...u W2.e.,d.Y.7 .....V..h.X).i.Z.G...z.l.l...4..
z'...Z....y#.Bs=s....;<.....y....c..:e...wf5s\....s..2Y.>-.E..f.
.S....7....b..*9...i.V..@...x......J.p......P&W....,.....Z..........x.
0.e}g...l.hSf....!..v{..........._-...w.......R2.>...K..l.....).Gf.
..9.6.l.x..a.~..1....j3j!.k....Z..<'c....:.!x...e.&3.....X.b.,..F..
Kt.......:J.d.UK..m.I..e.f.;o.t..Q.Ly..[.I)(..e .)...9.V....T%..~....*
....LA..LT.9.u......LOOf.9..2y}F..>.eB^.p..f.d..(.J...h...&.}M..LN.
Hwd...~1{_,.3.Y....}..>....-..........k.F.....o./.=0H_..d.6...%5W..
.t1.q.<......"SV'-Z......Qt..s.._.U.a.......;<0W,..z.c....y.....
z..........=.~g..q1V.Z .17Ej..6.sz.wv.(K.zH/......l..R.R..*p.s...je...
3&.B.d.g...k.......9...j...x..%.\)...............:.|...}y]-X.J..6...\.
.....Q...M..<5 z:..j.0)..y.B.Z..q.N..k......5....~.Uo.}..W..s....._
...t_.q...z.....).b.F..w.<.*....|P.",y ."...w...t....2.C...........
.~.*..s.....%..<eX.5.%.:....D .......n....`......k..............:..
...'.Uf5.kU.>I.....|. /..YM.d%.w..~"C...x.....C.f.Y.......n..2.O.Sf
........}.?W...\6.n.G.....p4O .[w. ....\%.^M@.,hR/...........F.L....
}.....:v......^2..s.....c.W....]......f..Q............[....-!f5.?x(..x
.(Oe...A.......A/..;....wm....v.#.Ew.H......>5..M7.....Q v...2.N?..
....u..Il:.....Y..:8..M...."...6..6..ZH^~......>....69f.H......
>>

GET /draw/?w=colored&n=2482&c=000000ffffff&p= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/amg.php

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Cookie: uid=CgH9IFjJ25m5dhxswux8Ag==

Connection: Keep-Alive

Host: widgets.amung.us

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:01 GMT

Content-Type: image/png

Transfer-Encoding: chunked

Connection: close

Content-Disposition: filename=wau-widget.png

Expires: Sat, 15 Apr 2017 00:26:01 GMT

Cache-Control: max-age=2592000
64e...PNG........IHDR...Q...........p.....PLTE...EEE...???AAA.........
...;<=...***zzz~~~...abdWXZ............"""...............GGG...'((.
........222.........uvyEFGLLL...,,,.........<<<......kln...NN
N>>>...............QQQ...~~.vwx...hhi.........OPQ............
...ooo.........iii......uvv...opp......UVV............bbb......bcc...i
jj}~~......dee...........................]^^PPP.........TTTaaa......RR
R......{{{III...HHHrss.........kllJJJDDD|||......YYY............NOO...
......@@@tttkkkvvv:::qqq..................FFFWWW..................;;;.
........?@@888666ppprrrSSS............BBBCCC...111..................00
0...lll......XYZ(((&&&hhhfff   cdeZ[\788...dddccc.........nnn.........
ZZZXXXVVV[[[mmm^^^\\\]]]```gggxxxjjj........tRNS.@..f..._IDATH....S.A.
.....]"EM.".".....b......(Q1g.rHGlk#".@EIl..OA...$....#..>0C.......
..M&9.a.[......... ....Y.........2.b..Z_.B...7...r.5-".S.!Q......?....
*.b..R....#....n....X>.M&Su.{B.;<.W.$...yk3..uY).%.^.x^.>.Ldl
EO...'......<)4..>.....w.r..............23D.f:..7.S..Wi-..i.....
.7...\.Dk.L......s%...38..T.....i....c.SN.....;....I.z.q..=......`.&lt
;v4....aY6.........X'...`.0.e....4..<..D.Y......{.N.v..C)B...oC.$.s
h ..P........\..Id....q.f.....5.j.oX'.Y.r.Epfy. ,.K.....^..BY..E".".`.
V....q.\....x........9...8n........EN.S.s....'c.....H.V...@.L..dD....V
.0!$.....A..6."0..5.@..go%..(.\.r......1..?2/....6..P...../Y.;..P.3i..
.591d....9l...PHF.Z.M[5].5..-h.p..A.f...#...aC....2X.#..........8..z.r
ww.V..V./9.E.q.N.7 ....1.b#.gU....lR.$.i...r....o.........>..P}
>>

GET /bck.php?1489623962000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:29 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:29 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8......


GET /bck.php?1489623965000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:32 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8..

GET /cwidget/iebrowser1/000000ffffff.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/amg.php

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: whos.amung.us

Connection: Keep-Alive

HTTP/1.1 303 See Other

Date: Thu, 16 Mar 2017 00:26:01 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Location: hXXp://widgets.amung.us/draw/?w=colored&n=2521&c=000000ffffff&p=

Set-Cookie: uid=CgH9JFjJ25lwChXl9mt9Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/
0..

GET /counter/counter.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.statcounter.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:19 GMT

Server: PWS/8.2.0.7

X-Px: ht h0-s1210.p11-fra.cdngp.net

ETag: W/"576924c5-654e"

Cache-Control: max-age=43200

Expires: Thu, 16 Mar 2017 03:56:59 GMT

Age: 30560

Content-Length: 9529

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Tue, 21 Jun 2016 11:28:05 GMT

Connection: keep-alive
...........]{s....*....F.,.-..o..M6....$...eQ$%s,.Z..c-}..u7@..<3{u
..?....@.h4..B.y..Z...Q..9..............]...K.%.<L....f...U...\..i.
<..g.f.%.q........O.J.CH..v.....N.H.M..zQ-J..`.'f.*~0....sj....C...
.....l....di|..4t..H........-...;.P.f^...EM....4..I.=.~....e..e..W>
.]..Wt...v..I..Wym.;...y....'....W._;.}.f..#...'.4Lj.:...bv.....&Z.p.&
.&.5.n#sN....X'[..........5-h.n.x..G.5....h...mp.....5..[..G.}.~....&.
...d.%i..G..4....b..h......<.q..c... J....{bTZ\M.w.r.1.Bf...y.l....
v.gQ...v.e./O.....Fi..H..;.Z.Y.a{Os-.A..c.b.c.{.a.....bln|{..t.....:|.
....~......R.eEV..-:h.xwS...Zf..*cHC,...K....p..4i.9.k>..P6[.Q.....
.$|...._.;...Em..itPa......P..Gj.. .5.  G..1m.....Ee...F70..ZUU&.&.?.&
gt;..r.Opc.........MQ<....=9(.v..^.Z<.;C....{....v..v:..N..{8.V;
........a.......v'.......w:...y..... ..^v../.8....W..7...o..IBV..%e...
c.Qt...6M.k.".j.o.E[.;..(#.$...#..T*. .......K/M..S..X.;(`..v.Fx||4...
..............#_.y..]./.y...?.....U...... ..].@...JX....v.?.H.ha8.b.*.
.EE.tx,j.....,.H..;.^...Ps....\.D.A...._..M...`.K...$k....^......j5t..
.......J.G,kt..6:}.I....v%..g.).([......Rlh.F.E..P(...h.U...:.@k>D.
..y.($V.P..B.u[n...[.@u2...;r^.E./..u....-k.......u....K....w...`U....
g^.l....*.1N.....8|.b..R.N.N..yq.s......?..m.m~..^...m.<cT. ....g.c
...E.-.?...O.|O. /Z*l...../46..;......h...8..p....m......&..MD.[.f\...
.'..e..C.*.n..#.....-...h.M..Lj$.....@O....h.,6<,.:..8,.OA...V.`.Pa
[..~v3.Qn...7W..^@[...../ m.t..%.......r$...>-k...{..U .h.r.._...UN
....3../....O..N.............p....5.<....2GM..C3|.q^w.....,....
>>

GET /page-1.html?lid=937115 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:01 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.3

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-005.fra004.internap.com

Content-Encoding: gzip
1040.............\.O.J.....?......I..$..h.n.........cOb.c.{......;.G..
0...v....9....9...........\hJ$z.meoW.ZB...&................p... ....C.
.}.nX.7......l_01....~ .W.P.S.....P....=....r....>..Z..QD5....7..&,
n.LS.ke.Q.P.}<'e.:....(O.|..V.......U.{...<.k#.....~....5~.Mai..
V....}Kh.v-I8.B[....o.....[8\;D............,...`I.....3..Z=..s.hI.F.Q%
 ..V,1p.b.O.>./[2M......Z-..na..Q....z..lD[..?..it.A....a.}/...o...
..:.-Um.a..........E.....:..0,W.35....\..P..............M..i&..`%9..&m
.....^.....c... .g@)x./........w$..{..H.."Wv.....gD.p*TY.u%m...J.u..X]
....6k..L..jk;..Q`....kq.....t=s..}.s.@S...?PS....B.*....A.v5..0....qo
..f...5._r...\:....5.O1..FZ-.u..B. S.{.. .kt.....U...5W]>b.:&e.....
c....."..A... ... .....t..S...ae]&Y.....v...MhZ.^....c.j.\...W.^(.3...
...5tE...fN....z}..Kr....=.rI~.....U...]....\.M.`...8.d..=...d...d,0.r
H..a.9....#...7X].....H...-...l.C6....T....d....s...;...7.7......k.`e.
........fJ....7De; ~....s8.).o^ ..d...3c...Q.m.j.:..Hx...A.".8."...,%6
..... ....B$.-....gX.c<.ZC*.....?.v..~..(7%Me.r$T..K..C...;.G@%R(.F
..t.j2..3(.t.}../.L2:..>.T....y.e..s..2wC.(r. ....lLt. .~.....X3...
xNW.....L..#.I..Bx..$.1V|'..L'(....1.*...!...,..d..,........3...E?JhX.
.$...r.....S}....N:._.....`..N d.Rg.m2.R\n........(1........C.0].S`UQ.
.D.6............?..]....l7.o.z.......ldQ....mR....O..........N..O.....
..~..|v..F.T..uQ.........O'Z..N...N.............1Y......ft.Sbu........
.&.3...g.....,.D=.. k.o6....Z...-...;6....E..uY0..d.%?1..&.w.....>.
.....YA..'.....k.V.c...M........w..E.o^. ..D.$K$...!...e...s)&.F.,
>>

GET /page-1.htm?lid=937115 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ivids.net/page-1.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:05 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.3

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-005.fra004.internap.com

Content-Encoding: gzip
11e8.............\ks.....U..>...98..Gb;(T..K... .93T*.....Y.z.q..&g
t;k....qD..{k.P$V...W..{.n?...3c..PD..G.....\......_c{. .m.>.~..}..
.G(...H.(rt....5c.xc.k(....G,..BW"q.....'....CW..~.nOl3T]..S..3.h.y.*.
I......X4...t..P..%L"n.9....v"...(.c/......un....7_y...B....V...&-.i..
H.iw..7..F...6...^hG......0m~bG...1. ..;....!....a.,..Z.F..G..L...8z:.
.t....5u.......n......V....j42...d.H...f...l.....T...,...]..@.^..T...p
lS..v5.S........v...q.c...T...\G.. ....r,C%.R.aD..v.8[.#.4..eB..V.....
.........>....y..x.......P8..y.}CBtb...G.a....*.0=#...Rc..J........
.U..~..N....F...7/2..HT .G.......g...2<..t.?...j..a. .Va.......JCa.
.F......'.~FO:*...w=.C.."PC... .........2.lj..7.e...0....r.e.7...x.o..
3..M..JI.P...zJ.S.....s.H.. ...rO.@~....C? u$.`.....%....V>.%%_.|h.
...?..H...5................NpR.S;.Q. ...Z.....u0......JM&....Ogv!..Rh.
..B.;.g.....|1;..B]...0..b.....{f..~.......I....w'A!....v.?/$aW...q\H.
j..{......5t..H&m..e.QH.|.b.:..T..r e\..].V....N........tG4....&v.'..9
8..3.T ..T.R..c....c....F........S.....R{.X.~ .....S$..l..PjH.q... ..(
...Dz.CJlw....G..@g.HB_.1.s?B....i..\...W...'..CVG.)i)3.#...,...(.p.0:
.*.Z...=.......A....E^.za.q2....z}y.c......\.CU..]ukk.[.1..D..&Y3.TI.9
..$..{.k.$A.F.7V.d"c.wb..l.2.... L%p`...... P.....I.7....L..~....#a..o
_.r..o...1.... ...G..zD0...(S...G%.N.,%...V....h......'.b.......)....t
.........>|~.......gG.a.v[..H........[:jnO|n..z...........O...;9|w.
<......g.?..hK.T..mQ.......N...............R[..N.N...`.>5.c]yf..
).:.....$....b.0?7..kkId.....aY...}>3..b=Kl.........?yd...\.k..
>>

GET /css1.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1489623980.BD2B1393CD4E4FFE22787D912B7C5D2D.1.1.1.1.1.1.1.1.1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:22 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Last-Modified: Mon, 10 Nov 2014 09:13:53 GMT

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-005.fra004.internap.com

Content-Encoding: gzip
293.............U[O.0.~.R..G5.IM.B/.>.(..P..i......cG.{a...s..]7..0
..G....s..w<.........6 ...!..f.o3.||6...&...(...^{..F....t.>X.]L
of...zr.= _.aT....Ae.|.r...@.S.{97b.F_r...M~...9..........#H...W.oi(y.
.....B;.@.....j.y.ke.9M.|.J..N...<8n.2...P.......>_.N...{U.....R
jb.<......oEF.I)..Bm.7...I..`.q28........Y......-P..y..V..rk.....$.
p}..z.2.I..sy..|.7..ehx..Nl..@.?9q...V<.......Z.D.8 TY`..9P..H3m,..
...A1.L..Ba.p.8..~.=m..~(@...Y...T.a..IT.X#.B...F/...50.3j..da...H..2.
.....f..s\..q.....k.I..4.2..6..4....;(. .Rb(.........Z.,/..S....lur.*.
. ..B.....X....Jc3.P.x...I.$...)..`..F..iZ..E.pK...{F...&.....i..ja1&g
t;..s.&X..Q..~....v...*m...3.Dq".|oo%.MpTn..qU..~..-.q......0..HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:22 GMT..Content-Type: text/css.
.Transfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Enco
ding..Last-Modified: Mon, 10 Nov 2014 09:13:53 GMT..Server: CDCE..X-IN
AP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-005.fra004.internap.c
om..Content-Encoding: gzip..293.............U[O.0.~.R..G5.IM.B/.>.(
..P..i......cG.{a...s..]7..0..G....s..w<.........6 ...!..f.o3.||6..
.&...(...^{..F....t.>X.]Lof...zr.= _.aT....Ae.|.r...@.S.{97b.F_r...
M~...9..........#H...W.oi(y......B;.@.....j.y.ke.9M.|.J..N...<8n.2.
..P.......>_.N...{U.....Rjb.<......oEF.I)..Bm.7...I..`.q28......
..Y......-P..y..V..rk.....$.p}..z.2.I..sy..|.7..ehx..Nl..@.?9q...V<
.......Z.D.8 TY`..9P..H3m,.....A1.L..Ba.p.8..~.=m..~(@...Y...T.a..IT.X
#.B...F/...50.3j..da...H..2......f..s\..q.....k.I..4.2..6..4....;(
>>

GET /img/lbg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1489623980.BD2B1393CD4E4FFE22787D912B7C5D2D.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1157917606.1489623983; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:25 GMT

Content-Type: image/png

Content-Length: 200

Connection: keep-alive

Last-Modified: Thu, 21 Nov 2013 20:06:42 GMT

ETag: "a1c85-c8-4ebb56fac1880"

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-005.fra004.internap.com

Accept-Ranges: bytes
.PNG........IHDR.......L......O......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<...ZIDATx.b.R.b .....tV.....Z&.'B..!.;......qn...h:
.z!N.T@.l..4#......|..-..z...D..g.f.![.....O...........IEND.B`.HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:25 GMT..Content-Type: image/png
..Content-Length: 200..Connection: keep-alive..Last-Modified: Thu, 21 
Nov 2013 20:06:42 GMT..ETag: "a1c85-c8-4ebb56fac1880"..Server: CDCE..X
-INAP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-005.fra004.interna
p.com..Accept-Ranges: bytes...PNG........IHDR.......L......O......gAMA
....7.......tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.b.R.b .....t
V.....Z&.'B..!.;......qn...h:.z!N.T@.l..4#......|..-..z...D..g.f.![...
..O...........IEND.B`...

GET /img/logo.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1489623980.BD2B1393CD4E4FFE22787D912B7C5D2D.1.1.1.1.1.1.1.1.1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:22 GMT

Content-Type: image/png

Content-Length: 2536

Connection: keep-alive

Last-Modified: Thu, 10 Jul 2014 23:39:15 GMT

ETag: "a1c81-9e8-4fddf55270ec0"

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-005.fra004.internap.com

Accept-Ranges: bytes
.PNG........IHDR.......L.....3.......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<...zIDATx..]]S.W..N.......7.NE.........(...H.8S..V.
....H;j.v..%.3...^.`...3...3....7.6......>..r..n...$....a`M.ys.9.y.
.,..U.[..a.a9M..8M .....4.`..8..4...i...:M2MXd.&J..{..K....=.?........
m.....!sX...M!.5.}...){.....].r..l.U..Vv9.afH.......Wr.i[FEX..v...;...
. Y.=."d.bjy..L,.......Ph..$..I.B...]W...}.3*.B.....-..&....!..gT..{.q
.`...hv.........i..8M ....#~z.|]......}a.......5y..!..&...NzV........&
gt;1....wb..A.E.|g..j....J7m./.w].Df.v.N.FN.}.%...#........g.7...G.wW.
.8"............SGe...x...M..%kV.%.B...7........gz.....K.....d.Da......
../........=).....G?. ..<...Q...k0...v.B.....fn4.:._a...|...J7.g.(:
...&..k.1.i......&.;........@....y.z..|[....w-....}.......c5....I=..J.
..j...5...."MV..[..8.Qw....w..........Ec}..~J.9m...A..v.?...m...FvU.; 
....~...r...g..x=....... .....>V....9...~.....!.u.J.FZ.iB.L.T..S./L
..*.q1..|..8.2.z1..5{....kdg....h.S..k...8.K.v.....Y..-.o.E@S..F.oo|. 
o.2.6.B...6..)m.T..Y........).O..........Q.'`.M.*J..p.tGW.....FO.C.=..
....b...*O..@....p*].h..Z.}.~....*G.....n$...D.....Q..4Y..8L..;...K...
Z..H1...ai.t.*yL...`-)2E..ip..C.d.&$*....p..[{.......4Ez..Gf.V..T.D[..
..g....Rm......u(Y.o@HT.*>?;}..D2ks...6>-\.)}Rb..ky......Pc.....
.-.\..?..s......319....^..D.i.C.....s.z.[..\...GJ...'8...Hi.s......-.S
.#...1...)..._S.V.ocE.\..cB.*Y.Z..B..%..r..73.8..p....P.U..\......2.2u
....S.....iQ.............P.y...{ 7i......v.s..N..-....K]\v.%..Vo$.P..&
lt;....}....Wb..9..7.p..$4=N Mj..0..4gj..Hie..5;-......6...8..m.(.
>>

GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489624018000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww1.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:49 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 125

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.906885..

GET /player1.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: everclips.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:23:18 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT

ETag: "4403c4-1bb61-4fbe0230ad080"

Accept-Ranges: bytes

Content-Length: 113505

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:23:18 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T..... 
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
>>

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.ivids.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:30:12 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Tue, 11 Nov 2014 03:08:25 GMT

ETag: "a1b01-52-5078c97abfc40"

Accept-Ranges: bytes

Content-Length: 82

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/xml
<cross-domain-policy>..    <allow-access-from domain="*"/>
..</cross-domain-policy>....


GET /v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hXXp://VVV.ivids.net/1.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos ivids.net&LR_FORMAT=application/x-shockwave-flash HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.ivids.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1157917606.1489623983; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:30:12 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Cache-Control: post-check=0, pre-check=0

Content-Length: 533

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/xml
<?xml version="1.0" encoding="UTF-8"?>..<VAST version="2.0"&g
t;<Ad id="1"><Wrapper><AdSystem>1</AdSystem>&l
t;VASTAdTagURI><![CDATA[hXXp://we1sb-oi9ft.ads.tremorhub.com/ad/
tag?adCode=we1sb-64jyd&playerWidth=645&playerHeight=380&playerPosition
=1&mediaTitle=Entertainment_videos_ivids.net&mediaDesc=Watch_Entertain
ment_videos_ivids.net&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl
=hXXp://VVV.ivids.net/1.html&contentLength=[CONTENT_LENGTH]]]></
VASTAdTagURI><Impression/><Creatives><Creative>&l
t;/Creative></Creatives></Wrapper></Ad></VAST&
gt;..HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:30:12 GMT..Server: Apa
che/2.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store,
 no-cache, must-revalidate, max-age=0..Pragma: no-cache..Expires: Sat,
 26 Jul 1997 05:00:00 GMT..Cache-Control: post-check=0, pre-check=0..C
ontent-Length: 533..Keep-Alive: timeout=5..Connection: Keep-Alive..Con
tent-Type: text/xml..<?xml version="1.0" encoding="UTF-8"?>..&lt
;VAST version="2.0"><Ad id="1"><Wrapper><AdSystem&gt
;1</AdSystem><VASTAdTagURI><![CDATA[hXXp://we1sb-oi9ft.
ads.tremorhub.com/ad/tag?adCode=we1sb-64jyd&playerWidth=645&playerHeig
ht=380&playerPosition=1&mediaTitle=Entertainment_videos_ivids.net&medi
aDesc=Watch_Entertainment_videos_ivids.net&mediaId=&mediaUrl=[CONTENT_
MEDIA_URL]&srcPageUrl=hXXp://VVV.ivids.net/1.html&contentLength=[CONTE
NT_LENGTH]]]></VASTAdTagURI><Impression/><Creati
>>

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: thm.vidvib.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:50 GMT

Content-Type: application/xml

Content-Length: 82

Connection: keep-alive

Last-Modified: Fri, 20 Jun 2014 22:54:54 GMT

ETag: "1000000015848-52-4fc4c61b7eb80"

Server: NetDNA-cache/2.2

Expires: Sun, 11 Mar 2018 00:26:50 GMT

Cache-Control: max-age=31104000

X-Cache: HIT

Accept-Ranges: bytes
<cross-domain-policy>..    <allow-access-from domain="*"/>
..</cross-domain-policy>....


GET /abcd.mp4 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://everclips.net/player1.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: thm.vidvib.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:50 GMT

Content-Type: video/mp4

Content-Length: 2929

Connection: keep-alive

Last-Modified: Mon, 16 Jan 2017 22:18:32 GMT

ETag: "a0a000000009298-b71-5463d905b4731"

Server: NetDNA-cache/2.2

Expires: Sun, 11 Mar 2018 00:26:50 GMT

Cache-Control: max-age=31104000

X-Cache: HIT

Accept-Ranges: bytes
....ftypmp42....mp41isom...Duuid\...2.B..ae........(6.3.9600.16477 (wi
nblue_gdr.131126-1957)....mdat.................3../..aP.pAr.2H..*=4Mic
rosoft H.264 Encoder V1.5.3..............sC....B.5l.src:3 h:100 w:100 
fps:29.970 pf:66 lvl:1 b:0 bqp:3 gop:90 idr:90 slc:1 cmp:0 rc:1 qp:26 
rate:100000 peak:0 buff:37500 ref:2 srch:32 asrch:1 subp:1 par:6 3 3 r
nd:0 cabac:0 lp:2 ctnt:0 aud:1 lat:0 wrk:4 vui:1 lyr:1 <<.....ke
..K....P..#...}......o....... .=......x..6..J.4......pBA..........x ..
..[.....^.V._....J..rb..w&......^'..(.|Q.w...J...'.r.x.q........&..G..
..] 3MR...E!:/..."H{.........K....{...z7.....!.'.u\z.e...W.>..o..;.
.......)!..\..._.h..R...)...0.....D/h....~..g. ....P3.2..:.......S4.b.
.8........{eh...YOHT.!.N....t...?.J\/Wfc@]..c>.u..... [{H.#....W..0
.......iiiiik..........0....a....(.....0....a....(.....0....a....(....
.0....a....(.....0....a...x.'Y7.@.....0...7a..._.2............y..9..&~
.OJ..[....".....|.n.F.'`.Z.......0...ga...^#...<.#f.L.).n...Z.4..`s
..1./.......}.W=..I.W\.!u.....@.AN.E..ny.....-...X.4...^.a.6..$..DTk.H
.j.......0....a........4<.S.. .........^.K...\..YY6..._..L....X...8
>..WY1%.$.>.$..L.U.....c._.8..c.......c..MzIx..3..f...:..z}|..G.
...?.4RP..j.&O..C"....r>.....0....a...W...d~^a...W.t.j..S.*..7).&&.
....9).3..8[U...9.}.O..r.T...%.:O.....q..Gt.~7I..>....V..QT.uL.....
j.U:}.......>.e`7p.4...p!q....w.E. ..LC......!.J.E.Ia..ANG....... .
........0....a...W./5......*....H...B......0....a...W....z.......0....
a...W....z.......0....a...W....z.......0....a...W....z.......0....
>>

GET /wp-content/themes/howcast/images/icons/love.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.howcast.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:04 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT

ETag: "1000000029c8c-7f-5417580d56100;548e03ca5164a"

Accept-Ranges: bytes

Content-Length: 127

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR................s....gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....IDATx.b...L.`..`.>....jg.....IEND.B`.HTTP/1.
1 200 OK..Date: Thu, 16 Mar 2017 00:26:04 GMT..Server: Apache/2.2.22 (
Win64) PHP/5.3.13..Last-Modified: Thu, 17 Nov 2016 01:56:52 GMT..ETag:
 "1000000029c8c-7f-5417580d56100;548e03ca5164a"..Accept-Ranges: bytes.
.Content-Length: 127..Keep-Alive: timeout=5, max=100..Connection: Keep
-Alive..Content-Type: image/png...PNG........IHDR................s....
gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...L.`.
.`.>....jg.....IEND.B`...

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: thm.vidvib.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:52 GMT

Content-Type: application/xml

Content-Length: 82

Connection: keep-alive

Last-Modified: Fri, 20 Jun 2014 22:54:54 GMT

ETag: "1000000015848-52-4fc4c61b7eb80"

Server: NetDNA-cache/2.2

Expires: Sun, 11 Mar 2018 00:26:52 GMT

Cache-Control: max-age=31104000

X-Cache: HIT

Accept-Ranges: bytes
<cross-domain-policy>..    <allow-access-from domain="*"/>
..</cross-domain-policy>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 
00:26:52 GMT..Content-Type: application/xml..Content-Length: 82..Conne
ction: keep-alive..Last-Modified: Fri, 20 Jun 2014 22:54:54 GMT..ETag:
 "1000000015848-52-4fc4c61b7eb80"..Server: NetDNA-cache/2.2..Expires: 
Sun, 11 Mar 2018 00:26:52 GMT..Cache-Control: max-age=31104000..X-Cach
e: HIT..Accept-Ranges: bytes..<cross-domain-policy>..    <all
ow-access-from domain="*"/>..</cross-domain-policy>..

GET /analytics.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload

Timing-Allow-Origin: *

Date: Wed, 15 Mar 2017 23:55:27 GMT

Expires: Thu, 16 Mar 2017 01:55:27 GMT

Last-Modified: Thu, 02 Mar 2017 00:20:42 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 12156

Cache-Control: public, max-age=7200

Age: 1855
.............w.8.0.{......Du...lR.SJ)...-...#Kj......M.....I..a.}.....
]"......\U.j:.I.<r....=y*............f....T..h......c.,i....T[h.Fb,
U.{..8r.u<hwX.............a.....N.....Oz..`.=.....-.on..y.5q0=..w..
3p.^o..y..n..........NN.>...z.C!.U...q=.....Q.Lon.....k..._......./
z<.J\.n6.y.H%.h...?....8^..?....s#....El.o}....F.rAi...en.X..^.....
........T..L...........7....z..a.....A_(.c..H...k,`.......l.5.k>.5.
..g.....Y|9..49.y..2.......eQ..MW:....b.......M........(....pD.9.K.'I.
.u}...WW.:...e#>.....Z)...j}......$..d.U`O..H... ...:....f......y..
..o.-.Gj2....o......:.YZzZ.2xs.q....S..?.7...Y..XE[]5J*..L.|.W-[h Z.8R
W*.T...X.$gI.....B...-b.6E...@..~.J2...I.....\^.o...r..._..2.OG.%.y...
!Z....4......1...:&.....3..t...!|................S.n/.b...[,..lZX.9.Px
C...8|.io{<..G..'}.p>..xoMc....5..{w.e...~...`..`t..}.......uU#X
.. .;.J.k@].p...r...:@..h...OD.U..L./o>gW.....j......J.B../..`. Z..
............e...>T.Y. .:.z.T.&......(...E..$NEV.|.k..94.uy.........
p...4}=."|...I.]R..o..............L....h0.2..N..a...8.....!~}......-}W
..a......a .>.Z...HI...g.D<.y.1...$...<....a..R..1....R.."'..
.9n.Q..1..lyN..,rF.n..Vi}.J...s..]./;........y....I......<....`-HI.
.........k..8...{.8...4.1)....(..2..1.7w..q.......M...7Z.V.f^..-*..qK@
!.HN..|J ......mA..A f.....CA.9yE.....*...#N.....0.../../..a0t=......h
:.........c...'...o.rz.............V.,L'...U.........^u2.....A........
8.O.s...R.hw..V......v=W.X=Q..C.84..S.%.Y\..H..V.1..Mz..........J..R..
......'....*Z......Ba...........f.z....1..k..d..C>)."..R!..#'H.
>>

GET /r/collect?v=1&_v=j49&a=2009820665&t=pageview&_s=1&dl=http://VVV.ivids.net/page-1.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1916x902&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=529385969&gjid=1659227578&cid=1157917606.1489623983&tid=UA-74694740-2&_r=1&z=873997192 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Thu, 16 Mar 2017 00:26:25 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Thu, 16 Mar 2017 00:26:25 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..

GET /5/10/logo.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://everclips.net/player1.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: l.longtailvideo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=604800

Content-Type: image/png

Date: Thu, 16 Mar 2017 00:26:38 GMT

Etag: "3015243340"

Expires: Thu, 23 Mar 2017 00:26:38 GMT

Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT

Server: ECAcc (vie/F29C)

X-Cache: HIT

Content-Length: 1845
.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP...
.0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......c
v..9sv...3g....A-.).8j......J..*.Ge9.@....Y u(.....k.Nt.3..yR....~*]. 
...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !..
...Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{
.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9k
L....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j
.}S...@.EmE./.....U.u.-.U\..../B......;..Q......@.9....=.'.~Jm0t<c.
]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...
........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0
.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...
S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j
.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O
.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{..
....>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'.
...x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`.
..8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..
t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.
q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'
.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......
j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.b
i..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se
>>

GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: aoaomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:05 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 928

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
<html>..<head>..<title>a</title>..</head&gt
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r='   Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
6:05 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
>>

GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1

Accept: */*

Referer: hXXp://aoaomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: aoaomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:06 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 3

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: text/html
...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:06 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
 3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......

GET /report3.php?lid=937115 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.everclips.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:28 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:28 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8......


GET /report3.php?lid=937115 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: vi.everclips.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:32 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Cache-Control: no-store, no-c
ache, must-revalidate, max-age=0..Cache-Control: post-check=0, pre-che
ck=0..Pragma: no-cache..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Conten
t-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Ty
pe: text/html; charset=utf-8..

GET /counter/counter.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.statcounter.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:19 GMT

Server: PWS/8.2.0.7

X-Px: ht h0-s1210.p11-fra.cdngp.net

ETag: W/"576924c5-654e"

Cache-Control: max-age=43200

Expires: Thu, 16 Mar 2017 03:56:59 GMT

Age: 30560

Content-Length: 9529

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Tue, 21 Jun 2016 11:28:05 GMT

Connection: keep-alive
...........]{s....*....F.,.-..o..M6....$...eQ$%s,.Z..c-}..u7@..<3{u
..?....@.h4..B.y..Z...Q..9..............]...K.%.<L....f...U...\..i.
<..g.f.%.q........O.J.CH..v.....N.H.M..zQ-J..`.'f.*~0....sj....C...
.....l....di|..4t..H........-...;.P.f^...EM....4..I.=.~....e..e..W>
.]..Wt...v..I..Wym.;...y....'....W._;.}.f..#...'.4Lj.:...bv.....&Z.p.&
.&.5.n#sN....X'[..........5-h.n.x..G.5....h...mp.....5..[..G.}.~....&.
...d.%i..G..4....b..h......<.q..c... J....{bTZ\M.w.r.1.Bf...y.l....
v.gQ...v.e./O.....Fi..H..;.Z.Y.a{Os-.A..c.b.c.{.a.....bln|{..t.....:|.
....~......R.eEV..-:h.xwS...Zf..*cHC,...K....p..4i.9.k>..P6[.Q.....
.$|...._.;...Em..itPa......P..Gj.. .5.  G..1m.....Ee...F70..ZUU&.&.?.&
gt;..r.Opc.........MQ<....=9(.v..^.Z<.;C....{....v..v:..N..{8.V;
........a.......v'.......w:...y..... ..^v../.8....W..7...o..IBV..%e...
c.Qt...6M.k.".j.o.E[.;..(#.$...#..T*. .......K/M..S..X.;(`..v.Fx||4...
..............#_.y..]./.y...?.....U...... ..].@...JX....v.?.H.ha8.b.*.
.EE.tx,j.....,.H..;.^...Ps....\.D.A...._..M...`.K...$k....^......j5t..
.......J.G,kt..6:}.I....v%..g.).([......Rlh.F.E..P(...h.U...:.@k>D.
..y.($V.P..B.u[n...[.@u2...;r^.E./..u....-k.......u....K....w...`U....
g^.l....*.1N.....8|.b..R.N.N..yq.s......?..m.m~..^...m.<cT. ....g.c
...E.-.?...O.|O. /Z*l...../46..;......h...8..p....m......&..MD.[.f\...
.'..e..C.*.n..#.....-...h.M..Lj$.....@O....h.,6<,.:..8,.OA...V.`.Pa
[..~v3.Qn...7W..^@[...../ m.t..%.......r$...>-k...{..U .h.r.._...UN
....3../....O..N.............p....5.<....2GM..C3|.q^w.....,....
>>

GET /5/10/logo.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/player1.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: l.longtailvideo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=604800

Content-Type: image/png

Date: Thu, 16 Mar 2017 00:26:38 GMT

Etag: "3015243340"

Expires: Thu, 23 Mar 2017 00:26:38 GMT

Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT

Server: ECAcc (vie/F29C)

X-Cache: HIT

Content-Length: 1845
.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP...
.0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......c
v..9sv...3g....A-.).8j......J..*.Ge9.@....Y u(.....k.Nt.3..yR....~*]. 
...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !..
...Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{
.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9k
L....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j
.}S...@.EmE./.....U.u.-.U\..../B......;..Q......@.9....=.'.~Jm0t<c.
]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...
........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0
.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...
S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j
.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O
.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{..
....>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'.
...x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`.
..8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..
t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.
q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'
.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......
j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.b
i..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se
>>

GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww1.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:25:50 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 124

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.37976HTTP/1.1 200 OK.
.Date: Thu, 16 Mar 2017 00:25:50 GMT..Server: Apache/2.2.22 (Win64) PH
P/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 124..Keep-Alive: t
imeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...P
NG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs..
........o.d....IDAT.Wc...?......5......IEND.B`.37976..

GET /player1.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.ivids.net/page-1.htm?lid=937115

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:23:18 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT

ETag: "4403c4-1bb61-4fbe0230ad080"

Accept-Ranges: bytes

Content-Length: 113505

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:23:18 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T..... 
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
>>

GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: bobomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:25:50 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 928

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
<html>..<head>..<title>a</title>..</head&gt
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r='   Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
5:50 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
>>

GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1

Accept: */*

Referer: hXXp://bobomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: bobomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:25:51 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 3

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: text/html
...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:25:51 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
 3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......

GET /jwplayer1.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: everclips.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 08:22:59 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 02 Jun 2016 05:31:59 GMT

ETag: "4403af-25d37-53444eccf91c0"

Accept-Ranges: bytes

Content-Length: 154935

Cache-Control: max-age=2592000, public

Expires: Thu, 15 Feb 2018 08:22:59 GMT

Connection: close

Content-Type: text/javascript
var dtn = Date.parse(new Date().toString());..document.write(unescape(
'
>>

GET /bck.php?1489623962000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:30 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:30 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8......


GET /bck.php?1489623965000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:29:32 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:29:32 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8..

GET /a.png?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443&gif=yes&rnd=1489623958000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ww.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:04 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 125

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs
..........o.d....IDAT.Wc...?......5......IEND.B`.549079HTTP/1.1 200 OK
..Date: Thu, 16 Mar 2017 00:26:04 GMT..Server: Apache/2.2.22 (Win64) P
HP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 125..Keep-Alive: 
timeout=5, max=100..Connection: Keep-Alive..Content-Type: image/png...
PNG........IHDR..............wS.....sRGB.........gAMA......a.....pHYs.
.........o.d....IDAT.Wc...?......5......IEND.B`.549079..

GET /homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 790

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Encoding: gzip

Date: Thu, 16 Mar 2017 00:16:17 GMT

Vary: Accept-Encoding

Age: 566

X-Cache: Hit from cloudfront

Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: -sXZBpkLr8ZxrYJmK0IlZbJcrKkjEaxocTqwlemj4dzUfPsAgD53Ig==
...........U]O.0.}G.?.?.V%vK....hk...64..4..I..,...4T.....@...&.......
...........!Jl......Gc.=.....M..t.a....h..Z#C...g.pbm.....h....l..]9..
K[~zE.C#.....`.<..3a9..n.a}\.....V....R.}|.....:...A*0...BA.../.X..
....{.....Q$ Y.7..DZiS1*.7a...!k.C...t.@.....X*.w1.:_.iUC^.L.....Qh..B
..hscX.F...\.%...?.9?............X<.s...#(0@nS....51.Yf1*L... .U..K
C..*...e6..(...d.L.&.].T...U...j......,h"d.....c.i\.K....p...y...\FE.8
...8.....m.M.v:Sq...4..I!..*..Mu.R..6..... 5"Oy(Z... Bn..].x... ...s..
B..{.w...~j4.....5q..K.....p(R....1.......$..|.0..r@:p......_.b.n.'.X;
d.%.....=[r...]W2xmI..T......q.u..5".&).Z..F4O....:....=.....5X.M$L..@
H:MA.>V..0k...K....eV....-[........ ...O....z..P../....h....s=...y.
..L.#.Gf...-.V.zy;7;.fr..n.....j.{.0.B`../.......<.]{...kF...m..y..
.Gj.....fA3..EAF..........B.....HTTP/1.1 200 OK..Content-Type: text/ht
ml..Content-Length: 790..Connection: keep-alive..Server: Apache/2.2.22
 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Encoding: gzip.
.Date: Thu, 16 Mar 2017 00:16:17 GMT..Vary: Accept-Encoding..Age: 566.
.X-Cache: Hit from cloudfront..Via: 1.1 e4a44efc4b3241dc23019df63a1f64
5c.cloudfront.net (CloudFront)..X-Amz-Cf-Id: -sXZBpkLr8ZxrYJmK0IlZbJcr
KkjEaxocTqwlemj4dzUfPsAgD53Ig==.............U]O.0.}G.?.?.V%vK....hk...
64..4..I..,...4T.....@...&..................!Jl......Gc.=.....M..t.a..
..h..Z#C...g.pbm.....h....l..]9..K[~zE.C#.....`.<..3a9..n.a}\.....V
....R.}|.....:...A*0...BA.../.X......{.....Q$ Y.7..DZiS1*.7a...!k.C...
t.@.....X*.w1.:_.iUC^.L.....Qh..B..hscX.F...\.%...?.9?............
>>

GET /jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 934

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

Last-Modified: Tue, 17 Jan 2017 23:02:27 GMT

ETag: "b0000003c0a95-a9d-546524b401cbb"

Accept-Ranges: bytes

Content-Encoding: gzip

Date: Thu, 16 Mar 2017 00:12:55 GMT

Age: 783

Vary: Accept-Encoding

X-Cache: Hit from cloudfront

Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: N4_B6QTQFx2FjBKZXrePEgGqPzNjv1v-RFd5djnxl5mq_ebSmH3a3g==
...........UMo.8......t....$....)v...@{.m....I.)R.H;F............%....
.....p.\..&G#,.....C .6dZY*..0h.I.6<.n...*m.n .eeo.k.....Q.>.o..
.E0....6p.C..x..k....2....xA.....^....<.FJ^2h.N1 ..l.%X3..... $R...
..z.E.....zA*}$V.&.*r...F.<...LN..5.V..V)...x.Xm..'...o...P.|...Vdg
....ZD0.L....a........'..'V.F.}.3.g.f3D.H.P..i..6?.....$55{......w}N..
B....L...#p.*c.....u.D.8$K.h&...........`|b'..#...a|....u).@.a0gTL....
..D.Q.Z..KL..Or....~..../.i15vZ.<.P(......1....}F..=.......:.`-.\..
......1..6.a.....2.*vj...}..J....uG........D.*m..=..i.[.9;#x.>(E[Zq
{.g..j..#.......Z/..%m....<4R.h\.?a..."....[.."l].@....p .=IM...{..
~..........(.g.......z..~.G..O}..............cR...m....Z../:#.aR.Z..8!
7..,[..c5...p..&.../....Fl..a.?.D.......#...0]..bgp...!.~..s=../....Jp
8..72..yT.....~.2.....:.B.x.P.u..............|6Z.q".....?}...N....t..6
..6J..'M)T.%G.n.v.-38Bp.n#....m.^<...0....p.`...7.m.{...........,..
fqx.m..i.....WB3..f.Jh._..|COs..g....;...$....HTTP/1.1 200 OK..Conte
nt-Type: application/javascript..Content-Length: 934..Connection: keep
-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..Last-Modified: Tue, 
17 Jan 2017 23:02:27 GMT..ETag: "b0000003c0a95-a9d-546524b401cbb"..Acc
ept-Ranges: bytes..Content-Encoding: gzip..Date: Thu, 16 Mar 2017 00:1
2:55 GMT..Age: 783..Vary: Accept-Encoding..X-Cache: Hit from cloudfron
t..Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFron
t)..X-Amz-Cf-Id: N4_B6QTQFx2FjBKZXrePEgGqPzNjv1v-RFd5djnxl5mq_ebSmH3a3
g==.............UMo.8......t....$....)v...@{.m....I.)R.H;F........
>>

GET /amg.php HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 359

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Date: Thu, 16 Mar 2017 00:25:40 GMT

Age: 20

X-Cache: Hit from cloudfront

Via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: puMSTLvIVAFfwbVcoFJQJPhAIOXr28VyJMLVelFCUUhlh49vmMB2eg==
...<script type="text/javascript">setInterval( "vwu()", 200000);
function vwu(){if(document.images){document.images['viewers'].src = 'h
ttp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png?'   Date.parse
(new Date().toString());}}</script><div style="visibility:hid
den"><img name="viewers" src="hXXp://whos.amung.us/cwidget/iebro
wser1/000000ffffff.png"></div>HTTP/1.1 200 OK..Content-Type: 
text/html..Content-Length: 359..Connection: keep-alive..Server: Apache
/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Date: Thu, 16 Ma
r 2017 00:25:40 GMT..Age: 20..X-Cache: Hit from cloudfront..Via: 1.1 e
4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)..X-Amz-Cf-
Id: puMSTLvIVAFfwbVcoFJQJPhAIOXr28VyJMLVelFCUUhlh49vmMB2eg==.....<s
cript type="text/javascript">setInterval( "vwu()", 200000);function
 vwu(){if(document.images){document.images['viewers'].src = 'hXXp://wh
os.amung.us/cwidget/iebrowser1/000000ffffff.png?'   Date.parse(new Dat
e().toString());}}</script><div style="visibility:hidden">
<img name="viewers" src="hXXp://whos.amung.us/cwidget/iebrowser1/00
0000ffffff.png"></div>..

GET /t.php?sc_project=10675947&java=1&security=299981d6&u1=E7B0A1AC3FB14F5D7ED93655281D1DFE&sc_random=0.578439388503037&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1916&h=902&camefrom=http://VVV.everclips.net/page-2.html?lid=937115&u=http://VVV.everclips.net/page-2.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: c.statcounter.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:20 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Set-Cookie: __cfduid=d763e6536a7d3afd3b39c3b352116794c1489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=/; domain=.statcounter.com; HttpOnly

P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Set-Cookie: is_unique=sc10675947.1489623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.statcounter.com

Set-Cookie: is_visitor_unique=1489623980103633089; expires=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com

Server: cloudflare-nginx

CF-RAY: 340394940681648d-FRA
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Date
: Thu, 16 Mar 2017 00:26:20 GMT..Content-Type: image/gif..Content-Leng
th: 49..Connection: keep-alive..Set-Cookie: __cfduid=d763e6536a7d3afd3
b39c3b352116794c1489623980; expires=Fri, 16-Mar-18 00:26:20 GMT; path=
/; domain=.statcounter.com; HttpOnly..P3P: policyref="hXXp://VVV.statc
ounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"..Expire
s: Mon, 26 Jul 1997 05:00:00 GMT..Set-Cookie: is_unique=sc10675947.148
9623980.0; expires=Tue, 15-Mar-2022 00:26:20 GMT; path=/; domain=.stat
counter.com..Set-Cookie: is_visitor_unique=1489623980103633089; expire
s=Sat, 16-Mar-2019 00:26:20 GMT; path=/; domain=.statcounter.com..Serv
er: cloudflare-nginx..CF-RAY: 340394940681648d-FRA..GIF89a............
.......!.......,...........T..;..

GET /itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: bobomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:25:50 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 928

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
<html>..<head>..<title>a</title>..</head&gt
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function uapcc() {..document.cookie = "tvrg_60409=;do
main=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_60755
=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tvrg_6
0297=;domain=.tremorhub.com;path=/;expires=-1";..document.cookie = "tv
rg_60035=;domain=.tremorhub.com;path=/;expires=-1";..}..setInterval(fu
nction() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 
90);..setInterval(function() {..uapcc();..}, 50);..setInterval(functio
n() {..uapcc();..}, 90);..//-->..setInterval( "onl()", 120000);func
tion onl(){if(document.images){document.images['onlv'].src = 'o.php?id
=01A1GWybNKig0XmOX0T6&date=2017-01-09&r='   Date.parse(new Date().toSt
ring());}}..</script><div style="visibility:hidden"><im
g name="onlv" src="o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09">&
lt;/div>..</html>HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:2
5:50 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/
5.3.13..Content-Length: 928..Keep-Alive: timeout=5, max=100..Connectio
n: Keep-Alive..Content-Type: text/html..<html>..<head>..&l
t;title>a</title>..</head>..<body>..<script la
nguage="JavaScript" type="text/javascript">..<!--..function uapc
c() {..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;exp
ires=-1";..document.cookie = "tvrg_60755=;domain=.tremorhub.com;pa
>>

GET /o.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09 HTTP/1.1

Accept: */*

Referer: hXXp://bobomo.tremorhub.com/itd.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: bobomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:25:51 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 3

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: text/html
...HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:25:51 GMT..Server: Apach
e/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length:
 3..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Typ
e: text/html.......

GET /homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443 HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 790

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Encoding: gzip

Date: Thu, 16 Mar 2017 00:16:17 GMT

Age: 566

Vary: Accept-Encoding

X-Cache: Hit from cloudfront

Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)

X-Amz-Cf-Id: x6R7-mR9KfKr0_IhKuSx4PfZPcuLyYKvQjv3eJK9v0iF1sAITyhlbQ==
...........U]O.0.}G.?.?.V%vK....hk...64..4..I..,...4T.....@...&.......
...........!Jl......Gc.=.....M..t.a....h..Z#C...g.pbm.....h....l..]9..
K[~zE.C#.....`.<..3a9..n.a}\.....V....R.}|.....:...A*0...BA.../.X..
....{.....Q$ Y.7..DZiS1*.7a...!k.C...t.@.....X*.w1.:_.iUC^.L.....Qh..B
..hscX.F...\.%...?.9?............X<.s...#(0@nS....51.Yf1*L... .U..K
C..*...e6..(...d.L.&.].T...U...j......,h"d.....c.i\.K....p...y...\FE.8
...8.....m.M.v:Sq...4..I!..*..Mu.R..6..... 5"Oy(Z... Bn..].x... ...s..
B..{.w...~j4.....5q..K.....p(R....1.......$..|.0..r@:p......_.b.n.'.X;
d.%.....=[r...]W2xmI..T......q.u..5".&).Z..F4O....:....=.....5X.M$L..@
H:MA.>V..0k...K....eV....-[........ ...O....z..P../....h....s=...y.
..L.#.Gf...-.V.zy;7;.fr..n.....j.{.0.B`../.......<.]{...kF...m..y..
.Gj.....fA3..EAF..........B.....HTTP/1.1 200 OK..Content-Type: text/ht
ml..Content-Length: 790..Connection: keep-alive..Server: Apache/2.2.22
 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Encoding: gzip.
.Date: Thu, 16 Mar 2017 00:16:17 GMT..Age: 566..Vary: Accept-Encoding.
.X-Cache: Hit from cloudfront..Via: 1.1 d79148f01e44f5598c15bdd5ce1c19
97.cloudfront.net (CloudFront)..X-Amz-Cf-Id: x6R7-mR9KfKr0_IhKuSx4PfZP
cuLyYKvQjv3eJK9v0iF1sAITyhlbQ==.............U]O.0.}G.?.?.V%vK....hk...
64..4..I..,...4T.....@...&..................!Jl......Gc.=.....M..t.a..
..h..Z#C...g.pbm.....h....l..]9..K[~zE.C#.....`.<..3a9..n.a}\.....V
....R.}|.....:...A*0...BA.../.X......{.....Q$ Y.7..DZiS1*.7a...!k.C...
t.@.....X*.w1.:_.iUC^.L.....Qh..B..hscX.F...\.%...?.9?............
>>

GET /jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 934

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

Last-Modified: Tue, 17 Jan 2017 23:02:27 GMT

ETag: "b0000003c0a95-a9d-546524b401cbb"

Accept-Ranges: bytes

Content-Encoding: gzip

Date: Thu, 16 Mar 2017 00:12:55 GMT

Age: 783

Vary: Accept-Encoding

X-Cache: Hit from cloudfront

Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)

X-Amz-Cf-Id: OJ5fx_UUhV3PBbAnKpj99yAGIFlmHCyzWxlb1K6WLhp-SDQq4cTCqA==
...........UMo.8......t....$....)v...@{.m....I.)R.H;F............%....
.....p.\..&G#,.....C .6dZY*..0h.I.6<.n...*m.n .eeo.k.....Q.>.o..
.E0....6p.C..x..k....2....xA.....^....<.FJ^2h.N1 ..l.%X3..... $R...
..z.E.....zA*}$V.&.*r...F.<...LN..5.V..V)...x.Xm..'...o...P.|...Vdg
....ZD0.L....a........'..'V.F.}.3.g.f3D.H.P..i..6?.....$55{......w}N..
B....L...#p.*c.....u.D.8$K.h&...........`|b'..#...a|....u).@.a0gTL....
..D.Q.Z..KL..Or....~..../.i15vZ.<.P(......1....}F..=.......:.`-.\..
......1..6.a.....2.*vj...}..J....uG........D.*m..=..i.[.9;#x.>(E[Zq
{.g..j..#.......Z/..%m....<4R.h\.?a..."....[.."l].@....p .=IM...{..
~..........(.g.......z..~.G..O}..............cR...m....Z../:#.aR.Z..8!
7..,[..c5...p..&.../....Fl..a.?.D.......#...0]..bgp...!.~..s=../....Jp
8..72..yT.....~.2.....:.B.x.P.u..............|6Z.q".....?}...N....t..6
..6J..'M)T.%G.n.v.-38Bp.n#....m.^<...0....p.`...7.m.{...........,..
fqx.m..i.....WB3..f.Jh._..|COs..g....;...$....HTTP/1.1 200 OK..Conte
nt-Type: application/javascript..Content-Length: 934..Connection: keep
-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..Last-Modified: Tue, 
17 Jan 2017 23:02:27 GMT..ETag: "b0000003c0a95-a9d-546524b401cbb"..Acc
ept-Ranges: bytes..Content-Encoding: gzip..Date: Thu, 16 Mar 2017 00:1
2:55 GMT..Age: 783..Vary: Accept-Encoding..X-Cache: Hit from cloudfron
t..Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFron
t)..X-Amz-Cf-Id: OJ5fx_UUhV3PBbAnKpj99yAGIFlmHCyzWxlb1K6WLhp-SDQq4cTCq
A==.............UMo.8......t....$....)v...@{.m....I.)R.H;F........
>>

GET /amg.php HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.ladaubert.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 359

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Date: Thu, 16 Mar 2017 00:25:40 GMT

Age: 20

X-Cache: Hit from cloudfront

Via: 1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 9A9uHGW-LZ1GJwFbTlDQtk-wtUEFvI4DT4YC_gEE_2Zx31xN3PQD4A==
...<script type="text/javascript">setInterval( "vwu()", 200000);
function vwu(){if(document.images){document.images['viewers'].src = 'h
ttp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png?'   Date.parse
(new Date().toString());}}</script><div style="visibility:hid
den"><img name="viewers" src="hXXp://whos.amung.us/cwidget/iebro
wser1/000000ffffff.png"></div>HTTP/1.1 200 OK..Content-Type: 
text/html..Content-Length: 359..Connection: keep-alive..Server: Apache
/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Date: Thu, 16 Ma
r 2017 00:25:40 GMT..Age: 20..X-Cache: Hit from cloudfront..Via: 1.1 d
79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)..X-Amz-Cf-
Id: 9A9uHGW-LZ1GJwFbTlDQtk-wtUEFvI4DT4YC_gEE_2Zx31xN3PQD4A==.....<s
cript type="text/javascript">setInterval( "vwu()", 200000);function
 vwu(){if(document.images){document.images['viewers'].src = 'hXXp://wh
os.amung.us/cwidget/iebrowser1/000000ffffff.png?'   Date.parse(new Dat
e().toString());}}</script><div style="visibility:hidden">
<img name="viewers" src="hXXp://whos.amung.us/cwidget/iebrowser1/00
0000ffffff.png"></div>..

GET /page-2.html?lid=937115 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.ladaubert.pw/homepage.php?id=01A1GWybNKig0XmOX0T6&date=2017-01-09&p=none&t=&ca=4384443

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.everclips.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:01 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.3

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-001.fra004.internap.com

Content-Encoding: gzip
e22.............[{o.8.......Z.q..-...N."M.mpi....-.".$..........7$%Z..
..w84A...c.3.........tq... ....e..k]J.&........e....1......QHI.]..tb9d
.t.( ...S3.b.h..]....'x.E......6...&S.......@.Y...$Zk..0m...o<....1
M. .......R.@E1..o.i.[i.&$..73Zf.....vo...YD..-5..N..^.)..Y..7{....x.K
..@-*....^.....X.>..O..X..b/.`-...H."L.._..:..>I...sh.E./...l.f.
....N........;.)M.......... ...XXQ.V. .;O\.n.E._.ZY......1.nH8!q..n v.
7.g............a..i.!nkJ.....a.....,]q.UP.a.*.hwBL..{a.....,..e#._.e.3
.0...?~....?F...4.[~d.5...t.....u..*....(..;.9K..^X.....b.._.Jr......&
lt;.X...@.*..i...o.........K...E.1" G.cF~....6.....4...VA@m....uEU.Ol:
/..`B`..V/.C..$.7...`&..(.!...[[Xp....k7l..(..0..t..S..DYh5B2C..D...Ed
r.Q..... . .^.I...Z..F...g.z......r.M..r.R..Uj...R..i..=Z..I>...X..
...~..4.C...J.....NhT.. 3...I.*..K..O*UpX..V.U......~^..l..U..U.......
K../..GQ.. .C ......-.[..oEW..|.}K.@...... NI...)..<..k..7.R...p..d
m...4..._<G.....G.2../.Q....le..s....9MPFH..S....Ue.*pF.....J.d.u.z
.....7../.?S`...P..<CJ......\..n>..zW....Pq..c.Y...l......k ..u.
....fB.k.....[.Xe....Y-.Bv..A..2..g...h..,g.....k.:.s..........-.3...!
.?[o.0MH"...Xtx...p...l'.Q...b.......B*.pQK......,..?...E....r..:....U
...c?Jj.....}........^..4.Y...3......W1...]xT..S...w........0b.....F.B
..2.^...'..-.~.%..9:9;...........}pX... .........n7.4.1.,V........_..B
i.............Og_N...1..h...aD.......O.u......~<8.\x)........._..t.
.i.V......#a.E.&S........wc..C.yC....fo.[Kth."Phb.\....a.c= H...s...r=
.p....D..~\ .;:.....7..l3.Y.[.....h.2..T....x.mq/....I....lWXr....
>>

GET /page-2.htm?lid=937115 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.everclips.net/page-2.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.everclips.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:05 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.3

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-001.fra004.internap.com

Content-Encoding: gzip
10af.............\is....lW.?."Y.\. .C.)A..Rl..U..d..R...... ..(...... 
..2.....J"0..{.{.{.po"b....#..J.[..e.O...8h.........../.I.cg........M.
.ta..n.B."t..##t....@.J,....OyZ..(4t...4.b*B.u.H..j....E.....4..y..S..
x$.......2F%...(.:.t.^.r3R.PL.p..U..4..D...|..B..-.6....?M...c.#}...._
....zg...|.#'v|O..N....'v.~.&.1w..x...)....-.....6:....m.M=k.9t....l..
..l..x.>.s?p[<.j..o.g..N...J...8.........k'...?.Z..uQ~.jL.k ....
.......c.......zb...qC.i..7%%.|4......#...[...8.W.!..0bt.xA....1M...0.
.aq.4X.......~..g.......o....O:..k..5.....3.~.W...$.*=0}#!eSi..K%.n.T.
.......ou..b.0..j.v.Mf...jeo$....~.}s.....~. ........HW...0...m.....\a
..........Z....!..b...D..P...TV.......1.*.l.x.? ....(.%......0.)..)..7
r.. ..S&B..x........a..I,v...Vp. . .fd:...(.I.9h...D..I.}..?.k.C..D..C
....#5....zb..9...BXI6 ..l..&X.I.V.a....$.....<q[.*n*uY42.\>.;."
.h.9j[."o...Q7...b>..R_...0..r.....gn..^.....a...2...4,...y.t.q....
el'I.......7/.9.my-{$.j..^...%_$.-...j.Q.I.Tk.... -U.4kjY. .6. .h.bg.:
.N:4$q....S...H...EN...'..bA.F.v..........f.R..X........S..Q..^K...'1$
..1..a".!.SY....j>y.H.X^....y.....K0.}nc...E.\....A.7.....k...)....
.H1.......L........V3....R.l..h~7C...B...f...c...;......B..ke;. ..1XAV
.'~3.LJ..C..L.sVX......?Q.e.g%p...|.r!\..T.T...%.....L.ZrzXGi...!.2..h
~..D.H..../i......5Z.P4@. e........M.S.!...m..\....W....x....;.'..x6..
|/.S..Q....p....|<......O..>.......t......Go.t..q.1..cR.........
.O.w/..;9zw...........o....eZ..Q7......O....[T.........2O..N.O.....l.'
....>SRk.......DHk....}..P.k\L.^..[..&.....F.......7.d.qg(....$
>>

GET /style.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.everclips.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1489623980.E7B0A1AC3FB14F5D7ED93655281D1DFE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1465818909.1489623989

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:29 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Last-Modified: Fri, 05 Dec 2014 02:43:45 GMT

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-001.fra004.internap.com

Content-Encoding: gzip
2e0.............VQO.0.~.R...j*.......T.lh@%..moN.&.N.9n.U.......j.4..G
n...w..}....E.v<>._.h...@.6.}.x'....pr6.$.......zmH.HoP...z.t|9.
N..g...|.....`...-.......$.i..\.)....;.....@g/....E..g/.A..\..}C....O.
j;.V..^.Q.0...b.R.Mi".=)s7p.\.....e.5.@.{.....?}....<.......J..D.I&
gt;5.zo..-...a....k..:.J........~.j.eT..t...w.....@......yG=..J...{...
..m. .\.A.7U...t..^..G. .....uqx.<...6..<Q..".... ....(oD.)mP.8.
~..1e.....e.....n..o....$....z.3.5..=.J.)....7.V...0.{rF5O......I.>
."?K....P..W~a..c.......{,4....H>ht...n.,..Ki]..vu.R..Kj...n|..va.K
...J8.KD.....c.G.....x.FV.x...N.....)g.`..E..4...,....k.>..Jh......
i..jf...........2f..i......U.m....l..#.|k.V0.#..zU.*E.g....V.K.%..I..`
...... ...%:.......^.)..x.[Y5.....r....X..O.S.s*Y.)...@....'.-.;f.....
0..HTTP/1.1 200 OK..Date: Thu, 16 Mar 2017 00:26:29 GMT..Content-Type:
 text/css..Transfer-Encoding: chunked..Connection: keep-alive..Vary: A
ccept-Encoding..Last-Modified: Fri, 05 Dec 2014 02:43:45 GMT..Server: 
CDCE..X-INAP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-001.fra004.
internap.com..Content-Encoding: gzip..2e0.............VQO.0.~.R...j*..
.....T.lh@%..moN.&.N.9n.U.......j.4..Gn...w..}....E.v<>._.h...@.
6.}.x'....pr6.$.......zmH.HoP...z.t|9.N..g...|.....`...-.......$.i..\.
)....;.....@g/....E..g/.A..\..}C....O.j;.V..^.Q.0...b.R.Mi".=)s7p.\...
..e.5.@.{.....?}....<.......J..D.I>5.zo..-...a....k..:.J........
~.j.eT..t...w.....@......yG=..J...{.....m. .\.A.7U...t..^..G. .....uqx
.<...6..<Q..".... ....(oD.)mP.8.~..1e.....e.....n..o....$...
>>

GET /img/bgg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.everclips.net/page-2.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.everclips.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1489623980.E7B0A1AC3FB14F5D7ED93655281D1DFE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1465818909.1489623989; _gat=1

HTTP/1.1 200 OK

Date: Thu, 16 Mar 2017 00:26:32 GMT

Content-Type: image/png

Content-Length: 198

Connection: keep-alive

Last-Modified: Fri, 31 Oct 2014 16:20:09 GMT

ETag: "a1d82-c6-506ba5ee06040"

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-fra004-001.fra004.internap.com

Accept-Ranges: bytes
.PNG........IHDR.......L.....0f......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<...XIDATx.b.R.b....p.Z..00.'O...r...;...`r'^....4n!
7\h..4I...wZ";..=...<.*e.`..-..`J..)......m....?N....IEND.B`.HTTP/1
.1 200 OK..Date: Thu, 16 Mar 2017 00:26:32 GMT..Content-Type: image/pn
g..Content-Length: 198..Connection: keep-alive..Last-Modified: Fri, 31
 Oct 2014 16:20:09 GMT..ETag: "a1d82-c6-506ba5ee06040"..Server: CDCE..
X-INAP-Cache-Status: HIT..X-INAP-Server: cdce-fra004-001.fra004.intern
ap.com..Accept-Ranges: bytes...PNG........IHDR.......L.....0f......gAM
A....7.......tEXtSoftware.Adobe ImageReadyq.e<...XIDATx.b.R.b....p.
Z..00.'O...r...;...`r'^....4n!7\h..4I...wZ";..=...<.*e.`..-..`J..).
.....m....?N....IEND.B`...

The Dropped connects to the servers at the folowing location(s):

Map

Strings from Dumps

heinrichs.exe_4012:

.text

.text

`.rdata

`.rdata

@.data

@.data

.ndata

.ndata

.rsrc

.rsrc

uDSSh

uDSSh

Gw2.Hw

Gw2.Hw

.DEFAULT\Control Panel\International

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

GetWindowsDirectoryA

KERNEL32.dll

KERNEL32.dll

ExitWindowsEx

ExitWindowsEx

USER32.dll

USER32.dll

GDI32.dll

GDI32.dll

SHFileOperationA

SHFileOperationA

ShellExecuteA

ShellExecuteA

SHELL32.dll

SHELL32.dll

RegEnumKeyA

RegEnumKeyA

RegCreateKeyExA

RegCreateKeyExA

RegCloseKey

RegCloseKey

RegDeleteKeyA

RegDeleteKeyA

RegOpenKeyExA

RegOpenKeyExA

ADVAPI32.dll

ADVAPI32.dll

COMCTL32.dll

COMCTL32.dll

ole32.dll

ole32.dll

VERSION.dll

VERSION.dll

verifying installer: %d%%

verifying installer: %d%%

hXXp://nsis.sf.net/NSIS_Error

hXXp://nsis.sf.net/NSIS_Error

... %d%%

... %d%%

~nsu.tmp

~nsu.tmp

%u.%u%s%s

%u.%u%s%s

RegDeleteKeyExA

RegDeleteKeyExA

%s=%s

%s=%s

*?|/":

*?|/":

ers\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll

ers\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp\ExecCmd.dll

"%Program Files%\Pentameter\glaciated.exe"

"%Program Files%\Pentameter\glaciated.exe"

ExecCmd.dll

ExecCmd.dll

.reloc

.reloc

EnumWindows

EnumWindows

Kernel32.DLL

Kernel32.DLL

%Program Files%

%Program Files%

\Pentameter\glaciated.exe"

\Pentameter\glaciated.exe"

\ExecCmd.dll

\ExecCmd.dll

%SystemRoot%\

%SystemRoot%\

eq glaciated.exe" | %SystemRoot%\

eq glaciated.exe" | %SystemRoot%\

\find /I "glaciated.exe"

\find /I "glaciated.exe"

\Pentameter\glaciated.exe

\Pentameter\glaciated.exe

\glaciated.exe"

\glaciated.exe"

$$\wininit.ini

$$\wininit.ini

e%uy%u

e%uy%u

=m.pJod

=m.pJod

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp

nseF547.tmp

nseF547.tmp

rogram Files\Pentameter\glaciated.exe"

rogram Files\Pentameter\glaciated.exe"

ecCmd.dll

ecCmd.dll

ciated.exe" | %SystemRoot%\System32\find /I "glaciated.exe"

ciated.exe" | %SystemRoot%\System32\find /I "glaciated.exe"

\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp

\Users\"%CurrentUserName%"\AppData\Local\Temp\nseF547.tmp

"%Program Files%\hasidim\heinrichs.exe"

"%Program Files%\hasidim\heinrichs.exe"

%Program Files%\hasidim

%Program Files%\hasidim

heinrichs.exe

heinrichs.exe

ers\"%CurrentUserName%"\AppData\Local\Temp\nszD7A9.tmp

ers\"%CurrentUserName%"\AppData\Local\Temp\nszD7A9.tmp

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\

%Program Files%\hasidim\heinrichs.exe

%Program Files%\hasidim\heinrichs.exe

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

Windows\

Windows\

Nullsoft Install System v2.46

Nullsoft Install System v2.46

idim\heinrichs.exe"

idim\heinrichs.exe"

meter\glaciated.exe"

meter\glaciated.exe"

dw20.exe_364:

.text

.text

`.data

`.data

.rsrc

.rsrc

WerReportCloseHandle

WerReportCloseHandle

WerReportAddDump

WerReportAddDump

WerReportSubmit

WerReportSubmit

WerReportSetUIOption

WerReportSetUIOption

WerReportAddFile

WerReportAddFile

WerReportSetParameter

WerReportSetParameter

WerReportCreate

WerReportCreate

dw20.pdb

dw20.pdb

_amsg_exit

_amsg_exit

MSVCR80.dll

MSVCR80.dll

_crt_debugger_hook

_crt_debugger_hook

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

ReportEventW

ReportEventW

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

VERSION.dll

VERSION.dll

PSAPI.DLL

PSAPI.DLL

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

e\wer.dll

e\wer.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

\StringFileInfo\xx\%s

\StringFileInfo\xx\%s

%d.%d.%d.%d

%d.%d.%d.%d

Microsoft .NET Error Reporting Shim

Microsoft .NET Error Reporting Shim

2.0.50727.4927 (NetFXspW7.050727-4900)

2.0.50727.4927 (NetFXspW7.050727-4900)

dw20.exe

dw20.exe

.NET Framework

.NET Framework

2.0.50727.4927

2.0.50727.4927

svchost.exe_668:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

msvcrt.dll

msvcrt.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-WIN-Service-Core-L1-1-0.dll

API-MS-WIN-Service-Core-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

RPCRT4.dll

RPCRT4.dll

ole32.dll

ole32.dll

ntdll.dll

ntdll.dll

_amsg_exit

_amsg_exit

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

GetProcessHeap

GetProcessHeap

svchost.pdb

svchost.pdb

version="5.1.0.0"

version="5.1.0.0"

name="Microsoft.Windows.Services.SvcHost"

name="Microsoft.Windows.Services.SvcHost"

Host Process for Windows Services

Host Process for Windows Services

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost

Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost

\PIPE\

\PIPE\

Host Process for Windows Services

Host Process for Windows Services

6.1.7600.16385 (win7_rtm.090713-1255)

6.1.7600.16385 (win7_rtm.090713-1255)

svchost.exe

svchost.exe

Windows

Windows

Operating System

Operating System

6.1.7600.16385

6.1.7600.16385

dw20.exe_1652:

.text

.text

`.data

`.data

.rsrc

.rsrc

WerReportCloseHandle

WerReportCloseHandle

WerReportAddDump

WerReportAddDump

WerReportSubmit

WerReportSubmit

WerReportSetUIOption

WerReportSetUIOption

WerReportAddFile

WerReportAddFile

WerReportSetParameter

WerReportSetParameter

WerReportCreate

WerReportCreate

dw20.pdb

dw20.pdb

_amsg_exit

_amsg_exit

MSVCR80.dll

MSVCR80.dll

_crt_debugger_hook

_crt_debugger_hook

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

ReportEventW

ReportEventW

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

VERSION.dll

VERSION.dll

PSAPI.DLL

PSAPI.DLL

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

e\wer.dll

e\wer.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

\StringFileInfo\xx\%s

\StringFileInfo\xx\%s

%d.%d.%d.%d

%d.%d.%d.%d

Microsoft .NET Error Reporting Shim

Microsoft .NET Error Reporting Shim

2.0.50727.4927 (NetFXspW7.050727-4900)

2.0.50727.4927 (NetFXspW7.050727-4900)

dw20.exe

dw20.exe

.NET Framework

.NET Framework

2.0.50727.4927

2.0.50727.4927

dw20.exe_1956:

.text

.text

`.data

`.data

.rsrc

.rsrc

WerReportCloseHandle

WerReportCloseHandle

WerReportAddDump

WerReportAddDump

WerReportSubmit

WerReportSubmit

WerReportSetUIOption

WerReportSetUIOption

WerReportAddFile

WerReportAddFile

WerReportSetParameter

WerReportSetParameter

WerReportCreate

WerReportCreate

dw20.pdb

dw20.pdb

_amsg_exit

_amsg_exit

MSVCR80.dll

MSVCR80.dll

_crt_debugger_hook

_crt_debugger_hook

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

ReportEventW

ReportEventW

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

VERSION.dll

VERSION.dll

PSAPI.DLL

PSAPI.DLL

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

e\wer.dll

e\wer.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

\StringFileInfo\xx\%s

\StringFileInfo\xx\%s

%d.%d.%d.%d

%d.%d.%d.%d

Microsoft .NET Error Reporting Shim

Microsoft .NET Error Reporting Shim

2.0.50727.4927 (NetFXspW7.050727-4900)

2.0.50727.4927 (NetFXspW7.050727-4900)

dw20.exe

dw20.exe

.NET Framework

.NET Framework

2.0.50727.4927

2.0.50727.4927

dw20.exe_1572:

.text

.text

`.data

`.data

.rsrc

.rsrc

WerReportCloseHandle

WerReportCloseHandle

WerReportAddDump

WerReportAddDump

WerReportSubmit

WerReportSubmit

WerReportSetUIOption

WerReportSetUIOption

WerReportAddFile

WerReportAddFile

WerReportSetParameter

WerReportSetParameter

WerReportCreate

WerReportCreate

dw20.pdb

dw20.pdb

_amsg_exit

_amsg_exit

MSVCR80.dll

MSVCR80.dll

_crt_debugger_hook

_crt_debugger_hook

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

ReportEventW

ReportEventW

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

VERSION.dll

VERSION.dll

PSAPI.DLL

PSAPI.DLL

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

e\wer.dll

e\wer.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

\StringFileInfo\xx\%s

\StringFileInfo\xx\%s

%d.%d.%d.%d

%d.%d.%d.%d

Microsoft .NET Error Reporting Shim

Microsoft .NET Error Reporting Shim

2.0.50727.4927 (NetFXspW7.050727-4900)

2.0.50727.4927 (NetFXspW7.050727-4900)

dw20.exe

dw20.exe

.NET Framework

.NET Framework

2.0.50727.4927

2.0.50727.4927

taskeng.exe_2208:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

USER32.dll

USER32.dll

msvcrt.dll

msvcrt.dll

ntdll.dll

ntdll.dll

API-MS-Win-Core-Debug-L1-1-0.dll

API-MS-Win-Core-Debug-L1-1-0.dll

API-MS-Win-Core-ErrorHandling-L1-1-0.dll

API-MS-Win-Core-ErrorHandling-L1-1-0.dll

API-MS-Win-Core-File-L1-1-0.dll

API-MS-Win-Core-File-L1-1-0.dll

API-MS-Win-Core-Handle-L1-1-0.dll

API-MS-Win-Core-Handle-L1-1-0.dll

API-MS-Win-Core-Heap-L1-1-0.dll

API-MS-Win-Core-Heap-L1-1-0.dll

API-MS-Win-Core-Interlocked-L1-1-0.dll

API-MS-Win-Core-Interlocked-L1-1-0.dll

API-MS-Win-Core-LibraryLoader-L1-1-0.dll

API-MS-Win-Core-LibraryLoader-L1-1-0.dll

API-MS-Win-Core-Misc-L1-1-0.dll

API-MS-Win-Core-Misc-L1-1-0.dll

API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll

API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

API-MS-Win-Core-Profile-L1-1-0.dll

API-MS-Win-Core-Profile-L1-1-0.dll

API-MS-Win-Core-Synch-L1-1-0.dll

API-MS-Win-Core-Synch-L1-1-0.dll

API-MS-Win-Core-SysInfo-L1-1-0.dll

API-MS-Win-Core-SysInfo-L1-1-0.dll

API-MS-Win-Core-ThreadPool-L1-1-0.dll

API-MS-Win-Core-ThreadPool-L1-1-0.dll

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-Win-Security-Base-L1-1-0.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

RPCRT4.dll

RPCRT4.dll

KERNEL32.dll

KERNEL32.dll

d:\w7rtm\admin\wmi\jobs\server\session\session\main.cpp

d:\w7rtm\admin\wmi\jobs\server\session\session\main.cpp

Session::ChannelMsgReceived

Session::ChannelMsgReceived

d:\w7rtm\admin\wmi\jobs\server\session\session\session.cpp

d:\w7rtm\admin\wmi\jobs\server\session\session\session.cpp

d:\w7rtm\admin\wmi\jobs\server\session\session\clientchannel2.cpp

d:\w7rtm\admin\wmi\jobs\server\session\session\clientchannel2.cpp

d:\w7rtm\admin\wmi\jobs\server\engine\task.cpp

d:\w7rtm\admin\wmi\jobs\server\engine\task.cpp

d:\w7rtm\admin\wmi\jobs\server\engine\comhandlerbase.cpp

d:\w7rtm\admin\wmi\jobs\server\engine\comhandlerbase.cpp

StopJobMsg

StopJobMsg

StartJobMsg

StartJobMsg

ClientPipeName

ClientPipeName

Invalid parameter passed to C runtime function.

Invalid parameter passed to C runtime function.

d:\w7rtm\admin\wmi\jobs\common\xml\taskxmlreader.cpp

d:\w7rtm\admin\wmi\jobs\common\xml\taskxmlreader.cpp

TaskScheduler.log

TaskScheduler.log

j%Xf;

j%Xf;

d:\w7rtm\admin\wmi\jobs\server\engine\action.cpp

d:\w7rtm\admin\wmi\jobs\server\engine\action.cpp

API-MS-WIN-Service-Management-L1-1-0.dll

API-MS-WIN-Service-Management-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

ADVAPI32.dll

ADVAPI32.dll

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

SspiCli.dll

SspiCli.dll

XmlLite.dll

XmlLite.dll

MPR.dll

MPR.dll

RegOpenKeyTransactedW

RegOpenKeyTransactedW

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegCreateKeyExW

RegCreateKeyExW

FindExecutableW

FindExecutableW

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

EnumThreadWindows

EnumThreadWindows

EnumWindows

EnumWindows

GetProcessWindowStation

GetProcessWindowStation

_wcmdln

_wcmdln

_amsg_exit

_amsg_exit

GetProcessHeap

GetProcessHeap

SetProcessShutdownParameters

SetProcessShutdownParameters

TaskEng.pdb

TaskEng.pdb

version="5.1.0.0"

version="5.1.0.0"

name="Microsoft.Windows.WMI.TaskScheduler.TaskEng"

name="Microsoft.Windows.WMI.TaskScheduler.TaskEng"

8 8$8(878

8 8$8(878

3=4Z4w4

3=4Z4w4

=!=(=0=4=?=>>

=!=(=0=4=?=>>

5 5U5_5

5 5U5_5

5b6u6

5b6u6

-131J1X1o1}1

-131J1X1o1}1

=$=

=$=

Password

Password

hXXp://schemas.microsoft.com/windows/2004/02/mit/task

hXXp://schemas.microsoft.com/windows/2004/02/mit/task

Aieframe.dll

Aieframe.dll

%SystemRoot%\SYSTEM32\cmd.exe

%SystemRoot%\SYSTEM32\cmd.exe

%SystemRoot%\System32\Tasks

%SystemRoot%\System32\Tasks

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake

WindowSeconds

WindowSeconds

InitializeCmdlineProcessing()

InitializeCmdlineProcessing()

pCrimson provider registration failed for taskeng, hr=0x%x

pCrimson provider registration failed for taskeng, hr=0x%x

CATCH_KNOWN: %S ==> hr=0x%x [%S(),%d,%S]

CATCH_KNOWN: %S ==> hr=0x%x [%S(),%d,%S]

InteractiveTokenOrPassword

InteractiveTokenOrPassword

Aurl

Aurl

%d.%d

%d.%d

%s, (%d)

%s, (%d)

hXXp://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout

hXXp://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout

hXXp://schemas.microsoft.com/cdo/configuration/smtpauthenticate

hXXp://schemas.microsoft.com/cdo/configuration/smtpauthenticate

hXXp://schemas.microsoft.com/cdo/configuration/sendusing

hXXp://schemas.microsoft.com/cdo/configuration/sendusing

hXXp://schemas.microsoft.com/cdo/configuration/smtpserver

hXXp://schemas.microsoft.com/cdo/configuration/smtpserver

201ef99a-7fa0-444c-9399-19ba84f12a1a

201ef99a-7fa0-444c-9399-19ba84f12a1a

C:\Windows\SYSTEM32\cmd.exe

C:\Windows\SYSTEM32\cmd.exe

6.1.7601.17514 (win7sp1_rtm.101119-1850)

6.1.7601.17514 (win7sp1_rtm.101119-1850)

taskeng.exe

taskeng.exe

Windows

Windows

Operating System

Operating System

6.1.7601.17514

6.1.7601.17514