Susp_Dropper (Kaspersky), Gen:Variant.Barys.55463 (AdAware), Backdoor.Win32.Xtrat.FD, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Backdoor, Worm, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 18c5d5c04a1d72b461c2daf29061dfc8
SHA1: a1a58edf18e46000cebc90500d8f1b642a79b6fa
SHA256: 09b83b2fe19aa26f421d99769dd94c3896cecae2981933fd801d63bb7c954685
SSDeep: 12288:sAZfW2QvFlt2NvhrPtyjbqzu91H2SdwA2qiUlZ0ObaXuTWdLQRAQPJln:sAZu5vEr6bB9MSdwAHl9aXEWdkRDPJln
Size: 690860 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: IC
Created at: 2015-12-27 07:38:55
Analyzed on: Windows7 SP1 32-bit
Summary: Backdoor. Malware that enables a remote control of victim's machine.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Backdoor's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Backdoor creates the following process(es):
%original file name%.exe:3308
123213123.exe:2856
123213123.exe:2012
The Backdoor injects its code into the following process(es):
jingling.exe:2472
jingling.exe:1532
svchost.exe:1256
iexplore.exe:1452
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process jingling.exe:2472 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.11.1.min[1].js (57991 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\url[1].htm (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\alexa[1].png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\style[1].css (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\tcfg.dat (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\main[1].js (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\splogo[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\product.dat (550 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\bd.dat (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A6RQWI1I.txt (138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\sound_high[1].gif (356 bytes)
The process jingling.exe:1532 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\v2[1].js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\green_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\getipinfo[1].htm (187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sdcysoft_com[1].htm (831 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (383 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\SlideDoor[1].htm (547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[2].js (3795 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\OX9yPxVGYQhNAdcIDFDeBXfgae9vyAHITKBYJWiUq0c[1].js (9344 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (9996 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\fitvids-doc-ready[1].js (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\html5shiv.min[1].js (572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\common[1].js (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\index[1].css (88657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\lrtk[1].css (1029 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\red_shield_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\base[1].js (443 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slider-setting[1].js (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\52612bfba40c463ad5878c3862379d1c[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\font-awesome[1].css (10591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2674 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\15541197_935117263286926_3483886767120125698_n[1].jpg (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (654 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\init[1].js (1159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\meiqia[1].js (77183 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G60HOHQ1.txt (251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\scrolltab[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (5653 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery-migrate.min[1].js (5375 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\1.4[1].js (10170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14520396_203440986742644_308382618062025305_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5DPXEETN.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\font-awesome.min[1].css (13482 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y3HIC4U1.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (246 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\m[1].js (60021 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (71 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (747 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CDKMUDL9.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\14358769_10206860846257416_7466951948784187963_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (20314 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (2032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (6221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cm[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\www.sdcysoft[1].xml (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\0.2[1].js (17481 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[1].htm (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16114967_2227104167515605_3084083241048458185_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sewasolo_com[1].htm (5177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZR3XKL3Y.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\12063727_968338849875096_426343592926317394_n[1].jpg (1753 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\addthis_widget[1].js (209732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\15965560_1833507490251421_3796225368876502291_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\adapter[1].js (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\start_v5[1].js (505 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\bundle__menu_ML_desktop_full.d635ce2a[1].css (28067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\background_gradient_red[1] (868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery-1.7.2.min[1].js (46101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\U4RBEDZD.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZH36DV72.txt (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (30340 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\desktop.ini (254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\12115518_944101115651532_2564004755971760607_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\plusone[1].js (30566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (21413 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\melidata.min[1].js (10800 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\jquery-migrate-1.2.1[1].js (5641 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\new_suggest[1].css (7848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Q328RLZO.txt (482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\O4CQ6Q3M.txt (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\8OSH5N44.txt (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].js (52098 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pingjs[1].js (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[2].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ie8[1].js (789 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\112COZCN.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7V44E21O.txt (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\classic[1].js (7741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[2].js (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (400 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0S7ZWK0B.txt (441 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\15940888_578312162362095_8869873993140981893_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JEXRN4WF.txt (470 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3DYFNGFP.txt (656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\core[1].js (765 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\red_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\127631110-widgets[1].js (50978 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7GO3Y47L.txt (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\fontawesome-webfont[1].eot (30576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\world.taobao[1].xml (11974 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (422 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\_common___promote___promote.css--___template_1___styles___www___company___info.css--template_1___styles___plugin___companyFollow.css--v616.55[1]. (43888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IEYHNN6C.txt (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\home[1].css (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[2] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9VDPLBYE.txt (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\2422776291-widget_css_bundle[1].css (18236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[2].htm (4600 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\eco-api.meiqia[1].xml (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\css[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\aplus_v2[1].js (20794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\oninput[1].js (653 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[1].js (6103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\0.2[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\jquery.cycle.all.min[1].js (23784 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ML9RPDO7.txt (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (142655 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\K5t3Ec3iy66[1].js (218774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4Q7NOTWJ.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KAFZHTZ0.txt (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\ds[1].js (63503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\tc[1].js (6153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\mFUry7Ewz5S[1].js (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\aplus_v2[1].js (3540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.min[1].js (63266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\navigation[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NI1WRHMP.txt (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slide_switch[1].js (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (2016 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\LxzEXqxaECb[1].js (108279 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\backgroundPosition[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\14212207_653688491461426_5945484803893418677_n[1].jpg (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CJPVDJJP.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\css[1].css (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\core-1db59222bec2e7468c559156f55a310b[1].css (165349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (613210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\seed-min[1].js (28318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\navigator[1].js (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\salary[1].htm (9346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KV28ZD8Y.txt (725 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\adv_out[1].js (9557 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[2].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\harga-sewa-mobil-solo[1].htm (7822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[6].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\94FDZEML.txt (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery.fitvids[1].js (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\bounce[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\webww[1].js (16515 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (53278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[2].js (40514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[2].js (23773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (494 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[1].js (23102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cb=gapi[1].js (80253 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\z_stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YHPCILX3.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (280 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\songhaiyouhong_blogspot_com[1].htm (13673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\Xw9VNcnTyYg[1].js (26680 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (5998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1.4[1].js (57892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\38M8494A.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\doorbell-i8wozeiuwodmquxr[1].js (19959 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\16472838_752115304954013_2302620675576684630_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9C1XITPC.txt (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\www.youtube[1].xml (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16143282_791723427632670_7574174759107544566_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4HVEPQN3.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\49CU6FUZ.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ON7HEO01.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3JX5PE0Z.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (939 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\config[1].js (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\abnormal[1].css (4745 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (359 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ad_status[1].js (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14303700004920[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery[1].js (152409 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\skip-link-focus-fix[1].js (751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\cfb9b68598748471e884ae8e1367a070[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\comment-reply.min[1].js (757 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\page[1].htm (13208 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[1].js (2739 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\tabicon[1].js (715 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[2].htm (3175 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\index[1].js (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah[1].htm (27844 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\57SQKGIR.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\style[1].css (13067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YBPRKDDL.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\core__large-05ccd4379b22231463c741a5faa3dff1[1].css (130591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1KUYIOXW.txt (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\form[1].js (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\doorbell[1].htm (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1476 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (3400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\wp-emoji-release.min[1].js (7586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.tipsy[1].js (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1LJ8gYX1wG6[1].css (20498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\10698574_805310939511222_8929108492389579378_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\J2V4EMBS.txt (289 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\ga-audiences[1].htm (390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (1093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\history[1].js (18529 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (313 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\init[1].js (1089 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\common[1].css (5895 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].css (33012 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\36IEFG60.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (23237 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\csync[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery[1].js (69966 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1800 bytes)
The Backdoor deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (0 bytes)
The process %original file name%.exe:3308 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe (15187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe (12342 bytes)
The Backdoor deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssF4AA.tmp (0 bytes)
The process 123213123.exe:2856 makes changes in the file system.
The Backdoor deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\x.html (0 bytes)
The process 123213123.exe:2012 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (2321 bytes)
Registry activity
The process jingling.exe:2472 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFormatTags" = "2"
"aFormatTagCache" = "01 00 00 00 10 00 00 00 55 00 00 00 1E 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1412928878"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "jingling.exe"
[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFilterTags" = "0"
"fdwSupport" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"EnableFileTracing" = "0"
"MaxFileSize" = "1048576"
"EnableConsoleTracing" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"urlspace" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe -h"
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process jingling.exe:1532 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com]
"(Default)" = "6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1412928878"
[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\taobao.com]
"(Default)" = "14"
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 42 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\sdcysoft.com]
"(Default)" = "53"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 32 4A 4B BB"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "jingling.exe"
[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91287"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"AD7E1C28B064EF8F6003402014C3D0E3370EB58A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process %original file name%.exe:3308 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Backdoor deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process 123213123.exe:2856 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\XtremeRAT]
"Mutex" = "X1F606HDS"
The process 123213123.exe:2012 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"
"WindowClassName" = "DDEMLMom"
To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"
Dropped PE files
MD5 | File path |
---|---|
c22ebecd43f958eaeda8aed159c91dfc | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe |
1f519484a9ad5a51d42e0f57f4e314e0 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe |
c22ebecd43f958eaeda8aed159c91dfc | c:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe |
c22ebecd43f958eaeda8aed159c91dfc | c:\Windows\System32\Microsoft\Microsoft.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Backdoor's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:3308
123213123.exe:2856
123213123.exe:2012 - Delete the original Backdoor file.
- Delete or disinfect the following files created/modified by the Backdoor:
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.11.1.min[1].js (57991 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\url[1].htm (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\alexa[1].png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\style[1].css (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\tcfg.dat (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\main[1].js (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\splogo[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\product.dat (550 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\bd.dat (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A6RQWI1I.txt (138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\sound_high[1].gif (356 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\v2[1].js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\green_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\getipinfo[1].htm (187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sdcysoft_com[1].htm (831 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (383 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\SlideDoor[1].htm (547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[2].js (3795 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\OX9yPxVGYQhNAdcIDFDeBXfgae9vyAHITKBYJWiUq0c[1].js (9344 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (9996 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\fitvids-doc-ready[1].js (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\html5shiv.min[1].js (572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\common[1].js (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\index[1].css (88657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\lrtk[1].css (1029 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\red_shield_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\base[1].js (443 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slider-setting[1].js (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\52612bfba40c463ad5878c3862379d1c[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\font-awesome[1].css (10591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2674 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\15541197_935117263286926_3483886767120125698_n[1].jpg (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (654 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\init[1].js (1159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\meiqia[1].js (77183 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G60HOHQ1.txt (251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\scrolltab[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (5653 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery-migrate.min[1].js (5375 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\1.4[1].js (10170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14520396_203440986742644_308382618062025305_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5DPXEETN.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\font-awesome.min[1].css (13482 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y3HIC4U1.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (246 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\m[1].js (60021 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (71 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (747 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CDKMUDL9.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\14358769_10206860846257416_7466951948784187963_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (20314 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (2032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (6221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cm[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\www.sdcysoft[1].xml (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\0.2[1].js (17481 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[1].htm (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16114967_2227104167515605_3084083241048458185_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sewasolo_com[1].htm (5177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZR3XKL3Y.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\12063727_968338849875096_426343592926317394_n[1].jpg (1753 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\addthis_widget[1].js (209732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\15965560_1833507490251421_3796225368876502291_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\adapter[1].js (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\start_v5[1].js (505 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\bundle__menu_ML_desktop_full.d635ce2a[1].css (28067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\background_gradient_red[1] (868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery-1.7.2.min[1].js (46101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\U4RBEDZD.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZH36DV72.txt (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (30340 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\desktop.ini (254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\12115518_944101115651532_2564004755971760607_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\plusone[1].js (30566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (21413 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\melidata.min[1].js (10800 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\jquery-migrate-1.2.1[1].js (5641 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\new_suggest[1].css (7848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Q328RLZO.txt (482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\O4CQ6Q3M.txt (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\8OSH5N44.txt (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].js (52098 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pingjs[1].js (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[2].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ie8[1].js (789 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\112COZCN.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7V44E21O.txt (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\classic[1].js (7741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[2].js (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (400 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0S7ZWK0B.txt (441 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\15940888_578312162362095_8869873993140981893_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JEXRN4WF.txt (470 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3DYFNGFP.txt (656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\core[1].js (765 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\red_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\127631110-widgets[1].js (50978 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7GO3Y47L.txt (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\fontawesome-webfont[1].eot (30576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\world.taobao[1].xml (11974 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (422 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\_common___promote___promote.css--___template_1___styles___www___company___info.css--template_1___styles___plugin___companyFollow.css--v616.55[1]. (43888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IEYHNN6C.txt (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\home[1].css (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[2] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9VDPLBYE.txt (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\2422776291-widget_css_bundle[1].css (18236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[2].htm (4600 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\eco-api.meiqia[1].xml (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\css[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\aplus_v2[1].js (20794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\oninput[1].js (653 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[1].js (6103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\0.2[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\jquery.cycle.all.min[1].js (23784 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ML9RPDO7.txt (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (142655 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\K5t3Ec3iy66[1].js (218774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4Q7NOTWJ.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KAFZHTZ0.txt (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\ds[1].js (63503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\tc[1].js (6153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\mFUry7Ewz5S[1].js (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\aplus_v2[1].js (3540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.min[1].js (63266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\navigation[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NI1WRHMP.txt (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slide_switch[1].js (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (2016 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\LxzEXqxaECb[1].js (108279 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\backgroundPosition[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\14212207_653688491461426_5945484803893418677_n[1].jpg (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CJPVDJJP.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\css[1].css (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\core-1db59222bec2e7468c559156f55a310b[1].css (165349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (613210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\seed-min[1].js (28318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\navigator[1].js (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\salary[1].htm (9346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KV28ZD8Y.txt (725 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\adv_out[1].js (9557 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[2].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\harga-sewa-mobil-solo[1].htm (7822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[6].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\94FDZEML.txt (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery.fitvids[1].js (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\bounce[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\webww[1].js (16515 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (53278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[2].js (40514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[2].js (23773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (494 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[1].js (23102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cb=gapi[1].js (80253 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\z_stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YHPCILX3.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (280 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\songhaiyouhong_blogspot_com[1].htm (13673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\Xw9VNcnTyYg[1].js (26680 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (5998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1.4[1].js (57892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\38M8494A.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\doorbell-i8wozeiuwodmquxr[1].js (19959 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\16472838_752115304954013_2302620675576684630_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9C1XITPC.txt (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\www.youtube[1].xml (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16143282_791723427632670_7574174759107544566_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4HVEPQN3.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\49CU6FUZ.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ON7HEO01.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3JX5PE0Z.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (939 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\config[1].js (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\abnormal[1].css (4745 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (359 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ad_status[1].js (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14303700004920[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery[1].js (152409 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\skip-link-focus-fix[1].js (751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\cfb9b68598748471e884ae8e1367a070[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\comment-reply.min[1].js (757 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\page[1].htm (13208 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[1].js (2739 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\tabicon[1].js (715 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[2].htm (3175 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\index[1].js (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah[1].htm (27844 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\57SQKGIR.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\style[1].css (13067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YBPRKDDL.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\core__large-05ccd4379b22231463c741a5faa3dff1[1].css (130591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1KUYIOXW.txt (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\form[1].js (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\doorbell[1].htm (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1476 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (3400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\wp-emoji-release.min[1].js (7586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.tipsy[1].js (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1LJ8gYX1wG6[1].css (20498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\10698574_805310939511222_8929108492389579378_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\J2V4EMBS.txt (289 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\ga-audiences[1].htm (390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (1093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\history[1].js (18529 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (313 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\init[1].js (1089 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\common[1].css (5895 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].css (33012 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\36IEFG60.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (23237 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\csync[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery[1].js (69966 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe (15187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe (12342 bytes)
C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (2321 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"urlspace" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe -h"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 24124 | 24576 | 4.45853 | 1a13b408c917b27c9106545148d3b8d3 |
.rdata | 28672 | 4714 | 5120 | 3.46982 | 921acf8cb0aea87c0603fa899765fcc2 |
.data | 36864 | 154936 | 1536 | 2.97482 | 797517c6ef57aa95d53df2cf07568953 |
.ndata | 192512 | 32768 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 225280 | 11432 | 11776 | 2.84277 | 3eaf22e3ce0d14e92e4e1c1b3619fab2 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://us0.spiritsoft.cn/urlcore/olcfgs.dat?q=41 | 114.55.90.68 |
hxxp://us0.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110 | 114.55.90.68 |
hxxp://us0.spiritsoft.cn/v4/lib/jquery/jquery-1.11.1.min.js | 114.55.90.68 |
hxxp://us0.spiritsoft.cn/v4/js/main.js | 114.55.90.68 |
hxxp://us0.spiritsoft.cn/v4/images/sound_high.gif | 114.55.90.68 |
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=1189654&web_id=1189654 | |
hxxp://us0.spiritsoft.cn/v4/images/splogo.png | 114.55.90.68 |
hxxp://us0.spiritsoft.cn/v4/images/alexa.png | 114.55.90.68 |
hxxp://us0.spiritsoft.cn/urlcore/svcreq14032b.html | 114.55.90.68 |
hxxp://us0.spiritsoft.cn/urlcore/svcreq1413fd.css | 114.55.90.68 |
hxxp://www.google.com/ | 173.194.113.209 |
hxxp://www.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ | 173.194.113.223 |
hxxp://sewasolo.com/ | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/js/jquery.fitvids.js?ver=4.2.12 | 103.28.22.213 |
hxxp://googleadapis.l.google.com/css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12 | |
hxxp://sewasolo.com/wp-content/themes/dream/js/html5shiv.min.js | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/style.css?ver=4.2.12 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/js/fitvids-doc-ready.js?ver=4.2.12 | 103.28.22.213 |
hxxp://sewasolo.com/wp-includes/js/jquery/jquery.js?ver=1.11.2 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/font-awesome/css/font-awesome.min.css?ver=4.2.12 | 103.28.22.213 |
hxxp://sewasolo.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/js/base.js?ver=4.2.12 | 103.28.22.213 |
hxxp://sewasolo.com/wp-includes/js/wp-emoji-release.min.js?ver=4.2.12 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/js/navigation.js?ver=20120206 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/js/skip-link-focus-fix.js?ver=20130115 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/js/jquery.cycle.all.min.js?ver=2.9999.5 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/js/slider-setting.js?ver=4.2.12 | 103.28.22.213 |
hxxp://sewasolo.com/wp-content/themes/dream/font-awesome/fonts/fontawesome-webfont.eot?v=4.2.0 | 103.28.22.213 |
hxxp://us0.spiritsoft.cn/v4/css/style.css | 114.55.90.68 |
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl | |
hxxp://z.gds.cnzz.com/stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=æµé‡ç²¾çµ&h=1&rnd=258009459 | |
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=1189654&t=z | |
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= | |
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== | |
hxxp://cdn.globalsigncdn.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH | |
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8= | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw | |
hxxp://mrx9.ddns.net/1234567890.functions | |
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w== | |
hxxp://world.taobao.com.danuoyi.tbcache.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c | 195.27.31.252 |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w= | |
hxxp://clients.l.google.com/GIAG2.crl | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ | |
hxxp://sewasolo.com/harga-sewa-mobil-solo.html | 103.28.22.213 |
hxxp://sewasolo.com/harga-sewa-mobil-solo.html/ | 103.28.22.213 |
hxxp://e6845.dscb1.akamaiedge.net/ss.crl | |
hxxp://sewasolo.com/wp-content/plugins/akismet/_inc/form.js?ver=3.1.5 | 103.28.22.213 |
hxxp://sewasolo.com/wp-includes/js/comment-reply.min.js?ver=4.2.12 | 103.28.22.213 |
hxxp://2.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g | 192.0.73.2 |
hxxp://2.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g | 192.0.73.2 |
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw== | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= | |
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== | |
hxxp://domssl.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114 | |
hxxp://e6220.g.akamaiedge.net/ga/mlb-ml-analytics.min.gz.js | |
hxxp://e6220.g.akamaiedge.net/melidata/js/3/0.0.38/melidata.min.js | |
hxxp://sewasolo.com/tag/sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah/ | 103.28.22.213 |
hxxp://hkvhost688.800cdn.com/ | |
hxxp://hkvhost688.800cdn.com/templets/default/style/common.css | |
hxxp://hkvhost688.800cdn.com/js/jquery.tipsy.js | |
hxxp://hkvhost688.800cdn.com/js/start_v5.js | |
hxxp://hkvhost688.800cdn.com/css/lrtk.css | |
hxxp://hkvhost688.800cdn.com/js/jquery-1.7.2.min.js | |
hxxp://hkvhost688.800cdn.com/templets/default/style/home.css | |
hxxp://wpa.qq.com/pa?p=2:2923673182:51 | 58.251.100.24 |
hxxp://wpa.qq.com/pa?p=2:2409084321:51 | 58.251.100.24 |
hxxp://wpa.qq.com/pa?p=2:3264541975:51 | 58.251.100.24 |
hxxp://wpa.qq.com/pa?p=2:3313361925:51 | 58.251.100.24 |
hxxp://wpa.qq.com/pa?p=2:2051282539:51 | 58.251.100.24 |
hxxp://hkvhost688.800cdn.com/templets/default/js/jquery.js | |
hxxp://hkvhost688.800cdn.com/templets/default/js/common.js | |
hxxp://hkvhost688.800cdn.com/templets/default/js/tabicon.js | |
hxxp://hkvhost688.800cdn.com/templets/default/js/backgroundPosition.js | |
hxxp://hkvhost688.800cdn.com/templets/default/js/ie8.js | |
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl | 64.18.20.10 |
hxxp://hkvhost688.800cdn.com/templets/default/js/slide_switch.js | |
hxxp://hkvhost688.800cdn.com/templets/default/js/navigator.js | |
hxxp://hkvhost688.800cdn.com/templets/default/js/oninput.js | |
hxxp://p21.tcdn.qq.com/qconn/wpa/button/button_111.gif | |
hxxp://eco-api.meiqia.com.safe.dayugslb.com/dist/meiqia.js | 218.60.33.166 |
hxxp://eco-api.meiqia.com.safe.dayugslb.com/dist/doorbell.html?1m47r5d7qtt65hfr | 218.60.33.166 |
hxxp://434353.p23.tc.cdntip.com/dist/scripts/doorbell-i8wozeiuwodmquxr.js | |
hxxp://eco-api.meiqia.com.safe.dayugslb.com/visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://www.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688 | 218.60.33.166 |
hxxp://gpla1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs= | |
hxxp://blogspot.l.googleusercontent.com/ | |
hxxp://googleadapis.l.google.com/css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2 | |
hxxp://googleadapis.l.google.com/css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2 | |
hxxp://googleadapis.l.google.com/css?family=Tangerine:400,700&ver=3.9.2 | |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.11.0/jquery.min.js | |
hxxp://bootstrapcdn.jdorfman.netdna-cdn.com/font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2 | |
hxxp://code.jquery.netdna-cdn.com/jquery-migrate-1.2.1.js | |
hxxp://s7.addthis.com.cdn.cloudflare.net/js/300/addthis_widget.js | 104.16.17.35 |
hxxp://adonweb.10574004.pix-cdn.org/js/adv_out.js | |
hxxp://widgets.amung.us/classic.js | 173.192.200.70 |
hxxp://whos.amung.us/pingjs/?k=aacxow2ith0d&t=SPECIAL MOVIE&c=c&y=&a=0&d=0&v=22&r=6060 | 67.202.94.94 |
hxxp://t.dtscout.com/i/?l=http://songhaiyouhong.blogspot.com/&j= | 107.182.233.217 |
hxxp://cdn.tynt.com/tc.js | 104.16.88.26 |
hxxp://ps.eyeota.net/pixel?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E | 52.29.219.40 |
hxxp://ps.eyeota.net/pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E | 52.29.219.40 |
hxxp://tags.wdc.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038 | |
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E | |
hxxp://tags.wdc.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6= | |
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E | |
hxxp://pagead.l.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 | |
hxxp://tynt.com/b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/ | |
hxxp://pagead.l.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc= | |
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?party=1009 | |
hxxp://ib.anycast.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1 | |
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 | |
hxxp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1 | 52.29.219.40 |
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?CC=1&party=1009 | |
hxxp://ib.anycast.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1 | |
hxxp://userdblb.tubemogul.com/upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu | |
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1 | |
hxxp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e1 | 52.29.219.40 |
hxxp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu1 | 52.29.219.40 |
hxxp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou | 52.29.219.40 |
hxxp://ps.eyeota.net/match?uid=-7296199909654580839&bid=0rijhbu | 52.29.219.40 |
hxxp://tynt.com/deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r= | |
hxxp://domssl.mercadolivre.com.br/noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/ | |
hxxp://domssl.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212 | |
hxxp://gpla1.wac.v2cdn.net/baltimoreroot | |
hxxp://gpla1.wac.v2cdn.net/CRL/Omniroot2025.crl | |
hxxp://info.spiritsoft.cn/v4/js/main.js | 114.55.90.68 |
hxxp://crl.geotrust.com/crls/secureca.crl | 23.46.117.163 |
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH | 104.16.28.216 |
hxxp://urlspirit.spiritsoft.cn/urlcore/svcreq1413fd.css | |
hxxp://www.sdcysoft.com/templets/default/js/backgroundPosition.js | 219.234.8.109 |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js | 216.58.209.202 |
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== | 23.55.155.27 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ | 173.194.113.199 |
hxxp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 | 173.194.113.218 |
hxxp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110 | 114.55.90.68 |
hxxp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc= | 173.194.113.218 |
hxxp://netdna.bootstrapcdn.com/font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2 | 94.31.29.55 |
hxxp://ocsp.omniroot.com/baltimoreroot | 93.184.220.20 |
hxxp://s11.cnzz.com/stat.php?id=1189654&web_id=1189654 | 1.99.192.16 |
hxxp://info.spiritsoft.cn/v4/images/splogo.png | 114.55.90.68 |
hxxp://www.sdcysoft.com/templets/default/js/slide_switch.js | 219.234.8.109 |
hxxp://s7.addthis.com/js/300/addthis_widget.js | 104.16.17.35 |
hxxp://tags.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6= | 169.47.30.64 |
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs= | 93.184.220.20 |
hxxp://fonts.googleapis.com/css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2 | 216.58.209.170 |
hxxp://tags.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038 | 169.47.30.64 |
hxxp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1 | 54.247.84.9 |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= | 93.184.220.29 |
hxxp://info.spiritsoft.cn/v4/images/sound_high.gif | 114.55.90.68 |
hxxp://pub.idqqimg.com/qconn/wpa/button/button_111.gif | 203.205.158.59 |
hxxp://ib.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1 | 185.33.220.38 |
hxxp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009 | 37.157.4.14 |
hxxp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat?q=41 | |
hxxp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1 | 185.33.220.38 |
hxxp://ss.symcb.com/ss.crl | 23.46.117.163 |
hxxp://songhaiyouhong.blogspot.com/ | 216.58.214.225 |
hxxp://bcp.crwdcntrl.net/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E | 52.17.249.178 |
hxxp://fonts.googleapis.com/css?family=Tangerine:400,700&ver=3.9.2 | 216.58.209.170 |
hxxp://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 | 54.247.84.9 |
hxxp://hzs11.cnzz.com/stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=æµé‡ç²¾çµ&h=1&rnd=258009459 | 1.122.192.18 |
hxxp://produto.mercadolivre.com.br/noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/ | 216.33.197.79 |
hxxp://dmp.adform.net/serving/cookie/match/?party=1009 | 37.157.4.14 |
hxxp://www.sdcysoft.com/templets/default/js/navigator.js | 219.234.8.109 |
hxxp://static.meiqia.com/dist/scripts/doorbell-i8wozeiuwodmquxr.js | 42.236.125.24 |
hxxp://www.sdcysoft.com/templets/default/style/home.css | 219.234.8.109 |
hxxp://www.sdcysoft.com/templets/default/js/tabicon.js | 219.234.8.109 |
hxxp://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= | 23.55.155.27 |
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl | 93.184.220.20 |
hxxp://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w= | 23.55.155.27 |
hxxp://info.spiritsoft.cn/v4/css/style.css | 114.55.90.68 |
hxxp://0.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g | 192.0.73.2 |
hxxp://ic.tynt.com/b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/ | 208.100.17.181 |
hxxp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114 | 216.33.197.79 |
hxxp://eco-api.meiqia.com/dist/doorbell.html?1m47r5d7qtt65hfr | 218.60.33.166 |
hxxp://code.jquery.com/jquery-migrate-1.2.1.js | 94.31.29.54 |
hxxp://info.spiritsoft.cn/v4/lib/jquery/jquery-1.11.1.min.js | 114.55.90.68 |
hxxp://analytics.mlstatic.com/ga/mlb-ml-analytics.min.gz.js | 23.59.85.40 |
hxxp://www.sdcysoft.com/templets/default/js/oninput.js | 219.234.8.109 |
hxxp://st-n.ads1-adnow.com/js/adv_out.js | 88.208.10.37 |
hxxp://www.sdcysoft.com/js/start_v5.js | 219.234.8.109 |
hxxp://www.sdcysoft.com/templets/default/js/jquery.js | 219.234.8.109 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw | 173.194.113.199 |
hxxp://www.sdcysoft.com/js/jquery-1.7.2.min.js | 219.234.8.109 |
hxxp://eco-api.meiqia.com/visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://www.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688 | 218.60.33.166 |
hxxp://de.tynt.com/deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r= | 208.100.17.189 |
hxxp://rtd.tubemogul.com/upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu | 107.21.249.217 |
hxxp://c.cnzz.com/core.php?web_id=1189654&t=z | 123.129.244.226 |
hxxp://info.spiritsoft.cn/v4/images/alexa.png | 114.55.90.68 |
hxxp://www.sdcysoft.com/ | 219.234.8.109 |
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w== | 104.16.28.216 |
hxxp://eco-api.meiqia.com/dist/meiqia.js | 218.60.33.166 |
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8= | 23.46.123.27 |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= | 93.184.220.29 |
hxxp://www.sdcysoft.com/templets/default/style/common.css | 219.234.8.109 |
hxxp://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c | 195.27.31.252 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= | 23.46.123.27 |
hxxp://www.sdcysoft.com/js/jquery.tipsy.js | 219.234.8.109 |
hxxp://www.sdcysoft.com/css/lrtk.css | 219.234.8.109 |
hxxp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212 | 216.33.197.79 |
hxxp://fonts.googleapis.com/css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2 | 216.58.209.170 |
hxxp://urlspirit.spiritsoft.cn/urlcore/svcreq14032b.html | |
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== | 104.16.28.216 |
hxxp://pki.google.com/GIAG2.crl | 173.194.113.197 |
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw== | 104.16.28.216 |
hxxp://analytics.mlstatic.com/melidata/js/3/0.0.38/melidata.min.js | 23.59.85.40 |
hxxp://www.sdcysoft.com/templets/default/js/ie8.js | 219.234.8.109 |
hxxp://www.sdcysoft.com/templets/default/js/common.js | 219.234.8.109 |
hxxp://bcp.crwdcntrl.net/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E | 52.17.249.178 |
hxxp://fonts.googleapis.com/css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12 | 216.58.209.170 |
item.taobao.com | 121.42.17.239 |
at.alicdn.com | 195.59.70.250 |
www.blogger.com | 216.58.214.233 |
http2.mlstatic.com | 23.59.85.40 |
g.alicdn.com | 80.231.126.250 |
stats.g.doubleclick.net | 173.194.222.157 |
a248.e.akamai.net | 212.30.134.197 |
scontent-waw1-1.xx.fbcdn.net | 31.13.81.13 |
analytics.mercadolivre.com | 216.33.197.113 |
static.xx.fbcdn.net | 31.13.92.14 |
tbip.alicdn.com | 188.254.86.241 |
www.youtube.com | 173.194.113.194 |
static.doubleclick.net | 173.194.113.219 |
clients1.google.com.ua | 173.194.113.207 |
ssl.gstatic.com | 173.194.113.207 |
apis.google.com | 173.194.113.195 |
n-cdn.areyouahuman.com | 52.222.157.27 |
analytics.mercadolivre.com.br | 216.33.197.79 |
gskip.taobao.com | 140.205.134.25 |
www.facebook.com | 31.13.92.36 |
gm.mmstat.com | 205.204.101.182 |
www.google-analytics.com | 173.194.113.196 |
log.mmstat.com | 106.11.92.1 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Tue, 23 Jul 2013 07:28:26 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3068
Content-Type: application/javascript
X-Varnish: 1072179 8192581
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1135
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........Yms.6..~3..h6g.....{.He4n.4..iS......LB.m.P.P.k....@R.....LD..b........Qp....!8.3...6....4......h.O...~.,{.J.r. ..w2....@...A....ui.6...7..)...<.........r..?...".....`t|L..=.Q.(e.g..,.......h.u.c...F.b........n&.q?q-s..h].%ld..XGw0{||$...&.....p......_..p.{.u..'.......n[.8....)../...7".Q*...?h...>P..........N.#\n.g.......d...(.v...6.4Q..[f.o..v...n)....dI.}......_iu $....<..h.<~.N..5.....[.t..Be{....SY.........p....p...D..S?..r.1..|.....]..-..... .Zs....J......s...IXG.('.....|...v.|(s}k.\....J..._.r]....=..w1>...[..p...c..o$3..de..V.[.mxQ.fYg*..W.S...(.,.s2.GdlY...!..S....J.g...0?{....gC..k8....f*|Z.....A&U....H ..Ta*@..U...nZ-.4..*.ZW........OVZ.T....~...Z......D.H....~sL...C...eC...0P{..7:2.k- .D.../v...[....<..;u'. n .Y.[...._>...6]......^..D..=..!.......>Q..........A......XD.y.F2.....3..Rx$9....*.b~|...`).,..{....^s....`...'..%... ..'(.$P.H...A.t.q...{..k......Q.V.d~|..'&.Ej.]..KV.io]..)B.....9\.hTU...t.ex..Z.T..9.}.wf}..x..)...].......Nu.wc.......4...m... ..x.Sn..{]...3..F3.!p.q......jU#...@..m.l.3.S....d...`....j..N.p...!.=..!.4Q...UJ0).#.$..\.K..e..j .&.i_..,...BLN.......en...K..a...z..j.G....tz.5........h....`T...x.-.c.............._....?q...o.>..}...Hi.[W/2.d...;.en..a....^|..=`......9%_....~..^R.y.3...v_.C5.&..T.HC.......&.(Pn~(x.=....h...H.....[V.g0......J.......3KF........o/....A&X....k.k...'.k.v[.........V.../`IPp.`.c.y&.v.2..}..t. .sz.p...s<.N>. "...=2.N..........G~....l.f.T...ce..P....A.....Z..@R_..E...Q..a.b.....c.....u...H.w6.....$....|..VVPW].a.7..
<<< skipped >>>
GET /wp-content/themes/dream/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:23 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 379
Content-Type: application/javascript
X-Varnish: 1072182 7832086
Age: 131607
X-Cache: HIT
X-Cache-Hits: 1056
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
............oO.0.._w..L.....T.../H.~.......-io.:....?Ix..%.......aZ....\.O.V..r.5&.....\.\..q...r.....5.g...X..7.S.........kG...af.V....).N`.Cp!l..V...."....9X-...:...4....X.z.4.c...FYH.....e..W.z...F..S.3Y.g&.,.I.c.}..V. ...&.!......#.t.....*..r.!V[.....m.....N:...nL.....N5.Y...~....-..=c.F...u..G....,./H.TzYP..DF......ht.V....._....d.d2.......^..b.U;....._V......W...........HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 14:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:23 GMT..Cache-Control: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 379..Content-Type: application/javascript..X-Varnish: 1072182 7832086..Age: 131607..X-Cache: HIT..X-Cache-Hits: 1056..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive..............oO.0.._w..L.....T.../H.~.......-io.:....?Ix..%.......aZ....\.O.V..r.5&.....\.\..q...r.....5.g...X..7.S.........kG...af.V....).N`.Cp!l..V...."....9X-...:...4....X.z.4.c...FYH.....e..W.z...F..S.3Y.g&.,.I.c.}..V. ...&.!......#.t.....*..r.!V[.....m.....N:...nL.....N5.Y...~....-..=c.F...u..G....,./H.TzYP..DF......ht.V....._....d.d2.......^..b.U;....._V......W...............
<<< skipped >>>
GET /wp-includes/js/comment-reply.min.js?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 01:25:00 GMT
Last-Modified: Thu, 14 Nov 2013 20:42:10 GMT
Content-Length: 757
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 01:25:00 GMT
Content-Type: application/javascript
X-Varnish: 8378246 3848684
Age: 7597
X-Cache: HIT
X-Cache-Hits: 77
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
var addComment={moveForm:function(a,b,c,d){var e,f=this,g=f.I(a),h=f.I(c),i=f.I("cancel-comment-reply-link"),j=f.I("comment_parent"),k=f.I("comment_post_ID");if(g&&h&&i&&j){f.respondId=c,d=d||!1,f.I("wp-temp-form-div")||(e=document.createElement("div"),e.id="wp-temp-form-div",e.style.display="none",h.parentNode.insertBefore(e,h)),g.parentNode.insertBefore(h,g.nextSibling),k&&d&&(k.value=d),j.value=b,i.style.display="",i.onclick=function(){var a=addComment,b=a.I("wp-temp-form-div"),c=a.I(a.respondId);if(b&&c)return a.I("comment_parent").value="0",b.parentNode.insertBefore(c,b),b.parentNode.removeChild(b),this.style.display="none",this.onclick=null,!1};try{f.I("comment").focus()}catch(l){}return!1}},I:function(a){return document.getElementById(a)}};HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 01:25:00 GMT..Last-Modified: Thu, 14 Nov 2013 20:42:10 GMT..Content-Length: 757..Cache-Control: max-age=2592000, public..Expires: Mon, 05 Feb 2018 01:25:00 GMT..Content-Type: application/javascript..X-Varnish: 8378246 3848684..Age: 7597..X-Cache: HIT..X-Cache-Hits: 77..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive..var addComment={moveForm:function(a,b,c,d){var e,f=this,g=f.I(a),h=f.I(c),i=f.I("cancel-comment-reply-link"),j=f.I("comment_parent"),k=f.I("comment_post_ID");if(g&&h&&i&&j){f.respondId=c,d=d||!1,f.I("wp-temp-form-div")||(e=document.createElement("div"),e.id="wp-temp-form-div",e.style.display="none",h.parentNode.insertBefore(e,h)),g.parentNode.insertBefore(h,g.
<<< skipped >>>
GET /pa?p=2:2923673182:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..
GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 10 Oct 2016 18:18:58 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.omniroot.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:31:55 GMT
Last-Modified: Mon, 30 Jan 2017 18:27:11 GMT
Server: ECS (arn/46B6)
X-Cache: HIT
Content-Length: 5
0....HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03:31:55 GMT..Last-Modified: Mon, 30 Jan 2017 18:27:11 GMT..Server: ECS (arn/46B6)..X-Cache: HIT..Content-Length: 5..0........
POST /baltimoreroot HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 71
Host: ocsp.omniroot.com
0E0C0A0?0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M....'.k
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:32:01 GMT
Last-Modified: Sat, 04 Feb 2017 11:11:30 GMT
Server: ECS (arn/45C1)
X-Cache: HIT
Content-Length: 1372
0..X......Q0..M.. .....0.....>0..:0......`;.l.uZ..k.F..^|A.Tb..20170204022145Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M....'.k....20170124185021Z....20170421185021Z0...*.H...................j....G%...."B.....J..@Y.....G.4.t,......5H..r.$......#x}.q...l. 3..w.......[S.0..Ps0.~,.....zq.TJo.a;."..'..~b.....Pg?>@...l.......R!..z..2..Z..I...#t..h_.2...>..#....P[..Z..%.#...w............"..S.n....o5"i;9.....ok.N.S..~h.S.v.Q.....E...A....J....q....0...0...0..m........'.L0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root0...150909174603Z..170909174536Z0%1#0!..U....Cybertrust Validation 20150.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8..........h8GM..*.4.MP..../D4n.=ZTeH.B=kOT.v..2@F.2L..A...yn.4......fP...L...2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U...........0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`;.l.uZ..k.F..^|A.Tb0...*.H.............|]...`k.n........0.A.P..N< ._>)..yS..RV?...U.....4BQ....L.BAD.`.WId....*...;Z.M...K..S.l.f.q....>.b..dl./....H<.F9.....V.4....O..5.....-...W....4.,.k...Y.R..........Z..)j.r.....V.s.EQl.<nHO.........CI/M{.r....3...}.n.*.<........g^.B...P.X......dE....... }...
<<< skipped >>>
GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60
Vary: Origin
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>
GET /avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: 2.gravatar.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:38 GMT
Content-Type: image/jpeg
Content-Length: 911
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <hXXps://VVV.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g>; rel="canonical"
Access-Control-Allow-Origin: *
Content-Disposition: inline; filename="52612bfba40c463ad5878c3862379d1c.png"
X-nc: MISS arn 2
Accept-Ranges: bytes
Expires: Sun, 05 Feb 2017 03:36:38 GMT
Cache-Control: max-age=300
Source-Age: 0
......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....................................................................C....................................................................... . .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........Z...Z=.....G......<.i...........wf.c.....c...../....u..O......|ei....4......{2.........O<..h^G!UTd.z.^..=.Q.te...Y....3.......\'.=%/u..$P..1......A..(........3[.\,......9.wo..^.,O....RD%YX`.:._LW..\.R.\..5...;....O.V.?..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 05 Feb 2017 03:31:38 GMT..Content-Type: image/jpeg..Content-Length: 911..Connection: keep-alive..Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT..Link: <https://VVV.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g>; rel="canonical"..Access-Control-Allow-Origin: *..Content-Disposition: inline; filename="52612bfba40c463ad5878c3862379d1c.png"..X-nc: MISS arn 2..Accept-Ranges: bytes..Expires: Sun, 05 Feb 2017 03:36:38 GMT..Cache-Control: max-age=300..Source-Age: 0........JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....
<<< skipped >>>
GET /1234567890.functions HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: mrx9.ddns.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: Mini web server 1.0 ZTE corp 2005.
Content-Type: text/html; charset=iso-8859-1
Accept-Ranges: bytes
Connection: close
Cache-Control: no-cache,no-store
<HTML>. <HEAD><TITLE>404 Not Found</TITLE></HEAD>. <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">. <H2>404 Not Found</H2>.The requested URL was not found on this server..<!--.Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..-->.</body>.</html>...
GET /pingjs/?k=aacxow2ith0d&t=SPECIAL MOVIE&c=c&y=&a=0&d=0&v=22&r=6060 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:58 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: close
Set-Cookie: uid=CgH9HliWnK6gBxs7NcgwAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/
Content-Encoding: gzip
34.............w../.O.P740P.QOLL../7.,.0HQ.1....JMup .....0..
GET /tc.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: cdn.tynt.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519; expires=Mon, 05-Feb-18 03:31:59 GMT; path=/; domain=.tynt.com; HttpOnly
Last-Modified: Tue, 17 Jan 2017 20:22:08 GMT
ETag: W/"587e7cf0-386b"
Content-Encoding: gzip
CF-Cache-Status: HIT
Expires: Wed, 08 Feb 2017 03:31:59 GMT
Cache-Control: public, max-age=259200
Server: cloudflare-nginx
CF-RAY: 32c34ae607795948-VIE
1622.............;.z......4..D.Q...-iXu.'u.....Y......"....X:.~g.n.....K.e0...f..n.v...y<[$.h.i.G..N...a...vtt.%q.j..giga..C.T{'R......^D..."?....\..NC.G.....u...L.C.g........s...#/... ..<.D.....{...2:e.~.fIl...:.|.m....;.....F".... .@.j...vip.....x.c...k.x.<.].....U........q..}`.{...g.'.b......{....C<X?...?.0........G .S1.h......V"f!......ZR..O...o6......dE.Dd.$..U04.IYn./.........(.ua..;.G..j...O..;1..t:.}....J...............z.x.%!kL.Y.g....!.M.......a.........5{...\.....a.2U..]..Q.`..#.._...?.[.zI0..6N.H..|....l.]...........];q.z..3g.r...(.o...%.N..a...m6%I.>......m..J/BA.Rg..N.... I.....enm{.K.j....>.t.y....S......5Fu.&...E.0D.$. .-.....o.t .@.s....k>z.._nI...)...-.s..sf.......X.fq........^..r...[..;.......6......u:.hPaL5...'.Hl..Eq$t:..(....6...S...$.D....u....vC.Mt*g.......{A4.. [...E1h..uH.....&...Z...... .?.\..z.......l....48.^....wI......go...z{...ixz..)..z".WC.cJ..4.O.=...83...D.Y..%..I[.E....1.Q......4..=0...8....ym....48...k....V?]..VD.%........!U ...R..............e|'.s..{nN.k.]..>....Da.......q..U .....\Qy.k.K.M.....`.L.?:........$sKC..w.mp/.:K...8Y...7.0nz0..d.....B...V0.D?.....8.c.dP/..$.....[x>.. ...7.....!z.D.C.8\.......<W..D.............y.B#..Q.!.."...x.xB'..O.b.?;.(F......}.e3...[.*..c.....q...3..q#...v.M..BZM4"......2.i.9.8}..!l.b..8z.T.4q.......,q ".:...V.... N...\:p....6.ivY.....N.^..ltA.M.......#...6(....(.C:a....O...) .U.&X..'...h.....d.\F}1X..'.p.z.........c...6...sc..@...{..P.U.z..wT.../#M...^^..Or^=..;..........IJ"@.......&.z...s.AH...(.1.....z..W.. k`C
<<< skipped >>>
GET /avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: 0.gravatar.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:38 GMT
Content-Type: image/jpeg
Content-Length: 911
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <hXXps://VVV.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g>; rel="canonical"
Access-Control-Allow-Origin: *
Content-Disposition: inline; filename="cfb9b68598748471e884ae8e1367a070.png"
X-nc: MISS arn 2
Accept-Ranges: bytes
Expires: Sun, 05 Feb 2017 03:36:38 GMT
Cache-Control: max-age=300
Source-Age: 0
......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....................................................................C....................................................................... . .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........Z...Z=.....G......<.i...........wf.c.....c...../....u..O......|ei....4......{2.........O<..h^G!UTd.z.^..=.Q.te...Y....3.......\'.=%/u..$P..1......A..(........3[.\,......9.wo..^.,O....RD%YX`.:._LW..\.R.\..5...;....O.V.?..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 05 Feb 2017 03:31:38 GMT..Content-Type: image/jpeg..Content-Length: 911..Connection: keep-alive..Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT..Link: <https://VVV.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g>; rel="canonical"..Access-Control-Allow-Origin: *..Content-Disposition: inline; filename="cfb9b68598748471e884ae8e1367a070.png"..X-nc: MISS arn 2..Accept-Ranges: bytes..Expires: Sun, 05 Feb 2017 03:36:38 GMT..Cache-Control: max-age=300..Source-Age: 0........JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....
<<< skipped >>>
GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60
Vary: Origin
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d177c2e50aa525e8da57f1c655c3f18d61486265489; expires=Mon, 05-Feb-18 03:31:29 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sat, 04 Feb 2017 23:47:07 GMT
Expires: Wed, 08 Feb 2017 23:47:07 GMT
ETag: "04520f3b7d52160ed2926b230316ce4b325fe5ae"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a30223d5954-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170204234707Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|..gU.#...v".......20170204234707Z....20170208234707Z0...*.H.............,....U....)}woI.(.........Xxb,.k>e.H...].@.H`..).....g.v.D..D.#..../..:.?1...Pg@Q...!....q,-&..B@...0.\>X.&..n.}.%:>{.[../G{f0...yf..^..2F..k.Sjs..gr...... Mm/.(.2d....$.2<....}.....ya.,....R....uxz.).Py..4Cj....0OZs...73i.,_.L5..F.d..bI..M...qD.......0qkU...K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.
<<< skipped >>>
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d485dd5c146495f3bf64f50d08c764eab1486265498; expires=Mon, 05-Feb-18 03:31:38 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:04:24 GMT
Expires: Thu, 09 Feb 2017 03:04:24 GMT
ETag: "77fdbcd515e40e764a1a170d858cc02ce4ffebe9"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a6847b95954-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170205030424Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|..EK.....L........20170205030424Z....20170209030424Z0...*.H.................z.SPl..b..#].GR..).v.&.4..*;.....<..=....<......nJ......;..j...T..1....}.-.'..*.!../F.....R.jE ....qC.....*].......)R...G{e..O.F.[..=wX..=.."..z.;..,l.4.*.k...].......Bx.x..6.d.F..z...QA$A.~Y..l-..{.....?...O..'P.w.*IU....i*..v.p....YM....S....g..X-..\...K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a8fd3655954-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9063745954-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>
GET /wp-content/themes/dream/js/html5shiv.min.js HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 01:24:31 GMT
Last-Modified: Wed, 13 May 2015 16:18:29 GMT
Content-Length: 2636
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 01:24:31 GMT
Content-Type: application/javascript
X-Varnish: 6666052 6349869
Age: 7603
X-Cache: HIT
X-Cache-Hits: 339
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
/**.* @preserve HTML5 Shiv 3.7.2 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed.*/.!function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x<style>" b "</style>",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=t.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c " " a,j(b)}function f(a){var b=s[a[q]];return b||(b={},r ,a[q]=r,s[r]=b),b}function g(a,c,d){if(c||(c=b),l)return c.createElement(a);d||(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.canHaveChildren||o.test(a)||e.tagUrn?e:d.frag.appendChild(e)}function h(a,c){if(a||(a=b),l)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g )e.createElement(h[g]);return e}function i(a,b){b.cache||(b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag()),a.createElement=function(c){return t.shivMethods?g(c,a,b):b.createElem(c)},a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&(" d().join().replace(/[\w\-:] /g,function(a){return b.createElem(a),b.frag.createElement(a),'c("' a '")'}) ");return n}")(t,b.frag)}function j(a){a||(a=b);var d=f(a);return!t.shivCSS||k||d.hasCSS||(d.hasCSS=!!c(a,"article,aside,dialog,figcap
<<< skipped >>>
GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2017 18:57:13 GMT
Last-Modified: Thu, 23 Jul 2015 11:33:34 GMT
Cache-Control: max-age=2592000, public
Expires: Sun, 04 Feb 2018 18:57:13 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4314
Content-Type: application/javascript
X-Varnish: 1072180 627494
Age: 30841
X-Cache: HIT
X-Cache-Hits: 172
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..........u..r.:....U8.-.,.2)~..a\.L.TjN..:.....w.....Y.HT.3.oa.v........0q~.`. ...h.....N./6 -......\.6F.......<,..........'.:..*..\7..<...6k9Y7..nz...'*P...4....,..A.M_.D5.A.4.,......U..j.F.....VMP. .........w..l..m..j.j.X.-D.IT.....3.~g...u.&........24e}}{.Ii.s[...K...,.../7..........E..u........[.............,.....O..[]..z6....y.N.o.....}...Z.j.$.:\....z.N.2..H....6....}.1.E.h..#ZE...6..U.o..S.. .S...r]>K......w.O u..A.....O7...s....m$.X......Dt0.m..:........hf........K....Q..Lw..P.0....u|.....M......<;[..FVI...m.NO.u)}.f.J....,...|e.j..(........H....WM..[....j.pk._K.^M.M#As.}......b...bU>...E_..z......:.....J.U.LzQ.V...B[G..r..].rm...8..e.>...ou.....6..cm..|1=t....U.]..V.r...W..)-...(a..}..;...J.?W.n;.......U..,b..eE......z.T.S...8..8(l......Z5]L...Z.......ad.................*{/..c...M_.h................lm......u..u....Ay...y{..z..C% ....\....Rg./.35Q.....Z.Ve..A..|.Zo-o...()....."...eu...p.T....-.<.....z.2..(/.A|.$. =........<.Y..h...r.ym....{{N.c..O..'...P.....*jG..w.i7._.b...x;........-.v..w......E..,.>n.0:......}|4..s... ......;.."{_........X..m.y..mv.....>..3B.R...ug*]^.D.V..W.....Y.......z.....3;.]Y...*p6?.......k....;..a.Y...........tuOOm.d..4Wv....4.W.Tt.~1...v.;...E.P~uf.zwM.\O..k..~f....E........]Lz.Y...P./...{>....{.....[..._......[..b.IV..k.Z<.z....L..fq.f..n.. Hi..k.........*p..0.F.U..9g.L.]..}..}..1...Ap5.}cF.......u...p=..! .A.Jx 5..| x0....NS....#.2f%. .S{.....}3.%..FO..>q.x.^.....{....O.K.....o.]{............)....[SlM..1[......)T.F..`.Q.GG............
<<< skipped >>>
GET /wp-content/themes/dream/font-awesome/fonts/fontawesome-webfont.eot?v=4.2.0 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:05:56 GMT
Last-Modified: Wed, 13 May 2015 16:19:42 GMT
Content-Length: 56006
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:05:56 GMT
Content-Type: application/vnd.ms-fontobject
X-Varnish: 8474627 5811078
Age: 1519
X-Cache: HIT
X-Cache-Hits: 130
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..................................LP..........................$.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...2...0. .2.0.1.3...&.F.o.n.t.A.w.e.s.o.m.e. .R.e.g.u.l.a.r.....BSGP..................~.........`.......Y.D.M.F..x...>..........)[..1..H....-A)F....1..../.S7.U.'.&a..;a.#71.^...wR.. .P...r...o....b..R..6....l..n._Up.!........b......h.,7z..U..........].)..WF..(...VH..# ....j.2..l.Q....T&*...j..9.._..[."L......... aA.ynF........e.....Ga.1E. a.b..0....8zSA..-........=7..Ex..Cr......06.,..R~>..cI:.S*..`5..n.(TefX`...@...A...L...=.C.=..e.<.'f...sH.'.e.i/"x.. ...X@l.W.!b..8R.8.*j.a.eFUkL.....I....'.Z........@..I.3H....p.GH.......@Yi@..i..S.w.0....b..@Xoy..{..f....h..U...h..L...*.l....... N.1{....)e.T....0R..n...../S.c.PV..z6%f}.4.C...&....W..'.,.A........@Q%....F.`.Th.]...3......X)@.VZ=F.Y.\'S.Ngx...,...'.........b.R..m.....j...[.b..0A....NM.$...X.m....YQ....v..a..iT3...CT....#...8EFM2*..... $.I..)>.7....=... ...b..t_.:..>RfH.U.6b.....[..~Y%,.3j....|..^e..C.vZ.`^ HT..L...~.[..\rs!..J.9H.:....M........6@......W.`.&....y.{.......9..........KAQ3.......T..q..".B.<......,K"..{.C....K......l7e.hA..z...z..9%).`...,.(.V........ksX......&`.J..D..<4...3&.CE..Q...@..N10..5!X..EE....'..f.mp.!=..K....Uy.P.H.Z.....A ....r...@.......n....d..w.7..-........."......$.*nq."d.Q.....'._.....8.......[.....Y B.....@... E...........2.F..Qd..Ip`......21..y.2...5..)..L*N.....owq..v....F...B5_`..[1....g.........].......C.....q..ZbO.gb8o../z...N)s.@%......V..p.X%-....`t}.G..65.h.~
<<< skipped >>>
GET /ss.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcb.com
HTTP/1.1 200 OK
Server: Apache
ETag: "56cb56c1648f51e7e216cb070afae6b2:1486242682"
Last-Modified: Sat, 04 Feb 2017 21:11:22 GMT
Date: Sun, 05 Feb 2017 03:31:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G4..170204210122Z..170211210122Z0....0!....K..Kx.:.....37..160628125652Z0!....Rk.......(!u....160331033634Z0!....lv...>.?O...^...160622011159Z0!.....6w...iP...s.M..160608011251Z0!.......1^...B.Ph.H..161208073412Z0!....r-...0u..B\.`...160602011343Z0!....E.u2..1....L....160315011119Z0!.....Q..-(....}._h..170130053955Z0!.........J.N.h......150217135549Z0!....N.....e....F?B..160401232208Z0!............XW.M....150816010821Z0!......x....Xvheqrv..170102113703Z0!......y.....a..C....160621011139Z0!....Q8*.|..]6.".4...150330080110Z0!.....!!..O..........151124201031Z0!....2.....E..yYT.E..161207145003Z0!....eL.Y icf}.:..N..140508200907Z0!.......>..z(L..0i...150517010832Z0!......Q.0...j.D.....160601160659Z0!.............j f....160613011111Z0!.....v.;..u7.3......160916195205Z0!.......`...5w.......161011093118Z0!.....8.@.N..w.n.aw..160122052207Z0!.......n....[...6a..140729211122Z0!.....Z...k1S.<.. I..150727184447Z0!...";.M....Gp.f.....160621163727Z0!...#D..!jhMz........160906045841Z0!...#]........x.zW-..160329114327Z0!...$.K/."T....w`K...160215003231Z0!...%.vu..;..r*y..E..150802010744Z0!...&...$...tX...5...160810011135Z0!...&....5./C...c....150310141723Z0!...(SD.....h.4vtr...160727164314Z0!...).....9:..2......160523133724Z0!...).......0^.B.....151102010800Z0!...)....BF...o.T....160111184646Z0!...*..`.y...T\a.<i..160321112541Z0!... ...kM..jZY...$..160118
<<< skipped >>>
GET /pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=
Date: Sun, 05 Feb 2017 03:31:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 320
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2017 03:46:59 GMT; path=/; domain=.doubleclick.net
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=">here</A>...</BODY></HTML>......
GET /pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc= HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: test_cookie=CheckForPermission
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1
Date: Sun, 05 Feb 2017 03:31:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 310
X-XSS-Protection: 1; mode=block
Set-Cookie: id=22befda9811100d9||t=1486265519|et=730|cs=002213fd483636e64dd1040bbc; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
Set-Cookie: IDE=AHWqTUlqszoYQayW8TZl0vAcLdLlZmtS-lGLPEL0LAWnmt4cuy4c6U1R0A; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net; HttpOnly
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1..Date: Sun, 05 Feb 2017 03:31:59 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Content-Type: text/html; charset=UTF-8..Server: HTTP server (unknown)..Content-Length: 310..X-XSS-Protection: 1; mode=block..Set-Cookie: id=22befda9811100d9||t=1486265519|et=730|cs=002213fd483636e64dd1040bbc; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net..Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT..Set-Cookie: IDE=AHWqTUlqszoYQayW8TZl0vAcLdLlZmtS-lGLPEL0LAWnmt4cuy4c6U1R0A; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net; HttpOnly..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Mov
<<< skipped >>>
GET /pa?p=2:2051282539:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..
GET /templets/default/style/home.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:34 GMT
ETag: W/"0c1d3963869d11:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
2ee.............V.n.0.}....5Z.]..!i.|Ld..o....M....7.$...U.......3...\..N u..%..<..GB...p.D~.mCy..].O.....8e(......xo....nc.B.3.........CE;..G....[^3.U...j....<.N..F.!...X...3..$P....h..K..ior...R.('....... .c..a..m.D..^....[...W...UT.,@q.a..>65....nH....!....{......%o....-.D...?.c.R.<..>......q.=.%.....=.m..m....:.......|...k..fV}B.e.xg.8.}.....Y...x.1m.Qo..,....{....?5..........v.`.#\.L[B._...$Yla...6...}...m...r..0..&PB....^.:.@...1JM.KV....i. .9.a..ja....-&A}(.y08.../.........m.^.}.=.n=...._m.=5 ...?f.......8.c..B..i..i.t.........:. ..#>.M<L..\.`."..9D.......V^$v-..9.../.....8...C..F.V5e......?..K.>.t..........(.....}.b.r.........Qg..Q........G........H\U.7............v..i..%..{a.t...l.h.lO.KaO~ym...dYd...Xe\._.3.|...o...T{..n.[,......!.......0......
GET /templets/default/js/tabicon.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 715
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:32 GMT
Accept-Ranges: bytes
ETag: "094a2953869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
...var colors = {....0:"#ef6523",....1:"#fc3159",....2:"#000000",....3:"#c4161c"...};...$('#cont .ul1 li').hover(function(e){....var index = $('#cont .ul1 li').index(this);....$(this).find('a').css('opacity',0.3);....var x = $(this).find('a').eq(0).css('backgroundPosition');....x = x.split(' ')[0];....$(this).find('a')[0].style.backgroundPosition = x ' -476px';....$(this).find('a').eq(1).children().css('color',colors[index]);....$(this).find('a').animate({opacity:'1'},300);...},function(e){....var x = $(this).find('a').eq(0).css('backgroundPosition');....x = x.split(' ')[0];....$(this).find('a')[0].style.backgroundPosition = x ' -382px';....$(this).find('a').eq(1).children().css('color','#808c9a');...});....
GET /templets/default/js/oninput.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 653
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT
Accept-Ranges: bytes
ETag: "80fd9953869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
function inputFocus(id) {... var $input = document.getElementById(id);... if (!$input) return;...... var next = $input.nextElementSibling || $input.nextSibling;...... if (next.tagName.toLowerCase() == 'span') {.... $input.onfocus = function () {..... next.style.display = 'none';.... }....... $input.onblur = function () {..... if (this.value == '') {...... next.style.display = 'block';..... }.... }....... next.onclick = function () {..... $input.focus();..... next.style.display = 'none';.... };.. next.style.display = $input.value == '' ? 'block' : 'none';... }...}..ready(function () {......inputFocus('search')..});HTTP/1.1 200 OK..Server: wts/1.1..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: application/javascript..Content-Length: 653..Connection: keep-alive..Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT..Accept-Ranges: bytes..ETag: "80fd9953869d11:0"..X-Powered-By: ASP.NET..Expires: Mon, 06 Feb 2017 03:31:50 GMT..Cache-Control: max-age=86400..X-Cache: from WT263CDN..function inputFocus(id) {... var $input = document.getElementById(id);... if (!$input) return;...... var next = $input.nextElementSibling || $input.nextSibling;...... if (next.tagName.toLowerCase() == 'span') {.... $input.onfocus = function () {..... next.style.display = 'none';.... }....... $input.onblur = function () {..... if (this.value == '') {...... next.style.display = 'block';..... }.... }....... next.onclick = function () {..... $input.focus();..... next.style.display = 'none';.... };..
<<< skipped >>>
GET /getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx/1.11.5
Date: Sun, 05 Feb 2017 03:32:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: hXXp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.141:80
....
GET /bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive
Cookie: sess=1; uuid2=3648886337069900944
HTTP/1.1 302 Found
Server: nginx/1.11.5
Date: Sun, 05 Feb 2017 03:32:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: hXXp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e1
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.149:80
HTTP/1.1 302 Found..Server: nginx/1.11.5..Date: Sun, 05 Feb 2017 03:32:01 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 0..Connection: keep-alive..Cache-Control: no-store, no-cache, private..Pragma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..Access-Control-Allow-Credentials: true..Access-Control-Allow-Origin: *..Location: hXXp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e1..Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly..Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly..X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.149:80..
<<< skipped >>>
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d330913c78f57201f33f64dc5ccd2de251486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9092c15a1a-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>
GET /wp-content/themes/dream/style.css?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:17:46 GMT
Cache-Control: max-age=2592000, public
Expires: Sun, 05 Mar 2017 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6537
Content-Type: text/css
X-Varnish: 7089079 4424375
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1038
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........=ks....._..O.......y..i.tz&M;Mz.!..@"$..H..l..........V>'i..X...b.dO_.>.....t.f.M..F.....3.n.rvzzS/.z./..i...i......f]T3rS.......{..E..MZ.r-..d.....X].y..0.[Q%?.sM.bq......a<..g.....5...._..,g.....y....#7#..d.a..7.....W.6...i&...U.E#Xc.l..'v..7....r"(CW.......... .on.hQd.M^..=D........M..6,...&]\.....>.XTpR......Ux.`.d..3H...$K.5...f...l..U.H...}...v.6.).......f.. .(..O......}B...kZ1..m. ....1Z.0.m..I..Vu..%.....,r. .Z/..G.s.5..v.'/.;!..p.._S....l..}.C..Y?...f._.]..2....3..5.JX.f..6k._..)..2.....&...!....|O...._....9.A.......... ..v..2.(.xQ..........._.W.^.O..}.....|...Oo?|.8..6 ...O..X...|......z.......%o......d....z..8k.............. .....^,...y....w.-Y...|....r..T......d..g8.."o..w.OC.3pw.... V...y]..|.....x.{.!....D@4.Y....~dIJ.|.3~G.-..#~..Ja.!..;~.....$~..7..`.P......H.-.&.v3R...j ...w....u.D.....E#...$.Q9.<G.M..._..k.7/.......E......j..=.g..%..iV.{.t..G...V..,..........2..F....M.W...Qo7.._/I.......bq-..&i..-h~Ca....G......cP.g ."9...!.4.(2...*.....E....H.|V.91f...=Z.t.n..>..$a..~.a..U.g.N..s..^U..AT....T/A.....Q ...t...a..J..l.>.W......>).}VE...&.3-.H.?.D....6..R.....^d.$Y.m'..@..H...p..&.3r.\.*Gr....@....x..iF.$..[.d[Z..Sd@~J.].@..................h.O.F- h$..=#..nV...m.....Y......a...`....`....q...@.4/0;.]Wb.;.2...Y.i.Gv..S)..V...y... v=O.....nJ..o...~Z.E..xeP|(.?..I...y.6H...<...a.......... O:.A{...P.6......M..#c..b)~nH:~.. ..{.@....~nv%....x.E.@..$`...L.I...R...%h ./.$b*d.mU.>."m.Ot~..M.....J...$G'lI.Y.....M.W.,....<G..'p;,.<*i.p........2.F.....k...&s.DA.=
<<< skipped >>>
GET /wp-content/themes/dream/js/navigation.js?ver=20120206 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:31 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 438
Content-Type: application/javascript
X-Varnish: 5324557 5374644
Age: 131607
X-Cache: HIT
X-Cache-Hits: 1273
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........R;O.0..._qLIK..\e....X...I.....}AD......!..n..{..,....`....ig.G.A7.W.4..\].mk.w<...m....V....G.A2u.dP5..`..~...<........."ggQb.$bw.9..hxN.F.3.}...e.i...}..&.D..2...C.......7,.....u .n.gU?...E.d....A<ml......<.j.......b1'.5f0J.b.......8..."Nu.\..........V..4...........k.ZN.Zg1]..C..."...eV^.9~.9... ....W.M1....\..B.Z....T../p.]2g.......v...Jg...O.|..../......r........Gn..z.A. ...}.'7&..........c{C.sb.o.Ku@......&.....~.tS...HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 14:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:31 GMT..Cache-Control: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 438..Content-Type: application/javascript..X-Varnish: 5324557 5374644..Age: 131607..X-Cache: HIT..X-Cache-Hits: 1273..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive.............R;O.0..._qLIK..\e....X...I.....}AD......!..n..{..,....`....ig.G.A7.W.4..\].mk.w<...m....V....G.A2u.dP5..`..~...<........."ggQb.$bw.9..hxN.F.3.}...e.i...}..&.D..2...C.......7,.....u .n.gU?...E.d....A<ml......<.j.......b1'.5f0J.b.......8..."Nu.\..........V..4...........k.ZN.Zg1]..C..."...eV^.9~.9... ....W.M1....\..B.Z....T../p.]2g.......v...Jg...O.|..../......r........Gn..z.A. ...}.'7&..........c{C.sb.o.Ku@......&.....~.tS.......
<<< skipped >>>
GET /wp-content/plugins/akismet/_inc/form.js?ver=3.1.5 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 01:25:00 GMT
Last-Modified: Tue, 13 Oct 2015 19:52:11 GMT
Content-Length: 700
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 01:25:00 GMT
Content-Type: application/javascript
X-Varnish: 11344493 6664469
Age: 7597
X-Cache: HIT
X-Cache-Hits: 92
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
var ak_js = document.getElementById( "ak_js" );..if ( ! ak_js ) {..ak_js = document.createElement( 'input' );..ak_js.setAttribute( 'id', 'ak_js' );..ak_js.setAttribute( 'name', 'ak_js' );..ak_js.setAttribute( 'type', 'hidden' );.}.else {..ak_js.parentNode.removeChild( ak_js );.}..ak_js.setAttribute( 'value', ( new Date() ).getTime() );..var commentForm = document.getElementById( 'commentform' );..if ( commentForm ) {..commentForm.appendChild( ak_js );.}.else {..var replyRowContainer = document.getElementById( 'replyrow' );...if ( replyRowContainer ) {...var children = replyRowContainer.getElementsByTagName( 'td' );....if ( children.length > 0 ) {....children[0].appendChild( ak_js );...}..}.}HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 01:25:00 GMT..Last-Modified: Tue, 13 Oct 2015 19:52:11 GMT..Content-Length: 700..Cache-Control: max-age=2592000, public..Expires: Mon, 05 Feb 2018 01:25:00 GMT..Content-Type: application/javascript..X-Varnish: 11344493 6664469..Age: 7597..X-Cache: HIT..X-Cache-Hits: 92..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive..var ak_js = document.getElementById( "ak_js" );..if ( ! ak_js ) {..ak_js = document.createElement( 'input' );..ak_js.setAttribute( 'id', 'ak_js' );..ak_js.setAttribute( 'name', 'ak_js' );..ak_js.setAttribute( 'type', 'hidden' );.}.else {..ak_js.parentNode.removeChild( ak_js );.}..ak_js.setAttribute( 'value', ( new Date() ).getTime() );..var commentForm = document.getElementById( 'commentform' );..if ( commentFor
<<< skipped >>>
GET / HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"cf3d398b27d21:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
X-Cache: from WT263CDN
4d3.............[yS.I...............Kl..../vv.ko.11A4R#.-u....="..N....{.,...3.9v|...]vU...../...j.$.yvD.jugeef.2.* ..g.......|.....~....t&.t.|.|......bI^Q.-..j...>.~R.2.B_V.........?...^.{R.....&H......xB .4QK.]h|...?|.f|....Q.....'V..........1.....c.5..[t.F _..}.../..R..y.....Ctg.....2...w..q....l..p....Y..?..R.t.S.T..j.)AM........Q.nh....&....NgR....B/.Mi..$...iY..B.n..&..@Y..2.......'.R*J&.....RrB.........H....*....~...q.......k}YA.l../....(.......%.#|.6~M....d.j..u.7{.3&bF....M .h......U...~....G....u.?kl...c}a.....<...!.z.kl.Z..~N.G}.Y..59.m..HK..,.$Bw__w.....aR...Bp.....1....Pk.F..L.[..*...h....A..n_........=.c.$..U5.3...[,0..t....Q_qx......U.....zS2.]...Xdj5...........:.<....t`..#..A..c$..:l .......TN....`.0........z6.a.L..0.'Hq2f..2=v.J{ ._..@PN.......>....a...H..wa {..vC.k...>9./l.....alI...X...^I.).....*.).W6.zRr.:A.U.4A6e..22A.I....0Bx%....../]......@` ........i5......|...h.)..lm..C...&D..>L.R6:(.8!..\..}A...fP.r....D.....fP.O.0.......G..]...8(.\.~o.B.......l;....V5Q.-.i............t$..DZBm..3 .... ..6.....H...vX.'.Y.....7f_.7...{.l.D.#....p.t...3...X..;...x~4.......H.I.2b..P.!...j.7|..[|........7..&...9....1 1.Y.m$.....j.P...Y1p|..x0.A.x.%..(l.r.Y.S...,r..4.z....jm.D6....i..~..9>...w.wk..z.`.6H.TF.G.S.07W.}J..5af..L...k.D.Vi..E...r|V..fXo..q-........!....{~;~.ub71.....r.;Y....zdM...)\.(....-Kk.$..-B.....#.<g.{..B}oV..-t}..........|.w..S.s.u.......r..o....."........p....q.....z..,..4........5h&..."..p1%`........B.T..3I......_Cb..?.~.r..........\..^p[d.....@...P.%UP...^Y...=..
<<< skipped >>>
GET /dist/meiqia.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: eco-api.meiqia.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:53 GMT
Cache-Control: max-age=315360000
Expires: Wed, 03 Feb 2027 03:31:53 GMT
Last-Modified: Sat, 14 Jan 2017 07:06:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"5879cdff-262c9"
X-LogId: 0c5f58969ca9490c7fa9
X-Cost: 0.000
X-NWS-LOG-UUID: 4d9430b8-54df-4fe9-9621-5998b99ed625
2167...............v...(.|N....Y@1I..L....R.dW...\......I...........}o.k.k../}.......\..z.gtD.@..5..=...L$2#####2#"...........|.P=0......GFH.I.W..A/.A.G.3;...fYW".}5%.......u...iG|...}..tW.@\.=S...3k..^L....J .......[>..[.F.n.S. ....7..ID Q...X........j5n....U.L<...W.C.....v<...j.[....1.....Q/..U-b....7....aWE.l.......P....F?..G.>.mYV.. ...0.... ak..v|.i._o..%..j.a.-__3.m.zh..R..q ..d....D...d.RM. .H....I.s...A.1...!.m..LB;=H........A.. [..V_Ar. ..\Z1.>$/.r..U.<...A..d..z....r.o..]H......./!yj......!.. o0.].....|..BUo!..A.a...........v.A..A......H~k..0.5?........... ..A..$t..H~m..1.....?..o.......3..1.*.1..F......q.j{.....o^.>.f...$YH)...S.&.....?Hi.H7:.%..~..X1.%.W#........>K.....I0...>....B...=...E.c..d.Ql.?._F...O......}.r3y.. ..A!'_|H.....]..E..L.om.zo......_........Cj;."Qy.,....c.6"[<...E....../.. .R>..8nd.<.$.}....X....x.?..C...c7{lk.N.....4F .p*c..3....i......m..i._rn......@..M.j...@i..V.z.YQD.!.>E. ...6.C.F#.......Ovw..5....0...z.p..Z....gZ.x.......\?.c....W25..Z..O.sFD..O*HP...r.....pKCd..:@P.../4.[Z.......J.FWI.KH...z.........'.a0....O<...f}.......?t...o.q(..... ... .G...l..v:.....?|..z....~.T".c.....(...I.....i@X...m...G..0.'.Co?./s..o......A...g....`....Vo...O..[uO.-..]..P.....:.......2.0.d....H..K..hp...W..[....rd.......3..EPc..9...QL}]..W.h.k..!.s.....y..`Q....]...j. 8ui........fD...yT`.q. 5.).|J.aam...=..q...1......g.t..#.(..........._.!)@.u...... ...v...kd.y.?O.2`v.F.U^j....v8.O........'#..?..(>>..q$V..vw.<.~...b....7..|.'...l.t....'...w...t`...
<<< skipped >>>
GET /dist/doorbell.html?1m47r5d7qtt65hfr HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: eco-api.meiqia.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:53 GMT
Cache-Control: max-age=315360000
Expires: Wed, 03 Feb 2027 03:31:53 GMT
Last-Modified: Sat, 14 Jan 2017 07:06:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"5879cdfd-f1"
X-LogId: 0c2658969ca9673f1ea7
X-Cost: 0.000
X-NWS-LOG-UUID: 0ef88269-1a3d-48ed-87b0-4503151f48ce
d7............-O.N.0.........T.A..C*.....Ev..7..........5Q..,.....<t...iS....%gK. (SJ..2..........-jK.s.F|/.......^.6.X.}G....*..B....r..........S.Y.b.k.9.2..=e1....)U.....r..0.I..(....k9....8..q.x..[L../..[..... . ......0..HTTP/1.1 200 OK..Server: openresty..Connection: keep-alive..Date: Sun, 05 Feb 2017 03:31:53 GMT..Cache-Control: max-age=315360000..Expires: Wed, 03 Feb 2027 03:31:53 GMT..Last-Modified: Sat, 14 Jan 2017 07:06:37 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Content-Encoding: gzip..Vary: Accept-Encoding..ETag: W/"5879cdfd-f1"..X-LogId: 0c2658969ca9673f1ea7..X-Cost: 0.000..X-NWS-LOG-UUID: 0ef88269-1a3d-48ed-87b0-4503151f48ce..d7............-O.N.0.........T.A..C*.....Ev..7..........5Q..,.....<t...iS....%gK. (SJ..2..........-jK.s.F|/.......^.6.X.}G....*..B....r..........S.Y.b.k.9.2..=e1....)U.....r..0.I..(....k9....8..q.x..[L../..[..... . ......0......
GET /visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://VVV.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: eco-api.meiqia.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: session=eyJfaWQiOnsiIGIiOiJNVGszTkRJellUSTNOVGM0TnpNNE5tWXpaR00yTVdGbE9ETTNNbUUxWVRjPSJ9fQ.C3guLQ.mh0DgIZF-7RO72-7SaIQKh9ZzcU; HttpOnly; Path=/
X-LogId: 0ba258969cad48863274
X-Cost: 0.095
X-NWS-LOG-UUID: 23ef525f-e88f-4ffc-b9df-78f0e125ae74
542.............V...6.....Q"..`..>&..).....S...m3`.w2..O....gv'.)/t.V.S..K.l..E.dB." .....l]j.@...........b.............]...u.r~{.?.K._.WG\k..@7..]z.JS..,....s..x..X'Jd..d.d.D.....j.....h$=.\.......i.Z...4...'...A......mP...z....r...fx...C..Ox..}...r..X.9..."M.~(*...Y...!.P...b?.Y...]....4..Z3E.....wr....k:.e\....1.I..P.....4.6O.....8....U&..Y....._.h.h.....aZp.&).d9..;1._tST2..5.T.....'.,Tz.ST.6 y.n.H....Q{....36b..%{S...@w.s.>........'.&......H..).RL.... 7X_........s..R..Q.M..h,.c......w.c.....46.....ds#....1..h......? ....b.W..^a..2....*.i.I{...>...t$....1.t6....(............iB.....0......QP.Y6.]u.RHt.lI..W.%.=...8l;wj....T..%O...$...A.......d.y.......(Y..O....!..2U.q..]..............n...-..w....a./E.s.....c.$O1. .Z...|......Q..c..C..U..`1e!.S........m[l*SS....A.. .dE..3M..Y.<......{m..M[....Y.R...o)..........e.v.....be...[..4..i.,....5d.;..[,v.}....x.8....n..u.....u.xik....b,r.....!..S.5.8.ez4.a?.x.4....c8O.Y...;./...X]!...2]=q^..e...x.B#.n..}.........#....Rj.c..C..F.S.X.%......V3A.T..*....I.f...T....P..S...l[.)09.gn....`1.I ....../..mX...E..U(...9.R.S..:[..$.....wt.N........8..f..H.BN..X.FMe..9..........u.].k!2Tz.B_*...... ...;..%...V.M........./|..`.....\..l..j$....:.'M.......h....wT.a.h;8..l....X....${.E.v'..n..q.x.=..,....J9.@D....U.qR./..jA;Iq..e..a]`..-..vH.uL.0e.....E.I..M.o$.....N..*.Z....M>v..7...}..K.E...O...n.Bi.....0..
<<< skipped >>>
GET /match?uid=5648657701418802231&bid=9gdtmu1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;....
GET /match?uid=-7296199909654580839&bid=0rijhbu HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Cookie: mako_uid=15a0c542197-5fdd0000010f7778
Connection: Keep-Alive
Host: ps.eyeota.net
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Sun, 05 Feb 2017 03:31:59 GMT..GIF89a...................!..NETSCAPE2.0.....!.......,................;..
GET /upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: rtd.tubemogul.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Sun, 05 Feb 2017 03:31:59 GMT
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
Access-Control-Allow-Origin: *
Set-Cookie: _tmid=-7296199909654580839;Path=/;Domain=.tubemogul.com;Expires=Mon, 05-Feb-2018 03:31:59 GMT
Location: hXXp://ps.eyeota.net/match?uid=-7296199909654580839&bid=0rijhbu
Connection: close
Server: Jetty(9.3.8.v20160314)
GET /js/jquery-1.7.2.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 94844
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:14 GMT
Accept-Ranges: bytes
ETag: "0ffe78a3869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
/*! jQuery v1.7.2 jquery.com | jquery.org/license */..(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"") "<html><body>"),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g ){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.respo
<<< skipped >>>
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9093795954-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>
GET /v4/url.html?v=4.0.4.1-1110 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: text/html
Last-Modified: Fri, 17 Jun 2016 07:53:07 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
7d9.............Y]S.V......P.....%.h&.L...i:i.....W...mQYr.c>r..4@.8......&,.i....0..e..H.._........l..4.0........}.....?]..[.g..._^....|......._...bgw'.h..\.)...TC.5Q.. ......(.q..M..|..d.(....}..a..@kk..O......"Gh...P....>.FJ...W..):.u.$..... ..~$....p\6-..S(....wAB*....|.46e?;...K".s.5U....J4..-K.......9S....l.......z.....V.T...d=..c0... ....Z...l... .\8e..1\..[...$..vId3..3g.. ..!..FJ1.......?!..B......c....-%.|.R...p.n)..F..M..M..L.........p...fD1.,CS#\ ...:|aC3........h..zD.-..S#(....?l. j,.X...y?..W#A.S...%........:...U,M.@U.4y.2..(aD......:......./!9.)..>.....%.HD.c........=HE...n....K$d..e3"..4..J........(j..:@..D.zUS..Un.@...&@....)=r=.h.15J...;{...G.....X....Ro*m....v...a.}.<C....r:..b..N..{....{y........Z.5.h.F...~t#_ZuD........p......I.G.0F.._.O.w..{.....9T9......s{N6K..L..O...'...B.@e...-........J$..(..W<X$..x..?Z......m.....G....*....5.2..7..._..Q}.{.....G..J...,#.....6.@....(.~r#.3z.CK..iHK).7...W....J..<.jN.........F...%...2........._.......29L2{$3Nfo..u..............H....w...:K...#=>8...'..s....sdv.......5...-*.;.0.k..H.j.]..e......._...lI|'L{=n....'5#f.I=V..qB.v...3..^.d...jq.).|..........bn...e.xz.....AG.R9..ky.G"%..55..wH...e.. .........;..^.,...4E.."n........'-..[[.~...cs..J.<Y...4...Z....{.P..,.jl....xj....V..\..].o...j..Xg1.#..J..d.....".g. Qem..0.{....*.......pq.4[.C.{..@V...x.j...C.s;.......h.=...rds.x0q8.^...1.%Kkd..;...x.b...:..7...C..j\?_.....'C...O..V.....o...:..;.=.^2..~..>].g(..kvf....S.<=.L .<...7...=......lm.p.N7....A9.GF.....k'G....Y...... .H8F
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2017 15:06:56 GMT
Expires: Wed, 08 Feb 2017 15:06:56 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 44672
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..20170204071735Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..i..{(..p....20170204071735Z....20170211071735Z0...*.H.............Ie..t.......9.3...H.r.AT.(......`..(n.....q..-8~....>R.'c.X1}<w.G....Ze.n...t"...Q./.yM......9...h........l{....a.[.....2.5...&.&....'..:G...0..O.....Y..8...Xd.C.@...d..m.U.:\[...u...y;.6..2Vr..,R...[..H..9-_.W..>i....O......"...|......e..Q(^.$..U.G.qL....HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 04 Feb 2017 15:06:56 GMT..Expires: Wed, 08 Feb 2017 15:06:56 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 44672..Cache-Control: public, max-age=345600..0..........0..... .....0......0...0......J......h.v....b..Z./..20170204071735Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..i..{(..p....20170204071735Z....20170211071735Z0...*.H.............Ie..t.......9.3...H.r.AT.(......`..(n.....q..-8~....>R.'c.X1}<w.G....Ze.n...t"...Q./.yM......9...h........l{....a.[.....2.5...&.&....'..:G...0..O.....Y..8...Xd.C.@...d..m.U.:\[...u...y;.6..2Vr..,R...[..H..9-_.W..>i....O......"...|......e..Q(^.$..U.G.qL........
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2017 14:50:57 GMT
Expires: Wed, 08 Feb 2017 14:50:57 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 45638
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..20170204070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./......V.y>....20170204070511Z....20170211070511Z0...*.H............./...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y..........G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q.....
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2017 14:50:57 GMT
Expires: Wed, 08 Feb 2017 14:50:57 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 45638
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..20170204070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./......V.y>....20170204070511Z....20170211070511Z0...*.H............./...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y..........G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q.HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 04 Feb 2017 14:50:57 GMT..Expires: Wed, 08 Feb 2017 14:50:57 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 45638..Cache-Control: public, max-age=345600..0..........0..... .....0......0...0......J......h.v....b..Z./..20170204070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./......V.y>....20170204070511Z....20170211070511Z0...*.H............./...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y..........G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q...
<<< skipped >>>
GET /ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 03 Feb 2017 17:28:30 GMT
Expires: Sat, 03 Feb 2018 17:28:30 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33576
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 122607
......n.....{....8...S4./.X.Z....C....g.I<..N&Y......n.TK.v.E.....@..e.n..{..[$.....B=..9..........l.../........W...|..I... .VeeA../..E}q} Sf.~}.g.(......q.."...#...._..r)..w.L/.er...;.0...r_... e..........q......,EN..W.}..........=r.(............I...CVm...)...^Tw...#...."..HD.."q..]U>P?~....?.{...i.......!"h<.."f.Ii<...6dM.YV$....l..!.....m...5......~.P../wb_=.....j.mI..o....%...@.DNC1K.YVd..4......au....}.zx9.&............0.$..r..U...#|...~.1>....vb......R.L..n_V..:zTp.oI\..j..W../.A...]...XW..N...~....n.Jf1.s$'.7d-..<.....CY0.b.........#_}..~er].V,..U)...b......3k......l...?..S....V.A....."X....m&..%.Vm.vc..*.N.b.e;..HN.6;S..$..b.....9.T...n.?.....c...4...s..[4....'.L..!.vd...#1.......y;..~.Wt.y.*.BX.8..0.....Q..V.'k .H....C...x&..a.S...CC..x.D.P.q..jS...9...$%k.Nd8......]...l.~M..2....e.X......k..U...M&....u].........5Z.c...R.y.Z ..L.x.]m...,EjG!.k.c..." ..ft.&....?k..Xv....l...e..k.........Q.1.........y^..p..J..w..H=6D6O...k...c........d.q.@.n..Q<.X...>4...N~`.f.......^.r..t.z}.&..Iv..`......GN.......).rg.cC........RJ..\G.FO....D..H.L....E._.q..1J.L.s...w[...."l.c..../.\. :......G.F... .K.aX..,..8P.Z...p....p..]].YQ&...N(pWcE.w-U.GI;0{.{.s.P$#....V.].;....~6/?.n.R..*....;.&KQ> ?.o...'.p...c{...*x......6D6}n=)e........$Z f...0.....g..7d........k..#..SR).c.Cl&.D.6.g...N..l&.Yn..#9..mE.i.Q8k7.......v.-...J..l ..V..2....YU.)?..ENl...Q-.U....t.....kz@.K...6]..\.ez%.B!..r}..PD$.$..:.....4"?..YF.e..%...&X..D....>].."k.\j.....U.].."MW.l.............tF$a.[.Rb^I.....h.....h9.i...S......
<<< skipped >>>
GET /dist/scripts/doorbell-i8wozeiuwodmquxr.js HTTP/1.1
Accept: */*
Referer: hXXp://eco-api.meiqia.com/dist/doorbell.html?1m47r5d7qtt65hfr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: static.meiqia.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:55 GMT
Cache-Control: max-age=315360000
Expires: Wed, 03 Feb 2027 03:31:55 GMT
Last-Modified: Sat, 14 Jan 2017 07:06:36 GMT
Content-Type: application/javascript
Content-Length: 14184
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Accept-Ranges: bytes
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Inner Cluster
...........}ic.6.....B.K.".dR.....IS...,.8....R.d3.I../..~.;...J..N;...,.p.....8...<.fa.........r...h..I..<......e.di.2H.1C..U0.vM....E....oz..*.a.i.X.......s..Y.5.2a..D....w.XFyg.".\2...v...u.r ....f......G..q%.....7.,..../...e....4..Y~..,.,xt..?..!).0..<I...n.h...Qp..A...8;o$._y....[..#......h..a.`...%...lh@..f...N..|1o\.i....U.....j..pX........}g]...&Y...,......8.W.#,eG....iG....1...u..Db....<.yU.E.f<z...hLC.W..n.>...,.d.;.b."..Q.}'......|Gb.M./y....Z.>..e<....0....MwM..[...L......V.JE`3..f<..8...G....._..u..\.....=.B........2.....u...A@.5z...........<.[4`.2N..<M.3n....~TV.Iy4cAe0..u........"..!"9.5..^.g...d..=.uT....-..4..b.L?5....F.g..BH_vG6..;1...f'.@.k.{.0lM.LZNG|..j=%....Z...(.%.Y.Z..~......i.xg.d.P8, ..N%7..K..........?.1...If.....9.1..h....A6=G...y.X...`h.......A..Id.O.......c[.....6=.[A...s......5....Geq..K5.R*.....M..".yz..j.....9....Z@,.-...3.E..o..#....R.m>.`..|.Y...... D......E.!.6. .vZ.'..B.2.v.M4d.%<..O!O;.S-M.F..E../..@.B\........KT.zZ.....)..Q.&...G0..*a. .t;..4.#..@..[~.&..~..)...t,L................z.....5....!.itw..C..x..../.(:.....s...h..y.Q...*.#..#..T.$...F.;S.D..!.%}....._..u..F.dc...q7.....3....g..2.p.G...y&....'....... .}...)......D.E.....M.=.......,..".r.Jk.}..;'.W.W...y...HMO.......B..jU....Y|....!..<.D..d6...S0M."..7.;:..E$d-......p&.p{..H..A.c`.LiU%k.J...3.`.0}...%.x:./........k4/.`@..jE...........x;.ps......V...>.u....&..Y..2T...Ul.u....._.. .....4.......a^...g.,..t.U.&@&.Y.MA... ..m.d....K.................j.sFy...`(f.S.rY_t.[....<D
<<< skipped >>>
GET /ga/mlb-ml-analytics.min.gz.js HTTP/1.1
Accept: */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: analytics.mlstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 16473
Accept-Ranges: bytes
Last-Modified: Sun, 05 Feb 2017 03:20:11 GMT
ETag: 12e3832f180d7e7f20245cde45cf3511
X-Timestamp: 1486264811.84748
X-Trans-Id: tx3626ee0db108430d9db4c-0058969b02
X-Nginx-Host: e-0000e6f9
X-Nginx-Pool: files.melicloud.com:8080
X-Nginx-UpstreamHost: 172.16.1.84:8080
X-Request-Id: e3010f4c-67e0-4ea3-bad3-4ce9526b3a61
X-D2id: e3010f4c-67e0-4ea3-bad3-4ce9526b3a61
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Cache-Control: max-age=784
Date: Sun, 05 Feb 2017 03:31:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........}iw...... .:.#.Y.'.t..,.I.'...3.:.T*@6 "..c.....J*.I..w.w...T.....p{...%...I.qz......x...$..[|......A.^%j.\N...........m....-Wz[......\.....1....5..&...... ...4.gR.i...&...t...b......t.ww-..YX..c?..25.g..F..".....P...A{.....6g....b..._.:B.....N.b.fa...X..|8..w.1.4...{..C{r.\.9P.S.!oM%....I..*.ej.n......"L'...1...0u?........m....O'X:u......$..4.B_O.L..l.jo7.y%..>1n8V.4.....d.......q7......=......[.M3..q.:.0.X.{O...#.....Ku8....j..TO..S%...z...&.....s...d.N...........F.J.........w0..Y:...`....R....Z.$..q.*...d..am[~.%....!,.`.FjM.=.......LG..r..Q.2..BS.......z...ZQ..U.ZLij...[&=...R^=......f.Y............L..Le[R...l R[2._.l...Y.%.....a .Ogb,..-5.)..uX.wa...B5.i...9:HG.t...Sk.BwVs./..d(.rw:.U~.W..}..n.m..|.n.Ow.....Z..w...^sB.6....m... ...0DK.B..P....A.q.....cP. .4......q..1..M...%'.(7s.X]'....u..}..(.W...[...d2...? gNoG..........>.3X..y...]...>......!..D....X.1...?....o...x..o........'...p..:.?>.{r.}x.8?;:x.8.s?.s......../Jc5....g.-..t.0.....tD..................:.z-n.9l...W..q. .?......b..h).W.S..l..G.C.G..-.8.....p...|{k.....G..p..m..7.r...zy..~b.....g...*.-...0@../......;......-?#...4.K`...6/C.,...`D..2.s.rI.Ro50.b......<......>...........I......=^!.".#) ...eP..4...y5.w..T....?.^1k......o..)1........>....j.sf...._..D....v>...tNR..`/_...#........;#9% .e1.....@hBd.....a.I....#..1..\J..)..p....#...C..{..s...@...o..K..e....<.......t%.H2...q.oQ..O.k...........d4.M..Z.h".........L r....&f......X..|..@goh..7i...0.....>..Zkb.749Z...l...F.G...0..,.fH/...._L...4.h. b[C. ...bCp.FN.
<<< skipped >>>
GET /melidata/js/3/0.0.38/melidata.min.js HTTP/1.1
Accept: */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: analytics.mlstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 6959
Content-Encoding: gzip
Accept-Ranges: bytes
Last-Modified: Fri, 16 Dec 2016 15:41:38 GMT
ETag: 0e51f8bcd5979a0b4acba30e22686825
X-Timestamp: 1481902898.55073
X-Trans-Id: tx43ded69416d44bb2b8d32-0058969a21
X-Nginx-Host: e-0000e6f9
X-Nginx-Pool: files.melicloud.com:8080
X-Nginx-UpstreamHost: 172.16.1.84:8080
X-Request-Id: 7bbf6f78-0f46-49ed-a793-652a3cd73e09
X-D2id: 7bbf6f78-0f46-49ed-a793-652a3cd73e09
Access-Control-Allow-Origin: *
Cache-Control: max-age=559
Date: Sun, 05 Feb 2017 03:31:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........[.W.H.. Fg.H.....`..&.L..$.df....=.....I.1.......l....9I.........m.fIX.ib...........T..lq._oq...D1......~..........Y..[...Zq..G.s....[[..e../..hP..<Mt.P9.?.<Y...)..Y.,Gv..|....s....X.......%...YWW.6.\].WW.....*..*....I&.Z......<t.....q...$.OS.....vAc.9s;...v..!..q.../...Q........<..X.I'..1D..e..:......A.o..V.t...@..t.]#........u.7YB...%.&.A..,.e.'..~.2b[m...V....,.$.A...kJh....J......D........./.V..{..Z.n....n.._.......v..~Wx..........[......>..-..6........x./...:bO....c.Nk.........{xx.J..8../....;..-...[.Yn)A-%j...ER...`[.8.....nc..6......[.g..d...5.{.G...E2,F....#O...'....pt}aa.^..$.&r...pxi.....<w..rY-..xX.d.......,...............(..%r1C....&.....N....H.A.*.b....P..-.....".....SR...Y..AkY6F.W........>...../KP@......R..j...m..k..'5....er....l......4K.....<....,8)..~.1<x......v(BG.....P...=y......l....>..u..ItL..iR.l....)$&.2.4e..Y.S..AU.!Nf....U....I$K../....x........-..-.1......'.......}UJ4...*Q.....L..eOU..,..P.gU.&M....b.9..l..:8[.C....w0N.....6....!;l3...{..^B.y.........mw..n....L......\.......l........[&...v........uZ...5.g.k.M.UI.%K..N!0#?...|.....'.. ...X.....}u8!.77R.nn............/.q.......(...0....{.T.Be........{.B.B.r........r5t..b.8..2...r..N[fBXiP.p.c...,...i........T>......"d..l..}._.!A......L|..6l}y..R&.i...4......=)....6.....1.....w8....IyR.D.P.. .}....<..}G. .t@SA..."..b.eG..5.(. ....v.,{.g...[.....m.(.f........vd..I....f..,#.2y.b....(...a8.O..Dd~0.(..OF.~. .zrPP'..;2@.Pg:.....6....v.....vtY..N|.....b....4..fn......D........Vkp...T.t.$.@...dF ...
<<< skipped >>>
GET / HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:01 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:01 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7602
Content-Type: text/html; charset=UTF-8
X-Varnish: 5324551 8629268
Age: 12
X-Cache: HIT
X-Cache-Hits: 2
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........].r.8...T.; J./gEJ.n.by.q23...T........!..o../..].Y..N7...H........$"..?4...F.<|........&..u..{z....z.a.y.....B6.o.5.:.Rq0h4.i....E.k.......\.S2..0b.....G.....=..a..f7...52...yP......b...i..Nl..m.h..:lh.V.....9.Z....a52.p...5u........k..:.7...|.R.nh.;.>.......X.fAMt(.c.........{y....{..h.y`.t....~.8l.rO..i....qbr.....w.qh.1...6...m....T..%Q8..V!..4..F<c...V......8D.hf_....W...aC.....<...C...r8.bfG$.cF._?.m..'......4M...(&.....I..G.[....I....;,!P.....E.Q6..~. 1u.-&.....3.....v.v..eQLC.x..iM.....A..C..g.....hD..7..E..s.yS.m..5.....qJEYhuJ...0..{Rk.Q....#....V.K.R4.... ....F..AR...w\....Y...KT...(2........(.J..dvY;.K.n..$t..........^.".Wq.v....BQ.$p|jE..it..vc..s0U..j6o.?}...."u.8=....7{f..y`...ahp}...W....u....lL....s;..(w....9.uX.Y...thk.e........ev..............w;.d}.2..=.`d6Y.m4....o...m.K.....-.Y8.^Z..&.K......iz....^..o..........r..X...|o..s......6.t?5>.d.3>EO.V...O....lt...^C...Vp~j.sn.....z-..?.d.....>g.....3y.^....x9......W.....Q..G.B.....i..$X=d.%.....r..... ..K....D.6..L.h..85rV.TV.Q.'......}&.......A~d.Z5.O...J.-...ua..{..eA...'...-x.5,....,.F....._..,.a$"2$.k#........`~jp..>...}j....=..gr!."....p.'.......?x.....f{c'.......U4`3.L....,.....a.....<...A~....>...^.k.....!..G..|...v..l..:`Jm.n..:H.......j.fZ...!.......tX.8....=K."/.......ju(..A.6..e...8.m.~L.:...C...F.......wO.......tZ.n.......n....zs.>.c......o..u.Li<;j...`.v{.V.#.j>..-..).,..gt......[p...?.......O...J...1.q.C.l...GHU..^.]../`..j.....U...V5'3....._...>......h~l7p.......&r.opn.......}.F..
<<< skipped >>>
GET /wp-content/themes/dream/js/jquery.fitvids.js?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:28 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1104
Content-Type: application/javascript
X-Varnish: 7089075 7799692
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1039
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........V.o.6.....b...Z?<`.f'.............h.l1.E....n...).R.8.&.pD=.=.;>2..s9.9..Y.Z. .E.[........F.....J.46/.v...;a>.T.(.{.z?..Z.yf..x4..Y.....@..d...(J.......&r..../.....iQ).*7fQ6..T.0..3.Gt.........Z.B..m^.zbD.".QG.BnD1.huJ.Z$......T.R.(#Js.9r.)TEJ.M.....?. .....d./..r.J5.VfV..........>bi ....q...S.......z=6..........z...2h...O..a8 .Y....3di.5..!... .h..-...H*m..#-*1R.....}.s..y.X..T&.....R.6G..<....&...Y.<G. ...5._..2oJ.z.M...}{...%J...'..&9...(.G....@.u..d..E.......u.....AN.l...x8. .. ....v.R.....C,=.7.Q....cO.[J-l1..MN-...~,OS*.......w.......'t.3Ez._...[...aq1.......j.W....,.......<...5.......^...nU..z.X!....K.".6..y..N......o.b..;.5...`.....[T.i...L..r7.C.I.Z...V.J...Qnvb..F..*..xe.....X....}...@.=.ee.)...............;.....o...j.Fx..[..]iXV:.;c..r...!..O...L.....gS....R...z..c.N.W.&...F..>......JC#/...../....<.....Q..i0...y~H'..d........$..i.....\.....9...K....1.yu...........i|O....ik..O...x...f..(..o.q.&.O%v.m.}I..]N7.0%.%.peo$...0..tK....EJ.......j.?o.Nz.......j*.b._..T..?..=...x.a......n.D...c{.p'.I.o..O.#..R............, >............W.R..K..^...6..m..K._."..l{9....d...0.......
<<< skipped >>>
GET /wp-content/themes/dream/js/fitvids-doc-ready.js?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:24 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 142
Content-Type: application/javascript
X-Varnish: 5403640 5374642
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1060
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..........-.A.. .....K..B........&lIVYWB(.{C...0L.@LJq..P...7..w..........|..sR*lo...\B.G......|*...e..K..g.4..5y.'..p..tp~&}Rn.M..../C...........
GET /wp-content/themes/dream/js/base.js?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:25 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 225
Content-Type: application/javascript
X-Varnish: 8832772 2328552
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1116
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...............0....)"#4...6...d`...[.Ms%M(...'.....]..w.wx......@.....}.5.X..Px.....|.....".....C..Q.gdL.`.j.e..]".3....Fy.......e.#_K.....w...A.j...kk....1.n4%..P.f....[..l..O.K...:..I. r........u......O[e4...i.....O'......HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 14:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:25 GMT..Cache-Control: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 225..Content-Type: application/javascript..X-Varnish: 8832772 2328552..Age: 131606..X-Cache: HIT..X-Cache-Hits: 1116..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive.................0....)"#4...6...d`...[.Ms%M(...'.....]..w.wx......@.....}.5.X..Px.....|.....".....C..Q.gdL.`.j.e..]".3....Fy.......e.#_K.....w...A.j...kk....1.n4%..P.f....[..l..O.K...:..I. r........u......O[e4...i.....O'..........
GET /wp-content/themes/dream/js/slider-setting.js?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:07:19 GMT
Last-Modified: Wed, 13 May 2015 16:18:27 GMT
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 03:07:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 333
Content-Type: application/javascript
X-Varnish: 3488261 7088266
Age: 1436
X-Cache: HIT
X-Cache-Hits: 169
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..........U.MN.0....)FE(NU.".2;.a._O`%.....=i)U.......D.....[/..,agt..vH.m.Hz....6.4..G.Y..,.r~..%..[.\.. .YZG.u...........P......6.....fAY......,.z..S<.@}..W..J.X.R/.."..o.x.w.....d....$.....Vf......$.....&.0 .......9...3|...g.O.L..[.E> ....M........X.U.....q.h..5...b.......:T. =Z.1....G...X..&S^U.....a.Zz:.........Eq.....d.l.*...HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 03:07:19 GMT..Last-Modified: Wed, 13 May 2015 16:18:27 GMT..Cache-Control: max-age=2592000, public..Expires: Mon, 05 Feb 2018 03:07:19 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 333..Content-Type: application/javascript..X-Varnish: 3488261 7088266..Age: 1436..X-Cache: HIT..X-Cache-Hits: 169..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive............U.MN.0....)FE(NU.".2;.a._O`%.....=i)U.......D.....[/..,agt..vH.m.Hz....6.4..G.Y..,.r~..%..[.\.. .YZG.u...........P......6.....fAY......,.z..S<.@}..W..J.X.R/.."..o.x.w.....d....$.....Vf......$.....&.0 .......9...3|...g.O.L..[.E> ....M........X.U.....q.h..5...b.......:T. =Z.1....G...X..&S^U.....a.Zz:.........Eq.....d.l.*.......
<<< skipped >>>
GET /harga-sewa-mobil-solo.html/ HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:36 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11121
Content-Type: text/html; charset=UTF-8
X-Varnish: 9167950
Age: 0
X-Cache: MISS
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........}.r.7..o.*..0..tW..!)Q.$.c;...I.Rn.............0...9...,....n.C..)..vm....H...F.....=._............w.....d..g.-.[.\.X...{w..f......N0..K...oZTGp.>..R$.M.<.Er....;kD....Kq....U.DI.M.?.>..\'._:..;...8f..&...x.=q.#,../X$..V..S..-6...[...2...h.....^.....|.(T.......'..s...p...aKv(q.O\}..._^..7..d.....;v.....U..;..6.;;;.]td..._[._.).....;..<.'..&,....A"...-......G...*.V....I.b)...........a<w?.........:....W.;..o.u...a7s7f.....A..K...a 7.3@..#.q.....^:s}.....m."...a..!.."..$.;.6........w....|c._.i.#.23..;........y".B...O......i....'.6sx.....v......4.s...XD..{n..v..',..A..4.A...........i.&?....YD.E„...Z...E...Ny.J....?..UC....<J.......g.7..M..u.s..i....i.Pg>......O..y.g.xz|..v.=cc.P....*.!.....i.s..w.[....$.r0.....`.`<.?..<fK.,..t.Bx.$.~]d!..nT....iT-..1%"2.l.&.(]5.8..V.nSd(.0........xl..."...8..=...).;..uz.....9............X..G....._..'.......:.-...z}..\.F..$.....3........Vi.Y..l...9.1.4.X=....4..Y....B.\.>.&....x.....(#.....8b. .T..BH]]i#...Zc.H.f..t'5PH.....noX.....x...4t..N.4.{..A....JT......F$.8.....E..3.V.B_`7.5Y..........$..K.i..cr\.n......`.........hV\....}.h&..QN.<..K.H.I..Y.>.]v...4......>.8\..\.,.../wB...v.*9<.R..*/.I....b.4.y..%....]0z...".. ..t.c.9.).............T.=...cN.~......`...v.....Z#Nv..6.\....~.I...n..4l.............L......U..c...*.......Y.....m.(..=..Y.,..(aZ..Xx."i...z...O..5..X./.V....im...d......3...u.6_fzn......g...}/X....f.....K.M.J....6....".Q..4./c7.`.V.(M..&6.._j...b.%C.. b?.C]...,afY.Q..JV.o,.Ff!...`.qm........v*C...(...X,q~..}kT%?u.,
<<< skipped >>>
GET /stat.php?id=1189654&web_id=1189654 HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: s11.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 9938
Connection: keep-alive
Date: Sun, 05 Feb 2017 02:50:24 GMT
Last-Modified: Sun, 05 Feb 2017 02:50:24 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache12.l2nu16-1[37,200-0,M], cache62.l2nu16-1[38,0], kunlun7.cn9[0,200-0,H], kunlun4.cn9[0,0]
Age: 2444
X-Cache: HIT TCP_MEM_HIT dirn:9:571311288
X-Swift-SaveTime: Sun, 05 Feb 2017 02:50:24 GMT
X-Swift-CacheTime: 5400
Timing-Allow-Origin: *
EagleId: 77bc604414862654681645744e
(function(){function k(){this.c="1189654";this.R="z";this.N="";this.K="";this.M="";this.r="1486263024";this.P="hzs11.cnzz.com";this.L="";this.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz_CV" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};this.la()}function g(a,b){try{var c=.[];c.push("siteid=1189654");c.push("name=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referrer));c.push("page=" f(e.location.href));c.push("agent=" f(e.navigator.userAgent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,l=decodeURIComponent,n=unescape;k.prototype={la:function(){try{this.U(),this.J(),this.ia(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this.j(),this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa(),e[this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},na:function(){try{var a=this;e._czc={push:function(){return a.B.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[object Ar
<<< skipped >>>
GET /js/start_v5.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: application/javascript
Content-Length: 6527
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:14 GMT
Accept-Ranges: bytes
ETag: "0ffe78a3869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
var Page={init:function(){var a=this;a.adjustSize();a.bindEvent();a.bindNav();a.bindQQOnline();a.bindScroll();a.scrollPage();a.bindItem1();a.bindFeatureList();a.bindAgencyList();$(".nav.nav_1").click()},bindQQOnline:function(){$("#floatTrigger").bind("click",function(){if($("#online_qq_layer").attr("show")){$("#online_qq_layer").animate({right:"-140px"});$("#online_qq_layer").removeAttr("show")}else{$("#online_qq_layer").animate({right:"0px"});$("#online_qq_layer").attr("show","1")}return false});$("#online_qq_layer").animate({right:"-140px"});$("#online_qq_layer").removeAttr("show");$(document).bind("click",function(a){if($(a.target).isChildOf("#online_qq_layer")==false){$("#online_qq_layer").animate({right:"-140px"});$("#online_qq_layer").removeAttr("show")}});jQuery.fn.isChildAndSelfOf=function(a){return(this.closest(a).length>0)};jQuery.fn.isChildOf=function(a){return(this.parents(a).length>0)}},bindEvent:function(){var a=this;$(window).resize(function(){var b=$(window);setTimeout(function(){a.adjustSize()},300)}).resize()},bindItem1:function(){var e=this;var c=Math.ceil(Math.random()*11);var b=$("<img id='bg' src='/tpl/Home/138wo/common/new/images/bg" c ".jpg' />");var d=$(".w-user input[name='username']");var a=$(".w-user input[name='password']");b.on("load",function(){$(".item_1 .bgwrap").append(b);var f=(e.getClientHeight()-b.height())/2;if(f>0){b.css({height:"100%"})}else{b.css({"margin-top":f "px"})}b.fadeIn("200",function(){$(".item_1 .content").fadeIn(300)});$(".loading").hide()});$("
<<< skipped >>>
GET /templets/default/js/common.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 5457
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:27 GMT
Accept-Ranges: bytes
ETag: "80a3a7923869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
//reday ........function ready(fn) {...if (document.addEventListener) {....document.addEventListener('DOMContentLoaded', function () { fn && fn(); });...} else {....function loading() {.....try {......document.documentElement.doScroll('left');......fn && fn();.....} catch (e) {......setTimeout(loading, 1);.....}....}....setTimeout(loading, 1);...}..}...//...............function addEvent(obj, sEv, fn) {...if (obj.addEventListener) {....obj.addEventListener(sEv, fn, false);...} else {....obj.attachEvent('on' sEv, fn);...}..}...//......className;..function getByClass(oParent, sClass)..{...if(!!document.getElementsByClassName)...{....//..........return oParent.getElementsByClassName(sClass);...}... ...var aEle=oParent.getElementsByTagName('*');...var result=[];......var re=new RegExp('([^\\w\\-]|^)' sClass '([^\\w\\-]|$)');......for(var i=0;i<aEle.length;i )...{....if(re.test(aEle[i].className))....{.....result.push(aEle[i]);....}...}......return result;..}..//......className;..function addClass(obj, className) {...var reg = new RegExp('\\b' className '\\b');...if (!reg.test(obj.className)) {....if (obj.className == '') {.....obj.className = className;....} else {.....obj.className = ' ' className;....}...}..}..//......ClassName;..function removeClass(obj, className) {...var reg = new RegExp('\\b' className '\\b');...obj.className = obj.className.replace(reg, '').replace(/\s /g, ' ').replace(/^\s |\s $/g, '');..}..//..............function getStyle(obj, name) {...return obj.currentStyle ? obj.curren
<<< skipped >>>
GET /templets/default/js/slide_switch.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 3205
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT
Accept-Ranges: bytes
ETag: "80fd9953869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
function slider(id, event, speed, time) {...time = time || 3000;...speed = speed || 3;...event = event || 'click';...var o = document.getElementById(id);...if (!slider) return;...var $fbox = o.children[3], $focus = $fbox.children[0], $focusUl = $focus.children[0], $word = $focus.children[1], $focusLis = $focusUl.children, index = 0, interval, oli = null, $menu = o.children[2], $bleft = o.children[0], $bright = o.children[1], date = null, b = false;;...$menu.innerHTML = '';...for (var i = 0; i < $focusLis.length; i ) {....var $menuLi = document.createElement('li');....if (i == 0) $menuLi.className = 'btn_active'....else $menuLi.className = '';....var $menuA = document.createElement('a');....$menuA.setAttribute('index', i);....addEvent($menuA, event, function () {.....var idx = parseInt(this.getAttribute('index'));.....if (index != idx) {......clearInterval(interval);......setIndex(idx);.....}....})....$menuLi.appendChild($menuA);....$menu.appendChild($menuLi);...}...addEvent($bleft, 'click', function () {....date = new Date();....clearInterval(interval);....setIndex(index - 1);...});...addEvent($bright, 'click', function () {....date = new Date();....clearInterval(interval);....setIndex(index 1);...});...$fbox.onmouseover = function () {....clearInterval(interval);...}...$fbox.onmouseout = function () {....setIndex(index 1);...}...var $menuLis = $menu.children;...function setIndex(idx) {....b = false;....$word.style.display = 'none';....if (idx < 0) idx = $focusLis.length - 1;....if (idx > $focusLi
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=492941, public, no-transform, must-revalidate
Last-Modified: Fri, 3 Feb 2017 20:22:59 GMT
Expires: Fri, 10 Feb 2017 20:22:59 GMT
Date: Sun, 05 Feb 2017 03:31:23 GMT
Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..20170203202259Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20170203202259Z....20170210202259Z0...*.H..............|....).`..g.....r..cX...).r..K.. [..n.........a.:..5Vl^..Cx..X......(.I. C.n.......YR..a. 1.*E ......s.6Q..!]...|f...|O2......"#.5.4;..]..6.4".....`0....As....5N..Ie..-...W..4.....Z.,...K..PO.u..........'....b.hX.at..8..k6z..$..q'...UJKS...9./o...j..E..W.....0...0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0...............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA... #.''.CG..K@7z..7.\_..'.]q.f._.WN....
<<< skipped >>>
GET /classic.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: widgets.amung.us
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.9.6
Date: Sun, 05 Feb 2017 03:31:58 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 30 Jan 2017 17:59:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"588f7f06-2496"
Expires: Tue, 07 Mar 2017 03:31:58 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
1513.............Zy..H..*...4O......l....B\^.C....$.....R4..=......F" .*oU.O....R'...R.._...1....;v...dd.VH..9..v...O.?...;.....O.c..V......&....L..C.....s..wn....L...pb'{h.S.Jb.Q.0..}..c......[......*...y.[...........?.`.?.."/p......y..U........).Y..[m?c.h........c'.......Di...^.zez..f^d...a...NC.r.....s...._x.w...f...5.....L.....ja..#r.....i.h~j}...b..g'..V-c..vR>.N.K...-...?...?.'?.I..sW.B$dE..;....~......'.5..x..o.Z.....k...9Y.d...7.W Y...s3..y>:OF^...q.4.w.[.F...|o...!a ....K/.....69.x.....?.q.3......\........CP`6\m..p=.;....P..{..?|..e.8$zh...>...Sj@.....'?... .p...<Z.x.n/.}../....8..U./.^.|..w....~.C.j..(.....(@....~d........;}.q...).z...h..!f.....L-.......e..(....YR_...KL.@!.U..S_....0W-.Rc.p...?..V....X.....Qj0..=l...N..Hw#G..N".K.FTdF.,->.;.t.`q.7..,.. ;...;......g..?..{...<..(..YW...P...0...x..9..X..HW..JY. ..T..........\Y.P....o.v..-.v....s_..b.h.=4......[.'...x..;Y.qh.%...a......m.....1.t...^...be.e..z.E...ge1..-C..$.MX0..9 ._....`..h..!.2 ..I$.a.....2.nF.::.jG.7>...Em.. s.#...i....)3.-@.5..W.....,..IO....p.0G.........h.\.W.4.ejx..#4..YO....eV.r..R@..*.T..f&.j.Q...yq.*%*..O.R../u...D....6.x......U... ...N.....7_....E.(.|...^...0......=BC......YMp..v...(.P R...e .!..:8....zGs...<Z......b..K.3g.M$u.P..Db{.:...j,...#.......OR........iOtyS.ap..H..Z..>k....7O.h.x.....T\..p."O.ej.bX......U.,/..GF(..V$.-....y.v.YVK`.E9.ID,3).j...Z..<l.K..L{.Z..:.....A.I.a.....h-H.............gkM.....B.I3..S...P|.D.B...W.RCt....L...&=a..H..V.2..<CM.....D...,.w(......$...T...;=.....E..'..s.E
<<< skipped >>>
GET /i/?l=http://songhaiyouhong.blogspot.com/&j= HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: t.dtscout.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.10.0 (Ubuntu)
Date: Sun, 05 Feb 2017 03:31:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
X-S: 1-0
Set-Cookie: m=1; expires=Sun, 05-Feb-2017 11:31:58 GMT; Max-Age=28800; path=/; domain=dtscout.com
Set-Cookie: b=1; expires=Mon, 06-Feb-2017 03:31:58 GMT; Max-Age=86400; path=/; domain=dtscout.com
Set-Cookie: ey=1; expires=Wed, 08-Feb-2017 03:31:58 GMT; Max-Age=259200; path=/; domain=dtscout.com
Set-Cookie: ah=1; expires=Mon, 06-Feb-2017 03:31:58 GMT; Max-Age=86400; path=/; domain=dtscout.com
Set-Cookie: df=1486265518; expires=Tue, 05-Feb-2019 03:31:58 GMT; Max-Age=63072000; path=/; domain=dtscout.com
Set-Cookie: d=[]; expires=Fri, 04-Feb-2022 03:31:58 GMT; Max-Age=157680000; path=/; domain=dtscout.com
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: no-cache
Content-Type: application/x-javascript
Set-Cookie: l=a7bp2ViWnK4WLBeNHiLHAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.dtscout.com; path=/
79c..function _dts_gp(t){var d={},e=t.split("?",2);if(2==e.length){e=e[1].split("&");for(var s=0;s<e.length;s ){var _=e[s].split("=",2);2==_.length&&(d[_[0]]=unescape(_[1]))}}return d}function _dtsi(){a=document.createElement("a"),a.href=window.location.href,_dts.host=a.hostname,"undefined"!=typeof document.referrer&&document.referrer.length>0?(_dts.r=document.referrer,_dts.p=_dts_gp(_dts.r),"q"in _dts.p?_dts.q=_dts.p.q:"query"in _dts.p?_dts.q=_dts.p.query:"p"in _dts.p?_dts.q=_dts.p.p:"text"in _dts.p?_dts.q=_dts.p.text:"wd"in _dts.p?_dts.q=_dts.p.wd:_dts.q=0):(_dts.r=0,_dts.q=0)}var _dts={};_dtsi();var j=document.createElement("img"); j.src="//bcp.crwdcntrl.net/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E";j.width=1;j.height=1;j.border=0;document.getElementsByTagName("body")[0].appendChild(j);var t,n=[];document.title&&document.title.length>0&&n.push("phint=__bk_t=" encodeURIComponent(document.title));var o=document.getElementsByTagName("meta");if(o)for(t=0;t<o.length;t )if("keywords"==o[t].name.toLowerCase()){n.push("phint=__bk_k=" encodeURIComponent(o[t].content));break}window.location.href&&n.push("phint=__bk_l=" encodeURIComponent(window.location.href)),n.push("r=" Math.floor(99999999*Math.random())),t=document.createElement("img"),t.width=0,t.height=0,t.style.visibility="hidden",t.src="//tags.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&" n.join("&"),document.getElementsByTagName("body")[0].appendChild(t);(function(){var s=document.createElement("scrip
<<< skipped >>>
GET /deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r= HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: de.tynt.com
Connection: Keep-Alive
Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519
HTTP/1.1 200
Cache-Control: max-age=86400
Expires: Mon, 06 Feb 2017 03:31:59 GMT
Content-Type: application/javascript
Content-Length: 4
Date: Sun, 05 Feb 2017 03:31:59 GMT
Connection: close
P3P: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
/**/..
GET /pa?p=2:3264541975:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..
GET /jquery-migrate-1.2.1.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: code.jquery.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT
Vary: Accept-Encoding
ETag: W/"54499a48-40ed"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip
1993.............[ks.F..,..1...m....& Yq)..8.W".f.d%..C...p.P.b...s.g..E...p.*.(`......3....m...?-mqm^.."..y`......><..{.`....o8nZU.r.....t9......?..~=. ..}./..t2.@c.qO(..^..l.Ti....l..$.........*........J.6 ...~y....h.....9Z=s.f...g@........v.oN.....`9)ceU.......{..=z...eiM...U.`{{.2).UR... _V..|.....*- ...m.MJ.......$....Y,..th.....z[e.;....2.... ..[.*7U....(,.U.D......eu`...U:..y.f...#2.^....<4.dVZ..4.2....L& ...<.T.fd/Ks.a...).I .K...Md.l....8.C....'.,..F.TQ~$.G...z.....N....|2.hL........g......2..e2.l."....H*.,..Z.i..(.m.O9.........a.......@YIv.V...!.MF....m.....`...M [c.[L<...{;4.....t....y9...`...5%.lo.F...q.9WM5../..(.n.o.,......t.....}.......I8..j..L.F:...) .....XNL....,O#.........M2}W......=.f....d..=..*.Y..|..*V...[T.n]x.....<6.".*mQ.(....l......H@E.qD.Ni....qQ..T......B.....K[\.iUY...0!..s..@]..p ..U.I ....`{kk#....0.c.N..}n_....[6[.....y...9.._. ...VK._..}B.J... d2{.OJ>(.v.B....8.$.Y.....gH...rmQx.....o.....6.D....a~.S..)qK...m....L.GyA._......|X"....y..m.`....;..]1R.sX..L...z.aU1.Q>.n...n.T.sX.1..]2.x&.:.[...d.I....L.\,..B(...-...eZ\...........,g...).Y..1.K..J|M..x..u..G..f.u.o;=.....0.=..tc..:|...;.. ......C.-...b.|.. oc..y~Q.j'm..71.o..>=.D@(.v1.l9....jX.q..Gxh.[...&....LHkt.".O.a....k.t_$.B.T.Y.n?.7..-.........9....A.."...@.Lk.c)W...%........."G....U....... .zG.i:..l5...j..U.bfW..l.....>..F..../.....v..E.....L...E.#5ui..E....bm..v.&`A..rE..3.FE)0:...".....X.....n...x..L.....h...,.y.e...x....aq....g.....oeN.$E3..8s...4..T..'i.4E..YHj.p.l.!.\#d0{.i.b..R@.s.,..p..iri.
<<< skipped >>>
GET /font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: netdna.bootstrapcdn.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2013 21:34:15 GMT
ETag: W/"350e379de80f210090217bbc6c3add46"
Server: NetDNA-cache/2.2
Expires: Wed, 31 Jan 2018 03:31:57 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip
13db.............\k..Fv.>.......jD....&.....7k`.H...E..rS$..~x.....(. ..e.q......>u.>N..W..*.*.....z.`.jo...|.....D6.J.E.'...nK..W.}SU].5i.E.?..W...o.....v&.6Qm......z.:....c.....J.<......K;[.Q......6U..i.....}...'....j.E...).....<u......u.A)_.P..OgY.?..2^.G..........*...-._..FEh9.0Tt...?F....(.%Q(;....[w.....j.. 6T~T...>..~....M....>D.......6...>..~.\U._U.d..6..}..]<....}.\..W.d..~.}.?.r6?m1k. po.H{......;.y7.......=`0.e..U...5.So.L.-.....F(...l..u....3..0......)...7..a...~."...|..... fe.....}j.[...|}.....@.}.......K.W...F?.4.~j.......*....?...oi.w...?(................wW..g...h.I3..........O..k7...{.'.m..6........................W{.....>.fc..y,.T.>...6...s.....Sm^....}y.6...X.{.......]...w......9.Fc.}.6......0c~......[l!LA1>n......^.6._...u.b.lY........b.Ue.*U)......J\q..wP;....g....[.....M.>....5...39.>Om...O.~s...wP....Zx.."....Qx..N..A....Rt.qX.<...p.._1O.ly.g..KGc...V...i:.........d.....|.xZ..../.g/........\...}..n.|..6.vn0...Ur1.{.z.....c.ZP3..}...i.ca..l... ....rx...J...........;.;..~.\.P..@"._.....q..Rg......C5..w'.Z..-....#9.7&fjF...2t ..O..[.u......m4.{....Y2...n#......k.}n...kx.7in..U$.".....m....J1'...C.....v...>.....G .. G...?....'...as........-Z...-....Q...{...U.2..H...k.^....I.P...._.q.}.q]..<..V0i..yn.^....'.)......f....<......g.W....w....Y..vb....$j;..i....|x..8..P....N..7..........a.n....f..YS....}..6.o..*.S..x\..r....=.^]..yb.<.t.Z.:..a....1......a...>.xn.\......C._..}q.G.}91v.21.#.......;{.>...`Y......_...........m.T..~o.......AN
<<< skipped >>>
POST /urlcore/svcreq14032b.html HTTP/1.1
Content-Length: 41
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
Host: urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
f=7&v=101&c=1195&i=MBhRWwUlJnAdUXEKXyU=
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:09 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
31a3.................8....l..-....;Y...6.}....(...}.....%......U.8$...........e.....9...tMX../..p......?Q...?.s......w:..<.....cY.9].f...G...........G...C]{.i.......[......,...!.~..~7/. i3~.s...w/.(w?.zYf.........3.h...o.....`?j....b.|....;...r.......@,.tL.Y...z.."h.\.cj.bk.`x..h...DX..p...5...p.c...k..<....B2$c..E......P..%)....~.. *.i...:>.Mg..\.,/....v.L.....0.]...R...P.:..mz*<&....F..s.$...t.P.&j..hM^PMX.$|.I....k~.FM..EVn........l^...Zv...?...q..m....Q..."m.b.[ .i.wi.?.d.......i..t.....o.........O..wt..o.........2.........S....(..#._....=...C......#...qn7..l..2ym.,..k....4...... ;.N..v)y.m..di./S;O.........2.ey.[p..I.......~'....J..*yU........Y..|..~..".'.c....y..{UM.49 Mb*.i?h| ...v.d...p@b.v....y.\W.Em:._y.Q:.....d9.....*..a.....Q....y.r.b.....r....w........#.$Eo.. "..........Y.N..tA^6.AN...sAr....^.. 2.........$.h.u....b...=.........23ws.;....m>._u6...C...!;..HN........<..<......pt.....<tb....n%/..A5.d.....U...W.>........ ....h....v.....d.<.].`4>,sX.O.?O...sw_.......k.....*..E..D.x....Y.>.y..G.........q.j. .;Q.4u.....1y..<~..X..{.....N...,wUV....a.A. .t?.d.......8.p..a......./...... ..!.*.%.8Ws.b.r...!m|6....zY~.n.C.gTO..p..|"......M......).....#|V.0.6{.s/ "t@O2.w....<..>.]...:.]..4......z.E".D-?..._.9c]..@.r..)@...Cb..\..S.."..3;.X... ..?&.....Lm..O..a(.<O.^...='.......3z6QH.<.E..>.{..0.=1B.{.o8.k...EVJ....."uM..........w].....rR...yij...p..f..d.qw..fC2.bl.....N5.....1...........Y ...C...1RQ"...]~.....i. R..X8.Y...2.D..m^.Y.m$...4$]......},.t?..s..
<<< skipped >>>
GET /pixel?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
HTTP/1.1 302 Found
Set-Cookie: mako_uid=15a0c542197-5fdd0000010f7778; Domain=eyeota.net; Path=/; Expires=Mon, 05 Feb 2018 03:32:04 GMT;
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="hXXp://ps.eyeota.net/w3c/p3p.xml"
Location: /pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E
Content-Length: 0
Date: Sun, 05 Feb 2017 03:32:04 UTC
....
GET /pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1025
Date: Sun, 05 Feb 2017 03:31:59 GMT
(new Image()).src = "http:\/\/cm.g.doubleclick.net\/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1";(new Image()).src = "http:\/\/ib.adnxs.com\/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1";(new Image()).src = "http:\/\/match.adsrvr.org\/track\/cmf\/generic?ttd_pid=eyeota&ttd_tpi=1";(new Image()).src = "http:\/\/rtd.tubemogul.com\/upi\/pid\/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu";(new Image()).src = "http:\/\/dmp.adform.net\/serving\/cookie\/match\/?party=1009";function eyeota_callback(){var script=document.createElement("script");script.setAttribute("type","text\/javascript");script.setAttribute("async","");script.setAttribute("defer","");script.setAttribute("src","http:\/\/ps.eyeota.net\/pixel?e_rc=1&pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E");var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(script, s);};setTimeout(eyeota_callback,5000);HTTP/1.1 200 OK..Content-Type: application/javascript..Content-Length: 1025..Date: Sun, 05 Feb 2017 03:31:59 GMT..(new Image()).src = "http:\/\/cm.g.doubleclick.net\/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1";(new Image()).src = "http:\/\/ib.adnxs.com\/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1";(new Image()).src = "http:\/\/match.adsrvr.org\/track\/cmf\/generic?ttd_pid=eyeota&ttd_tpi=1";(new Image()).src = "http:\/\/rtd.tubemogul.com\/upi\/pid\/lons7jax?p
<<< skipped >>>
GET /match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 UTC
GIF89a...................!..NETSCAPE2.0.....!.......,................;....
GET /match?uid=3648886337069900944&bid=2cr76e1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;....
GET /match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:32:02 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Sun, 05 Feb 2017 03:32:02 GMT..GIF89a...................!..NETSCAPE2.0.....!.......,................;..
GET /track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: match.adsrvr.org
Connection: Keep-Alive
HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html
Date: Sun, 05 Feb 2017 03:31:58 GMT
Location: hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/8.5
Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:31:59 GMT; path=/
Set-Cookie: TDCPM=CAEYBSgCMgsI7vSQ4cjg5jQQBTgB; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:31:59 GMT; path=/
X-AspNet-Version: 4.0.30319
Content-Length: 163
Connection: keep-alive
Redirecting to: <a href="hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1">hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1</a>....
GET /track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: match.adsrvr.org
Connection: Keep-Alive
Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; TDCPM=CAEYBSgCMgsI7vSQ4cjg5jQQBTgB
HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html
Date: Sun, 05 Feb 2017 03:32:00 GMT
Location: hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/8.5
Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/
Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsI6LutvrLg5jQQBRgFIAEoAjILCO70kOHI4OY0EAU4AQ==; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/
X-AspNet-Version: 4.0.30319
Content-Length: 189
Connection: keep-alive
Redirecting to: <a href="hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou">hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou</a>HTTP/1.1 302 Found..Cache-Control: private,no-cache, must-revalidate..Content-Type: text/html..Date: Sun, 05 Feb 2017 03:32:00 GMT..Location: hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou..P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"..Pragma: no-cache..Server: Microsoft-IIS/8.5..Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/..Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsI6LutvrLg5jQQBRgFIAEoAjILCO70kOHI4OY0EAU4AQ==; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/..X-AspNet-Version: 4.0.30319..Content-Length: 189..Connection: keep-alive..Redirecting to: <a href="hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou">hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou</a>..
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1609
content-transfer-encoding: binary
Cache-Control: max-age=383792, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 14:03:50 GMT
Expires: Thu, 9 Feb 2017 14:03:50 GMT
Date: Sun, 05 Feb 2017 03:31:44 GMT
Connection: keep-alive
0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....20170202140350Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C....L;........b.........20170202140350Z....20170209140350Z0...*.H.............X..AT.v.....yE..=y..........g..Y..0....Ev".^.=2>0..f..<...g.......3.........f$%..*}.wr.>.]..ERT...,..{.7.....9J..F`...NY.Z..aF>...xI#.Y['.....ne....>..D..=.xz>u.F....w/.......g..v<.\HzV.....f(....)..U..^...1.....Gf..;..C.8?.k.(......}=.0........t.....~...j...n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..170211235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCSP Responder0.."0...*.H.............0..........0........g........T.$h..=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B..4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>...
<<< skipped >>>
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 07:50:34 GMT
If-None-Match: "6b9ba9eca642c891cc02365fc6161341647bd9fc"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1518
Connection: keep-alive
Set-Cookie: __cfduid=d08017094d03ae3be0f852f439ba31eb21486265484; expires=Mon, 05-Feb-18 03:31:24 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 01:07:56 GMT
Expires: Thu, 09 Feb 2017 01:07:56 GMT
ETag: "6cc438305d4cb855f5ef18f975ca7b060ecb85bc"
Cache-Control: max-age=10800,public,no-transform,must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a0e546e5984-VIE
0..........0..... .....0......0...0...........%r2.]&.iO.).*V...20170205010756Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K........DN.BG....20170205010756Z....20170209010756Z0...*.H..............'n@w....g5..\....OLE'...w..m.".0...R.....-.*}hsC...PS.".g=<.3N...K...bLV.wH.gbq\...[Q............8.=...2.'SUs.n.o..L..g.K...>.^.......t......).~4G;..&.F..e....U........%..'iC.0[...N......9.K,r;. ..9.....0y..R?..uc....K=..[.NE....@.>.M<.H.Y.o..*...zY.^.:......0...0...0..........H....9...S....0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...161208000000Z..170415000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R1 - Signer 1.10.."0...*.H.............0..........b.Q........@....2Y_y%..0..I.S.....-.$=DZ.xx>..4...d.i&....:eh.....,.M.......R..... .P..L.].J.....\oe.G...=....>.e.>.....!.......;.J....,..............U.S..2.r..G.w..0~...F....P.n..#...i...?J.Bd(6.&3.C..%.]... ...f...q..0.f.........S....2H`.b..T`.O.....l.........0..0...U...........0...U.%..0... .......0...U.......0.0...U...........%r2.]&.iO.).*V.0...U.#..0...`{f.E....P/}..4....K0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H..............~.s..uk..\....)K.8p\..,.......d..V\..n.. ....u...m..:.cb-.'....."......K2.Z.....7./y.[_.........x.(_Zf<.....9.@...s..KjP...U0.S..8eU.K..N.M......;...P..u...m.f..~.U.....5.? ...!z...\..B..y-t...%...{C.5.".zO.......C...S.d...g....N..I..i[.y..PfAr.t..W
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: s2.symcb.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1763
content-transfer-encoding: binary
Cache-Control: max-age=371973, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 10:48:48 GMT
Expires: Thu, 9 Feb 2017 10:48:48 GMT
Date: Sun, 05 Feb 2017 03:31:27 GMT
Connection: keep-alive
0..........0..... .....0......0...0.......WI.....L.c=...r..7Z..20170202104848Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..Q?.t8p.4@A.0........20170202104848Z....20170209104848Z0...*.H.............:..4A.E6....a3.!.4..}.P&...9..8.m....!.k...V@V....9j.....`8........2..)aE.Xb.R.`.......bV......yz.......|QN..1.......jc..GH(..O..@...r(..2h2t..3.....aZ|f:6.2\r.#B.............9@KJ.....LI..6nk..8...Me.....-.,....-qj.....t...5.f...O.^...8:*...@.{.{......X.:6....0...0...0..........^..)......<...T.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...161122000000Z..171214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 50.."0...*.H.............0.............................m..|........1rUZN.b.......t. d......O...NY.lR..k .Q.z.g.4(,...Rp.7...0C.j.)Z........ ~..3...x.b.-..... S^0<6...!.(..2}...T.fX}...6...(...1...#..H..|`.yy.<B.z.q$......u.-..K.!......y..8..--....?.,.[.[...5.e.4.....D..t.;....).J....\fV..G.........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://www.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U....TGV-OFF-500...U.......WI.....L.c=...r..7Z0...U.#..0.....e......0..C9...3130...*.H.............<wN..g...S.
<<< skipped >>>
GET /templets/default/style/common.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:32 GMT
ETag: W/"094a2953869d11:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
9d2.............[[....~.....!..Q........<.!8yZh...i....477.!......8.6.B.YB..8v......._..9U...4....0....S........<..;.>....K/...r..&.,..I...}...oW...o_....p.-.|-..<..^..2.'\....x}....L..t".a..n...m.:.O.....,..(....y.G<.....1v.nJ....S....Czc....r..>...r.p|<<~8..6x89z=.....:~.a.x..O?.y.nB$K{.........{.e&.o...!.O.....^..3..."L.0.O...8..1>=-.xcN...._.^..i..q.q>.'.._d9/....r...ts..N...a........E9....\.M...e..{.....o..G.E..|..K....!/.)....C.."KB!.y...<d4TH.\!Y..eo..Z...[...2. ..e).....<>Y...rkj.....U...rx.r.5i.F.<@...%KN.@....w......~....<V......'yz...{.....b>.O..(....X.d[........<....Q..{.....A......0...X.&q...]...xe.I..7..K.....EL..y".r.....M./...5..l.&in.Q.2....&.*..O...\8........&....j{...ss.yr.N.s....^..OfH......}.Y_0......W..=eC0G.[.B> /.....R|".p..Y.../..zc.7...gR..|O....k...(R).DA.u..$.2"..c.....%....*:.F...z$.Ci....p...V{a..ez..l..].x%..~K....E6...... j_.@2v.H..D..4LVYx/..E\^......G.S..;..as!.ga.....1M.XM..W..)..&.0.}.W...,/T...~K...B.L.{!."..l<.8e#..4....".....q..Q.2.....@{.F:\.F..a...am.N....[.?..e......U..^.IW...Fq...8.."...T.M....d..y-.(...U..........Q.q.2.c.G..........z..`......:...$.......?>..]V.p..(XQ.B.T.z[.C0........a>..L..l:...".7....g(.....VJ..=yV..6.....L.B..o9?=../.1...sp....%."....F.K.&.....p4?.....".7S&..9..L.W>.C..:s....*.xr........Y'.............E.&.... .6c....pm.r.*QP.J...`~'.... .G................x.7^0 #.)..w.....F..G{....3.-3...6e.2.........&mSF-SzA.6e.6e...I..>.O...o.CZ.b.W.4.E...v.....F......q..6@....k&.....u.[.._'.6t.X
<<< skipped >>>
GET /templets/default/js/backgroundPosition.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 2329
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:27 GMT
Accept-Ranges: bytes
ETag: "80a3a7923869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
(function($) {.. if(!document.defaultView || !document.defaultView.getComputedStyle){.. var oldcss = jQuery.css;.. jQuery.css = function(elem, name, force){.. if(name === 'background-position'){.. name = 'backgroundPosition';.. }.. if(name !== 'backgroundPosition' || !elem.currentStyle || elem.currentStyle[ name ]){.. return oldcss.apply(this, arguments);.. }.. var style = elem.style;.. if ( !force && style && style[ name ] ){.. return style[ name ];.. }.. return oldcss(elem, 'backgroundPositionX', force) ' ' oldcss(elem, 'backgroundPositionY', force);.. };.. }.. var oldAnim = $.fn.animate;.. $.fn.animate = function(prop){.. if('background-position' in prop){.. prop.backgroundPosition = prop['background-position'];.. delete prop['background-position'];.. }.. if('backgroundPosition' in prop){.. prop.backgroundPosition = '(' prop.backgroundPosition ')';.. }.. return oldAnim.apply(this, arguments);.. };.. function toArray(strg){.. strg = strg.replace(/left|top/g,'0px');.. strg = strg.replace(/right|bottom/g,'100%');.. strg = strg.replace(/([0-9\.] )(\s|\)|$)/g,"$1px$2");.. var res = strg.match(/(-?[0-9\.] )(px|\%|em|pt)\s(-?[0-9\.] )(px|\%|em|pt)/);.. return [parseFloat(res[1],10),res[2],parseFloat(res[3],10),res[4]];.. }.. $.fx.step
<<< skipped >>>
GET /templets/default/js/navigator.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 4276
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:30 GMT
Accept-Ranges: bytes
ETag: "06771943869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
ready(function () {.. var oBox = document.getElementById('top_box');.. var oNav = getByClass(oBox, 'nav')[0];.. var oUl = oNav.getElementsByTagName('ul')[0];.. var aLi = oUl.children;.. var aUl2 = getByClass(oUl, 'ul2');.. var timer = null;.. var temp = null;.. var oWrap = document.getElementById('wrap');.. var oAlpha = getByClass(oWrap, 'alpha_bg')[0];.. function getBackgroundPositionXY(elem) {.. var backgroundPosition = '';.. if (elem.currentStyle) {.. if (elem.currentStyle.backgroundPositionX && elem.currentStyle.backgroundPositionY) {.. backgroundPosition = elem.currentStyle.backgroundPositionX " " elem.currentStyle.backgroundPositionY;.. } else {.. backgroundPosition = document.defaultView.getComputedStyle(elem, null).backgroundPosition.. }.. } else if (document.defaultView) {.. backgroundPosition = document.defaultView.getComputedStyle(elem, null).backgroundPosition;.. }.. return backgroundPosition;.. }.. for (var i = 0; i < aUl2.length; i ) {.. var aA = aUl2[i].getElementsByTagName('a');.. for (var j = 0; j < aA.length; j ) {.. (function (index) {.. aA[index].onmouseover = function () {.. var oPosX = getBackgroundPositionXY(this.children[0]);.. var arr = oPosX.split('px').join('').split(' ');.. var x = arr[0];.. var y = arr[1] - 52;..
<<< skipped >>>
GET /site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: tags.bluekai.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Sun, 05 Feb 2017 03:31:59 GMT
Server: Apache/2.2.24 (Unix)
X-XSS-Protection: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"
Set-Cookie: bkdc=wdc; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com
Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com
Location: hXXp://tags.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6=
Content-Length: 0
BK-Server: ce09
Content-Type: text/html
....
GET /site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6= HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: tags.bluekai.com
Connection: Keep-Alive
Cookie: bkdc=wdc; bku=sty99vIzkkQxF2Rs
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:59 GMT
X-XSS-Protection: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Content-Length: 62
Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com
BK-Server: 748b
Content-Type: image/gif
nnCoection: close
GIF89a.............!..NETSCAPE2.0.....!.......,...........L..;HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 03:31:59 GMT..X-XSS-Protection: 0..P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"..Pragma: no-cache..Expires: Thu, 01 Dec 1994 16:00:00 GMT..Cache-Control: max-age=0, no-cache, no-store..Content-Length: 62..Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com..BK-Server: 748b..Content-Type: image/gif..nnCoection: close..GIF89a.............!..NETSCAPE2.0.....!.......,...........L..;..
GET /pa?p=2:2409084321:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..
GET /v4/images/alexa.png HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:08 GMT
Content-Type: image/png
Content-Length: 2012
Last-Modified: Fri, 08 Jul 2011 09:36:17 GMT
Connection: close
ETag: "4e16cf91-7dc"
Expires: Tue, 07 Feb 2017 03:31:08 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes
.PNG........IHDR.............o.......pHYs.......... ......gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...RIDATx.b...'.#3.......4..20...y..7...~....7.'......l?......e.X.........7.#..............Y.........h.../.....3..<....."..<#. ..{_._.z...'o.z.s..H...0.........?@..I......................<3.!!...................................c.>.............I.............t.....22............................. ..(".........sS.T@.........I.................$...........$.""....................../>6..........e.7 ......I..........x..... $..../5.bN...............................IG3.!%.......v......I....................&.pU................!..1........71..HP....................I................B...d*.....................J:..s2e;....#... E......% .........I.................>@..............................DA...........................I...............$.........>*....................................&..............I...............F.........v.................7...................$..............I.................................. ..:..0<.<4.................................I............................fM#9,.............<...............................E...../.._._...........S[..%D ..u..........$W4 .0_...0...f.?......r.o6.?...I........................N........................................................g./.ef......O...~..K........ ...._...b..Tg...._..>.`.....g.....p....LW. .....~....-......w....p.!P...@s....?o;..\..{.......g$....a*.....0...L.<,.f....I.............."...........&...."8.FK"........
<<< skipped >>>
GET /MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136|**; navigation_items=MLB812506136|05022017033130; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=CB6934BF0615753B5CD40EF0F9AF9E52; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: produto.mercadolivre.com.br
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Date: Sun, 05 Feb 2017 03:31:46 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Content-Language: pt-BR
Set-Cookie: pmsctx=******IMLB812506136||**; Domain=.mercadolivre.com.br; Expires=Tue, 07-Mar-2017 03:31:38 GMT; Path=/
Set-Cookie: navigation_items=MLB812506136|05022017033138; Domain=.mercadolivre.com.br; Expires=Mon, 20-Feb-2017 03:31:38 GMT; Path=/
Vary: Accept-Encoding
X-Nginx-Host: e-0000a8ef
X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com
X-Nginx-UpstreamHost: , 10.63.1.163:80
X-Upstream-Server: nginx/1.8.0
X-Request-Id: 013a123d-be38-4bd8-a2dd-8106bcb2aae2
X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4
3441...............r.I.(......).%L...H....LU..J....R...p.!.".1p.p..~..}e.(.6 .g..mj...w.....@R...DeJ."|8~...~|...[.....h.n,....\......oC......iT... 6.h=t"60v.<0.....Z~.E....r.s..:...Y.......t..M...9.......h.o6...1aM/.....O.......N}...m.....};...R.....;....lc..?='$O.w..<....N..9~@.d..d.g.3v<....lS.....?.O.~..>.K.......Z[m.6!.,....'.a........u.w$`..3`..y...r.x...&..N"....7.(|kX..hn.Y3`.....xMY.b...!.....1.....)...........?...0=.w...V......C.Y.c.kx,...v.j)3..X\....1.dK.hf....Y..Qq.....ET.^XGfe.up.r=....=..,.=.......K..|0."...z.......}&...[J-..{6....Y..!).R.(,8s......F..F........2.....t....]....K-VY..w.F...k.M...-.....Qb.. d....Q}E.O..g.....0...~.....#.>.1.t.....Z{...@.x..5...Gl(4z.j......`.?t.~h?...~................R=..[.@..CP...1j.z.>A.[....{`]...i..k.....v..<.|.......Q....K.4p`.|....n.tr.4.....X.1..L1...........;..A.a.......}.....s".@.-....h....;.x.?.C.........$.'.r...$.:.=I........o..).....<..0{.j......J.'...Ad..q....8..S..... ..`2......S..0j:.:...~.{.T....3....}.../..a.,....N.~.$..t:.A...uP..8.Z.K.:..P"dvcyuee.ZK..7>..$t.3........q,.\.@x......Vg.|.....1....H......k..E..k....... ;..v..b.......,.*...%......R..sX.......a..........>..N..(v.....Y.M.PR...K...u.....vp6....,`u.x~.." .5O.NDIt..6.R..:ku.(`.#...o..6...mC.../O.....|9....~X#/.x...y..!...)..].Z1...q........i..C.n&@....i....!...y..cVo.,..v.W..v.cv.:.r......{42.).X.[..vF.......&.._...i.{....Ym..]Z.z.U..4..h.l.9..I...F...z..V.(M ..p`D.8j...T<...2.=.I.Bk........[.T~6|...`.F_/.2.I^<..]|....E..B...p.................*....@||...M
<<< skipped >>>
GET /noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/ HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: produto.mercadolivre.com.br
Connection: Keep-Alive
Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136||**; navigation_items=MLB812506136|05022017033138; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=CB6934BF0615753B5CD40EF0F9AF9E52; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268
HTTP/1.1 302 Found
Server: Tengine
Date: Sun, 05 Feb 2017 03:32:00 GMT
Content-Length: 0
Connection: keep-alive
Location: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212
Set-Cookie: JSESSIONID=064D2C24F45E44FDFE96B0D03BD65DCF; Path=/; HttpOnly
X-Nginx-Host: e-0000a8ef
X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com
X-Nginx-UpstreamHost: , 10.63.1.54:80
X-Upstream-Server: nginx/1.8.0
X-Request-Id: ab1fb97c-4686-4ca7-be18-0d24c3825b91
X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4
....
GET /MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: produto.mercadolivre.com.br
Connection: Keep-Alive
Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136||**; navigation_items=MLB812506136|05022017033138; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=064D2C24F45E44FDFE96B0D03BD65DCF; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268
HTTP/1.1 200 OK
Server: Tengine
Date: Sun, 05 Feb 2017 03:32:00 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Content-Language: pt-BR
Set-Cookie: JSESSIONID=57CD1DDE1B406055A1718540162E95E8; Path=/; HttpOnly
Set-Cookie: pmsctx=******IMLB812506136|||**; Domain=.mercadolivre.com.br; Expires=Tue, 07-Mar-2017 03:32:00 GMT; Path=/
Set-Cookie: navigation_items=MLB812506136|05022017033200; Domain=.mercadolivre.com.br; Expires=Mon, 20-Feb-2017 03:32:00 GMT; Path=/
Vary: Accept-Encoding
X-Nginx-Host: e-0000a8ef
X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com
X-Nginx-UpstreamHost: , 10.63.1.196:80
X-Upstream-Server: nginx/1.8.0
X-Request-Id: 720f4897-5060-45e3-8097-1f76676c5f91
X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4
32f4...............r.H.(.l}E.}..v.$.p..#..j..-...>.VW(.@....,..<|.~>..........q#.9/...cw.....HQ.%...,.@. s. 3Wn<.} :.2r.M.....C,...f...wa....o.....u..4.Z.Dl........?....^..l.....f....m....imk..a.&.......?^....Z......kz...hX~....@&.u.aP..)_.......*J.7..@.lDN..........t.3...?&.>.....i..>L......Q...d.:.............C......;... lB^....O.;...h.>..7......0...|.cVT#.0...f.B.'.c....F.>5,.Rkn.Y3`....;.MY.|.pJC...........2./..................5.....a...e..X....8....Z..Z......4..li.f&.P.umZ...j.U5.Sa{....".`!r=....=..,.=..Bt{v..D......\s=.\.n.1n.I s.VR.bu...9u/.....<....3......i..j4.0/j$.v]..s]..N..$g.j.l.R..,s..\'.....M...-.....Qb.. d.f-.FZ_.O..`.....0.Hc....f.F.|.c.........O..o.......C....FoB..3~<.7..........._#..>...A..F.........<P.Z.jW{..........K..y`]...4...|M.......=..lv...4.b...=.....=x.....d...G.4lb9...f63.t.).....C..M. Rf.....M1z.....s".@.-..M.....=v&.D}..,..)0....H*#.r...$S:.=I....S.i[..'S.54..y....1.[.0g..Wr.....DV.....p....Lp7G....:.L|...A.h..FMgB.P..O}.....=t..A....#...7.~.3l...|.."{....u....v3pv[.....(.............7^.b.:..X...q......Z.....Do.Z..w...F.....P$....Y..l........&.# ...gt...I...Cp.....%.....N\...-`..k.V.6..g.l...V.....t..G..6.....A.PR...K...T.....v....Bq.0.'..w...c....(...n.).q.......12.N.#r.....m(8...I...../..........O.2#O|7..@8.u...V......X...F..h.D.\.&@.j........|..y..c..:.e...`h.......k..3...G#=C.......3"nD..........j.=....!...kw.V.3.;.Q.CM.5. .&}..4..~.4.8.@iZ.......G.w........b.B.Y....G.........7|....p......N..)....`.}\.. ........?C............ ........./..6.
<<< skipped >>>
GET /urlcore/olcfgs.dat?q=41 HTTP/1.1
Accept-Encoding: gzip
Host: urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:05 GMT
Content-Type: application/octet-stream
Content-Length: 439
Connection: close
Last-Modified: Wed, 02 Apr 2014 08:26:13 GMT
ETag: "533bc9a5-1b7"
Accept-Ranges: bytes
.3..}...)u..r..DvS.-..%....(yX.[.....|........;....w.[.......m.9......[h.t.,.......F..d........*.^gg.......n6..g.....\..%a.V.X.J.*.i....;.Gk .X.;.up.... !../b....dCY.8.....#.<ZV.......a.R..W..QX..!5..;.P.l..?...8.=0{./f.......g...h|.....T..N(>...l........1..Vs..5P!.T...v...`..[#.....J.{#..I..Rc........s^._..B1v@.?.N.v^!..%.%)........~.. eBd..0..3`.@..\.@....;ti4>......U..om.t..p.L..n.{.\..1V....E.}..G,d..>Ys.XQ.1iX..Xw...{e.:......A.M...
GET /cgi-bin/CRL/2018/cdp.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 11 Oct 2016 17:15:01 GMT
If-None-Match: "20084-4aa-53e9a04525e5e"
User-Agent: Microsoft-CryptoAPI/6.1
Host: VVV.public-trust.com
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 24 Jan 2017 23:30:01 GMT
ETag: "20084-579-546df7ec18007"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Sun, 05 Feb 2017 03:33:14 GMT
Content-Length: 1401
0..u0......0...*.H........0u1.0...U....US1.0...U....GTE Corporation1'0%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Global Root..170124184934Z..170421184934Z0.."0....'....141119195306Z0....'B...141119195752Z0....'....141119200006Z0....'1-..150204203232Z0....'....150429193635Z0....'....150513182515Z0.........150603195456Z0....'.:..071121154528Z0....'....080514142515Z0....'....080924143337Z0....'#...081203144336Z0....''j..090209174351Z0....'b...100414181148Z0....'....080917150432Z0....'#...081203144209Z0....'#...081203144241Z0....'#...081203144304Z0....'%u..081203144409Z0....'/9..090318130930Z0....'8...090715181853Z0....'TU..100113191852Z0....'k...101130163724Z0....'.B..111107193907Z0....'@...141119200409Z0....'....080917150312Z0....'....140709175318Z0....'....141210173900Z0....'....150429193611Z0....'....150513182422Z0.........150603194732Z0....'i...150603194856Z0....'-E..141119195854Z0....'....141119200037Z0....'F...141217193909Z0....'F...141217193956Z0....'>...150603195600Z0....'.D..150701191141Z0....'.'..161214171840Z0....'.2..161214171840Z0....'.3..161214171840Z0....'.4..161214171840Z0....'.5..161214171840Z0....'....161214171840Z0....'....161214171840Z0....'....161214171840Z0....'....161214171840Z..0.0...U.......70...*.H.................[O..=.K.f..g.6.%(.t.A...............B.<....n7......`{..:as..;...:..%...L....I.t...l.....L3`.&..k.lD..Pi.P(......n..P../...s..
<<< skipped >>>
GET /v4/images/splogo.png HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:08 GMT
Content-Type: image/png
Content-Length: 1339
Last-Modified: Fri, 08 Jul 2011 09:36:19 GMT
Connection: close
ETag: "4e16cf93-53b"
Expires: Tue, 07 Feb 2017 03:31:08 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes
.PNG........IHDR.............o.......pHYs.......... ......gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.*...a....M.w.2h.3HK2.....%....jl..~......h.........?...0|.`.qdpWb.dc`f`....._....v.cXy.A....|.N......../?...3h.3................c...........?......dX........B....C.:.W#.D..._.~.5.....?.Q ...#.. '..K...1,.g......@L.p........!R...;..?...f....... ..._.w>0.i0<..0m..E.....!(,..a...!....G../...~..?`.6..~..!..., ...!......!Z.A....<.........x./........`)..lL.'.3T/c.).....@.1V....%.....v.@...........j......._..~.,....|..1...p. C...@.1~..?j....C.:..O........@'...._..?.......7.].. .|..._2H32..f.. P.}......R..D.d'P)0.....D38..5......H.-.z..{......3p.2....P....T...2.{0|...2`..5C..33p...=...#(.Ai....m... S.. ..........."...",G..........8.........P)..b. .y..... ..7 .'..!..ds.....g..V...........v.....dG.................."\.g.~.d..).......NH..... )q.... ......s13..3.......g.~........U..ar.....J... .. p.b.<..!..K ..d.t....O.}.x....7w...? .....O.2L@A......l..&....[.A...f.......u..?~....j.$. .....W..L.>&(...@(.bbe..ah>.`k.p.......x ~.....v...?->.?.l....2..20.... .........08.2<....._)...~...L..L t.../.C..z... .4>..C..C.%.V.~`....TB..5? (5.]q.).2.,I. ..0........\b.f......Z..a.y..N.i~,............s..O.dy.Y..A..a......*...`.. ....]{.s..o;.....7...;._....w..... F......f....&......_.E.....P... .....`.I.Q....IEND.B`...
<<< skipped >>>
POST /urlcore/svcreq1413fd.css HTTP/1.1
Content-Length: 230
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
Host: urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
f=3&v=101&c=10494&i=MBhBRgB1aDtPQX5ZFRxUZGV8HER/C0QaBmNiKEAWcgsQHFxjN3hOS2kWAEwII3AjSV9pU0ZXRm1i
NVscOFMAFUZhLigFQjcNFB9VK2NlSA8hU0xICD48flcWM19eHxhkYStAQ3kNER5cK2JlSVFnGFZM
DTNwI0lfaU9LS0ZtYjVbBj9KABVUe3BvHAFpABMfXWIvEw==
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:12 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
6e5..............m..6.........P.......nS....j..L'.N..`....^....!!....J.q..?~.L>.*./..'...1q...iL.1..._..qY.V.B..4..<...r.[.;.C.J..vU.B.}.;6EK.'..n..^..`...=..R.S.H5.H.aK....;qi........L.J,v&.(.{4.......<.~[.o6.YiY....e..D....a....,.B,..yf..0..fG.....H-..5..2....&V"[.....}.....KE.i0.<.yWD...K.-...<..<..v...7..|0..X.z.`...xys...K!ZW...(.$=pQG....-......'.;.C..H=...........#.!...zT..2...w.'*....p.......p.=Q.K:$...W...l.<s<......C..`.5.....BQ...N.........%..<.kQp...).T..,.......s....Mg..xH......3.e..aVX?.4.=w.6..m.O..SdA.?AdJ..=..$...W..m3Z.&.0...<(O...Ul<J*}.% ....SC7.T.Q.kBiy...{|...}.N!.t.;.(...Y..c......,. ..9.)..3........u.9...dP.BZ...p....#.z...1.x1<=.C..kv...;'f@.. ..NP...c.f.ch...U.L..z8<-....J..u.B....!..9.._..D..J............/.Z..e.T..OFY]3.B....!N..........J..L../...o.....vK.r9.zB^..T.*eEDc....k.$.....7.M.a.".&...43~.L..w....(L.LEB.....#M.....w..I...i^.~k......{..St..-U.L...b.*.'{(pQ`7?P.x...U.Wi[wH...........].6....G4.....)......Tb.G....X....m#\.xd...kbX...v.E.....g.6l.G[)..Q..vt.ha..........r...mdV.%..........p...l._...)T....9...1B..>....&.........[}.....j......D..6..<....X...-.....4.*..e....._...1.3Dt*..W....y....<...(.S..|...T.'.8......*.o.......x.._....AW..._...Myp.g9^.5.....{x.{O0.>Y...._$..._.l....v0..s.... .,....'.&.?.........{..]....._\.. |...{..,....C...c9.q.>...[.[.R..n@..~...d.B....:Q..[......O.G....Q.d...D]>.lS.....<l.......U.?.ee2........9...;@....X.....vy\..B$lj.x.~..i~.F.........P.....DLB...P..l>....4$..E...@vN..~L.^..[U..Wd.
<<< skipped >>>
GET /serving/cookie/match/?party=1009 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: dmp.adform.net
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=15
Location: hXXp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009
Set-Cookie: uid=5648657701418802231; Expires=Thu, 06 Apr 2017 03:31:59 GMT; Domain=adform.net; Path=/
....
GET /serving/cookie/match/?CC=1&party=1009 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: dmp.adform.net
Connection: Keep-Alive
Cookie: uid=5648657701418802231
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=15
Location: hXXp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu1
HTTP/1.1 302 Found..Server: nginx..Date: Sun, 05 Feb 2017 03:31:59 GMT..Content-Length: 0..Connection: keep-alive..Keep-Alive: timeout=15..Location: hXXp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu1..
GET /map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: bcp.crwdcntrl.net
Connection: Keep-Alive
HTTP/1.1 302 Found
Cache-Control: no-cache
Date: Sun, 05 Feb 2017 03:31:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://bcp.crwdcntrl.net/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Pragma: no-cache
Set-Cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net
X-Server: 172.25.10.205
Content-Length: 0
Connection: keep-alive
....
GET /map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: bcp.crwdcntrl.net
Connection: Keep-Alive
Cookie: _cc_cc=ctst
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/gif
Date: Sun, 05 Feb 2017 03:31:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Pragma: no-cache
Set-Cookie: _cc_aud=ABR4nGNgYGCImDZnPQMcAAAbVQI6;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT
Set-Cookie: _cc_cc="ACZ4nGNQME8yMbc0MzQxNEg0NTZNtjAzTbMwMLA0SLW0TDVJM7dkAIKIaXPWMyAAADmrCkQ=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT;Max-Age=23328000
Set-Cookie: _cc_id=7b47961410a535c865f80090e99e4f79;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT
Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT
X-Server: 172.25.10.151
Content-Length: 49
Connection: keep-alive
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Cache-Control: no-cache..Content-Type: image/gif..Date: Sun, 05 Feb 2017 03:31:59 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV..Pragma: no-cache..Set-Cookie: _cc_aud=ABR4nGNgYGCImDZnPQMcAAAbVQI6;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT..Set-Cookie: _cc_cc="ACZ4nGNQME8yMbc0MzQxNEg0NTZNtjAzTbMwMLA0SLW0TDVJM7dkAIKIaXPWMyAAADmrCkQ=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT;Max-Age=23328000..Set-Cookie: _cc_id=7b47961410a535c865f80090e99e4f79;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT..Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT..X-Server: 172.25.10.151..Content-Length: 49..Connection: keep-alive..GIF89a...................!.......,...........T..;..
<<< skipped >>>
GET /item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: world.taobao.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Sun, 05 Feb 2017 03:31:30 GMT
Content-Type: text/html
Content-Length: 278
Connection: keep-alive
Location: hXXps://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c
Set-Cookie: thw=ua; Path=/; Domain=.taobao.com; Expires=Mon, 05-Feb-18 03:31:30 GMT;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<h1>301 Moved Permanently</h1>..<p>The requested resource has been assigned a new permanent URI.</p>..<hr/>Powered by Tengine</body>..</html>..HTTP/1.1 301 Moved Permanently..Server: Tengine..Date: Sun, 05 Feb 2017 03:31:30 GMT..Content-Type: text/html..Content-Length: 278..Connection: keep-alive..Location: hXXps://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c..Set-Cookie: thw=ua; Path=/; Domain=.taobao.com; Expires=Mon, 05-Feb-18 03:31:30 GMT;..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<h1>301 Moved Permanently</h1>..<p>The requested resource has been assigned a new permanent URI.</p>..<hr/>Powered by Tengine</body>..</html>....
GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60
Vary: Origin
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "cd1ddd31776c69c9c6e1b249f22bc66b:1486264533"
Last-Modified: Sun, 05 Feb 2017 03:15:33 GMT
Date: Sun, 05 Feb 2017 03:31:17 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170205030300Z..170215030300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..............^.bm}&?.....m;u.DK..^..1.....n9.N.U...C......^..N?........&]..K~.5..k...a.{.2..*M7...5....s.f..t...........fe{O..HZ....~...~.{HTTP/1.1 200 OK..Server: Apache..ETag: "cd1ddd31776c69c9c6e1b249f22bc66b:1486264533"..Last-Modified: Sun, 05 Feb 2017 03:15:33 GMT..Date: Sun, 05 Feb 2017 03:31:17 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170205030300Z..170215030300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..............^.bm}&?.....m;u.DK..^..1.....n9.N.U...C......^..N?........&]..K~.5..k...a.{.2..*M7...5....s.f..t...........fe{O..HZ....~...~.{..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:31:21 GMT
Etag: "5896643a-1d7"
Expires: Sat, 11 Feb 2017 15:31:21 GMT
Last-Modified: Sat, 04 Feb 2017 23:31:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20170204220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170204220000Z....20170211220000Z0...*.H...............:.U...H.#o.....rC%.O[q......C#....k.D.G.O. ......u..J9.2.'h.70O>=n{d.*..@.. ...*...|.5......Pd%{..j~.x.4.zag.....0..M..baj.{AF3o.]...X.@..l.Y?_y......C."/..cT...{......v..i....:...Q.:<.....v..c.R.<.`.~JR._..B%#.3bH:.........m.}......:.v....!).[.h.mr./. .HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03:31:21 GMT..Etag: "5896643a-1d7"..Expires: Sat, 11 Feb 2017 15:31:21 GMT..Last-Modified: Sat, 04 Feb 2017 23:31:06 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20170204220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170204220000Z....20170211220000Z0...*.H...............:.U...H.#o.....rC%.O[q......C#....k.D.G.O. ......u..J9.2.'h.70O>=n{d.*..@.. ...*...|.5......Pd%{..j~.x.4.zag.....0..M..baj.{AF3o.]...X.@..l.Y?_y......C."/..cT...{......v..i....:...Q.:<.....v..c.R.<.`.~JR._..B%#.3bH:.........m.}......:.v....!).[.h.mr./. .....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:31:26 GMT
Etag: "589676f7-1d7"
Expires: Sat, 11 Feb 2017 15:31:26 GMT
Last-Modified: Sun, 05 Feb 2017 00:51:03 GMT
Server: ECS (vie/F385)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170205002900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170205002900Z....20170211234400Z0...*.H.............1....vDO.<L..{../...1.~.m......M[A..S .*=j....D..D-.L..HT..d.y....N...@..6jR...T.`.O.)|.h..4......W..H.W2.zD. .....X.....:.a._V...c..M.9.`q..>7..@._T&g...=sS....O..^d.... ].?..dwT#d.e......P...<......n.j(u...n..l....F.."?g.9..F .....\....h9].'3n...`q..V...HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03:31:26 GMT..Etag: "589676f7-1d7"..Expires: Sat, 11 Feb 2017 15:31:26 GMT..Last-Modified: Sun, 05 Feb 2017 00:51:03 GMT..Server: ECS (vie/F385)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170205002900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170205002900Z....20170211234400Z0...*.H.............1....vDO.<L..{../...1.~.m......M[A..S .*=j....D..D-.L..HT..d.y....N...@..6jR...T.`.O.)|.h..4......W..H.W2.zD. .....X.....:.a._V...c..M.9.`q..>7..@._T&g...=sS....O..^d.... ].?..dwT#d.e......P...<......n.j(u...n..l....F.."?g.9..F .....\....h9].'3n...`q..V.....
<<< skipped >>>
GET /v4/js/main.js HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 18 Apr 2016 17:54:30 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Sun, 05 Feb 2017 05:31:07 GMT
Cache-Control: max-age=7200
Content-Encoding: gzip
503.............WMo.D.>.).a..d.M..B(....B.....K.Vc{.5qlw.N[......8!....k.......E...}g..q.@P.a.;....._.k4i......'. ..tQ....<s.F...d..., <.......=..X.~...T1.9mO...9.K...r^..R.R..h....`O.7]....Dg~ ..c /K..2.....5....l.....7...g...W.~.SaN....C.............3.l=...e.}...:;.B....E..;..n..x...o_.}....o....Z..Q......x'..b..L.......?......~.................Z......$..5./.....}.....&I.N.k...g...b..........u..7I@..d.NDC.<.X.s....=.L...c.'...T/.y...C.Q.H^.sA..._.lj.k.1X.g.!`...P.......EL..-.r...`....I&d...<?...'^...T.M.o..x7....&..R.\8;:0*....ns"y._.\....";...D.q..`.........A.....>......o....)-[r[d.......z2/....[..;nr....u|.$M..E).;....I ..(.LX.....08..0\k.^f..v..l.......t$r..\..).......j..j..sb>,......4..?W.gS..|VIkf.*..}56....w.....^._.z,......1.#kq..v..y.q........z..4L....;...Z..`..&..|....>1.`:.^7..8.5......@3.p...Fy....5..*....=[......0.[...-..8;.....m4.g....d}..m....y66B.$.p.q.r........QM{..f.>...k.....KH..O.P`.8.h.....13.]..g.&.#0s.|qHG..Q...\]k...s....B.........P'm ...f...*..$.F....dB6:4].....V.T...o......v.....M...9LOU.3.....P6!..omBO....."..9...~..%Cr.q....&6.G^F.9...'........|tbk.<{F.1(....|.@GZ....v.G].....5E.a..*.p.9]...S..$A.#.m....X.r...>.C..S....kX......[.TP....Y2.!..USC8.;hTQY.Y..&N.i....x..O.t..!..?.B..Z.3...xBcU....zr...2b..n.uA..r.q:.l2M."H<.5......-...oj8F.......0..
<<< skipped >>>
GET /v4/images/sound_high.gif HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: image/gif
Content-Length: 356
Last-Modified: Tue, 20 Dec 2011 07:08:05 GMT
Connection: close
ETag: "4ef03455-164"
Expires: Tue, 07 Feb 2017 03:31:07 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes
GIF89a...............K.....$..............v..\..9............!..NETSCAPE2.0.....!...2...,..........[..I..8....Y......)1.1.dA.C.%...C.v....{.......%}.M..dJ.B.......a7..).B... ..*.c....v.(...'..!...2...,.......... ...*.&..Fc.0dU.-.C.@...Q.mE.%....h....K.(...!...2...,..........N.. ....Q....=.. c...A.@..F0. ..ZsY..l.4.~....<.....GI..6..*.$....z.L.....1S....;..
GET /?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: VVV.google.com.ua
HTTP/1.1 302 Found
Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
P3P: CP="This is not a P3P policy! See hXXps://VVV.google.com/support/accounts/answer/151657?hl=en for more info."
Date: Sun, 05 Feb 2017 03:31:12 GMT
Server: gws
Content-Length: 278
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: NID=96=NtkQbqImM7_dkkk-pZguAwVxZghdo7G92OC77-9aO5hCowVRIN4e4cnMROIenFvajQOZeKJi_UURAxJiT66cE8xmEMl0h0sffG-gzKT03iES27_4bvpHQghYp2ZreKQD; expires=Mon, 07-Aug-2017 03:31:12 GMT; path=/; domain=.google.com.ua; HttpOnly
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl..Cache-Control: private..Content-Type: text/html; charset=UTF-8..P3P: CP="This is not a P3P policy! See hXXps://VVV.google.com/support/accounts/answer/151657?hl=en for more info."..Date: Sun, 05 Feb 2017 03:31:12 GMT..Server: gws..Content-Length: 278..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Set-Cookie: NID=96=NtkQbqImM7_dkkk-pZguAwVxZghdo7G92OC77-9aO5hCowVRIN4e4cnMROIenFvajQOZeKJi_UURAxJiT66cE8xmEMl0h0sffG-gzKT03iES27_4bvpHQghYp2ZreKQD; expires=Mon, 07-Aug-2017 03:31:12 GMT; path=/; domain=.google.com.ua; HttpOnly..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl">here</A>...</BODY></HTML>....
<<< skipped >>>
GET /v4/lib/jquery/jquery-1.11.1.min.js HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: application/x-javascript
Last-Modified: Sat, 16 Apr 2016 16:24:38 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Sun, 05 Feb 2017 05:31:07 GMT
Cache-Control: max-age=7200
Content-Encoding: gzip
920a..............gw#....~>..k(.YL-.g...%.$K...-K...B(......A.......P..`K>s..w]..Y..........\...X..yurx....w........2.=.0<.b~7.tW..,..j.?......p...M'.b.,v......n..{.n.k.7.....j....m1.....w.bo........b.......{8...n........V...u?.6w.WZ..b.zgV...|../..?.E..n.(.;......w^OVc~.....E..[.v.........^.'.b....p.w...j<Yf.....v...e6...K.PVp.....U6...n9.F\0...w.l..?d.||..?_-&.Qv..qw.......m.X.....4o..kd7y._?~M..p8......!..G.._,/...../..|r|....~.h..y..fyp...G....A......h....Y...x...u.E..p.......|5.....Z....X..w..|.............l......................N.Zn.3*V.(.S..Nw.n........}.9t._.f.w/......W..u.I.b.....Qa.j......[B..-^}g...@....x.~..Y.! ..q..N......YO.......Y.X.....{.>........[9n..Z.....5.5<8...N...-Fv..j`8Y,...]Y....1.L..|...w..[.<.....w....^.8.wm....xo.w.....y...}~..g.Gg.7l.......F|.%n..%X..A.O......]<dl.....(.8....u/(b3Y.AVdC.}7,....z....'..x.. .`..t(.....EwVb...^.*.U......[......7.....A.Z.us.:i.{.Oho..w|p.:...O.4.n.R..."........;..N......%;U..h7................(...TM.v...ju.=......{{..n...N....-{...{Ztk..b.i..j>...... ..(~Tn\.....".=.h.7...tW...n.4[..Eq;......g`.F..M.?......qV..T..N..$.l>O.sK.>...C..0..39aR.$>r......^.....FWol|....-....f..94.Q7..-.~1.o.d7.).;.......y....P...onWo..o.u......r.....}..............R.u.p6../X8..n....i.x ...Y".... .0.Y#..h%O..JR.5.p.{...eO..~P{...'..{}8.=..4i....;q..V.H...t....:y.!..l.*.]....o4...A....g.......E...>k........~..;-;...t..cn.=...........v..*/..o.z.<..C....Sq......q.5`V.....^.Q....B.qBf.\.9 k0.k............B.Eb..A...PW...|...........6.txV...
<<< skipped >>>
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d4afa0b190486942f6c8f8a68c37c38ea1486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9082bc5984-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>
GET /stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=æµé‡ç²¾çµ&h=1&rnd=258009459 HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: hzs11.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Date: Sun, 05 Feb 2017 03:31:18 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Thu, 16 Apr 2015 02:22:34 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..
GET /1234567890.functions HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: mrx9.ddns.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: Mini web server 1.0 ZTE corp 2005.
Content-Type: text/html; charset=iso-8859-1
Accept-Ranges: bytes
Connection: close
Cache-Control: no-cache,no-store
<HTML>. <HEAD><TITLE>404 Not Found</TITLE></HEAD>. <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">. <H2>404 Not Found</H2>.The requested URL was not found on this server..<!--.Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..-->.</body>.</html>...
GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Fri, 27 Feb 2015 02:41:28 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33287
Content-Type: application/javascript
X-Varnish: 5324554 4751826
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1477
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
............yw.../....".G..%Jl..'.!<....x.....h/L.$N"..d...o...*....s.[....E.P..k...y....w....m....^..O.,8yqq.........Vw.<..VKu..2.Q..[|..6..., .......t.w....D....J..l.E..q]..'.U~7/NO.|.....f....Q..W...X...j.\.a.P.4...2K..nV.'.....f..........m..Irr?[...~....)...M...,O....._...............'.Mg[U...ds.E.............2KvjL....TM...(....i.tP.h...^.6..D]..4.~{..n.Z.....A.y...yj.U.........*....A-.._.W....^}............|.V..l.=;W.....^...o..|2S.................-G..z...0a....p.h....].[m.......=O...d7./.n..f.<. l..{Y2...n....Uv....|.....2..s.t....G....jeX...$..T.ULi$.b3)8k.......14......#..)....y5/*=."..a.T.z..-)Y.E.n.%Wi;.S..._....l.D.KI.4.zyO..q.......G.........g...X....Ay..;...)Oq.2....,.&].....v.k........2.....h..G.~....]......Fz_.c.%0..A...]....?.....Q;..8....!.b....Pc:.v".....N.4.....f..Q.?.......H.%........R.TW.....a'...7.~f.5..{.B.$...hF.Md.N.....r:@E.[.D.E.. @........h2.G.R.~&.(....S......l)sM7.5.S5..A.. ....O.%....... N...Mw...4d4..u..i.....j..\..p.J5.hR...D.MB.<.W..........A......X......>%(.y..m./..1.\...Me../...x.Z.....]..C..$ZD......S.._3Q.}K...4J.(..q.yz.Dt........ofYK...RT.l.l..g.U.....X..W...Q..y.y...II.k..U.pig.[J.......qF..'..*/...l..;}*[.m..A$..?=.\..L...{...-P^v.....o.^....~...*S..{.[./."@.4....!..I2[X.7-o..;Y..M.[_Z.8.z^....Dg...x:....Q9...N.o.J......l......0.....L.....l3[...J....u....E.,.9p...$.@..G..W.........P......|.Mk....juo..Ll5....%.}H.=...2.{...cwf..N.',.`|Y....9./.k2,.|..-F...tS$7.bNH5.........d.Q.P..c............u..|..r.....qn.... .....A.B.....AlP.Ly[.....l/..DF...........]M.
<<< skipped >>>
GET /harga-sewa-mobil-solo.html HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:36 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Location: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:36 GMT
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Varnish: 6606142
Age: 0
X-Cache: MISS
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Connection: keep-alive
HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:36 GMT..X-Pingback: hXXp://sewasolo.com/xmlrpc.php..Location: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/..Cache-Control: max-age=2592000..Expires: Tue, 07 Mar 2017 03:31:36 GMT..Content-Length: 0..Content-Type: text/html; charset=UTF-8..X-Varnish: 6606142..Age: 0..X-Cache: MISS..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Connection: keep-alive..
GET /GIAG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.google.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Date: Sun, 05 Feb 2017 02:35:27 GMT
Expires: Sun, 05 Feb 2017 03:35:27 GMT
Last-Modified: Sat, 04 Feb 2017 02:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 541
X-XSS-Protection: 1; mode=block
Age: 3366
Cache-Control: public, max-age=3600
0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170204010002Z..170214010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U........0...*.H...............2;..{......h........u<...uyR .Ixm.O.........M..l..c.I..R.QQ...5......xF|.9.....]..j.._..^.-...c.. :..F......Z.t`.%z."..=.[~.....R.*.&...b7..9....XQbr..B.....0...&{.g.p....%.^X... ..$9...d.@.......x..l...*.....v.$..up@..=.jT..^..;^..@.........gG..I.....V9HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sun, 05 Feb 2017 02:35:27 GMT..Expires: Sun, 05 Feb 2017 03:35:27 GMT..Last-Modified: Sat, 04 Feb 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Age: 3366..Cache-Control: public, max-age=3600..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170204010002Z..170214010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U........0...*.H...............2;..{......h........u<...uyR .Ixm.O.........M..l..c.I..R.QQ...5......xF|.9.....]..j.._..^.-...c.. :..F......Z.t`.%z."..=.[~.....R.*.&...b7..9....XQbr..B.....0...&{.g.p....%.^X... ..$9...d.@.......x..l...*.....v.$..up@..=.jT..^..;^..@.........gG..I.....V9..
<<< skipped >>>
GET /css/lrtk.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 03:50:47 GMT
ETag: W/"8055f623669d11:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
438.............VAS.6.>.....c:.T.v...92ez....SF..[.l.Y&....je9.Mh.79.Z....~.Rn.IV..../..hI.$...H#..D..G$..|F...s./H.9I..d.tA..KVsC$.x..(...Uc.*..[C5.." ....F.NLN..[`.~.KAu&...{kT.1Qf.Z)....Z.&X.B.].....V.Z.........Z....i..OR.<...rc?N..M5.?{.TI....lf....0%{...Z.M.Mr../...H.I.KQ[7f'yR...%...x..S....F..G.p....._G........@.Di.n.L...r...-K....?..-.J.......#(.k....2..6...I...'a.[>....Qd...u%.-..2Bl.39...E....*J..9?..b..s...*.........{./?...........O.VM..h...LnDA3^.<?/...E.q=....V$.........-. 1."..M./...a........M...h......4..C.......F. .YBV..CvE....-._...l[...J.H..c........B."W .z;.g~.............3G..rz.uv}..C.ac..q...D1v.(...M.E.&...[.@'.G\{~.....9]z.O..............@....u.m!K'i..]7..3..ge7*...M$I....OP.Z.a.D...e. <>>.s........u.u......l..v..g...:.......>... .....QJ;...;...w...8.r..|k...C~4..H...o...H..B...?K....s...(O....g'....].]u......&...........tt..Y...0.H ..A{N....u..GW.....0......?a...._*.&. K.16r...!.....m{.....f.6....!..k......^1.j.M..g.Zl9;........y..qb..y][.....K....&.?.K....?...*...yxu..z..]...j......N`........H....M._.........Ak:.f. .X....}70.$G>...8....P%..8.....0......
GET /templets/default/js/ie8.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 789
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:28 GMT
Accept-Ranges: bytes
ETag: "03a40933869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
...ready(function () {.. function createHtml() {.. var oBox = document.getElementById('top_box');.. var oNav = getByClass(oBox, 'nav')[0];.. var rootUl = oNav.getElementsByTagName('ul')[0];.. var oUl = rootUl.getElementsByTagName('ul');.. for (var n = 0; n < oUl.length; n ) {.. for (var i = 0; i < oUl[n].children.length; i ) {.. var oli = oUl[n].children[0];.. var oi = document.createElement('i');.. oi.className = 'ibk';.. oUl[n].children[i].appendChild(oi);.. }.. }.. }.. if (window.navigator.userAgent.toLowerCase().indexOf('msie 8.0') != -1 || window.navigator.userAgent.toLowerCase().indexOf('msie 7.0') != -1) {.. createHtml();.. }..})HTTP/1.1 200 OK..Server: wts/1.1..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: application/javascript..Content-Length: 789..Connection: keep-alive..Last-Modified: Wed, 17 Feb 2016 04:06:28 GMT..Accept-Ranges: bytes..ETag: "03a40933869d11:0"..X-Powered-By: ASP.NET..Expires: Mon, 06 Feb 2017 03:31:50 GMT..Cache-Control: max-age=86400..X-Cache: from WT263CDN.....ready(function () {.. function createHtml() {.. var oBox = document.getElementById('top_box');.. var oNav = getByClass(oBox, 'nav')[0];.. var rootUl = oNav.getElementsByTagName('ul')[0];.. var oUl = rootUl.getElementsByTagName('ul');.. for (var n = 0; n < oUl.length; n ) {.. for (var i = 0; i < oUl[n].children.leng
<<< skipped >>>
GET / HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: songhaiyouhong.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
X-Robots-Tag: all,noodp
Content-Type: text/html; charset=UTF-8
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=0
Last-Modified: Fri, 27 Jan 2017 04:54:12 GMT
ETag: W/"50401b8047fb190437946c475bae5313f38b1f2f5ddb23c28b8b5b2024efbf02"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 27378
Server: GSE
.............s.9.(...W..n........L{eYnk..<...n...H...I...(Y.....^\........fv6f/.?...2.@.P.$e...y.....$..D"3....zx......6..#....'...(W*.6. ..'....O.>a5...C......3...0..*...s.|...A..E.=B.a1.X.....{....TI....Q.....h...iP.....Adju.l........ .j.Y..G.....C{an.$.8........Mp....;....$t&a..:.......C.......Qy...j..e.....<{..b..*) ..7.8@..=v...3q|;.|.:r'...w....7..m..............}..\.~......|-..j...=p*...v}..b..x..k.b..n....'v...:..NG./t.I..3^...77........{O......X..A...b,.P.......A.....(4.5...`.:/..?...P}.jIb.8>t.ca..!T xWp..Oc.Q.ol4.[..v....5.`cg.......S.U....N............NB.....Y.^._..g.... .V..9....{.C.....C...]..".3..RC.H2u...]....?....`..urV.n"c..[..k......cw..{...M...Xb....I.7Y......M.....1.....Y..L..gv`.`..Ah...w...[gF...|..{..&.e ....lj.m..9v&3.._'......,.e.......8....c.<..=.d...a.`.J.........ju.~...[#g2......M.y.......`....oE...}...X._.9..Nw....I.Xx`w.!...!..}.;t.&....1...!.0.....5^..R...V$...z.Lzn.M...@.wO......<...s.M.J7..........',(r:k..!..n..V9w{..Fy.Q.om.0..y.).=.@.q..*n.......*.,.z...$.Vq?.}....=|.N..5{<.....t.U.i..7;.~.....;;.F..Q....5...qt.)....)._9x.N..B...px.V.....Qv...#...f...3.........bu..g<U.....cQ:...>..>.D.G.....?.F...@......G@FP..Oz`.N......(.w.;a..a?.C...^..d../~..:....m..%..9g..e.u.....3.k.c..1Y..]..j...x....g..<{...B...........M..i...1.Cq........3...&....M....}.......!...h.Q0p'-..S..s'.V.]..v.:..p.Al...hdO.l.aW~..vW.R.......@.<..I...\D...0c.>$8.<.. .9v(T..Q.}...&.>{.....w0.E.T..............Q....#..Ad.&.....{6a....N.V.~.S./............PP..V.p........
<<< skipped >>>
GET /css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:14 GMT
Date: Sun, 05 Feb 2017 03:31:14 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
16e..............Ao.@.......I..../.5 V1X*.bV...,..`..^hj..........|o.....@...%.>...2.PZh.`...j...d..A..5D_......A.e.-.,. lAT>.Q.9..R...KH(2L.*..c..gU-.fb...q..lk.c....%R.4...n.4....c=a0...8.0.....Uw.q*.u...L..Ui..J....g......j.._..s...g..{P-n..JB.W....{a.,.|.E.K'..........5......v..OW..t.f.v..B.L.y(...7.3e*!..B..;.......?.Aa.-....L;$:.......M..F.s~z7wUs.........sx.......a.....YJ.......0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:14 GMT..Date: Sun, 05 Feb 2017 03:31:14 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..16e..............Ao.@.......I..../.5 V1X*.bV...,..`..^hj..........|o.....@...%.>...2.PZh.`...j...d..A..5D_......A.e.-.,. lAT>.Q.9..R...KH(2L.*..c..gU-.fb...q..lk.c....%R.4...n.4....c=a0...8.0.....Uw.q*.u...L..Ui..J....g......j.._..s...g..{P-n..JB.W....{a.,.|.E.K'..........5......v..OW..t.f.v..B.L.y(...7.3e*!..B..;.......?.Aa.-....L;$:.......M..F.s~z7wUs.........sx.......a.....YJ.......0......
GET /css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
1c0..............]s.@...{....3E...r. .W......, ...."b....j;.N.c..v..g...s....<.\....a..Z(.jRXx.$@#i._Wo.....U@.&>..Ns..%S.(..Y. ...AZ.....?K..7uqFaR&.....E.......2..j...S>:t.~v....o.U.....*...Dv.....O..m#....Gb/..N..C...?}...V-w..m.[..=P:...5...2...,V.e. ......96.....Vp6.k.H.&..[.j..e..a...O...o.s....d..v...Z...)....0H..d...G......h..5Y%3n....e.e.............K..o....ui....}.......h...a6G.C........}*r...4.7.......5:{..@*co.d>l......x.....3...S.;.......a......,.......0..
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d11022d4d0b1d2b32de0b161cc05690c31486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9092af5996-VIE
0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>
GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 16 Nov 2013 06:15:02 GMT
If-None-Match: "200da-5b6-4eb453c33260e"
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Date: Sun, 05 Feb 2017 03:32:02 GMT
Etag: "200c0-cba-546dfb468d5d3"
Last-Modified: Tue, 24 Jan 2017 23:45:01 GMT
Server: ECS (arn/45A4)
X-Cache: HIT
Content-Length: 3258
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root..170124185021Z..170421185021Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..130130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140212185542Z0....'yr..150701184507Z0....'#...100303201301Z0....''q..100414175202Z0....'L...110224181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..101208175749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..110815145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...120111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....100216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..101208175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...111207220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...130123162633Z0....'....130904190524Z0....'....131024214319Z0....'....140129172435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...140709171930Z0....'/:..141119193302Z0....'J...150603184605Z0....'k...150603185020Z0....'k...150603185058Z0....'k...150603185131Z0....'k...120111220827Z0....'8...140716191203Z0....'....131219195909Z0....'....140219171545Z0....'k...151105070000Z0....'q...160126173
<<< skipped >>>
GET /js/adv_out.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: st-n.ads1-adnow.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 31 Jan 2017 15:33:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5890ae5b-3136"
Expires: Sun, 05 Feb 2017 03:36:57 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
1431.............Z{w.....O.u.r. d......M.'.L..&...0....l..$...~..Uw..8...91..~Tu...X\.u..f..u..>.O.4.....~..#....:..W.....}w....?\|...._.....?../.z>.....M8.F..8I.w.........gG...ys.....q.o....q...Y..Q.0.V0.....j.?2..WuMf,.....k.|:J.'''m.s.....:3V .l.x/>.tly<.u....a.E1..!..........w..^.i.C....:..h..=o.8.k.<....g.......T.J.'...@)ZX_N.N.i..)..B>..t..2d4..[`.LW.y..jx..ysZe..3w<k.S....s_w....a.J... ......Z.4y.p.F.l.u-.&...w.6?..im.H...:.e...;O...Y.E.....Wa..h..........r....Fc.[p. L5#.7v\....L?........[e.suf..9n.h.....o^....T..F:..E.,..(.ET.....wu0N...6..H.....a.o.....u......is..J.ZG3...ay,.u.....st......].9.j....(5.9.y...~.W..E7....M..L...4..]....b!.iu.eyVM.9N;{'..a....y .u.yNio.%...............}>?.&3P~........7....1.94....UHa.F.B3...k....*..&.H..:..FW.F..N.}.@.......).....$... ..mH. .....Y=;F...J.........-.k.F.6..`.WR...[xBl..#.z.....5..8).... ..fp..).....^.#..|.}zx.n..K.).{Fj9~X.X~...#p...!.o......G -.%..p<kg...um......O.$...E...c...$...1....-1.....=<p.S.._.......awl...=l.....`.=...[.p.P.M..Z1..=..$..[..T.....M.P..g..(.jN0.|.....>HR...*N^h..ZWci......)..|....j.........R.E...UA..)-d_...$Y...F.x,.x...Z..j\!....X...jx...7"*j.?~ .D..........k...Z-.E....hTa*......wG.i.4.Bn..l.6/.hc).|......P8X^.....~:^...../....n.?.....6}...8......V.......X..6-.a...Z.|...a.:....>a>.p.]hXfE.!dL......yl&o.U..hf.....".W.Y.0...Z..~....."*.;'*..x.7;..#...,z...a..>.Y. @....zR\Yn$l.7......k...Cg(..3....Z K.....37.^..^....:...b.......,.m$ .p4......P..g`...g-.|.3.|r-.....{..9.-.ca....:j...p.q.....[-(N..m
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= HTTP/1.1
Cache-Control: max-age = 363986
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 17 Nov 2013 16:06:48 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1454
content-transfer-encoding: binary
Cache-Control: max-age=446216, public, no-transform, must-revalidate
Last-Modified: Fri, 3 Feb 2017 07:24:47 GMT
Expires: Fri, 10 Feb 2017 07:24:47 GMT
Date: Sun, 05 Feb 2017 03:31:21 GMT
Connection: keep-alive
0..........0..... .....0......0...0........FC..&..<.0...Y......20170203072447Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..%...0a.. ...M|......20170203072447Z....20170210072447Z0...*.H...............gV.v.k.W.m..$[.o.n{h...uW`..<.Q...s...7..;a..Mn`.2....h,e;.........<6....>..cF....y.N.......L-b[.'`.z.78y..H..!^.s.v...l..a....Te...........VdQW..?.XO..Tg....T.....Z..u.{..j.....!..MPS......a......5c.[..#.....,.9......^\0.J|.... ....[.;1z....0.c.`..>........0...0...0..4.......My_e.\....'....j0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...161122000000Z..171214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 50.."0...*.H.............0.............4..IP.....B..h.....]..).]w.!"..a..{...="....._...~.s1.E.......;...6&/...\2..A....\..T aH:.8lH^.....l.v.$...K=sZf.*.|.%.Pb.......B..*f.T\w.:.s.... ....9..4..cV...3.qc.c..j<.f.....>1X.I...P%?.........5R-....Ca14..X.U....u.....:.z.\.k..b.E.v..,.J................0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-OFF-470...*.H.............G..\..R.P..e]...N.....m.....4f......b4"8v..b.R....`.Auz..........2=...@..........5..cWh....J......r...g.h......Kw'...j.@...x.....
<<< skipped >>>
GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60
Vary: Origin
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>
GET /css?family=Tangerine:400,700&ver=3.9.2 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
101..............[K.0.... r..LS......-..d:....%mY..&]...w. "(.^....}..h.%...z.|."W...=..(s-.A.Y.(A.6e...[.<...Gq.z...(.......@U. snK.j.l.Z.\.#n.d...h.QB.m......m2.jSQ8?.O.._.4......U.7uT.)....(.............B.FF.[......./6S[.y}9zZ..Sy...=...3..w.4;...f.z...........a....J.Y.......0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:57 GMT..Date: Sun, 05 Feb 2017 03:31:57 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..101..............[K.0.... r..LS......-..d:....%mY..&]...w. "(.^....}..h.%...z.|."W...=..(s-.A.Y.(A.6e...[.<...Gq.z...(.......@U. snK.j.l.Z.\.#n.d...h.QB.m......m2.jSQ8?.O.._.4......U.7uT.)....(.............B.FF.[......./6S[.y}9zZ..Sy...=...3..w.4;...f.z...........a....J.Y.......0..
GET /core.php?web_id=1189654&t=z HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 763
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:18:38 GMT
Last-Modified: Sun, 05 Feb 2017 03:18:38 GMT
Expires: Sun, 05 Feb 2017 03:33:38 GMT
Via: cache1.l2nu16-1[41,200-0,M], cache16.l2nu16-1[42,0], kunlun7.cn9[0,200-0,H], kunlun8.cn9[1,0]
Age: 760
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Sun, 05 Feb 2017 03:18:38 GMT
X-Swift-CacheTime: 900
Timing-Allow-Origin: *
EagleId: 77bc604814862654783473720e
!function(){var p,q,r,a=encodeURIComponent,b="1189654",c="",d="",e="online_v3.php",f="hzs11.cnzz.com",g="1",h="text",i="z",j="站长统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="1",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=" f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&k["callRequest"]([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnzz.com/img/" c ".gif",p="<a href='" q "' target=_blank title='" j "'><img border=0 hspace=0 vspace=0 src='" r "'></a>"):p="<a href='" q "' target=_blank title='" j "'>" j "</a>",k["createIcon"]([p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Type: application/javascript..Content-Length: 763..Connection: keep-alive..Date: Sun, 05 Feb 2017 03:18:38 GMT..Last-Modified: Sun, 05 Feb 2017 03:18:38 GMT..Expires: Sun, 05 Feb 2017 03:33:38 GMT..Via: cache1.l2nu16-1[41,200-0,M], cache16.l2nu16-1[42,0], kunlun7.cn9[0,200-0,H], kunlun8.cn9[1,0]..Age: 760..X-Cache: HIT TCP_MEM_HIT dirn:-2:-2..X-Swift-SaveTime: Sun, 05 Feb 2017 03:18:38 GMT..X-Swift-CacheTime: 900..Timing-Allow-Origin: *..EagleId: 77bc604814862654783473720e..!function(){var p,q,r,a=encodeURIComponent,b="1189654",c="",d="",e="online_v3.php",f="hzs11.cnzz.com",g="1",h="text",i="z",j="站长统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="1",n=l "//
<<< skipped >>>
GET /wp-content/themes/dream/font-awesome/css/font-awesome.min.css?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:58 GMT
Cache-Control: max-age=2592000, public
Expires: Sun, 05 Mar 2017 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5042
Content-Type: text/css
X-Varnish: 8474625 7832084
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1043
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........\M...q..W.wC..EWO..]..V.C.....V..|.I...$........n.D....z.{...i......D..>.._.e......6....VUb..O....e.S......e.\..i..?......T.............&.K_..=....._..../.v..........~..u..........x...dy9~p...?<.:;v.......`.>v."R...P....._....C...(....M....7.?.*.y...jDm.........E....w...S{cPs.;....>.....z-N].u......'.E....kWS.E.....|./.[.......KY.eZ....z.b..l..~f.`)}....}......W....._...;....<IK..])e.}]m$/%oE......j_o1'./m.K...,Oo.'.........8..|....g...-......d.?.}$.A.....UX.....p..7a..../o/27g;.d...ur.#..bx.. F....o..s.r.R....Xq}...Wro..]./..U[:..U.....K...V.....%7...QP..V....}..I...'EF5.....J..b....o....H...O/y..s..O6...-.P..#....ao ~.B......Z;..]...R.U} J...../w.......A..U=P..i.a8.T.l.Y.._y-..r..k.I..u!ki..Q........u.$....h....?..3.....G..7..C.N..q.w.0.t.9...........M.P.<<....d;6Z.d~....\....5.....jUa....2.k?...*..}z...0...j.u..p.l.;.....v..#U.*.Q&..9...(m..QRe.b0..l.g..7....7...E%.V..~.@>.m..n.<......K....[.k.....W...v..YL....2K...vu..........5..gO.].#.5...N......'..y%.....d.w.?.w.x...4g."...{.......g.. dm....L.J..,../>..m........lt.......?.......6.Z.?.3D$.B.G.6.]*.Z.....@...z9..7...#...k..a7.[.T.~?......'.1...Z~...M.....,.'......z.1...J.N...^......l.....V....'I.^lddO..DD.l.%Dx......{...{.X.....3...=.......Z2........F ..zO.\..e..i...}YfRgn@}.....5...%.T.B.g.3|cg......x.Y........."m.E..F....&x..I<C.b.zO....2.z42ys....9..x.f..o#|N..Tl......(....3.C.&. ).C..D.=...[{..J......L.1~..{...X..d.y..b.mI..G...Q......6...kEv.9W.=.l.....P. ....i...Q. ..].....C...5..@....`..L.rQO...LP4m4..(.S.Y
<<< skipped >>>
GET /wp-content/themes/dream/js/jquery.cycle.all.min.js?ver=2.9999.5 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:07:19 GMT
Last-Modified: Wed, 13 May 2015 16:18:32 GMT
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 03:07:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8430
Content-Type: application/javascript
X-Varnish: 8474626 2547585
Age: 1436
X-Cache: HIT
X-Cache-Hits: 173
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........=ks.F... .J.. ....[R..y...$.%...zuU ...A..@S2..~.=o.|.V...D.fzzfzz.9.]~y.r.t...*...o.&I..IVwq...q9w~.....8K.o.Y..c...w..b.D...Sg.MV.(-C....3/......o.....b..M....{.D..d..<...N{......;....C.y.....(/........z_9...}..'...@.].....(-...J.Q......./4..|....z.`...To^....).m..Q1.....=...,w...r..l.g.t..n.{.9P)....0w>Dy.....x.>.A_.,/. ...t.-.I\>...{.<[.Q.[.q...^.i4^....!t..G..Q1K2..)`|'.u.N.5.2-.$....=.`.s.}K.n..."....2...|XF.wY...I...;Z..s....y/._.o..{.[. X.@.%J.&..U.:Q....Av#=x..-..<.a.i...bX...WDI4)....w.v...;. .$QzW......@t..E.-]...4.~........4.o_...Y..X.9...8.s.$.F.<[.lt...m....ke.......c#1].....VY.)...n.|...H....Y.l....9;..V..v..N..!..[=...(.......e..a#$...nD/..7R.@.`.;"b....z..........w......`..vkpf#.Z4..%^D..d......zT .t.qU..0?..C.....%8'...............v.G-...7...4........".xzwQ.&"B.....`1k..,sf.Z0..6.n!Wv'.n..W..k.Rm..'.....!.P.7..."*.0/.`4..m.8]e.....a.......Y........S.m....3^>.'..a>-h..7.Q....4J........>.C..#...Y...S..!.4..F(.4..p..%.....l.w.i...3.l...X...MT.?..@...O....uN...|..]..X.rV."...3.bV...#yU....g.5-.._v?..E..5... ....x9.E.....m.y...)..2.X...<..M..V...$a.u.3Z..*.... ...#......$..a.I.$pa/.y.... ...)....G.Y..9#{.....v...W.Z.2E...B....{...F....G.X.o.........^o.*...@evw.D@.....{....a.4.G...`9....8.].%..h....i...l}....s......K.?a.y.A...>wx2?...B,..n...GzI......h......N.....m.a-a;......3...;i..w)*.7....X..t....H">>a..I.5.y....N?..$....g..L........r.jcH..;...! ....l.{.....U.Q..$..y?o.m.....F.8.9.]...(.\).zYJ.7....@.Ug..D...gM].............X|j.>.......;.^.
<<< skipped >>>
GET /tag/sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah/ HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:46 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:46 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46612
Content-Type: text/html; charset=UTF-8
X-Varnish: 11095906
Age: 0
X-Cache: MISS
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
....................4.wH5mH.NWo@.$.`.Ii$..D#..;v..-. .*..,..FS3..g...p.X.#<.. ..M.P._d......._..O_......Z.....z.9.]m....I.....I........n........n.?.6.....,...........fU.C3.8....6....|Wo..'...~...Iu...fgp..b\.X4...f.?N.v..m...7..yq.o...u.7..'...m7.I.2.{qb.....g].<.s.;.L......YG......Mwv.m..l7...l...P..v.4/_.L.m7o7. ...i..........c..^M..4....P....nY.....U....Y........O_|.M..O...<..........>.|~N.z...f....V......g..<.n.v?V...y.........5=.......iM...l....f........w.9...`jv.mwgw.G/.........-...3..|..S..j.jh..2.w....?5....W.yu..]=.......i.........L..^.... .V].0.j...;.Jw..|...M..v....X......003x>.....n`f..........s~R.....L.}...8.7.L765.....t4...v...f..a....}N.*2..V..[=...G......?q............e.........:.V.y.6.*ZWa...S.]=.*..?......c....a.......q.......S.....fQZ:..nG..."_v.....`.n,..^..u..P/....,.....'x.I..O...}.[t.g?...mw..j...sC........?....*....q>.........^6.......8...q.......8?9=1.2......1tS...<...YD...-.....................`6.Nv....M..............5...v70.......G.s.................dc..M.s.c..L..<:]..9[6.......~..}|r.8y...........gF...`H..... _...I.]..ON.......E..j..p.#........./^.P....Wcoz....._.a..[4.__?......O/.N../.>:.8.xtzs6v.1S...........q..q....c..........W/^,.._...[?.....wz..la~........_].......v.=......5TV...s..-7|.`...........G..gf.....U.Y||.......Kx...Qpx.....7....0...&.2<..~._.........>.......?..7...^....o.x...g...0/.#x.....K........g.b........Y.M.....>>1_..6.o.za.....W..Nk..1.K7#n..X.....I...G.mI...n26F..-..SVy.F...W..:....,4;n.#..f.............5.......g.g..|....
<<< skipped >>>
GET /js/jquery.tipsy.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: application/javascript
Content-Length: 7388
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:13 GMT
Accept-Ranges: bytes
ETag: "80684f8a3869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
// tipsy, facebook style tooltips for jquery.// version 1.0.0a.// (c) 2008-2010 jason frame [jason@onehackoranother.com].// releated under the MIT license..(function($) {. . function fixTitle($ele) {. if ($ele.attr('title') || typeof($ele.attr('original-title')) != 'string') {. $ele.attr('original-title', $ele.attr('title') || '').removeAttr('title');. }. }. . function Tipsy(element, options) {. this.$element = $(element);. this.options = options;. this.enabled = true;. fixTitle(this.$element);. }. . Tipsy.prototype = {. show: function() {. var title = this.getTitle();. if (title && this.enabled) {. var $tip = this.tip();. . $tip.find('.tipsy-inner')[this.options.html ? 'html' : 'text'](title);. $tip[0].className = 'tipsy'; // reset classname in case of dynamic gravity. $tip.remove().css({top: 0, left: 0, visibility: 'hidden', display: 'block'}).appendTo(document.body);. . var pos = $.extend({}, this.$element.offset(), {. width: this.$element[0].offsetWidth,. height: this.$element[0].offsetHeight. });. . var actualWidth = $tip[0].offsetWidth, actualHeight = $tip[0].offsetHeight;. var gravity = (typeof this.options.gravity == 'function'). ? this.options.gravity.call(this.$elemen
<<< skipped >>>
GET /templets/default/js/jquery.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 277976
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:29 GMT
Accept-Ranges: bytes
ETag: "80d0d8933869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache: from WT263CDN
/*!.. * jQuery JavaScript Library v1.9.1.. * hXXp://jquery.com/.. *.. * Includes Sizzle.js.. * hXXp://sizzlejs.com/.. *.. * Copyright 2005, 2012 jQuery Foundation, Inc. and other contributors.. * Released under the MIT license.. * hXXp://jquery.org/license.. *.. * Date: 2013-2-4.. */..(function( window, undefined ) {..// Can't do this because several apps including ASP.NET trace..// the stack via arguments.caller.callee and Firefox dies if..// you try to trace through "use strict" call chains. (#13335)..// Support: Firefox 18 ..//"use strict";..var...// The deferred used on DOM ready...readyList,...// A central reference to the root jQuery(document)...rootjQuery,...// Support: IE<9...// For `typeof node.method` instead of `node.method !== undefined`...core_strundefined = typeof undefined,...// Use the correct document accordingly with window argument (sandbox)...document = window.document,...location = window.location,...// Map over jQuery in case of overwrite..._jQuery = window.jQuery,...// Map over the $ in case of overwrite..._$ = window.$,...// [[Class]] -> type pairs...class2type = {},...// List of deleted data cache ids, so we can reuse them...core_deletedIds = [],...core_version = "1.9.1",...// Save a reference to some core methods...core_concat = core_deletedIds.concat,...core_push = core_deletedIds.push,...core_slice = core_deletedIds.slice,...core_indexOf = core_deletedIds.indexOf,...core_toString = class2type.toString,...core_hasOwn = class2type.hasOwnProperty,...core_trim = core_version.trim,.
<<< skipped >>>
GET /b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/ HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ic.tynt.com
Connection: Keep-Alive
Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519
HTTP/1.1 200 OK
Server: nginx/1.10.1
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Type: image/gif
Content-Length: 35
Last-Modified: Fri, 16 Apr 2010 15:38:20 GMT
Connection: close
ETag: "4bc8846c-23"
Cache-Control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
Expires: "Sat, 26 Jul 1997 05:00:00 GMT"
Set-Cookie: uid=CmUMK1iWnK9eI1ja1raBAg==; expires=Mon, 05-Feb-18 03:31:59 GMT; domain=tynt.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Accept-Ranges: bytes
P3P: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
GIF89a.............,...........D..;..
GET /css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
171..............Oo.@...~...I.DJ./J...............H.~.JSmL....q........8".kB......B.."(.I..@s..-..]Lr.. ...DG5s..GD.1L.......D..)....(...x..E...............].qa..<.t.......S...L....5..r..J.g..RT7..Z..nu..~YR).U..*...7..p17.bd..O.:W...H.s....R.1.y.^g.F]4.....3...M.W......D>...@.|u..w.*.p.z.HS%/..a"..}S...l.a.r.*.(]X.f..o.~....(...!....1..3FZ.4...z.N....us....o.n...#.........a.....O/.......0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:57 GMT..Date: Sun, 05 Feb 2017 03:31:57 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..171..............Oo.@...~...I.DJ./J...............H.~.JSmL....q........8".kB......B.."(.I..@s..-..]Lr.. ...DG5s..GD.1L.......D..)....(...x..E...............].qa..<.t.......S...L....5..r..J.g..RT7..Z..nu..~YR).U..*...7..p17.bd..O.:W...H.s....R.1.y.^g.F]4.....3...M.W......D>...@.|u..w.*.p.z.HS%/..a"..}S...l.a.r.*.(]X.f..o.~....(...!....1..3FZ.4...z.N....us....o.n...#.........a.....O/.......0..
GET /pa?p=2:3313361925:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..
GET /1234567890.functions HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: mrx9.ddns.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 No
GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60
Vary: Origin
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G....(......=;S../gJ<.N...JR..?.?e..|..u.K.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1609
content-transfer-encoding: binary
Cache-Control: max-age=353267, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 05:39:19 GMT
Expires: Thu, 9 Feb 2017 05:39:19 GMT
Date: Sun, 05 Feb 2017 03:31:32 GMT
Connection: keep-alive
0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....20170202053919Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C....6!..u.....1...oL....20170202053919Z....20170209053919Z0...*.H.............A.w.4[.....FWS..G,.>A_`.Mp...g........_._.".%g...~.M.<.......I....3}.6P..).. ....$......M.....EW.-.........`.v...o.E.....7.......).F_.....j..k?(\..g......U.].=]5j......>b'...4?...sW.C..H.O...N.....n.".#..g..=7.....^...'U..b.BM.....m.!4./:.\..s.9..............n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..170211235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCSP Responder0.."0...*.H.............0..........0........g........T.$h..=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B..4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>.....r.....j...
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1609
content-transfer-encoding: binary
Cache-Control: max-age=383774, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 14:03:50 GMT
Expires: Thu, 9 Feb 2017 14:03:50 GMT
Date: Sun, 05 Feb 2017 03:31:43 GMT
Connection: keep-alive
0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....20170202140350Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C....L;........b.........20170202140350Z....20170209140350Z0...*.H.............X..AT.v.....yE..=y..........g..Y..0....Ev".^.=2>0..f..<...g.......3.........f$%..*}.wr.>.]..ERT...,..{.7.....9J..F`...NY.Z..aF>...xI#.Y['.....ne....>..D..=.xz>u.F....w/.......g..v<.\HzV.....f(....)..U..^...1.....Gf..;..C.8?.k.(......}=.0........t.....~...j...n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..170211235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCSP Responder0.."0...*.H.............0..........0........g........T.$h..=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B..4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>...
<<< skipped >>>
GET /v4/css/style.css HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:16 GMT
Content-Type: text/css
Content-Length: 806
Last-Modified: Fri, 17 Jun 2016 08:02:04 GMT
Connection: close
ETag: "5763ae7c-326"
Expires: Sun, 05 Feb 2017 05:31:16 GMT
Cache-Control: max-age=7200
Accept-Ranges: bytes
*{. margin:0px;. padding:0px;. font-size:12px;.}.body.{..background-color:#ffffff;. overflow:hidden;. line-height:18px;.}.table.{. table-layout:fixed;.}.#Div_Main.{. width:100%;. height:100%;. text-align:center;. vertical-align:middle;.}.#Div_Play.{. position:absolute;. z-index:101;. width:150px;. height:20px;. text-align:right;.}.#Div_Play span.{. width:16px;. height:16px;. margin-right:3px;. text-align:center;. color:#ffffff;. font-family:"Microsoft Sans Serif";. font-weight:bolder;. font-size:9px;. background-color:#d3d3cd;. cursor:pointer;. border:solid 1px;. border-color:#ece9d8;.}..PlayLoop.{..top:95px;. left:432px;.}..PlayLoopGJ.{..top:84px;. left:214px;.}..PlayBody.{. width:100%;. height:100%;.}...
GET / HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=88=C6CEKO82itAhdU0twN6URqunh6Sn9EPCs-teRRQ4QRgNCJP-EG6VgSTOkC7BafUzPUi-GjuRAoRi6F4Sx78Gd_cLieG7apk740DNnT0oV6phUdJTT3H8MUyjxWiFq3Dm
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ
Content-Length: 262
Date: Sun, 05 Feb 2017 03:31:12 GMT
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ..Content-Length: 262..Date: Sun, 05 Feb 2017 03:31:12 GMT..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ">here</A>...</BODY></HTML>....
GET /js/300/addthis_widget.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2017 16:20:58 GMT
ETag: "54622-5478e8ce06e80"
Content-Encoding: gzip
Timing-Allow-Origin: *
Surrogate-Key: client_dist
Cache-Control: public, no-check, max-age=600
CF-Cache-Status: HIT
X-Host: s7.addthis.com
X-Distribution: 99
Server: cloudflare-nginx
CF-RAY: 32c34addd40d595a-VIE
1b110...............z.......WA#...A...<)..-.i...=.Ng...........@.......ol......d'Y._...>P@.P5j.8W...v.dQ........u...h.MN..{I.m.u.....&N....O:..I.[.6..7..tm.b....O..#]5d.._..q.....s....6{b.....zv....u...7.l.jo.....c.q.e..L...2.........*\.g.G...^.no?..i.qo/.o..E..lV7.@.{.;...X....4.FW3.4.x.^GYp..n6a...z....F<.%.2c..H..L.\..~....k..d..Z.s..E..|(<M>..d.Qj.J:...........zG.$.?....&..W:o....*S......=G...S.:.r...~z.-.nOM.z.ZaN.e....5..ZS......c.M. .l6.O.._....P.*.........>.u.....)3...."....:.....U.....{....2.....0z....E..=.u....I.......|..,....._.:.......a63...`..?.Y.DD..&..n.o...[{j..4./...4....0........F..M.^E.5s.....g... H..hj...0.....H.x.q.}....&.= sw.......~...b1.m{>./..=.,t.A...X.2X.'.(...p..&:6t&....-..lg..mkb..j.l..........}.5....r.`<...h..x.`.0.!..'...Y......`...ab,.o...\..qh{.I..&.5q.'..'..G.`.O.C.....7...@b..:..3......|...#o.........._.c...r4./..._.......`..o..so>.N.....F.m.~1..o.. ...e.c'.......x9...E....0\..6....K../......h.1....`................s{...x..^h/......,{4..].}.....=.!.0...K.....~=.v83.`0...=....1........,G.?.O.....}.l8..3S..,..b1....b<....0 j.G....s.0.G.Q.9....,..5_,|7.....0..C..,..0./B..mob..X.0.......ht.x~........x..xa.\.H...Do....!......>...........K..0t.......Ck0v.h.;......0.,.q.N..3...g....9.s..h..G(.X:.r....U......X....-......0.....G5oa....Z...x....|{..@a<Y....`.,F...}>....hl/...`.X...."...0hg............Gv`[........{....7\`.....t..v..w...e...........0.4....}..... ...0X..........x.L.kw.......e..,.[.......,........9`.`.....C.b]..pi.@$\..kd......q..;.
<<< skipped >>>
Map
The Backdoor connects to the servers at the folowing location(s):
Strings from Dumps
jingling.exe_2472:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
tG
tG
SSSSSh
SSSSSh
SSSSh
SSSSh
t%SSh-
t%SSh-
uùu
uùu
8%ukP
8%ukP
8.uJIQ@P
8.uJIQ@P
tSHt.HHt
tSHt.HHt
t.hH_G
t.hH_G
.VVVVVSRSSj
.VVVVVSRSSj
tGHt.Ht&
tGHt.Ht&
spiritsoft@126.com
spiritsoft@126.com
updurl
updurl
requrl2
requrl2
requrl1
requrl1
requrl
requrl
(hXXp://service.spiritsoft.cn)
(hXXp://service.spiritsoft.cn)
rlurl
rlurl
sburl
sburl
1.2.3
1.2.3
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x
f=%d&v=%d&c=%d&i=%s
f=%d&v=%d&c=%d&i=%s
urls
urls
furl
furl
furls
furls
turl
turl
turls
turls
usefurl
usefurl
useturl
useturl
maxfurl
maxfurl
maxturlct
maxturlct
maxturl
maxturl
|%d|%d
|%d|%d
%d|%d|%d|%d|%d|%d|%s|%d|%u
%d|%d|%d|%d|%d|%d|%s|%d|%u
arr_urls
arr_urls
CoGetClassObjectFromURL
CoGetClassObjectFromURL
googlepinyin2.ime
googlepinyin2.ime
googlepinyin.ime
googlepinyin.ime
jpwb.ime
jpwb.ime
sogouwb.ime
sogouwb.ime
sogoupy.ime
sogoupy.ime
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
URLDownloadToFileA
URLDownloadToFileA
URLDownloadToFileW
URLDownloadToFileW
URLDownloadToCacheFileA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToCacheFileW
kernel32.dll
kernel32.dll
mscoree.dll
mscoree.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb
d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb
PSAPI.DLL
PSAPI.DLL
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
RegisterHotKey
RegisterHotKey
UnregisterHotKey
UnregisterHotKey
ExitWindowsEx
ExitWindowsEx
EnumDesktopWindows
EnumDesktopWindows
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHFileOperationW
SHFileOperationW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
RASAPI32.dll
RASAPI32.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
CreateURLMoniker
CreateURLMoniker
urlmon.dll
urlmon.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
CreateDialogIndirectParamA
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamW
RegOpenKeyExA
RegOpenKeyExA
.?AVCInputURLDlg@@
.?AVCInputURLDlg@@
.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLInfoListCtrl@@
.?AVCURLInfoListCtrl@@
.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@
.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@
.?AVCURLAreaDlg@@
.?AVCURLAreaDlg@@
.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLMessageLoop@@
.?AVCURLMessageLoop@@
.?AVCURLCurveDlg@@
.?AVCURLCurveDlg@@
.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOptDlg@@
.?AVCURLOptDlg@@
.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@
.?AVCDLURLTestDlg@@
.?AVCDLURLTestDlg@@
.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOSDlg@@
.?AVCURLOSDlg@@
.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@
.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@
.?AVCTaskStepFromURL@@
.?AVCTaskStepFromURL@@
.?AVCTaskStepTargetURL@@
.?AVCTaskStepTargetURL@@
.?AVCTaskStepURL@@
.?AVCTaskStepURL@@
.?AVCTaskStepSubURL@@
.?AVCTaskStepSubURL@@
.?AVCTuoIWebBrowser@@
.?AVCTuoIWebBrowser@@
.?AUIWebBrowser2@@
.?AUIWebBrowser2@@
.?AUIWebBrowserApp@@
.?AUIWebBrowserApp@@
.?AUIWebBrowser@@
.?AUIWebBrowser@@
zcÁ
zcÁ
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
bd.dat
bd.dat
urlcore.dat
urlcore.dat
product.dat
product.dat
Spiritsoft\urlspirit
Spiritsoft\urlspirit
https
https
hXXp://user.qzone.qq.com/%s
hXXp://user.qzone.qq.com/%s
hXXp://user.qzone.qq.com/
hXXp://user.qzone.qq.com/
hXXp://
hXXp://
hXXps://
hXXps://
5e3342fd-8290-4b05-a431-4c1b2f4b2e53
5e3342fd-8290-4b05-a431-4c1b2f4b2e53
keycode
keycode
Hotkey
Hotkey
A9486DFB-C8ED-4e57-A71C-802E9A67F5C0
A9486DFB-C8ED-4e57-A71C-802E9A67F5C0
@%d/%d
@%d/%d
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
urlspace
urlspace
(%d%%)
(%d%%)
(jingling.exe)
(jingling.exe)
(4.0.4)
(4.0.4)
maxurls
maxurls
%s?v=%d.%d.%d.%d-%d%d%d%d
%s?v=%d.%d.%d.%d-%d%d%d%d
URLINFO%d
URLINFO%d
urlct
urlct
4.0.4
4.0.4
%s?q=%d
%s?q=%d
hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat
hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat
(%d)-
(%d)-
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
tcfg.dat
tcfg.dat
@%d%%
@%d%%
%u,%s
%u,%s
hlpdfurl
hlpdfurl
hlpbuyfurl
hlpbuyfurl
hlpfurl
hlpfurl
hlpsubturl
hlpsubturl
hlpbuyturl
hlpbuyturl
hlpturl
hlpturl
hXXp://up.spiritsoft.cn/v3/urltest.exe
hXXp://up.spiritsoft.cn/v3/urltest.exe
urltest
urltest
"%s" %s%s %s%s %s%s
"%s" %s%s %s%s %s%s
/URL=
/URL=
/SubURL=
/SubURL=
/TURL=
/TURL=
urltest.exe
urltest.exe
%d~%d
%d~%d
%sx
%sx
xxxxxxxxxxx
xxxxxxxxxxx
spiritsoft.cn
spiritsoft.cn
us%d.
us%d.
urlspirit.spiritsoft.cn
urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
Content-Length: %d
Content-Length: %d
Host: %s
Host: %s
Host: %s:%d
Host: %s:%d
HTTP/1.1
HTTP/1.1
application/x-www-form-urlencoded
application/x-www-form-urlencoded
hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s
hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s
dbghelp.dll
dbghelp.dll
urlcore2-taskcore-0010
urlcore2-taskcore-0010
rjingling.exe
rjingling.exe
B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
"%s" /idx=%d
"%s" /idx=%d
B%s-%d
B%s-%d
{21918AFB-D09D-4836-84CE-F6352A910B82-%d}
{21918AFB-D09D-4836-84CE-F6352A910B82-%d}
{E3E23319-4433-40bd-A611-79EEA469B90B-%d}
{E3E23319-4433-40bd-A611-79EEA469B90B-%d}
{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}
{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}
urlcore3-taskcore-%d
urlcore3-taskcore-%d
Ftaskworker.exe
Ftaskworker.exe
durlmon.dll
durlmon.dll
blog.sina.com.cn
blog.sina.com.cn
gogoCurlcore3-taskcore-
Curlcore3-taskcore-
Opera
Opera
Windows
Windows
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
Lgooglepinyin2.ime
Lgooglepinyin2.ime
{05300401-BCBC-11D0-85E3-00C04FD85AB4}
{05300401-BCBC-11D0-85E3-00C04FD85AB4}
{2933BF90-7B36-11D2-B20E-00C04F983E60}
{2933BF90-7B36-11D2-B20E-00C04F983E60}
{F5078F33-C551-11D3-89B9-0000F81FE221}
{F5078F33-C551-11D3-89B9-0000F81FE221}
{F5078F32-C551-11D3-89B9-0000F81FE221}
{F5078F32-C551-11D3-89B9-0000F81FE221}
{F6D90F11-9C73-11D3-B32E-00C04F990BB4}
{F6D90F11-9C73-11D3-B32E-00C04F990BB4}
{88D969C5-F192-11D4-A65F-0040963251E5}
{88D969C5-F192-11D4-A65F-0040963251E5}
{88D96A0A-F192-11D4-A65F-0040963251E5}
{88D96A0A-F192-11D4-A65F-0040963251E5}
{F5078F35-C551-11D3-89B9-0000F81FE221}
{F5078F35-C551-11D3-89B9-0000F81FE221}
{ED8C108E-4349-11D2-91A4-00C04F7969E8}
{ED8C108E-4349-11D2-91A4-00C04F7969E8}
{F6D90F16-9C73-11D3-B32E-00C04F990BB4}
{F6D90F16-9C73-11D3-B32E-00C04F990BB4}
{d27cdb6e-ae6d-11cf-96b8-444553540000}
{d27cdb6e-ae6d-11cf-96b8-444553540000}
{8F6B0360-B80D-11D0-A9B3-006097942311}
{8F6B0360-B80D-11D0-A9B3-006097942311}
{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}
{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}
{25336920-03F9-11CF-8FD0-00AA00686F13}
{25336920-03F9-11CF-8FD0-00AA00686F13}
{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
{00020420-0000-0000-C000-000000000046}
{00020420-0000-0000-C000-000000000046}
{8856F961-340A-11D0-A96B-00C04FD705A2}
{8856F961-340A-11D0-A96B-00C04FD705A2}
{F5078F36-C551-11D3-89B9-0000F81FE221}
{F5078F36-C551-11D3-89B9-0000F81FE221}
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1
Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1
Mozilla/
Mozilla/
Windows NT
Windows NT
Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)
Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)
Dedu.cn
Dedu.cn
gov.cn
gov.cn
org.cn
org.cn
net.cn
net.cn
com.cn
com.cn
dsound.dll
dsound.dll
mf.dll
mf.dll
AcroRd32.exe
AcroRd32.exe
rKernel32.dll
rKernel32.dll
jingling.exe
jingling.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
msctls_hotkey32
msctls_hotkey32
urlcore
urlcore
"spiritsoft@126.com"
"spiritsoft@126.com"
hXXp://service.spiritsoft.cn
hXXp://service.spiritsoft.cn
...:%s --
...:%s --
IP: %s --
IP: %s --
: %d --
: %d --
2014.10.10.101
2014.10.10.101
4.0.4.1
4.0.4.1
jingling.exe_2472_rwx_00422000_00001000:
tSHt.HHt
tSHt.HHt
iexplore.exe_3572:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
iexplore.exe_3428:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
svchost.exe_1256:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
msvcrt.dll
msvcrt.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
RPCRT4.dll
ole32.dll
ole32.dll
ntdll.dll
ntdll.dll
_amsg_exit
_amsg_exit
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
GetProcessHeap
GetProcessHeap
svchost.pdb
svchost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Services.SvcHost"
name="Microsoft.Windows.Services.SvcHost"
Host Process for Windows Services
Host Process for Windows Services
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
\PIPE\
\PIPE\
Host Process for Windows Services
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
svchost.exe
svchost.exe
Windows
Windows
Operating System
Operating System
6.1.7600.16385
6.1.7600.16385
svchost.exe_1256_rwx_10000000_0004A000:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
ServerKeyloggerU
ServerKeyloggerU
789:;
789:;
%SERVER%
%SERVER%
URLMON.DLL
URLMON.DLL
shell32.dll
shell32.dll
hXXp://
hXXp://
advapi32.dll
advapi32.dll
kernel32.dll
kernel32.dll
mpr.dll
mpr.dll
version.dll
version.dll
comctl32.dll
comctl32.dll
gdi32.dll
gdi32.dll
opengl32.dll
opengl32.dll
user32.dll
user32.dll
wintrust.dll
wintrust.dll
msimg32.dll
msimg32.dll
GetKeyboardType
GetKeyboardType
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
oleaut32.dll
oleaut32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyW
GetWindowsDirectoryW
GetWindowsDirectoryW
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
MapVirtualKeyW
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
shlwapi.dll
shlwapi.dll
SHDeleteKeyW
SHDeleteKeyW
FindExecutableW
FindExecutableW
URLDownloadToCacheFileW
URLDownloadToCacheFileW
wininet.dll
wininet.dll
FtpPutFileW
FtpPutFileW
FtpSetCurrentDirectoryW
FtpSetCurrentDirectoryW
GetKeyboardState
GetKeyboardState
ntdll.dll
ntdll.dll
ShellExecuteW
ShellExecuteW
KWindows
KWindows
TServerKeylogger
TServerKeylogger
x.html
x.html
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
[Execute]
[Execute]
KeyDelBackspace
KeyDelBackspace
.html
.html
XtremeKeylogger
XtremeKeylogger
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
.functions
.functions
icon=shell32.dll,4
icon=shell32.dll,4
shellexecute=
shellexecute=
autorun.inf
autorun.inf
\Microsoft\Windows
\Microsoft\Windows
\Microsoft\Windows\
\Microsoft\Windows\
ÞFAULTBROWSER%
ÞFAULTBROWSER%
svchost.exe
svchost.exe
mrx9.ddns.net
mrx9.ddns.net
100mrx9.ddns.net
100mrx9.ddns.net
Microsoft.exe
Microsoft.exe
ÞFA
ÞFA
{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}
{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{0.HKCU
{0.HKCU
2.8.1
2.8.1
PTF.ftpserver.com
PTF.ftpserver.com
ftpuser
ftpuser
s.net
s.net
iexplore.exe_1452:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
iexplore.exe_1452_rwx_10000000_0004A000:
.idata
.idata
.rdata
.rdata
P.reloc
P.reloc
P.rsrc
P.rsrc
ServerKeyloggerU
ServerKeyloggerU
789:;
789:;
%SERVER%
%SERVER%
URLMON.DLL
URLMON.DLL
shell32.dll
shell32.dll
hXXp://
hXXp://
advapi32.dll
advapi32.dll
kernel32.dll
kernel32.dll
mpr.dll
mpr.dll
version.dll
version.dll
comctl32.dll
comctl32.dll
gdi32.dll
gdi32.dll
opengl32.dll
opengl32.dll
user32.dll
user32.dll
wintrust.dll
wintrust.dll
msimg32.dll
msimg32.dll
GetKeyboardType
GetKeyboardType
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
oleaut32.dll
oleaut32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyW
GetWindowsDirectoryW
GetWindowsDirectoryW
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
MapVirtualKeyW
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
shlwapi.dll
shlwapi.dll
SHDeleteKeyW
SHDeleteKeyW
FindExecutableW
FindExecutableW
URLDownloadToCacheFileW
URLDownloadToCacheFileW
wininet.dll
wininet.dll
FtpPutFileW
FtpPutFileW
FtpSetCurrentDirectoryW
FtpSetCurrentDirectoryW
GetKeyboardState
GetKeyboardState
ntdll.dll
ntdll.dll
ShellExecuteW
ShellExecuteW
KWindows
KWindows
TServerKeylogger
TServerKeylogger
x.html
x.html
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
[Execute]
[Execute]
KeyDelBackspace
KeyDelBackspace
.html
.html
XtremeKeylogger
XtremeKeylogger
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
.functions
.functions
icon=shell32.dll,4
icon=shell32.dll,4
shellexecute=
shellexecute=
autorun.inf
autorun.inf
\Microsoft\Windows
\Microsoft\Windows
\Microsoft\Windows\
\Microsoft\Windows\
ÞFAULTBROWSER%
ÞFAULTBROWSER%
svchost.exe
svchost.exe
mrx9.ddns.net
mrx9.ddns.net
100mrx9.ddns.net
100mrx9.ddns.net
Microsoft.exe
Microsoft.exe
ÞFA
ÞFA
{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}
{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{0.HKCU
{0.HKCU
2.8.1
2.8.1
PTF.ftpserver.com
PTF.ftpserver.com
ftpuser
ftpuser
s.net
s.net
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
jingling.exe_1532:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
tG
tG
SSSSSh
SSSSSh
SSSSh
SSSSh
t%SSh-
t%SSh-
uùu
uùu
8%ukP
8%ukP
8.uJIQ@P
8.uJIQ@P
tSHt.HHt
tSHt.HHt
t.hH_G
t.hH_G
.VVVVVSRSSj
.VVVVVSRSSj
tGHt.Ht&
tGHt.Ht&
spiritsoft@126.com
spiritsoft@126.com
updurl
updurl
requrl2
requrl2
requrl1
requrl1
requrl
requrl
(hXXp://service.spiritsoft.cn)
(hXXp://service.spiritsoft.cn)
rlurl
rlurl
sburl
sburl
1.2.3
1.2.3
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x
f=%d&v=%d&c=%d&i=%s
f=%d&v=%d&c=%d&i=%s
urls
urls
furl
furl
furls
furls
turl
turl
turls
turls
usefurl
usefurl
useturl
useturl
maxfurl
maxfurl
maxturlct
maxturlct
maxturl
maxturl
|%d|%d
|%d|%d
%d|%d|%d|%d|%d|%d|%s|%d|%u
%d|%d|%d|%d|%d|%d|%s|%d|%u
arr_urls
arr_urls
CoGetClassObjectFromURL
CoGetClassObjectFromURL
googlepinyin2.ime
googlepinyin2.ime
googlepinyin.ime
googlepinyin.ime
jpwb.ime
jpwb.ime
sogouwb.ime
sogouwb.ime
sogoupy.ime
sogoupy.ime
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
URLDownloadToFileA
URLDownloadToFileA
URLDownloadToFileW
URLDownloadToFileW
URLDownloadToCacheFileA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToCacheFileW
kernel32.dll
kernel32.dll
mscoree.dll
mscoree.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb
d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb
PSAPI.DLL
PSAPI.DLL
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
RegisterHotKey
RegisterHotKey
UnregisterHotKey
UnregisterHotKey
ExitWindowsEx
ExitWindowsEx
EnumDesktopWindows
EnumDesktopWindows
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHFileOperationW
SHFileOperationW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
RASAPI32.dll
RASAPI32.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
CreateURLMoniker
CreateURLMoniker
urlmon.dll
urlmon.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
CreateDialogIndirectParamA
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamW
RegOpenKeyExA
RegOpenKeyExA
.?AVCInputURLDlg@@
.?AVCInputURLDlg@@
.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLInfoListCtrl@@
.?AVCURLInfoListCtrl@@
.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@
.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@
.?AVCURLAreaDlg@@
.?AVCURLAreaDlg@@
.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLMessageLoop@@
.?AVCURLMessageLoop@@
.?AVCURLCurveDlg@@
.?AVCURLCurveDlg@@
.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOptDlg@@
.?AVCURLOptDlg@@
.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@
.?AVCDLURLTestDlg@@
.?AVCDLURLTestDlg@@
.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOSDlg@@
.?AVCURLOSDlg@@
.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@
.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@
.?AVCTaskStepFromURL@@
.?AVCTaskStepFromURL@@
.?AVCTaskStepTargetURL@@
.?AVCTaskStepTargetURL@@
.?AVCTaskStepURL@@
.?AVCTaskStepURL@@
.?AVCTaskStepSubURL@@
.?AVCTaskStepSubURL@@
.?AVCTuoIWebBrowser@@
.?AVCTuoIWebBrowser@@
.?AUIWebBrowser2@@
.?AUIWebBrowser2@@
.?AUIWebBrowserApp@@
.?AUIWebBrowserApp@@
.?AUIWebBrowser@@
.?AUIWebBrowser@@
zcÁ
zcÁ
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
bd.dat
bd.dat
urlcore.dat
urlcore.dat
product.dat
product.dat
Spiritsoft\urlspirit
Spiritsoft\urlspirit
https
https
hXXp://user.qzone.qq.com/%s
hXXp://user.qzone.qq.com/%s
hXXp://user.qzone.qq.com/
hXXp://user.qzone.qq.com/
hXXp://
hXXp://
hXXps://
hXXps://
5e3342fd-8290-4b05-a431-4c1b2f4b2e53
5e3342fd-8290-4b05-a431-4c1b2f4b2e53
keycode
keycode
Hotkey
Hotkey
A9486DFB-C8ED-4e57-A71C-802E9A67F5C0
A9486DFB-C8ED-4e57-A71C-802E9A67F5C0
@%d/%d
@%d/%d
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
urlspace
urlspace
(%d%%)
(%d%%)
(jingling.exe)
(jingling.exe)
(4.0.4)
(4.0.4)
maxurls
maxurls
%s?v=%d.%d.%d.%d-%d%d%d%d
%s?v=%d.%d.%d.%d-%d%d%d%d
URLINFO%d
URLINFO%d
urlct
urlct
4.0.4
4.0.4
%s?q=%d
%s?q=%d
hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat
hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat
(%d)-
(%d)-
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
tcfg.dat
tcfg.dat
@%d%%
@%d%%
%u,%s
%u,%s
hlpdfurl
hlpdfurl
hlpbuyfurl
hlpbuyfurl
hlpfurl
hlpfurl
hlpsubturl
hlpsubturl
hlpbuyturl
hlpbuyturl
hlpturl
hlpturl
hXXp://up.spiritsoft.cn/v3/urltest.exe
hXXp://up.spiritsoft.cn/v3/urltest.exe
urltest
urltest
"%s" %s%s %s%s %s%s
"%s" %s%s %s%s %s%s
/URL=
/URL=
/SubURL=
/SubURL=
/TURL=
/TURL=
urltest.exe
urltest.exe
%d~%d
%d~%d
%sx
%sx
xxxxxxxxxxx
xxxxxxxxxxx
spiritsoft.cn
spiritsoft.cn
us%d.
us%d.
urlspirit.spiritsoft.cn
urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
Content-Length: %d
Content-Length: %d
Host: %s
Host: %s
Host: %s:%d
Host: %s:%d
HTTP/1.1
HTTP/1.1
application/x-www-form-urlencoded
application/x-www-form-urlencoded
hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s
hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s
dbghelp.dll
dbghelp.dll
urlcore2-taskcore-0010
urlcore2-taskcore-0010
rjingling.exe
rjingling.exe
B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
"%s" /idx=%d
"%s" /idx=%d
B%s-%d
B%s-%d
{21918AFB-D09D-4836-84CE-F6352A910B82-%d}
{21918AFB-D09D-4836-84CE-F6352A910B82-%d}
{E3E23319-4433-40bd-A611-79EEA469B90B-%d}
{E3E23319-4433-40bd-A611-79EEA469B90B-%d}
{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}
{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}
urlcore3-taskcore-%d
urlcore3-taskcore-%d
Ftaskworker.exe
Ftaskworker.exe
durlmon.dll
durlmon.dll
blog.sina.com.cn
blog.sina.com.cn
gogoCurlcore3-taskcore-
Curlcore3-taskcore-
Opera
Opera
Windows
Windows
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
Lgooglepinyin2.ime
Lgooglepinyin2.ime
{05300401-BCBC-11D0-85E3-00C04FD85AB4}
{05300401-BCBC-11D0-85E3-00C04FD85AB4}
{2933BF90-7B36-11D2-B20E-00C04F983E60}
{2933BF90-7B36-11D2-B20E-00C04F983E60}
{F5078F33-C551-11D3-89B9-0000F81FE221}
{F5078F33-C551-11D3-89B9-0000F81FE221}
{F5078F32-C551-11D3-89B9-0000F81FE221}
{F5078F32-C551-11D3-89B9-0000F81FE221}
{F6D90F11-9C73-11D3-B32E-00C04F990BB4}
{F6D90F11-9C73-11D3-B32E-00C04F990BB4}
{88D969C5-F192-11D4-A65F-0040963251E5}
{88D969C5-F192-11D4-A65F-0040963251E5}
{88D96A0A-F192-11D4-A65F-0040963251E5}
{88D96A0A-F192-11D4-A65F-0040963251E5}
{F5078F35-C551-11D3-89B9-0000F81FE221}
{F5078F35-C551-11D3-89B9-0000F81FE221}
{ED8C108E-4349-11D2-91A4-00C04F7969E8}
{ED8C108E-4349-11D2-91A4-00C04F7969E8}
{F6D90F16-9C73-11D3-B32E-00C04F990BB4}
{F6D90F16-9C73-11D3-B32E-00C04F990BB4}
{d27cdb6e-ae6d-11cf-96b8-444553540000}
{d27cdb6e-ae6d-11cf-96b8-444553540000}
{8F6B0360-B80D-11D0-A9B3-006097942311}
{8F6B0360-B80D-11D0-A9B3-006097942311}
{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}
{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}
{25336920-03F9-11CF-8FD0-00AA00686F13}
{25336920-03F9-11CF-8FD0-00AA00686F13}
{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
{00020420-0000-0000-C000-000000000046}
{00020420-0000-0000-C000-000000000046}
{8856F961-340A-11D0-A96B-00C04FD705A2}
{8856F961-340A-11D0-A96B-00C04FD705A2}
{F5078F36-C551-11D3-89B9-0000F81FE221}
{F5078F36-C551-11D3-89B9-0000F81FE221}
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1
Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1
Mozilla/
Mozilla/
Windows NT
Windows NT
Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)
Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)
Dedu.cn
Dedu.cn
gov.cn
gov.cn
org.cn
org.cn
net.cn
net.cn
com.cn
com.cn
dsound.dll
dsound.dll
mf.dll
mf.dll
AcroRd32.exe
AcroRd32.exe
rKernel32.dll
rKernel32.dll
taskworker.exe
taskworker.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0
System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
msctls_hotkey32
msctls_hotkey32
urlcore
urlcore
"spiritsoft@126.com"
"spiritsoft@126.com"
hXXp://service.spiritsoft.cn
hXXp://service.spiritsoft.cn
...:%s --
...:%s --
IP: %s --
IP: %s --
: %d --
: %d --
2014.10.10.101
2014.10.10.101
jingling.exe
jingling.exe
4.0.4.1
4.0.4.1
jingling.exe_1532_rwx_00422000_00001000:
tSHt.HHt
tSHt.HHt
jingling.exe_1532_rwx_00446000_00002000:
t.hH_G
t.hH_G
jingling.exe_1532_rwx_685D8000_00001000:
g(h-V}h
g(h-V}h
SearchProtocolHost.exe_3912:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
MSSHooks.dll
MSSHooks.dll
IMM32.dll
IMM32.dll
SHLWAPI.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSLogin
SrchDSSPortManager
SrchDSSPortManager
SrchPHHttp
SrchPHHttp
SrchIndexerQuery
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerClient
SrchIndexerSchema
SrchIndexerSchema
Msidle.dll
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
0xx=
0xx=
%s(%d)
%s(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%s"
tagname="%s"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%s"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
SHELL32.dll
PROPSYS.dll
PROPSYS.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
SearchProtocolHost.pdb
2 2(20282|2
2 2(20282|2
4%5S5
4%5S5
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
https
https
kernel32.dll
kernel32.dll
msTracer.dll
msTracer.dll
msfte.dll
msfte.dll
lX-X-X-XX-XXXXXX
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
tquery.dll
tquery.dll
%s\%s
%s\%s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
0xx%p%S%d
0xx%p%S%d
advapi32.dll
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
%S(%d)
%S(%d)
tagname="%S"
tagname="%S"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
SearchProtocolHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610
SearchFilterHost.exe_1828:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
IMM32.dll
IMM32.dll
MSSHooks.dll
MSSHooks.dll
mscoree.dll
mscoree.dll
SHLWAPI.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
SearchFilterHost.pdb
SearchFilterHost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
name="Microsoft.Windows.Search.MSSFH"
3 3(30383|3
3 3(30383|3
kernel32.dll
kernel32.dll
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
tquery.dll
tquery.dll
advapi32.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
0xx%p%S%d
0xx%p%S%d
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
0xx=
0xx=
%S(%d)
%S(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%S"
tagname="%S"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
%s\%s
%s\%s
winhttp.dll
winhttp.dll
Microsoft Windows Search Filter Host
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
SearchFilterHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610