Skip to main content

Gen.Variant.Barys.55463_18c5d5c04a


Susp_Dropper (Kaspersky), Gen:Variant.Barys.55463 (AdAware), Backdoor.Win32.Xtrat.FD, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Backdoor, Worm, WormAutorun

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 18c5d5c04a1d72b461c2daf29061dfc8

SHA1: a1a58edf18e46000cebc90500d8f1b642a79b6fa

SHA256: 09b83b2fe19aa26f421d99769dd94c3896cecae2981933fd801d63bb7c954685

SSDeep: 12288:sAZfW2QvFlt2NvhrPtyjbqzu91H2SdwA2qiUlZ0ObaXuTWdLQRAQPJln:sAZu5vEr6bB9MSdwAHl9aXEWdkRDPJln

Size: 690860 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: IC

Created at: 2015-12-27 07:38:55

Analyzed on: Windows7 SP1 32-bit

Summary: Backdoor. Malware that enables a remote control of victim's machine.

Dynamic Analysis

Payload

Behaviour Description
WormAutorunA worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Backdoor's file once a user opens a drive's folder in Windows Explorer.


Process activity

The Backdoor creates the following process(es):

%original file name%.exe:3308
123213123.exe:2856
123213123.exe:2012

The Backdoor injects its code into the following process(es):

jingling.exe:2472
jingling.exe:1532
svchost.exe:1256
iexplore.exe:1452

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process jingling.exe:2472 makes changes in the file system.


The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.11.1.min[1].js (57991 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\url[1].htm (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\alexa[1].png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\style[1].css (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\tcfg.dat (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\main[1].js (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\splogo[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\product.dat (550 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\bd.dat (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A6RQWI1I.txt (138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\sound_high[1].gif (356 bytes)

The process jingling.exe:1532 makes changes in the file system.


The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\v2[1].js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\green_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\getipinfo[1].htm (187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sdcysoft_com[1].htm (831 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (383 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\SlideDoor[1].htm (547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[2].js (3795 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\OX9yPxVGYQhNAdcIDFDeBXfgae9vyAHITKBYJWiUq0c[1].js (9344 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (9996 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\fitvids-doc-ready[1].js (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\html5shiv.min[1].js (572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\common[1].js (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\index[1].css (88657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\lrtk[1].css (1029 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\red_shield_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\base[1].js (443 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slider-setting[1].js (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\52612bfba40c463ad5878c3862379d1c[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\font-awesome[1].css (10591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2674 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\15541197_935117263286926_3483886767120125698_n[1].jpg (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (654 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\init[1].js (1159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\meiqia[1].js (77183 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G60HOHQ1.txt (251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\scrolltab[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (5653 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery-migrate.min[1].js (5375 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\1.4[1].js (10170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14520396_203440986742644_308382618062025305_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5DPXEETN.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\font-awesome.min[1].css (13482 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y3HIC4U1.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (246 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\m[1].js (60021 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (71 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (747 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CDKMUDL9.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\14358769_10206860846257416_7466951948784187963_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (20314 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (2032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (6221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cm[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\www.sdcysoft[1].xml (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\0.2[1].js (17481 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[1].htm (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16114967_2227104167515605_3084083241048458185_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sewasolo_com[1].htm (5177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZR3XKL3Y.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\12063727_968338849875096_426343592926317394_n[1].jpg (1753 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\addthis_widget[1].js (209732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\15965560_1833507490251421_3796225368876502291_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\adapter[1].js (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\start_v5[1].js (505 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\bundle__menu_ML_desktop_full.d635ce2a[1].css (28067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\background_gradient_red[1] (868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery-1.7.2.min[1].js (46101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\U4RBEDZD.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZH36DV72.txt (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (30340 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\desktop.ini (254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\12115518_944101115651532_2564004755971760607_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\plusone[1].js (30566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (21413 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\melidata.min[1].js (10800 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\jquery-migrate-1.2.1[1].js (5641 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\new_suggest[1].css (7848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Q328RLZO.txt (482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\O4CQ6Q3M.txt (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\8OSH5N44.txt (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].js (52098 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pingjs[1].js (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[2].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ie8[1].js (789 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\112COZCN.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7V44E21O.txt (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\classic[1].js (7741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[2].js (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (400 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0S7ZWK0B.txt (441 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\15940888_578312162362095_8869873993140981893_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JEXRN4WF.txt (470 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3DYFNGFP.txt (656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\core[1].js (765 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\red_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\127631110-widgets[1].js (50978 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7GO3Y47L.txt (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\fontawesome-webfont[1].eot (30576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\world.taobao[1].xml (11974 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (422 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\_common___promote___promote.css--___template_1___styles___www___company___info.css--template_1___styles___plugin___companyFollow.css--v616.55[1]. (43888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IEYHNN6C.txt (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\home[1].css (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[2] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9VDPLBYE.txt (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\2422776291-widget_css_bundle[1].css (18236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[2].htm (4600 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\eco-api.meiqia[1].xml (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\css[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\aplus_v2[1].js (20794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\oninput[1].js (653 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[1].js (6103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\0.2[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\jquery.cycle.all.min[1].js (23784 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ML9RPDO7.txt (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (142655 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\K5t3Ec3iy66[1].js (218774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4Q7NOTWJ.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KAFZHTZ0.txt (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\ds[1].js (63503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\tc[1].js (6153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\mFUry7Ewz5S[1].js (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\aplus_v2[1].js (3540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.min[1].js (63266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\navigation[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NI1WRHMP.txt (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slide_switch[1].js (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (2016 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\LxzEXqxaECb[1].js (108279 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\backgroundPosition[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\14212207_653688491461426_5945484803893418677_n[1].jpg (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CJPVDJJP.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\css[1].css (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\core-1db59222bec2e7468c559156f55a310b[1].css (165349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (613210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\seed-min[1].js (28318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\navigator[1].js (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\salary[1].htm (9346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KV28ZD8Y.txt (725 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\adv_out[1].js (9557 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[2].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\harga-sewa-mobil-solo[1].htm (7822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[6].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\94FDZEML.txt (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery.fitvids[1].js (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\bounce[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\webww[1].js (16515 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (53278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[2].js (40514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[2].js (23773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (494 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[1].js (23102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cb=gapi[1].js (80253 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\z_stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YHPCILX3.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (280 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\songhaiyouhong_blogspot_com[1].htm (13673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\Xw9VNcnTyYg[1].js (26680 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (5998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1.4[1].js (57892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\38M8494A.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\doorbell-i8wozeiuwodmquxr[1].js (19959 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\16472838_752115304954013_2302620675576684630_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9C1XITPC.txt (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\www.youtube[1].xml (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16143282_791723427632670_7574174759107544566_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4HVEPQN3.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\49CU6FUZ.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ON7HEO01.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3JX5PE0Z.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (939 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\config[1].js (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\abnormal[1].css (4745 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (359 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ad_status[1].js (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14303700004920[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery[1].js (152409 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\skip-link-focus-fix[1].js (751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\cfb9b68598748471e884ae8e1367a070[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\comment-reply.min[1].js (757 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\page[1].htm (13208 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[1].js (2739 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\tabicon[1].js (715 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[2].htm (3175 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\index[1].js (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah[1].htm (27844 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\57SQKGIR.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\style[1].css (13067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YBPRKDDL.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\core__large-05ccd4379b22231463c741a5faa3dff1[1].css (130591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1KUYIOXW.txt (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\form[1].js (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\doorbell[1].htm (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1476 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (3400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\wp-emoji-release.min[1].js (7586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.tipsy[1].js (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1LJ8gYX1wG6[1].css (20498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\10698574_805310939511222_8929108492389579378_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\J2V4EMBS.txt (289 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\ga-audiences[1].htm (390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (1093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\history[1].js (18529 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (313 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\init[1].js (1089 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\common[1].css (5895 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].css (33012 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\36IEFG60.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (23237 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\csync[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery[1].js (69966 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1800 bytes)

The Backdoor deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (0 bytes)

The process %original file name%.exe:3308 makes changes in the file system.


The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe (15187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe (12342 bytes)

The Backdoor deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssF4AA.tmp (0 bytes)

The process 123213123.exe:2856 makes changes in the file system.


The Backdoor deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\x.html (0 bytes)

The process 123213123.exe:2012 makes changes in the file system.


The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (2321 bytes)

Registry activity

The process jingling.exe:2472 makes changes in the system registry.


The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFormatTags" = "2"
"aFormatTagCache" = "01 00 00 00 10 00 00 00 55 00 00 00 1E 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1412928878"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "jingling.exe"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFilterTags" = "0"
"fdwSupport" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"EnableFileTracing" = "0"
"MaxFileSize" = "1048576"
"EnableConsoleTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"urlspace" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe -h"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process jingling.exe:1532 makes changes in the system registry.


The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com]
"(Default)" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1412928878"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\taobao.com]
"(Default)" = "14"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 42 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\sdcysoft.com]
"(Default)" = "53"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 32 4A 4B BB"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "jingling.exe"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91287"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"AD7E1C28B064EF8F6003402014C3D0E3370EB58A"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process %original file name%.exe:3308 makes changes in the system registry.


The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Backdoor deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process 123213123.exe:2856 makes changes in the system registry.


The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\XtremeRAT]
"Mutex" = "X1F606HDS"

The process 123213123.exe:2012 makes changes in the system registry.


The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"
"WindowClassName" = "DDEMLMom"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

Dropped PE files

MD5 File path
c22ebecd43f958eaeda8aed159c91dfcc:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe
1f519484a9ad5a51d42e0f57f4e314e0c:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
c22ebecd43f958eaeda8aed159c91dfcc:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe
c22ebecd43f958eaeda8aed159c91dfcc:\Windows\System32\Microsoft\Microsoft.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Backdoor's file once a user opens a drive's folder in Windows Explorer.

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:3308
    123213123.exe:2856
    123213123.exe:2012

  2. Delete the original Backdoor file.
  3. Delete or disinfect the following files created/modified by the Backdoor:

    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.11.1.min[1].js (57991 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\stat[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\url[1].htm (576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\alexa[1].png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\style[1].css (806 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\tcfg.dat (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (763 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\main[1].js (80 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\splogo[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\product.dat (550 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\bd.dat (676 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A6RQWI1I.txt (138 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\sound_high[1].gif (356 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\v2[1].js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\green_shield[1] (810 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\getipinfo[1].htm (187 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sdcysoft_com[1].htm (831 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (383 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\SlideDoor[1].htm (547 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[2].js (3795 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].gif (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\OX9yPxVGYQhNAdcIDFDeBXfgae9vyAHITKBYJWiUq0c[1].js (9344 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (9996 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\fitvids-doc-ready[1].js (146 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\html5shiv.min[1].js (572 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\common[1].js (361 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (50 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\index[1].css (88657 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\lrtk[1].css (1029 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\red_shield_48[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\base[1].js (443 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slider-setting[1].js (554 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\52612bfba40c463ad5878c3862379d1c[1].png (911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (543 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\font-awesome[1].css (10591 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2674 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\15541197_935117263286926_3483886767120125698_n[1].jpg (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (352 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (654 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\init[1].js (1159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\meiqia[1].js (77183 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G60HOHQ1.txt (251 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\scrolltab[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (5653 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery-migrate.min[1].js (5375 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\1.4[1].js (10170 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14520396_203440986742644_308382618062025305_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5DPXEETN.txt (107 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\font-awesome.min[1].css (13482 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y3HIC4U1.txt (89 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (246 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\m[1].js (60021 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (71 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (747 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CDKMUDL9.txt (112 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\14358769_10206860846257416_7466951948784187963_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (20314 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (2032 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (6221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cm[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\www.sdcysoft[1].xml (140 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\0.2[1].js (17481 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[1].htm (278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16114967_2227104167515605_3084083241048458185_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\index.dat (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sewasolo_com[1].htm (5177 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZR3XKL3Y.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\12063727_968338849875096_426343592926317394_n[1].jpg (1753 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\addthis_widget[1].js (209732 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\15965560_1833507490251421_3796225368876502291_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\adapter[1].js (156 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\start_v5[1].js (505 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\bundle__menu_ML_desktop_full.d635ce2a[1].css (28067 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\background_gradient_red[1] (868 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery-1.7.2.min[1].js (46101 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (107 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (307 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[1].css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (97 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\U4RBEDZD.txt (309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZH36DV72.txt (156 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (30340 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\desktop.ini (254 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\12115518_944101115651532_2564004755971760607_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\plusone[1].js (30566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (21413 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\melidata.min[1].js (10800 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (676 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\jquery-migrate-1.2.1[1].js (5641 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\new_suggest[1].css (7848 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Q328RLZO.txt (482 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\O4CQ6Q3M.txt (988 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\8OSH5N44.txt (103 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].js (52098 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pingjs[1].js (32 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (464 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (307 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (573 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[5].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[2].js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ie8[1].js (789 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\112COZCN.txt (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7V44E21O.txt (117 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\classic[1].js (7741 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[2].js (704 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (400 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0S7ZWK0B.txt (441 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\15940888_578312162362095_8869873993140981893_n[1].jpg (185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (87 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\index.dat (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JEXRN4WF.txt (470 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3DYFNGFP.txt (656 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\core[1].js (765 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\red_shield[1] (810 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\index.dat (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\errorPageStrings[1] (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\127631110-widgets[1].js (50978 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7GO3Y47L.txt (696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\fontawesome-webfont[1].eot (30576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (121 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\world.taobao[1].xml (11974 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (422 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\_common___promote___promote.css--___template_1___styles___www___company___info.css--template_1___styles___plugin___companyFollow.css--v616.55[1]. (43888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IEYHNN6C.txt (95 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (115 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\home[1].css (73 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[2] (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (250 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\httpErrorPagesScripts[1] (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9VDPLBYE.txt (300 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\2422776291-widget_css_bundle[1].css (18236 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[2].htm (4600 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\eco-api.meiqia[1].xml (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (101 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\css[1].css (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\aplus_v2[1].js (20794 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\oninput[1].js (653 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (936 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[1].js (6103 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\0.2[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\jquery.cycle.all.min[1].js (23784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ML9RPDO7.txt (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (142655 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\K5t3Ec3iy66[1].js (218774 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4Q7NOTWJ.txt (87 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KAFZHTZ0.txt (109 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\ds[1].js (63503 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\tc[1].js (6153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\mFUry7Ewz5S[1].js (509 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\aplus_v2[1].js (3540 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.min[1].js (63266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\navigation[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NI1WRHMP.txt (66 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slide_switch[1].js (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (2016 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (141 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\LxzEXqxaECb[1].js (108279 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (1640 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\backgroundPosition[1].js (73 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (50 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\14212207_653688491461426_5945484803893418677_n[1].jpg (474 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CJPVDJJP.txt (407 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\css[1].css (474 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\core-1db59222bec2e7468c559156f55a310b[1].css (165349 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (613210 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\seed-min[1].js (28318 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\navigator[1].js (241 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\salary[1].htm (9346 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KV28ZD8Y.txt (725 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\adv_out[1].js (9557 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[2].css (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\harga-sewa-mobil-solo[1].htm (7822 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[6].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1480 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\94FDZEML.txt (201 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery.fitvids[1].js (719 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\bounce[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\webww[1].js (16515 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\down[1] (748 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (53278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[2].js (40514 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[2].js (23773 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (494 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (94 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (210 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[1].js (23102 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cb=gapi[1].js (80253 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (50 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\z_stat[1].js (1081 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YHPCILX3.txt (263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[4].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (280 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\songhaiyouhong_blogspot_com[1].htm (13673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\Xw9VNcnTyYg[1].js (26680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (5998 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1.4[1].js (57892 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\38M8494A.txt (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (822 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\doorbell-i8wozeiuwodmquxr[1].js (19959 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1224 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\16472838_752115304954013_2302620675576684630_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9C1XITPC.txt (98 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\www.youtube[1].xml (199 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16143282_791723427632670_7574174759107544566_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[5].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4HVEPQN3.txt (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\49CU6FUZ.txt (89 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ON7HEO01.txt (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3JX5PE0Z.txt (90 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (939 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\config[1].js (115 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\abnormal[1].css (4745 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (359 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\stat[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ad_status[1].js (29 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14303700004920[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery[1].js (152409 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\skip-link-focus-fix[1].js (751 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\cfb9b68598748471e884ae8e1367a070[1].png (911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (352 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\comment-reply.min[1].js (757 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\page[1].htm (13208 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[1].js (2739 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\tabicon[1].js (715 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[2].htm (3175 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\index[1].js (211 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah[1].htm (27844 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\57SQKGIR.txt (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\style[1].css (13067 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YBPRKDDL.txt (91 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\core__large-05ccd4379b22231463c741a5faa3dff1[1].css (130591 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ErrorPageTemplate[1] (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1KUYIOXW.txt (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\form[1].js (700 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\doorbell[1].htm (241 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1476 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (3400 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\wp-emoji-release.min[1].js (7586 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.tipsy[1].js (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1LJ8gYX1wG6[1].css (20498 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\10698574_805310939511222_8929108492389579378_n[1].jpg (185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\J2V4EMBS.txt (289 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\ga-audiences[1].htm (390 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (1093 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\history[1].js (18529 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (313 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\init[1].js (1089 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[4].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\common[1].css (5895 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].css (33012 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\36IEFG60.txt (464 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (23237 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\csync[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery[1].js (69966 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1800 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe (15187 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe (12342 bytes)
    C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (2321 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "urlspace" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe -h"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
  7. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text409624124245764.458531a13b408c917b27c9106545148d3b8d3
.rdata28672471451203.46982921acf8cb0aea87c0603fa899765fcc2
.data3686415493615362.97482797517c6ef57aa95d53df2cf07568953
.ndata1925123276800d41d8cd98f00b204e9800998ecf8427e
.rsrc22528011432117762.842773eaf22e3ce0d14e92e4e1c1b3619fab2

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL IP
hxxp://us0.spiritsoft.cn/urlcore/olcfgs.dat?q=41114.55.90.68
hxxp://us0.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110114.55.90.68
hxxp://us0.spiritsoft.cn/v4/lib/jquery/jquery-1.11.1.min.js114.55.90.68
hxxp://us0.spiritsoft.cn/v4/js/main.js114.55.90.68
hxxp://us0.spiritsoft.cn/v4/images/sound_high.gif114.55.90.68
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=1189654&web_id=1189654
hxxp://us0.spiritsoft.cn/v4/images/splogo.png114.55.90.68
hxxp://us0.spiritsoft.cn/v4/images/alexa.png114.55.90.68
hxxp://us0.spiritsoft.cn/urlcore/svcreq14032b.html114.55.90.68
hxxp://us0.spiritsoft.cn/urlcore/svcreq1413fd.css114.55.90.68
hxxp://www.google.com/173.194.113.209
hxxp://www.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ173.194.113.223
hxxp://sewasolo.com/103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/jquery.fitvids.js?ver=4.2.12103.28.22.213
hxxp://googleadapis.l.google.com/css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12
hxxp://sewasolo.com/wp-content/themes/dream/js/html5shiv.min.js103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/style.css?ver=4.2.12103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/fitvids-doc-ready.js?ver=4.2.12103.28.22.213
hxxp://sewasolo.com/wp-includes/js/jquery/jquery.js?ver=1.11.2103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/font-awesome/css/font-awesome.min.css?ver=4.2.12103.28.22.213
hxxp://sewasolo.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/base.js?ver=4.2.12103.28.22.213
hxxp://sewasolo.com/wp-includes/js/wp-emoji-release.min.js?ver=4.2.12103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/navigation.js?ver=20120206103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/skip-link-focus-fix.js?ver=20130115103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/jquery.cycle.all.min.js?ver=2.9999.5103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/slider-setting.js?ver=4.2.12103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/font-awesome/fonts/fontawesome-webfont.eot?v=4.2.0103.28.22.213
hxxp://us0.spiritsoft.cn/v4/css/style.css114.55.90.68
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl
hxxp://z.gds.cnzz.com/stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=流量精灵&h=1&rnd=258009459
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=1189654&t=z
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0=
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==
hxxp://cdn.globalsigncdn.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw
hxxp://mrx9.ddns.net/1234567890.functions
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w==
hxxp://world.taobao.com.danuoyi.tbcache.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c195.27.31.252
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w=
hxxp://clients.l.google.com/GIAG2.crl
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+
hxxp://sewasolo.com/harga-sewa-mobil-solo.html103.28.22.213
hxxp://sewasolo.com/harga-sewa-mobil-solo.html/103.28.22.213
hxxp://e6845.dscb1.akamaiedge.net/ss.crl
hxxp://sewasolo.com/wp-content/plugins/akismet/_inc/form.js?ver=3.1.5103.28.22.213
hxxp://sewasolo.com/wp-includes/js/comment-reply.min.js?ver=4.2.12103.28.22.213
hxxp://2.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g192.0.73.2
hxxp://2.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g192.0.73.2
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw==
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU=
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w==
hxxp://domssl.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
hxxp://e6220.g.akamaiedge.net/ga/mlb-ml-analytics.min.gz.js
hxxp://e6220.g.akamaiedge.net/melidata/js/3/0.0.38/melidata.min.js
hxxp://sewasolo.com/tag/sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah/103.28.22.213
hxxp://hkvhost688.800cdn.com/
hxxp://hkvhost688.800cdn.com/templets/default/style/common.css
hxxp://hkvhost688.800cdn.com/js/jquery.tipsy.js
hxxp://hkvhost688.800cdn.com/js/start_v5.js
hxxp://hkvhost688.800cdn.com/css/lrtk.css
hxxp://hkvhost688.800cdn.com/js/jquery-1.7.2.min.js
hxxp://hkvhost688.800cdn.com/templets/default/style/home.css
hxxp://wpa.qq.com/pa?p=2:2923673182:5158.251.100.24
hxxp://wpa.qq.com/pa?p=2:2409084321:5158.251.100.24
hxxp://wpa.qq.com/pa?p=2:3264541975:5158.251.100.24
hxxp://wpa.qq.com/pa?p=2:3313361925:5158.251.100.24
hxxp://wpa.qq.com/pa?p=2:2051282539:5158.251.100.24
hxxp://hkvhost688.800cdn.com/templets/default/js/jquery.js
hxxp://hkvhost688.800cdn.com/templets/default/js/common.js
hxxp://hkvhost688.800cdn.com/templets/default/js/tabicon.js
hxxp://hkvhost688.800cdn.com/templets/default/js/backgroundPosition.js
hxxp://hkvhost688.800cdn.com/templets/default/js/ie8.js
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl64.18.20.10
hxxp://hkvhost688.800cdn.com/templets/default/js/slide_switch.js
hxxp://hkvhost688.800cdn.com/templets/default/js/navigator.js
hxxp://hkvhost688.800cdn.com/templets/default/js/oninput.js
hxxp://p21.tcdn.qq.com/qconn/wpa/button/button_111.gif
hxxp://eco-api.meiqia.com.safe.dayugslb.com/dist/meiqia.js218.60.33.166
hxxp://eco-api.meiqia.com.safe.dayugslb.com/dist/doorbell.html?1m47r5d7qtt65hfr218.60.33.166
hxxp://434353.p23.tc.cdntip.com/dist/scripts/doorbell-i8wozeiuwodmquxr.js
hxxp://eco-api.meiqia.com.safe.dayugslb.com/visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://www.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688218.60.33.166
hxxp://gpla1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs=
hxxp://blogspot.l.googleusercontent.com/
hxxp://googleadapis.l.google.com/css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2
hxxp://googleadapis.l.google.com/css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2
hxxp://googleadapis.l.google.com/css?family=Tangerine:400,700&ver=3.9.2
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.11.0/jquery.min.js
hxxp://bootstrapcdn.jdorfman.netdna-cdn.com/font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2
hxxp://code.jquery.netdna-cdn.com/jquery-migrate-1.2.1.js
hxxp://s7.addthis.com.cdn.cloudflare.net/js/300/addthis_widget.js104.16.17.35
hxxp://adonweb.10574004.pix-cdn.org/js/adv_out.js
hxxp://widgets.amung.us/classic.js173.192.200.70
hxxp://whos.amung.us/pingjs/?k=aacxow2ith0d&t=SPECIAL MOVIE&c=c&y=&a=0&d=0&v=22&r=606067.202.94.94
hxxp://t.dtscout.com/i/?l=http://songhaiyouhong.blogspot.com/&j=107.182.233.217
hxxp://cdn.tynt.com/tc.js104.16.88.26
hxxp://ps.eyeota.net/pixel?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E52.29.219.40
hxxp://ps.eyeota.net/pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E52.29.219.40
hxxp://tags.wdc.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E
hxxp://tags.wdc.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6=
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E
hxxp://pagead.l.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1
hxxp://tynt.com/b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/
hxxp://pagead.l.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?party=1009
hxxp://ib.anycast.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1
hxxp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=152.29.219.40
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?CC=1&party=1009
hxxp://ib.anycast.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1
hxxp://userdblb.tubemogul.com/upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1
hxxp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e152.29.219.40
hxxp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu152.29.219.40
hxxp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou52.29.219.40
hxxp://ps.eyeota.net/match?uid=-7296199909654580839&bid=0rijhbu52.29.219.40
hxxp://tynt.com/deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r=
hxxp://domssl.mercadolivre.com.br/noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/
hxxp://domssl.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212
hxxp://gpla1.wac.v2cdn.net/baltimoreroot
hxxp://gpla1.wac.v2cdn.net/CRL/Omniroot2025.crl
hxxp://info.spiritsoft.cn/v4/js/main.js114.55.90.68
hxxp://crl.geotrust.com/crls/secureca.crl23.46.117.163
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH104.16.28.216
hxxp://urlspirit.spiritsoft.cn/urlcore/svcreq1413fd.css
hxxp://www.sdcysoft.com/templets/default/js/backgroundPosition.js219.234.8.109
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js216.58.209.202
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==23.55.155.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+173.194.113.199
hxxp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1173.194.113.218
hxxp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110114.55.90.68
hxxp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=173.194.113.218
hxxp://netdna.bootstrapcdn.com/font-awesome/4.0.1/css/font-awesome.css?ver=3.9.294.31.29.55
hxxp://ocsp.omniroot.com/baltimoreroot93.184.220.20
hxxp://s11.cnzz.com/stat.php?id=1189654&web_id=11896541.99.192.16
hxxp://info.spiritsoft.cn/v4/images/splogo.png114.55.90.68
hxxp://www.sdcysoft.com/templets/default/js/slide_switch.js219.234.8.109
hxxp://s7.addthis.com/js/300/addthis_widget.js104.16.17.35
hxxp://tags.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6=169.47.30.64
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs=93.184.220.20
hxxp://fonts.googleapis.com/css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2216.58.209.170
hxxp://tags.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038169.47.30.64
hxxp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=154.247.84.9
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=93.184.220.29
hxxp://info.spiritsoft.cn/v4/images/sound_high.gif114.55.90.68
hxxp://pub.idqqimg.com/qconn/wpa/button/button_111.gif203.205.158.59
hxxp://ib.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1185.33.220.38
hxxp://dmp.adform.net/serving/cookie/match/?CC=1&party=100937.157.4.14
hxxp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat?q=41
hxxp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1185.33.220.38
hxxp://ss.symcb.com/ss.crl23.46.117.163
hxxp://songhaiyouhong.blogspot.com/216.58.214.225
hxxp://bcp.crwdcntrl.net/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E52.17.249.178
hxxp://fonts.googleapis.com/css?family=Tangerine:400,700&ver=3.9.2216.58.209.170
hxxp://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=154.247.84.9
hxxp://hzs11.cnzz.com/stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=流量精灵&h=1&rnd=2580094591.122.192.18
hxxp://produto.mercadolivre.com.br/noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/216.33.197.79
hxxp://dmp.adform.net/serving/cookie/match/?party=100937.157.4.14
hxxp://www.sdcysoft.com/templets/default/js/navigator.js219.234.8.109
hxxp://static.meiqia.com/dist/scripts/doorbell-i8wozeiuwodmquxr.js42.236.125.24
hxxp://www.sdcysoft.com/templets/default/style/home.css219.234.8.109
hxxp://www.sdcysoft.com/templets/default/js/tabicon.js219.234.8.109
hxxp://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU=23.55.155.27
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl93.184.220.20
hxxp://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w=23.55.155.27
hxxp://info.spiritsoft.cn/v4/css/style.css114.55.90.68
hxxp://0.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g192.0.73.2
hxxp://ic.tynt.com/b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/208.100.17.181
hxxp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114216.33.197.79
hxxp://eco-api.meiqia.com/dist/doorbell.html?1m47r5d7qtt65hfr218.60.33.166
hxxp://code.jquery.com/jquery-migrate-1.2.1.js94.31.29.54
hxxp://info.spiritsoft.cn/v4/lib/jquery/jquery-1.11.1.min.js114.55.90.68
hxxp://analytics.mlstatic.com/ga/mlb-ml-analytics.min.gz.js23.59.85.40
hxxp://www.sdcysoft.com/templets/default/js/oninput.js219.234.8.109
hxxp://st-n.ads1-adnow.com/js/adv_out.js88.208.10.37
hxxp://www.sdcysoft.com/js/start_v5.js219.234.8.109
hxxp://www.sdcysoft.com/templets/default/js/jquery.js219.234.8.109
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw173.194.113.199
hxxp://www.sdcysoft.com/js/jquery-1.7.2.min.js219.234.8.109
hxxp://eco-api.meiqia.com/visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://www.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688218.60.33.166
hxxp://de.tynt.com/deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r=208.100.17.189
hxxp://rtd.tubemogul.com/upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu107.21.249.217
hxxp://c.cnzz.com/core.php?web_id=1189654&t=z123.129.244.226
hxxp://info.spiritsoft.cn/v4/images/alexa.png114.55.90.68
hxxp://www.sdcysoft.com/219.234.8.109
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w==104.16.28.216
hxxp://eco-api.meiqia.com/dist/meiqia.js218.60.33.166
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=23.46.123.27
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw=93.184.220.29
hxxp://www.sdcysoft.com/templets/default/style/common.css219.234.8.109
hxxp://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c195.27.31.252
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0=23.46.123.27
hxxp://www.sdcysoft.com/js/jquery.tipsy.js219.234.8.109
hxxp://www.sdcysoft.com/css/lrtk.css219.234.8.109
hxxp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212216.33.197.79
hxxp://fonts.googleapis.com/css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2216.58.209.170
hxxp://urlspirit.spiritsoft.cn/urlcore/svcreq14032b.html
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w==104.16.28.216
hxxp://pki.google.com/GIAG2.crl173.194.113.197
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw==104.16.28.216
hxxp://analytics.mlstatic.com/melidata/js/3/0.0.38/melidata.min.js23.59.85.40
hxxp://www.sdcysoft.com/templets/default/js/ie8.js219.234.8.109
hxxp://www.sdcysoft.com/templets/default/js/common.js219.234.8.109
hxxp://bcp.crwdcntrl.net/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E52.17.249.178
hxxp://fonts.googleapis.com/css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12216.58.209.170
item.taobao.com121.42.17.239
at.alicdn.com195.59.70.250
www.blogger.com216.58.214.233
http2.mlstatic.com23.59.85.40
g.alicdn.com80.231.126.250
stats.g.doubleclick.net173.194.222.157
a248.e.akamai.net212.30.134.197
scontent-waw1-1.xx.fbcdn.net31.13.81.13
analytics.mercadolivre.com216.33.197.113
static.xx.fbcdn.net31.13.92.14
tbip.alicdn.com188.254.86.241
www.youtube.com173.194.113.194
static.doubleclick.net173.194.113.219
clients1.google.com.ua173.194.113.207
ssl.gstatic.com173.194.113.207
apis.google.com173.194.113.195
n-cdn.areyouahuman.com52.222.157.27
analytics.mercadolivre.com.br216.33.197.79
gskip.taobao.com140.205.134.25
www.facebook.com31.13.92.36
gm.mmstat.com205.204.101.182
www.google-analytics.com173.194.113.196
log.mmstat.com106.11.92.1

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Tue, 23 Jul 2013 07:28:26 GMT

Cache-Control: max-age=2592000, public

Expires: Sat, 03 Feb 2018 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 3068

Content-Type: application/javascript

X-Varnish: 1072179 8192581

Age: 131606

X-Cache: HIT

X-Cache-Hits: 1135

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........Yms.6..~3..h6g.....{.He4n.4..iS......LB.m.P.P.k....@R.....LD..b........Qp....!8.3...6....4......h.O...~.,{.J.r. ..w2....@...A....ui.6...7..)...<.........r..?...".....`t|L..=.Q.(e.g..,.......h.u.c...F.b........n&.q?q-s..h].%ld..XGw0{||$...&.....p......_..p.{.u..'.......n[.8....)../...7".Q*...?h...>P..........N.#\n.g.......d...(.v...6.4Q..[f.o..v...n)....dI.}......_iu $....<..h.<~.N..5.....[.t..Be{....SY.........p....p...D..S?..r.1..|.....]..-..... .Zs....J......s...IXG.('.....|...v.|(s}k.\....J..._.r]....=..w1>...[..p...c..o$3..de..V.[.mxQ.fYg*..W.S...(.,.s2.GdlY...!..S....J.g...0?{....gC..k8....f*|Z.....A&U....H ..Ta*@..U...nZ-.4..*.ZW........OVZ.T....~...Z......D.H....~sL...C...eC...0P{..7:2.k- .D.../v...[....<..;u'. n .Y.[...._>...6]......^..D..=..!.......>Q..........A......XD.y.F2.....3..Rx$9....*.b~|...`).,..{....^s....`...'..%... ..'(.$P.H...A.t.q...{..k......Q.V.d~|..'&.Ej.]..KV.io]..)B.....9\.hTU...t.ex..Z.T..9.}.wf}..x..)...].......Nu.wc.......4...m... ..x.Sn..{]...3..F3.!p.q......jU#...@..m.l.3.S....d...`....j..N.p...!.=..!.4Q...UJ0).#.$..\.K..e..j .&.i_..,...BLN.......en...K..a...z..j.G....tz.5........h....`T...x.-.c.............._....?q...o.>..}...Hi.[W/2.d...;.en..a....^|..=`......9%_....~..^R.y.3...v_.C5.&..T.HC.......&.(Pn~(x.=....h...H.....[V.g0......J.......3KF........o/....A&X....k.k...'.k.v[.........V.../`IPp.`.c.y&.v.2..}..t. .sz.p...s<.N>. "...=2.N..........G~....l.f.T...ce..P....A.....Z..@R_..E...Q..a.b.....c.....u...H.w6.....$....|..VVPW].a.7..

<<< skipped >>>

GET /wp-content/themes/dream/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Wed, 13 May 2015 16:18:23 GMT

Cache-Control: max-age=2592000, public

Expires: Sat, 03 Feb 2018 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 379

Content-Type: application/javascript

X-Varnish: 1072182 7832086

Age: 131607

X-Cache: HIT

X-Cache-Hits: 1056

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

............oO.0.._w..L.....T.../H.~.......-io.:....?Ix..%.......aZ....\.O.V..r.5&.....\.\..q...r.....5.g...X..7.S.........kG...af.V....).N`.Cp!l..V...."....9X-...:...4....X.z.4.c...FYH.....e..W.z...F..S.3Y.g&.,.I.c.}..V. ...&.!......#.t.....*..r.!V[.....m.....N:...nL.....N5.Y...~....-..=c.F...u..G....,./H.TzYP..DF......ht.V....._....d.d2.......^..b.U;....._V......W...........HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 14:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:23 GMT..Cache-Control: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 379..Content-Type: application/javascript..X-Varnish: 1072182 7832086..Age: 131607..X-Cache: HIT..X-Cache-Hits: 1056..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive..............oO.0.._w..L.....T.../H.~.......-io.:....?Ix..%.......aZ....\.O.V..r.5&.....\.\..q...r.....5.g...X..7.S.........kG...af.V....).N`.Cp!l..V...."....9X-...:...4....X.z.4.c...FYH.....e..W.z...F..S.3Y.g&.,.I.c.}..V. ...&.!......#.t.....*..r.!V[.....m.....N:...nL.....N5.Y...~....-..=c.F...u..G....,./H.TzYP..DF......ht.V....._....d.d2.......^..b.U;....._V......W...............

<<< skipped >>>

GET /wp-includes/js/comment-reply.min.js?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 01:25:00 GMT

Last-Modified: Thu, 14 Nov 2013 20:42:10 GMT

Content-Length: 757

Cache-Control: max-age=2592000, public

Expires: Mon, 05 Feb 2018 01:25:00 GMT

Content-Type: application/javascript

X-Varnish: 8378246 3848684

Age: 7597

X-Cache: HIT

X-Cache-Hits: 77

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

var addComment={moveForm:function(a,b,c,d){var e,f=this,g=f.I(a),h=f.I(c),i=f.I("cancel-comment-reply-link"),j=f.I("comment_parent"),k=f.I("comment_post_ID");if(g&&h&&i&&j){f.respondId=c,d=d||!1,f.I("wp-temp-form-div")||(e=document.createElement("div"),e.id="wp-temp-form-div",e.style.display="none",h.parentNode.insertBefore(e,h)),g.parentNode.insertBefore(h,g.nextSibling),k&&d&&(k.value=d),j.value=b,i.style.display="",i.onclick=function(){var a=addComment,b=a.I("wp-temp-form-div"),c=a.I(a.respondId);if(b&&c)return a.I("comment_parent").value="0",b.parentNode.insertBefore(c,b),b.parentNode.removeChild(b),this.style.display="none",this.onclick=null,!1};try{f.I("comment").focus()}catch(l){}return!1}},I:function(a){return document.getElementById(a)}};HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 01:25:00 GMT..Last-Modified: Thu, 14 Nov 2013 20:42:10 GMT..Content-Length: 757..Cache-Control: max-age=2592000, public..Expires: Mon, 05 Feb 2018 01:25:00 GMT..Content-Type: application/javascript..X-Varnish: 8378246 3848684..Age: 7597..X-Cache: HIT..X-Cache-Hits: 77..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive..var addComment={moveForm:function(a,b,c,d){var e,f=this,g=f.I(a),h=f.I(c),i=f.I("cancel-comment-reply-link"),j=f.I("comment_parent"),k=f.I("comment_post_ID");if(g&&h&&i&&j){f.respondId=c,d=d||!1,f.I("wp-temp-form-div")||(e=document.createElement("div"),e.id="wp-temp-form-div",e.style.display="none",h.parentNode.insertBefore(e,h)),g.parentNode.insertBefore(h,g.

<<< skipped >>>

GET /pa?p=2:2923673182:51 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: wpa.qq.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Server: tws

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..

GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 10 Oct 2016 18:18:58 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Sun, 05 Feb 2017 03:31:55 GMT

Last-Modified: Mon, 30 Jan 2017 18:27:11 GMT

Server: ECS (arn/46B6)

X-Cache: HIT

Content-Length: 5

0....HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03:31:55 GMT..Last-Modified: Mon, 30 Jan 2017 18:27:11 GMT..Server: ECS (arn/46B6)..X-Cache: HIT..Content-Length: 5..0........

POST /baltimoreroot HTTP/1.1

Cache-Control: no-cache

Connection: Keep-Alive

Pragma: no-cache

Content-Type: application/ocsp-request

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Content-Length: 71

Host: ocsp.omniroot.com

0E0C0A0?0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M....'.k

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Sun, 05 Feb 2017 03:32:01 GMT

Last-Modified: Sat, 04 Feb 2017 11:11:30 GMT

Server: ECS (arn/45C1)

X-Cache: HIT

Content-Length: 1372

0..X......Q0..M.. .....0.....>0..:0......`;.l.uZ..k.F..^|A.Tb..20170204022145Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M....'.k....20170124185021Z....20170421185021Z0...*.H...................j....G%...."B.....J..@Y.....G.4.t,......5H..r.$......#x}.q...l. 3..w.......[S.0..Ps0.~,.....zq.TJo.a;."..'..~b.....Pg?>@...l.......R!..z..2..Z..I...#t..h_.2...>..#....P[..Z..%.#...w............"..S.n....o5"i;9.....ok.N.S..~h.S.v.Q.....E...A....J....q....0...0...0..m........'.L0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root0...150909174603Z..170909174536Z0%1#0!..U....Cybertrust Validation 20150.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8..........h8GM..*.4.MP..../D4n.=ZTeH.B=kOT.v..2@F.2L..A...yn.4......fP...L...2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U...........0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`;.l.uZ..k.F..^|A.Tb0...*.H.............|]...`k.n........0.A.P..N< ._>)..yS..RV?...U.....4BQ....L.BAD.`.WId....*...;Z.M...K..S.l.f.q....>.b..dl./....H<.F9.....V.4....O..5.....-...W....4.,.k...Y.R..........Z..)j.r.....V.s.EQl.<nHO.........CI/M{.r....3...}.n.*.<........g^.B...P.X......dE....... }...

<<< skipped >>>

GET /qconn/wpa/button/button_111.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: pub.idqqimg.com

HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:51 GMT

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:51 GMT

Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT

Content-Type: image/gif

Content-Length: 3534

Keep-Alive: timeout=60

Vary: Origin

X-Cache-Lookup: Hit From Disktank

......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.

<<< skipped >>>

GET /avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: 2.gravatar.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:38 GMT

Content-Type: image/jpeg

Content-Length: 911

Connection: keep-alive

Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT

Link: <hXXps://VVV.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g>; rel="canonical"

Access-Control-Allow-Origin: *

Content-Disposition: inline; filename="52612bfba40c463ad5878c3862379d1c.png"

X-nc: MISS arn 2

Accept-Ranges: bytes

Expires: Sun, 05 Feb 2017 03:36:38 GMT

Cache-Control: max-age=300

Source-Age: 0

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....................................................................C....................................................................... . .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........Z...Z=.....G......<.i...........wf.c.....c...../....u..O......|ei....4......{2.........O<..h^G!UTd.z.^..=.Q.te...Y....3.......\'.=%/u..$P..1......A..(........3[.\,......9.wo..^.,O....RD%YX`.:._LW..\.R.\..5...;....O.V.?..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 05 Feb 2017 03:31:38 GMT..Content-Type: image/jpeg..Content-Length: 911..Connection: keep-alive..Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT..Link: <https://VVV.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g>; rel="canonical"..Access-Control-Allow-Origin: *..Content-Disposition: inline; filename="52612bfba40c463ad5878c3862379d1c.png"..X-nc: MISS arn 2..Accept-Ranges: bytes..Expires: Sun, 05 Feb 2017 03:36:38 GMT..Cache-Control: max-age=300..Source-Age: 0........JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....

<<< skipped >>>

GET /1234567890.functions HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: mrx9.ddns.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 404 Not Found

Server: Mini web server 1.0 ZTE corp 2005.

Content-Type: text/html; charset=iso-8859-1

Accept-Ranges: bytes

Connection: close

Cache-Control: no-cache,no-store

<HTML>. <HEAD><TITLE>404 Not Found</TITLE></HEAD>. <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">. <H2>404 Not Found</H2>.The requested URL was not found on this server..<!--.Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..-->.</body>.</html>...

GET /pingjs/?k=aacxow2ith0d&t=SPECIAL MOVIE&c=c&y=&a=0&d=0&v=22&r=6060 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: whos.amung.us

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:58 GMT

Content-Type: text/javascript

Transfer-Encoding: chunked

Connection: close

Set-Cookie: uid=CgH9HliWnK6gBxs7NcgwAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/

Content-Encoding: gzip

34.............w../.O.P740P.QOLL../7.,.0HQ.1....JMup .....0..

GET /tc.js HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: cdn.tynt.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:59 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519; expires=Mon, 05-Feb-18 03:31:59 GMT; path=/; domain=.tynt.com; HttpOnly

Last-Modified: Tue, 17 Jan 2017 20:22:08 GMT

ETag: W/"587e7cf0-386b"

Content-Encoding: gzip

CF-Cache-Status: HIT

Expires: Wed, 08 Feb 2017 03:31:59 GMT

Cache-Control: public, max-age=259200

Server: cloudflare-nginx

CF-RAY: 32c34ae607795948-VIE

1622.............;.z......4..D.Q...-iXu.'u.....Y......"....X:.~g.n.....K.e0...f..n.v...y<[$.h.i.G..N...a...vtt.%q.j..giga..C.T{'R......^D..."?....\..NC.G.....u...L.C.g........s...#/... ..<.D.....{...2:e.~.fIl...:.|.m....;.....F".... .@.j...vip.....x.c...k.x.<.].....U........q..}`.{...g.'.b......{....C<X?...?.0........G .S1.h......V"f!......ZR..O...o6......dE.Dd.$..U04.IYn./.........(.ua..;.G..j...O..;1..t:.}....J...............z.x.%!kL.Y.g....!.M.......a.........5{...\.....a.2U..]..Q.`..#.._...?.[.zI0..6N.H..|....l.]...........];q.z..3g.r...(.o...%.N..a...m6%I.>......m..J/BA.Rg..N.... I.....enm{.K.j....>.t.y....S......5Fu.&...E.0D.$. .-.....o.t .@.s....k>z.._nI...)...-.s..sf.......X.fq........^..r...[..;.......6......u:.hPaL5...'.Hl..Eq$t:..(....6...S...$.D....u....vC.Mt*g.......{A4.. [...E1h..uH.....&...Z...... .?.\..z.......l....48.^....wI......go...z{...ixz..)..z".WC.cJ..4.O.=...83...D.Y..%..I[.E....1.Q......4..=0...8....ym....48...k....V?]..VD.%........!U ...R..............e|'.s..{nN.k.]..>....Da.......q..U .....\Qy.k.K.M.....`.L.?:........$sKC..w.mp/.:K...8Y...7.0nz0..d.....B...V0.D?.....8.c.dP/..$.....[x>.. ...7.....!z.D.C.8\.......<W..D.............y.B#..Q.!.."...x.xB'..O.b.?;.(F......}.e3...[.*..c.....q...3..q#...v.M..BZM4"......2.i.9.8}..!l.b..8z.T.4q.......,q ".:...V.... N...\:p....6.ivY.....N.^..ltA.M.......#...6(....(.C:a....O...) .U.&X..'...h.....d.\F}1X..'.p.z.........c...6...sc..@...{..P.U.z..wT.../#M...^^..Or^=..;..........IJ"@.......&.z...s.AH...(.1.....z..W.. k`C

<<< skipped >>>

GET /avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: 0.gravatar.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:38 GMT

Content-Type: image/jpeg

Content-Length: 911

Connection: keep-alive

Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT

Link: <hXXps://VVV.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g>; rel="canonical"

Access-Control-Allow-Origin: *

Content-Disposition: inline; filename="cfb9b68598748471e884ae8e1367a070.png"

X-nc: MISS arn 2

Accept-Ranges: bytes

Expires: Sun, 05 Feb 2017 03:36:38 GMT

Cache-Control: max-age=300

Source-Age: 0

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....................................................................C....................................................................... . .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........Z...Z=.....G......<.i...........wf.c.....c...../....u..O......|ei....4......{2.........O<..h^G!UTd.z.^..=.Q.te...Y....3.......\'.=%/u..$P..1......A..(........3[.\,......9.wo..^.,O....RD%YX`.:._LW..\.R.\..5...;....O.V.?..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 05 Feb 2017 03:31:38 GMT..Content-Type: image/jpeg..Content-Length: 911..Connection: keep-alive..Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT..Link: <https://VVV.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g>; rel="canonical"..Access-Control-Allow-Origin: *..Content-Disposition: inline; filename="cfb9b68598748471e884ae8e1367a070.png"..X-nc: MISS arn 2..Accept-Ranges: bytes..Expires: Sun, 05 Feb 2017 03:36:38 GMT..Cache-Control: max-age=300..Source-Age: 0........JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....

<<< skipped >>>

GET /qconn/wpa/button/button_111.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: pub.idqqimg.com

HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:51 GMT

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:51 GMT

Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT

Content-Type: image/gif

Content-Length: 3534

Keep-Alive: timeout=60

Vary: Origin

X-Cache-Lookup: Hit From Disktank

......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.

<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:29 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=d177c2e50aa525e8da57f1c655c3f18d61486265489; expires=Mon, 05-Feb-18 03:31:29 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sat, 04 Feb 2017 23:47:07 GMT

Expires: Wed, 08 Feb 2017 23:47:07 GMT

ETag: "04520f3b7d52160ed2926b230316ce4b325fe5ae"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a30223d5954-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170204234707Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|..gU.#...v".......20170204234707Z....20170208234707Z0...*.H.............,....U....)}woI.(.........Xxb,.k>e.H...].@.H`..).....g.v.D..D.#..../..:.?1...Pg@Q...!....q,-&..B@...0.\>X.&..n.}.%:>{.[../G{f0...yf..^..2F..k.Sjs..gr...... Mm/.(.2d....$.2<....}.....ya.,....R....uxz.).Py..4Cj....0OZs...73i.,_.L5..F.d..bI..M...qD.......0qkU...K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.

<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:38 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=d485dd5c146495f3bf64f50d08c764eab1486265498; expires=Mon, 05-Feb-18 03:31:38 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 03:04:24 GMT

Expires: Thu, 09 Feb 2017 03:04:24 GMT

ETag: "77fdbcd515e40e764a1a170d858cc02ce4ffebe9"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a6847b95954-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170205030424Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|..EK.....L........20170205030424Z....20170209030424Z0...*.H.................z.SPl..b..#].GR..).v.&.4..*;.....<..=....<......nJ......;..j...T..1....}.-.'..*.!../F.....R.jE ....qC.....*].......)R...G{e..O.F.[..=wX..=.."..z.;..,l.4.*.k...].......Bx.x..6.d.F..z...QA$A.~Y..l-..{.....?...O..'P.w.*IU....i*..v.p....YM....S....g..X-..\...K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3

<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:45 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT

Expires: Thu, 09 Feb 2017 03:14:08 GMT

ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a8fd3655954-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3

<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:45 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT

Expires: Thu, 09 Feb 2017 03:14:08 GMT

ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a9063745954-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3

<<< skipped >>>

GET /wp-content/themes/dream/js/html5shiv.min.js HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 01:24:31 GMT

Last-Modified: Wed, 13 May 2015 16:18:29 GMT

Content-Length: 2636

Cache-Control: max-age=2592000, public

Expires: Mon, 05 Feb 2018 01:24:31 GMT

Content-Type: application/javascript

X-Varnish: 6666052 6349869

Age: 7603

X-Cache: HIT

X-Cache-Hits: 339

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

/**.* @preserve HTML5 Shiv 3.7.2 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed.*/.!function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x<style>" b "</style>",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=t.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c " " a,j(b)}function f(a){var b=s[a[q]];return b||(b={},r ,a[q]=r,s[r]=b),b}function g(a,c,d){if(c||(c=b),l)return c.createElement(a);d||(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.canHaveChildren||o.test(a)||e.tagUrn?e:d.frag.appendChild(e)}function h(a,c){if(a||(a=b),l)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g )e.createElement(h[g]);return e}function i(a,b){b.cache||(b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag()),a.createElement=function(c){return t.shivMethods?g(c,a,b):b.createElem(c)},a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&(" d().join().replace(/[\w\-:] /g,function(a){return b.createElem(a),b.frag.createElement(a),'c("' a '")'}) ");return n}")(t,b.frag)}function j(a){a||(a=b);var d=f(a);return!t.shivCSS||k||d.hasCSS||(d.hasCSS=!!c(a,"article,aside,dialog,figcap

<<< skipped >>>

GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 04 Feb 2017 18:57:13 GMT

Last-Modified: Thu, 23 Jul 2015 11:33:34 GMT

Cache-Control: max-age=2592000, public

Expires: Sun, 04 Feb 2018 18:57:13 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 4314

Content-Type: application/javascript

X-Varnish: 1072180 627494

Age: 30841

X-Cache: HIT

X-Cache-Hits: 172

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

..........u..r.:....U8.-.,.2)~..a\.L.TjN..:.....w.....Y.HT.3.oa.v........0q~.`. ...h.....N./6 -......\.6F.......<,..........'.:..*..\7..<...6k9Y7..nz...'*P...4....,..A.M_.D5.A.4.,......U..j.F.....VMP. .........w..l..m..j.j.X.-D.IT.....3.~g...u.&........24e}}{.Ii.s[...K...,.../7..........E..u........[.............,.....O..[]..z6....y.N.o.....}...Z.j.$.:\....z.N.2..H....6....}.1.E.h..#ZE...6..U.o..S.. .S...r]>K......w.O u..A.....O7...s....m$.X......Dt0.m..:........hf........K....Q..Lw..P.0....u|.....M......<;[..FVI...m.NO.u)}.f.J....,...|e.j..(........H....WM..[....j.pk._K.^M.M#As.}......b...bU>...E_..z......:.....J.U.LzQ.V...B[G..r..].rm...8..e.>...ou.....6..cm..|1=t....U.]..V.r...W..)-...(a..}..;...J.?W.n;.......U..,b..eE......z.T.S...8..8(l......Z5]L...Z.......ad.................*{/..c...M_.h................lm......u..u....Ay...y{..z..C% ....\....Rg./.35Q.....Z.Ve..A..|.Zo-o...()....."...eu...p.T....-.<.....z.2..(/.A|.$. =........<.Y..h...r.ym....{{N.c..O..'...P.....*jG..w.i7._.b...x;........-.v..w......E..,.>n.0:......}|4..s... ......;.."{_........X..m.y..mv.....>..3B.R...ug*]^.D.V..W.....Y.......z.....3;.]Y...*p6?.......k....;..a.Y...........tuOOm.d..4Wv....4.W.Tt.~1...v.;...E.P~uf.zwM.\O..k..~f....E........]Lz.Y...P./...{>....{.....[..._......[..b.IV..k.Z<.z....L..fq.f..n.. Hi..k.........*p..0.F.U..9g.L.]..}..}..1...Ap5.}cF.......u...p=..! .A.Jx 5..| x0....NS....#.2f%. .S{.....}3.%..FO..>q.x.^.....{....O.K.....o.]{............)....[SlM..1[......)T.F..`.Q.GG............

<<< skipped >>>

GET /wp-content/themes/dream/font-awesome/fonts/fontawesome-webfont.eot?v=4.2.0 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:05:56 GMT

Last-Modified: Wed, 13 May 2015 16:19:42 GMT

Content-Length: 56006

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:05:56 GMT

Content-Type: application/vnd.ms-fontobject

X-Varnish: 8474627 5811078

Age: 1519

X-Cache: HIT

X-Cache-Hits: 130

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

..................................LP..........................$.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...2...0. .2.0.1.3...&.F.o.n.t.A.w.e.s.o.m.e. .R.e.g.u.l.a.r.....BSGP..................~.........`.......Y.D.M.F..x...>..........)[..1..H....-A)F....1..../.S7.U.'.&a..;a.#71.^...wR.. .P...r...o....b..R..6....l..n._Up.!........b......h.,7z..U..........].)..WF..(...VH..# ....j.2..l.Q....T&*...j..9.._..[."L......... aA.ynF........e.....Ga.1E. a.b..0....8zSA..-........=7..Ex..Cr......06.,..R~>..cI:.S*..`5..n.(TefX`...@...A...L...=.C.=..e.<.'f...sH.'.e.i/"x.. ...X@l.W.!b..8R.8.*j.a.eFUkL.....I....'.Z........@..I.3H....p.GH.......@Yi@..i..S.w.0....b..@Xoy..{..f....h..U...h..L...*.l....... N.1{....)e.T....0R..n...../S.c.PV..z6%f}.4.C...&....W..'.,.A........@Q%....F.`.Th.]...3......X)@.VZ=F.Y.\'S.Ngx...,...'.........b.R..m.....j...[.b..0A....NM.$...X.m....YQ....v..a..iT3...CT....#...8EFM2*..... $.I..)>.7....=... ...b..t_.:..>RfH.U.6b.....[..~Y%,.3j....|..^e..C.vZ.`^ HT..L...~.[..\rs!..J.9H.:....M........6@......W.`.&....y.{.......9..........KAQ3.......T..q..".B.<......,K"..{.C....K......l7e.hA..z...z..9%).`...,.(.V........ksX......&`.J..D..<4...3&.CE..Q...@..N10..5!X..EE....'..f.mp.!=..K....Uy.P.H.Z.....A ....r...@.......n....d..w.7..-........."......$.*nq."d.Q.....'._.....8.......[.....Y B.....@... E...........2.F..Qd..Ip`......21..y.2...5..)..L*N.....owq..v....F...B5_`..[1....g.........].......C.....q..ZbO.gb8o../z...N)s.@%......V..p.X%-....`t}.G..65.h.~

<<< skipped >>>

GET /ss.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ss.symcb.com

HTTP/1.1 200 OK

Server: Apache

ETag: "56cb56c1648f51e7e216cb070afae6b2:1486242682"

Last-Modified: Sat, 04 Feb 2017 21:11:22 GMT

Date: Sun, 05 Feb 2017 03:31:37 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Connection: Transfer-Encoding

Content-Type: application/pkix-crl

00006000..0....0.......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G4..170204210122Z..170211210122Z0....0!....K..Kx.:.....37..160628125652Z0!....Rk.......(!u....160331033634Z0!....lv...>.?O...^...160622011159Z0!.....6w...iP...s.M..160608011251Z0!.......1^...B.Ph.H..161208073412Z0!....r-...0u..B\.`...160602011343Z0!....E.u2..1....L....160315011119Z0!.....Q..-(....}._h..170130053955Z0!.........J.N.h......150217135549Z0!....N.....e....F?B..160401232208Z0!............XW.M....150816010821Z0!......x....Xvheqrv..170102113703Z0!......y.....a..C....160621011139Z0!....Q8*.|..]6.".4...150330080110Z0!.....!!..O..........151124201031Z0!....2.....E..yYT.E..161207145003Z0!....eL.Y icf}.:..N..140508200907Z0!.......>..z(L..0i...150517010832Z0!......Q.0...j.D.....160601160659Z0!.............j f....160613011111Z0!.....v.;..u7.3......160916195205Z0!.......`...5w.......161011093118Z0!.....8.@.N..w.n.aw..160122052207Z0!.......n....[...6a..140729211122Z0!.....Z...k1S.<.. I..150727184447Z0!...";.M....Gp.f.....160621163727Z0!...#D..!jhMz........160906045841Z0!...#]........x.zW-..160329114327Z0!...$.K/."T....w`K...160215003231Z0!...%.vu..;..r*y..E..150802010744Z0!...&...$...tX...5...160810011135Z0!...&....5./C...c....150310141723Z0!...(SD.....h.4vtr...160727164314Z0!...).....9:..2......160523133724Z0!...).......0^.B.....151102010800Z0!...)....BF...o.T....160111184646Z0!...*..`.y...T\a.<i..160321112541Z0!... ...kM..jZY...$..160118

<<< skipped >>>

GET /pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: cm.g.doubleclick.net

Connection: Keep-Alive

HTTP/1.1 302 Found

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=

Date: Sun, 05 Feb 2017 03:31:59 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: text/html; charset=UTF-8

Server: HTTP server (unknown)

Content-Length: 320

X-XSS-Protection: 1; mode=block

Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2017 03:46:59 GMT; path=/; domain=.doubleclick.net

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=">here</A>...</BODY></HTML>......

GET /pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc= HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: cm.g.doubleclick.net

Connection: Keep-Alive

Cookie: test_cookie=CheckForPermission

HTTP/1.1 302 Found

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1

Date: Sun, 05 Feb 2017 03:31:59 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: text/html; charset=UTF-8

Server: HTTP server (unknown)

Content-Length: 310

X-XSS-Protection: 1; mode=block

Set-Cookie: id=22befda9811100d9||t=1486265519|et=730|cs=002213fd483636e64dd1040bbc; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net

Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT

Set-Cookie: IDE=AHWqTUlqszoYQayW8TZl0vAcLdLlZmtS-lGLPEL0LAWnmt4cuy4c6U1R0A; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net; HttpOnly

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1..Date: Sun, 05 Feb 2017 03:31:59 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Content-Type: text/html; charset=UTF-8..Server: HTTP server (unknown)..Content-Length: 310..X-XSS-Protection: 1; mode=block..Set-Cookie: id=22befda9811100d9||t=1486265519|et=730|cs=002213fd483636e64dd1040bbc; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net..Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT..Set-Cookie: IDE=AHWqTUlqszoYQayW8TZl0vAcLdLlZmtS-lGLPEL0LAWnmt4cuy4c6U1R0A; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net; HttpOnly..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Mov

<<< skipped >>>

GET /pa?p=2:2051282539:51 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: wpa.qq.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Server: tws

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..

GET /templets/default/style/home.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:49 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:34 GMT

ETag: W/"0c1d3963869d11:0"

X-Powered-By: ASP.NET

Content-Encoding: gzip

Expires: Mon, 06 Feb 2017 03:31:49 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

2ee.............V.n.0.}....5Z.]..!i.|Ld..o....M....7.$...U.......3...\..N u..%..<..GB...p.D~.mCy..].O.....8e(......xo....nc.B.3.........CE;..G....[^3.U...j....<.N..F.!...X...3..$P....h..K..ior...R.('....... .c..a..m.D..^....[...W...UT.,@q.a..>65....nH....!....{......%o....-.D...?.c.R.<..>......q.=.%.....=.m..m....:.......|...k..fV}B.e.xg.8.}.....Y...x.1m.Qo..,....{....?5..........v.`.#\.L[B._...$Yla...6...}...m...r..0..&PB....^.:.@...1JM.KV....i. .9.a..ja....-&A}(.y08.../.........m.^.}.=.n=...._m.=5 ...?f.......8.c..B..i..i.t.........:. ..#>.M<L..\.`."..9D.......V^$v-..9.../.....8...C..F.V5e......?..K.>.t..........(.....}.b.r.........Qg..Q........G........H\U.7............v..i..%..{a.t...l.h.lO.KaO~ym...dYd...Xe\._.3.|...o...T{..n.[,......!.......0......

GET /templets/default/js/tabicon.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 715

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:32 GMT

Accept-Ranges: bytes

ETag: "094a2953869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

...var colors = {....0:"#ef6523",....1:"#fc3159",....2:"#000000",....3:"#c4161c"...};...$('#cont .ul1 li').hover(function(e){....var index = $('#cont .ul1 li').index(this);....$(this).find('a').css('opacity',0.3);....var x = $(this).find('a').eq(0).css('backgroundPosition');....x = x.split(' ')[0];....$(this).find('a')[0].style.backgroundPosition = x ' -476px';....$(this).find('a').eq(1).children().css('color',colors[index]);....$(this).find('a').animate({opacity:'1'},300);...},function(e){....var x = $(this).find('a').eq(0).css('backgroundPosition');....x = x.split(' ')[0];....$(this).find('a')[0].style.backgroundPosition = x ' -382px';....$(this).find('a').eq(1).children().css('color','#808c9a');...});....

GET /templets/default/js/oninput.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 653

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT

Accept-Ranges: bytes

ETag: "80fd9953869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

function inputFocus(id) {... var $input = document.getElementById(id);... if (!$input) return;...... var next = $input.nextElementSibling || $input.nextSibling;...... if (next.tagName.toLowerCase() == 'span') {.... $input.onfocus = function () {..... next.style.display = 'none';.... }....... $input.onblur = function () {..... if (this.value == '') {...... next.style.display = 'block';..... }.... }....... next.onclick = function () {..... $input.focus();..... next.style.display = 'none';.... };.. next.style.display = $input.value == '' ? 'block' : 'none';... }...}..ready(function () {......inputFocus('search')..});HTTP/1.1 200 OK..Server: wts/1.1..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: application/javascript..Content-Length: 653..Connection: keep-alive..Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT..Accept-Ranges: bytes..ETag: "80fd9953869d11:0"..X-Powered-By: ASP.NET..Expires: Mon, 06 Feb 2017 03:31:50 GMT..Cache-Control: max-age=86400..X-Cache: from WT263CDN..function inputFocus(id) {... var $input = document.getElementById(id);... if (!$input) return;...... var next = $input.nextElementSibling || $input.nextSibling;...... if (next.tagName.toLowerCase() == 'span') {.... $input.onfocus = function () {..... next.style.display = 'none';.... }....... $input.onblur = function () {..... if (this.value == '') {...... next.style.display = 'block';..... }.... }....... next.onclick = function () {..... $input.focus();..... next.style.display = 'none';.... };..

<<< skipped >>>

GET /getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ib.adnxs.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: nginx/1.11.5

Date: Sun, 05 Feb 2017 03:32:01 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 0

Connection: keep-alive

Cache-Control: no-store, no-cache, private

Pragma: no-cache

Expires: Sat, 15 Nov 2008 16:00:00 GMT

P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

X-XSS-Protection: 0

Location: hXXp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1

Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly

Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly

X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.141:80

....

GET /bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ib.adnxs.com

Connection: Keep-Alive

Cookie: sess=1; uuid2=3648886337069900944

HTTP/1.1 302 Found

Server: nginx/1.11.5

Date: Sun, 05 Feb 2017 03:32:01 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 0

Connection: keep-alive

Cache-Control: no-store, no-cache, private

Pragma: no-cache

Expires: Sat, 15 Nov 2008 16:00:00 GMT

P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

X-XSS-Protection: 0

Access-Control-Allow-Credentials: true

Access-Control-Allow-Origin: *

Location: hXXp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e1

Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly

Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly

X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.149:80

HTTP/1.1 302 Found..Server: nginx/1.11.5..Date: Sun, 05 Feb 2017 03:32:01 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 0..Connection: keep-alive..Cache-Control: no-store, no-cache, private..Pragma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..Access-Control-Allow-Credentials: true..Access-Control-Allow-Origin: *..Location: hXXp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e1..Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly..Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly..X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.149:80..

<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:45 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=d330913c78f57201f33f64dc5ccd2de251486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT

Expires: Thu, 09 Feb 2017 03:14:08 GMT

ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a9092c15a1a-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3

<<< skipped >>>

GET /wp-content/themes/dream/style.css?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Wed, 13 May 2015 16:17:46 GMT

Cache-Control: max-age=2592000, public

Expires: Sun, 05 Mar 2017 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 6537

Content-Type: text/css

X-Varnish: 7089079 4424375

Age: 131606

X-Cache: HIT

X-Cache-Hits: 1038

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........=ks....._..O.......y..i.tz&M;Mz.!..@"$..H..l..........V>'i..X...b.dO_.>.....t.f.M..F.....3.n.rvzzS/.z./..i...i......f]T3rS.......{..E..MZ.r-..d.....X].y..0.[Q%?.sM.bq......a<..g.....5...._..,g.....y....#7#..d.a..7.....W.6...i&...U.E#Xc.l..'v..7....r"(CW.......... .on.hQd.M^..=D........M..6,...&]\.....>.XTpR......Ux.`.d..3H...$K.5...f...l..U.H...}...v.6.).......f.. .(..O......}B...kZ1..m. ....1Z.0.m..I..Vu..%.....,r. .Z/..G.s.5..v.'/.;!..p.._S....l..}.C..Y?...f._.]..2....3..5.JX.f..6k._..)..2.....&...!....|O...._....9.A.......... ..v..2.(.xQ..........._.W.^.O..}.....|...Oo?|.8..6 ...O..X...|......z.......%o......d....z..8k.............. .....^,...y....w.-Y...|....r..T......d..g8.."o..w.OC.3pw.... V...y]..|.....x.{.!....D@4.Y....~dIJ.|.3~G.-..#~..Ja.!..;~.....$~..7..`.P......H.-.&.v3R...j ...w....u.D.....E#...$.Q9.<G.M..._..k.7/.......E......j..=.g..%..iV.{.t..G...V..,..........2..F....M.W...Qo7.._/I.......bq-..&i..-h~Ca....G......cP.g ."9...!.4.(2...*.....E....H.|V.91f...=Z.t.n..>..$a..~.a..U.g.N..s..^U..AT....T/A.....Q ...t...a..J..l.>.W......>).}VE...&.3-.H.?.D....6..R.....^d.$Y.m'..@..H...p..&.3r.\.*Gr....@....x..iF.$..[.d[Z..Sd@~J.].@..................h.O.F- h$..=#..nV...m.....Y......a...`....`....q...@.4/0;.]Wb.;.2...Y.i.Gv..S)..V...y... v=O.....nJ..o...~Z.E..xeP|(.?..I...y.6H...<...a.......... O:.A{...P.6......M..#c..b)~nH:~.. ..{.@....~nv%....x.E.@..$`...L.I...R...%h ./.$b*d.mU.>."m.Ot~..M.....J...$G'lI.Y.....M.W.,....<G..'p;,.<*i.p........2.F.....k...&s.DA.=

<<< skipped >>>

GET /wp-content/themes/dream/js/navigation.js?ver=20120206 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Wed, 13 May 2015 16:18:31 GMT

Cache-Control: max-age=2592000, public

Expires: Sat, 03 Feb 2018 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 438

Content-Type: application/javascript

X-Varnish: 5324557 5374644

Age: 131607

X-Cache: HIT

X-Cache-Hits: 1273

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........R;O.0..._qLIK..\e....X...I.....}AD......!..n..{..,....`....ig.G.A7.W.4..\].mk.w<...m....V....G.A2u.dP5..`..~...<........."ggQb.$bw.9..hxN.F.3.}...e.i...}..&.D..2...C.......7,.....u .n.gU?...E.d....A<ml......<.j.......b1'.5f0J.b.......8..."Nu.\..........V..4...........k.ZN.Zg1]..C..."...eV^.9~.9... ....W.M1....\..B.Z....T../p.]2g.......v...Jg...O.|..../......r........Gn..z.A. ...}.'7&..........c{C.sb.o.Ku@......&.....~.tS...HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 14:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:31 GMT..Cache-Control: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 438..Content-Type: application/javascript..X-Varnish: 5324557 5374644..Age: 131607..X-Cache: HIT..X-Cache-Hits: 1273..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive.............R;O.0..._qLIK..\e....X...I.....}AD......!..n..{..,....`....ig.G.A7.W.4..\].mk.w<...m....V....G.A2u.dP5..`..~...<........."ggQb.$bw.9..hxN.F.3.}...e.i...}..&.D..2...C.......7,.....u .n.gU?...E.d....A<ml......<.j.......b1'.5f0J.b.......8..."Nu.\..........V..4...........k.ZN.Zg1]..C..."...eV^.9~.9... ....W.M1....\..B.Z....T../p.]2g.......v...Jg...O.|..../......r........Gn..z.A. ...}.'7&..........c{C.sb.o.Ku@......&.....~.tS.......

<<< skipped >>>

GET /wp-content/plugins/akismet/_inc/form.js?ver=3.1.5 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 01:25:00 GMT

Last-Modified: Tue, 13 Oct 2015 19:52:11 GMT

Content-Length: 700

Cache-Control: max-age=2592000, public

Expires: Mon, 05 Feb 2018 01:25:00 GMT

Content-Type: application/javascript

X-Varnish: 11344493 6664469

Age: 7597

X-Cache: HIT

X-Cache-Hits: 92

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

var ak_js = document.getElementById( "ak_js" );..if ( ! ak_js ) {..ak_js = document.createElement( 'input' );..ak_js.setAttribute( 'id', 'ak_js' );..ak_js.setAttribute( 'name', 'ak_js' );..ak_js.setAttribute( 'type', 'hidden' );.}.else {..ak_js.parentNode.removeChild( ak_js );.}..ak_js.setAttribute( 'value', ( new Date() ).getTime() );..var commentForm = document.getElementById( 'commentform' );..if ( commentForm ) {..commentForm.appendChild( ak_js );.}.else {..var replyRowContainer = document.getElementById( 'replyrow' );...if ( replyRowContainer ) {...var children = replyRowContainer.getElementsByTagName( 'td' );....if ( children.length > 0 ) {....children[0].appendChild( ak_js );...}..}.}HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 01:25:00 GMT..Last-Modified: Tue, 13 Oct 2015 19:52:11 GMT..Content-Length: 700..Cache-Control: max-age=2592000, public..Expires: Mon, 05 Feb 2018 01:25:00 GMT..Content-Type: application/javascript..X-Varnish: 11344493 6664469..Age: 7597..X-Cache: HIT..X-Cache-Hits: 92..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive..var ak_js = document.getElementById( "ak_js" );..if ( ! ak_js ) {..ak_js = document.createElement( 'input' );..ak_js.setAttribute( 'id', 'ak_js' );..ak_js.setAttribute( 'name', 'ak_js' );..ak_js.setAttribute( 'type', 'hidden' );.}.else {..ak_js.parentNode.removeChild( ak_js );.}..ak_js.setAttribute( 'value', ( new Date() ).getTime() );..var commentForm = document.getElementById( 'commentform' );..if ( commentFor

<<< skipped >>>

GET / HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:49 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

ETag: W/"cf3d398b27d21:0"

X-Powered-By: ASP.NET

Content-Encoding: gzip

X-Cache: from WT263CDN

4d3.............[yS.I...............Kl..../vv.ko.11A4R#.-u....="..N....{.,...3.9v|...]vU...../...j.$.yvD.jugeef.2.* ..g.......|.....~....t&.t.|.|......bI^Q.-..j...>.~R.2.B_V.........?...^.{R.....&H......xB .4QK.]h|...?|.f|....Q.....'V..........1.....c.5..[t.F _..}.../..R..y.....Ctg.....2...w..q....l..p....Y..?..R.t.S.T..j.)AM........Q.nh....&....NgR....B/.Mi..$...iY..B.n..&..@Y..2.......'.R*J&.....RrB.........H....*....~...q.......k}YA.l../....(.......%.#|.6~M....d.j..u.7{.3&bF....M .h......U...~....G....u.?kl...c}a.....<...!.z.kl.Z..~N.G}.Y..59.m..HK..,.$Bw__w.....aR...Bp.....1....Pk.F..L.[..*...h....A..n_........=.c.$..U5.3...[,0..t....Q_qx......U.....zS2.]...Xdj5...........:.<....t`..#..A..c$..:l .......TN....`.0........z6.a.L..0.'Hq2f..2=v.J{ ._..@PN.......>....a...H..wa {..vC.k...>9./l.....alI...X...^I.).....*.).W6.zRr.:A.U.4A6e..22A.I....0Bx%....../]......@` ........i5......|...h.)..lm..C...&D..>L.R6:(.8!..\..}A...fP.r....D.....fP.O.0.......G..]...8(.\.~o.B.......l;....V5Q.-.i............t$..DZBm..3 .... ..6.....H...vX.'.Y.....7f_.7...{.l.D.#....p.t...3...X..;...x~4.......H.I.2b..P.!...j.7|..[|........7..&...9....1 1.Y.m$.....j.P...Y1p|..x0.A.x.%..(l.r.Y.S...,r..4.z....jm.D6....i..~..9>...w.wk..z.`.6H.TF.G.S.07W.}J..5af..L...k.D.Vi..E...r|V..fXo..q-........!....{~;~.ub71.....r.;Y....zdM...)\.(....-Kk.$..-B.....#.<g.{..B}oV..-t}..........|.w..S.s.u.......r..o....."........p....q.....z..,..4........5h&..."..p1%`........B.T..3I......_Cb..?.~.r..........\..^p[d.....@...P.%UP...^Y...=..

<<< skipped >>>

GET /dist/meiqia.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: eco-api.meiqia.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: openresty

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:53 GMT

Cache-Control: max-age=315360000

Expires: Wed, 03 Feb 2027 03:31:53 GMT

Last-Modified: Sat, 14 Jan 2017 07:06:39 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Content-Encoding: gzip

Vary: Accept-Encoding

ETag: W/"5879cdff-262c9"

X-LogId: 0c5f58969ca9490c7fa9

X-Cost: 0.000

X-NWS-LOG-UUID: 4d9430b8-54df-4fe9-9621-5998b99ed625

2167...............v...(.|N....Y@1I..L....R.dW...\......I...........}o.k.k../}.......\..z.gtD.@..5..=...L$2#####2#"...........|.P=0......GFH.I.W..A/.A.G.3;...fYW".}5%.......u...iG|...}..tW.@\.=S...3k..^L....J .......[>..[.F.n.S. ....7..ID Q...X........j5n....U.L<...W.C.....v<...j.[....1.....Q/..U-b....7....aWE.l.......P....F?..G.>.mYV.. ...0.... ak..v|.i._o..%..j.a.-__3.m.zh..R..q ..d....D...d.RM. .H....I.s...A.1...!.m..LB;=H........A.. [..V_Ar. ..\Z1.>$/.r..U.<...A..d..z....r.o..]H......./!yj......!.. o0.].....|..BUo!..A.a...........v.A..A......H~k..0.5?........... ..A..$t..H~m..1.....?..o.......3..1.*.1..F......q.j{.....o^.>.f...$YH)...S.&.....?Hi.H7:.%..~..X1.%.W#........>K.....I0...>....B...=...E.c..d.Ql.?._F...O......}.r3y.. ..A!'_|H.....]..E..L.om.zo......_........Cj;."Qy.,....c.6"[<...E....../.. .R>..8nd.<.$.}....X....x.?..C...c7{lk.N.....4F .p*c..3....i......m..i._rn......@..M.j...@i..V.z.YQD.!.>E. ...6.C.F#.......Ovw..5....0...z.p..Z....gZ.x.......\?.c....W25..Z..O.sFD..O*HP...r.....pKCd..:@P.../4.[Z.......J.FWI.KH...z.........'.a0....O<...f}.......?t...o.q(..... ... .G...l..v:.....?|..z....~.T".c.....(...I.....i@X...m...G..0.'.Co?./s..o......A...g....`....Vo...O..[uO.-..]..P.....:.......2.0.d....H..K..hp...W..[....rd.......3..EPc..9...QL}]..W.h.k..!.s.....y..`Q....]...j. 8ui........fD...yT`.q. 5.).|J.aam...=..q...1......g.t..#.(..........._.!)@.u...... ...v...kd.y.?O.2`v.F.U^j....v8.O........'#..?..(>>..q$V..vw.<.~...b....7..|.'...l.t....'...w...t`...

<<< skipped >>>

GET /dist/doorbell.html?1m47r5d7qtt65hfr HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: eco-api.meiqia.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: openresty

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:53 GMT

Cache-Control: max-age=315360000

Expires: Wed, 03 Feb 2027 03:31:53 GMT

Last-Modified: Sat, 14 Jan 2017 07:06:37 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Content-Encoding: gzip

Vary: Accept-Encoding

ETag: W/"5879cdfd-f1"

X-LogId: 0c2658969ca9673f1ea7

X-Cost: 0.000

X-NWS-LOG-UUID: 0ef88269-1a3d-48ed-87b0-4503151f48ce

d7............-O.N.0.........T.A..C*.....Ev..7..........5Q..,.....<t...iS....%gK. (SJ..2..........-jK.s.F|/.......^.6.X.}G....*..B....r..........S.Y.b.k.9.2..=e1....)U.....r..0.I..(....k9....8..q.x..[L../..[..... . ......0..HTTP/1.1 200 OK..Server: openresty..Connection: keep-alive..Date: Sun, 05 Feb 2017 03:31:53 GMT..Cache-Control: max-age=315360000..Expires: Wed, 03 Feb 2027 03:31:53 GMT..Last-Modified: Sat, 14 Jan 2017 07:06:37 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Content-Encoding: gzip..Vary: Accept-Encoding..ETag: W/"5879cdfd-f1"..X-LogId: 0c2658969ca9673f1ea7..X-Cost: 0.000..X-NWS-LOG-UUID: 0ef88269-1a3d-48ed-87b0-4503151f48ce..d7............-O.N.0.........T.A..C*.....Ev..7..........5Q..,.....<t...iS....%gK. (SJ..2..........-jK.s.F|/.......^.6.X.}G....*..B....r..........S.Y.b.k.9.2..=e1....)U.....r..0.I..(....k9....8..q.x..[L../..[..... . ......0......

GET /visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://VVV.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: eco-api.meiqia.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: openresty

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:57 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Content-Encoding: gzip

Vary: Accept-Encoding

Set-Cookie: session=eyJfaWQiOnsiIGIiOiJNVGszTkRJellUSTNOVGM0TnpNNE5tWXpaR00yTVdGbE9ETTNNbUUxWVRjPSJ9fQ.C3guLQ.mh0DgIZF-7RO72-7SaIQKh9ZzcU; HttpOnly; Path=/

X-LogId: 0ba258969cad48863274

X-Cost: 0.095

X-NWS-LOG-UUID: 23ef525f-e88f-4ffc-b9df-78f0e125ae74

542.............V...6.....Q"..`..>&..).....S...m3`.w2..O....gv'.)/t.V.S..K.l..E.dB." .....l]j.@...........b.............]...u.r~{.?.K._.WG\k..@7..]z.JS..,....s..x..X'Jd..d.d.D.....j.....h$=.\.......i.Z...4...'...A......mP...z....r...fx...C..Ox..}...r..X.9..."M.~(*...Y...!.P...b?.Y...]....4..Z3E.....wr....k:.e\....1.I..P.....4.6O.....8....U&..Y....._.h.h.....aZp.&).d9..;1._tST2..5.T.....'.,Tz.ST.6 y.n.H....Q{....36b..%{S...@w.s.>........'.&......H..).RL.... 7X_........s..R..Q.M..h,.c......w.c.....46.....ds#....1..h......? ....b.W..^a..2....*.i.I{...>...t$....1.t6....(............iB.....0......QP.Y6.]u.RHt.lI..W.%.=...8l;wj....T..%O...$...A.......d.y.......(Y..O....!..2U.q..]..............n...-..w....a./E.s.....c.$O1. .Z...|......Q..c..C..U..`1e!.S........m[l*SS....A.. .dE..3M..Y.<......{m..M[....Y.R...o)..........e.v.....be...[..4..i.,....5d.;..[,v.}....x.8....n..u.....u.xik....b,r.....!..S.5.8.ez4.a?.x.4....c8O.Y...;./...X]!...2]=q^..e...x.B#.n..}.........#....Rj.c..C..F.S.X.%......V3A.T..*....I.f...T....P..S...l[.)09.gn....`1.I ....../..mX...E..U(...9.R.S..:[..$.....wt.N........8..f..H.BN..X.FMe..9..........u.].k!2Tz.B_*...... ...;..%...V.M........./|..`.....\..l..j$....:.'M.......h....wT.a.h;8..l....X....${.E.v'..n..q.x.=..,....J9.@D....U.qR./..jA;Iq..e..a]`..-..vH.uL.0e.....E.I..M.o$.....N..*.Z....M>v..7...}..K.E...O...n.Bi.....0..

<<< skipped >>>

GET /match?uid=5648657701418802231&bid=9gdtmu1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15a0c542197-5fdd0000010f7778

HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Sun, 05 Feb 2017 03:31:59 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;....

GET /match?uid=-7296199909654580839&bid=0rijhbu HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15a0c542197-5fdd0000010f7778

Connection: Keep-Alive

Host: ps.eyeota.net

HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Sun, 05 Feb 2017 03:31:59 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Sun, 05 Feb 2017 03:31:59 GMT..GIF89a...................!..NETSCAPE2.0.....!.......,................;..

GET /upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: rtd.tubemogul.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Sun, 05 Feb 2017 03:31:59 GMT

Pragma: no-cache

Cache-Control: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"

Access-Control-Allow-Origin: *

Set-Cookie: _tmid=-7296199909654580839;Path=/;Domain=.tubemogul.com;Expires=Mon, 05-Feb-2018 03:31:59 GMT

Location: hXXp://ps.eyeota.net/match?uid=-7296199909654580839&bid=0rijhbu

Connection: close

Server: Jetty(9.3.8.v20160314)

GET /js/jquery-1.7.2.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 94844

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:14 GMT

Accept-Ranges: bytes

ETag: "0ffe78a3869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

/*! jQuery v1.7.2 jquery.com | jquery.org/license */..(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"") "<html><body>"),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g ){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.respo

<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:45 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT

Expires: Thu, 09 Feb 2017 03:14:08 GMT

ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a9093795954-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3

<<< skipped >>>

GET /v4/url.html?v=4.0.4.1-1110 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: info.spiritsoft.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:07 GMT

Content-Type: text/html

Last-Modified: Fri, 17 Jun 2016 07:53:07 GMT

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Content-Encoding: gzip

7d9.............Y]S.V......P.....%.h&.L...i:i.....W...mQYr.c>r..4@.8......&,.i....0..e..H.._........l..4.0........}.....?]..[.g..._^....|......._...bgw'.h..\.)...TC.5Q.. ......(.q..M..|..d.(....}..a..@kk..O......"Gh...P....>.FJ...W..):.u.$..... ..~$....p\6-..S(....wAB*....|.46e?;...K".s.5U....J4..-K.......9S....l.......z.....V.T...d=..c0... ....Z...l... .\8e..1\..[...$..vId3..3g.. ..!..FJ1.......?!..B......c....-%.|.R...p.n)..F..M..M..L.........p...fD1.,CS#\ ...:|aC3........h..zD.-..S#(....?l. j,.X...y?..W#A.S...%........:...U,M.@U.4y.2..(aD......:......./!9.)..>.....%.HD.c........=HE...n....K$d..e3"..4..J........(j..:@..D.zUS..Un.@...&@....)=r=.h.15J...;{...G.....X....Ro*m....v...a.}.<C....r:..b..N..{....{y........Z.5.h.F...~t#_ZuD........p......I.G.0F.._.O.w..{.....9T9......s{N6K..L..O...'...B.@e...-........J$..(..W<X$..x..?Z......m.....G....*....5.2..7..._..Q}.{.....G..J...,#.....6.@....(.~r#.3z.CK..iHK).7...W....J..<.jN.........F...%...2........._.......29L2{$3Nfo..u..............H....w...:K...#=>8...'..s....sdv.......5...-*.;.0.k..H.j.]..e......._...lI|'L{=n....'5#f.I=V..qB.v...3..^.d...jq.).|..........bn...e.xz.....AG.R9..ky.G"%..55..wH...e.. .........;..^.,...4E.."n........'-..[[.~...cs..J.<Y...4...Z....{.P..,.jl....xj....V..\..].o...j..Xg1.#..J..d.....".g. Qem..0.{....*.......pq.4[.C.{..@V...x.j...C.s;.......h.=...rds.x0q8.^...1.%Kkd..;...x.b...:..7...C..j\?_.....'C...O..V.....o...:..;.=.^2..~..>].g(..kvf....S.<=.L .<...7...=......lm.p.N7....A9.GF.....k'G....Y...... .H8F

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 04 Feb 2017 15:06:56 GMT

Expires: Wed, 08 Feb 2017 15:06:56 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 44672

Cache-Control: public, max-age=345600

0..........0..... .....0......0...0......J......h.v....b..Z./..20170204071735Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..i..{(..p....20170204071735Z....20170211071735Z0...*.H.............Ie..t.......9.3...H.r.AT.(......`..(n.....q..-8~....>R.'c.X1}<w.G....Ze.n...t"...Q./.yM......9...h........l{....a.[.....2.5...&.&....'..:G...0..O.....Y..8...Xd.C.@...d..m.U.:\[...u...y;.6..2Vr..,R...[..H..9-_.W..>i....O......"...|......e..Q(^.$..U.G.qL....HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 04 Feb 2017 15:06:56 GMT..Expires: Wed, 08 Feb 2017 15:06:56 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 44672..Cache-Control: public, max-age=345600..0..........0..... .....0......0...0......J......h.v....b..Z./..20170204071735Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..i..{(..p....20170204071735Z....20170211071735Z0...*.H.............Ie..t.......9.3...H.r.AT.(......`..(n.....q..-8~....>R.'c.X1}<w.G....Ze.n...t"...Q./.yM......9...h........l{....a.[.....2.5...&.&....'..:G...0..O.....Y..8...Xd.C.@...d..m.U.:\[...u...y;.6..2Vr..,R...[..H..9-_.W..>i....O......"...|......e..Q(^.$..U.G.qL........

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 04 Feb 2017 14:50:57 GMT

Expires: Wed, 08 Feb 2017 14:50:57 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 45638

Cache-Control: public, max-age=345600

0..........0..... .....0......0...0......J......h.v....b..Z./..20170204070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./......V.y>....20170204070511Z....20170211070511Z0...*.H............./...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y..........G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q.....

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 04 Feb 2017 14:50:57 GMT

Expires: Wed, 08 Feb 2017 14:50:57 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 45638

Cache-Control: public, max-age=345600

0..........0..... .....0......0...0......J......h.v....b..Z./..20170204070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./......V.y>....20170204070511Z....20170211070511Z0...*.H............./...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y..........G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q.HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 04 Feb 2017 14:50:57 GMT..Expires: Wed, 08 Feb 2017 14:50:57 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 45638..Cache-Control: public, max-age=345600..0..........0..... .....0......0...0......J......h.v....b..Z./..20170204070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./......V.y>....20170204070511Z....20170211070511Z0...*.H............./...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y..........G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q...

<<< skipped >>>

GET /ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Date: Fri, 03 Feb 2017 17:28:30 GMT

Expires: Sat, 03 Feb 2018 17:28:30 GMT

Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33576

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000

Age: 122607

......n.....{....8...S4./.X.Z....C....g.I<..N&Y......n.TK.v.E.....@..e.n..{..[$.....B=..9..........l.../........W...|..I... .VeeA../..E}q} Sf.~}.g.(......q.."...#...._..r)..w.L/.er...;.0...r_... e..........q......,EN..W.}..........=r.(............I...CVm...)...^Tw...#...."..HD.."q..]U>P?~....?.{...i.......!"h<.."f.Ii<...6dM.YV$....l..!.....m...5......~.P../wb_=.....j.mI..o....%...@.DNC1K.YVd..4......au....}.zx9.&............0.$..r..U...#|...~.1>....vb......R.L..n_V..:zTp.oI\..j..W../.A...]...XW..N...~....n.Jf1.s$'.7d-..<.....CY0.b.........#_}..~er].V,..U)...b......3k......l...?..S....V.A....."X....m&..%.Vm.vc..*.N.b.e;..HN.6;S..$..b.....9.T...n.?.....c...4...s..[4....'.L..!.vd...#1.......y;..~.Wt.y.*.BX.8..0.....Q..V.'k .H....C...x&..a.S...CC..x.D.P.q..jS...9...$%k.Nd8......]...l.~M..2....e.X......k..U...M&....u].........5Z.c...R.y.Z ..L.x.]m...,EjG!.k.c..." ..ft.&....?k..Xv....l...e..k.........Q.1.........y^..p..J..w..H=6D6O...k...c........d.q.@.n..Q<.X...>4...N~`.f.......^.r..t.z}.&..Iv..`......GN.......).rg.cC........RJ..\G.FO....D..H.L....E._.q..1J.L.s...w[...."l.c..../.\. :......G.F... .K.aX..,..8P.Z...p....p..]].YQ&...N(pWcE.w-U.GI;0{.{.s.P$#....V.].;....~6/?.n.R..*....;.&KQ> ?.o...'.p...c{...*x......6D6}n=)e........$Z f...0.....g..7d........k..#..SR).c.Cl&.D.6.g...N..l&.Yn..#9..mE.i.Q8k7.......v.-...J..l ..V..2....YU.)?..ENl...Q-.U....t.....kz@.K...6]..\.ez%.B!..r}..PD$.$..:.....4"?..YF.e..%...&X..D....>].."k.\j.....U.].."MW.l.............tF$a.[.Rb^I.....h.....h9.i...S......

<<< skipped >>>

GET /dist/scripts/doorbell-i8wozeiuwodmquxr.js HTTP/1.1

Accept: */*

Referer: hXXp://eco-api.meiqia.com/dist/doorbell.html?1m47r5d7qtt65hfr

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: static.meiqia.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: NWS_TCloud_S1

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:55 GMT

Cache-Control: max-age=315360000

Expires: Wed, 03 Feb 2027 03:31:55 GMT

Last-Modified: Sat, 14 Jan 2017 07:06:36 GMT

Content-Type: application/javascript

Content-Length: 14184

Content-Encoding: gzip

X-Cache-Lookup: Hit From MemCache Gz

Accept-Ranges: bytes

X-Daa-Tunnel: hop_count=1

X-Cache-Lookup: Hit From Inner Cluster

...........}ic.6.....B.K.".dR.....IS...,.8....R.d3.I../..~.;...J..N;...,.p.....8...<.fa.........r...h..I..<......e.di.2H.1C..U0.vM....E....oz..*.a.i.X.......s..Y.5.2a..D....w.XFyg.".\2...v...u.r ....f......G..q%.....7.,..../...e....4..Y~..,.,xt..?..!).0..<I...n.h...Qp..A...8;o$._y....[..#......h..a.`...%...lh@..f...N..|1o\.i....U.....j..pX........}g]...&Y...,......8.W.#,eG....iG....1...u..Db....<.yU.E.f<z...hLC.W..n.>...,.d.;.b."..Q.}'......|Gb.M./y....Z.>..e<....0....MwM..[...L......V.JE`3..f<..8...G....._..u..\.....=.B........2.....u...A@.5z...........<.[4`.2N..<M.3n....~TV.Iy4cAe0..u........"..!"9.5..^.g...d..=.uT....-..4..b.L?5....F.g..BH_vG6..;1...f'.@.k.{.0lM.LZNG|..j=%....Z...(.%.Y.Z..~......i.xg.d.P8, ..N%7..K..........?.1...If.....9.1..h....A6=G...y.X...`h.......A..Id.O.......c[.....6=.[A...s......5....Geq..K5.R*.....M..".yz..j.....9....Z@,.-...3.E..o..#....R.m>.`..|.Y...... D......E.!.6. .vZ.'..B.2.v.M4d.%<..O!O;.S-M.F..E../..@.B\........KT.zZ.....)..Q.&...G0..*a. .t;..4.#..@..[~.&..~..)...t,L................z.....5....!.itw..C..x..../.(:.....s...h..y.Q...*.#..#..T.$...F.;S.D..!.%}....._..u..F.dc...q7.....3....g..2.p.G...y&....'....... .}...)......D.E.....M.=.......,..".r.Jk.}..;'.W.W...y...HMO.......B..jU....Y|....!..<.D..d6...S0M."..7.;:..E$d-......p&.p{..H..A.c`.LiU%k.J...3.`.0}...%.x:./........k4/.`@..jE...........x;.ps......V...>.u....&..Y..2T...Ul.u....._.. .....4.......a^...g.,..t.U.&@&.Y.MA... ..m.d....K.................j.sFy...`(f.S.rY_t.[....<D

<<< skipped >>>

GET /ga/mlb-ml-analytics.min.gz.js HTTP/1.1

Accept: */*

Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: analytics.mlstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 16473

Accept-Ranges: bytes

Last-Modified: Sun, 05 Feb 2017 03:20:11 GMT

ETag: 12e3832f180d7e7f20245cde45cf3511

X-Timestamp: 1486264811.84748

X-Trans-Id: tx3626ee0db108430d9db4c-0058969b02

X-Nginx-Host: e-0000e6f9

X-Nginx-Pool: files.melicloud.com:8080

X-Nginx-UpstreamHost: 172.16.1.84:8080

X-Request-Id: e3010f4c-67e0-4ea3-bad3-4ce9526b3a61

X-D2id: e3010f4c-67e0-4ea3-bad3-4ce9526b3a61

Content-Encoding: gzip

Access-Control-Allow-Origin: *

Cache-Control: max-age=784

Date: Sun, 05 Feb 2017 03:31:46 GMT

Connection: keep-alive

Vary: Accept-Encoding

...........}iw...... .:.#.Y.'.t..,.I.'...3.:.T*@6 "..c.....J*.I..w.w...T.....p{...%...I.qz......x...$..[|......A.^%j.\N...........m....-Wz[......\.....1....5..&...... ...4.gR.i...&...t...b......t.ww-..YX..c?..25.g..F..".....P...A{.....6g....b..._.:B.....N.b.fa...X..|8..w.1.4...{..C{r.\.9P.S.!oM%....I..*.ej.n......"L'...1...0u?........m....O'X:u......$..4.B_O.L..l.jo7.y%..>1n8V.4.....d.......q7......=......[.M3..q.:.0.X.{O...#.....Ku8....j..TO..S%...z...&.....s...d.N...........F.J.........w0..Y:...`....R....Z.$..q.*...d..am[~.%....!,.`.FjM.=.......LG..r..Q.2..BS.......z...ZQ..U.ZLij...[&=...R^=......f.Y............L..Le[R...l R[2._.l...Y.%.....a .Ogb,..-5.)..uX.wa...B5.i...9:HG.t...Sk.BwVs./..d(.rw:.U~.W..}..n.m..|.n.Ow.....Z..w...^sB.6....m... ...0DK.B..P....A.q.....cP. .4......q..1..M...%'.(7s.X]'....u..}..(.W...[...d2...? gNoG..........>.3X..y...]...>......!..D....X.1...?....o...x..o........'...p..:.?>.{r.}x.8?;:x.8.s?.s......../Jc5....g.-..t.0.....tD..................:.z-n.9l...W..q. .?......b..h).W.S..l..G.C.G..-.8.....p...|{k.....G..p..m..7.r...zy..~b.....g...*.-...0@../......;......-?#...4.K`...6/C.,...`D..2.s.rI.Ro50.b......<......>...........I......=^!.".#) ...eP..4...y5.w..T....?.^1k......o..)1........>....j.sf...._..D....v>...tNR..`/_...#........;#9% .e1.....@hBd.....a.I....#..1..\J..)..p....#...C..{..s...@...o..K..e....<.......t%.H2...q.oQ..O.k...........d4.M..Z.h".........L r....&f......X..|..@goh..7i...0.....>..Zkb.749Z...l...F.G...0..,.fH/...._L...4.h. b[C. ...bCp.FN.

<<< skipped >>>

GET /melidata/js/3/0.0.38/melidata.min.js HTTP/1.1

Accept: */*

Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: analytics.mlstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 6959

Content-Encoding: gzip

Accept-Ranges: bytes

Last-Modified: Fri, 16 Dec 2016 15:41:38 GMT

ETag: 0e51f8bcd5979a0b4acba30e22686825

X-Timestamp: 1481902898.55073

X-Trans-Id: tx43ded69416d44bb2b8d32-0058969a21

X-Nginx-Host: e-0000e6f9

X-Nginx-Pool: files.melicloud.com:8080

X-Nginx-UpstreamHost: 172.16.1.84:8080

X-Request-Id: 7bbf6f78-0f46-49ed-a793-652a3cd73e09

X-D2id: 7bbf6f78-0f46-49ed-a793-652a3cd73e09

Access-Control-Allow-Origin: *

Cache-Control: max-age=559

Date: Sun, 05 Feb 2017 03:31:46 GMT

Connection: keep-alive

Vary: Accept-Encoding

...........[.W.H.. Fg.H.....`..&.L..$.df....=.....I.1.......l....9I.........m.fIX.ib...........T..lq._oq...D1......~..........Y..[...Zq..G.s....[[..e../..hP..<Mt.P9.?.<Y...)..Y.,Gv..|....s....X.......%...YWW.6.\].WW.....*..*....I&.Z......<t.....q...$.OS.....vAc.9s;...v..!..q.../...Q........<..X.I'..1D..e..:......A.o..V.t...@..t.]#........u.7YB...%.&.A..,.e.'..~.2b[m...V....,.$.A...kJh....J......D........./.V..{..Z.n....n.._.......v..~Wx..........[......>..-..6........x./...:bO....c.Nk.........{xx.J..8../....;..-...[.Yn)A-%j...ER...`[.8.....nc..6......[.g..d...5.{.G...E2,F....#O...'....pt}aa.^..$.&r...pxi.....<w..rY-..xX.d.......,...............(..%r1C....&.....N....H.A.*.b....P..-.....".....SR...Y..AkY6F.W........>...../KP@......R..j...m..k..'5....er....l......4K.....<....,8)..~.1<x......v(BG.....P...=y......l....>..u..ItL..iR.l....)$&.2.4e..Y.S..AU.!Nf....U....I$K../....x........-..-.1......'.......}UJ4...*Q.....L..eOU..,..P.gU.&M....b.9..l..:8[.C....w0N.....6....!;l3...{..^B.y.........mw..n....L......\.......l........[&...v........uZ...5.g.k.M.UI.%K..N!0#?...|.....'.. ...X.....}u8!.77R.nn............/.q.......(...0....{.T.Be........{.B.B.r........r5t..b.8..2...r..N[fBXiP.p.c...,...i........T>......"d..l..}._.!A......L|..6l}y..R&.i...4......=)....6.....1.....w8....IyR.D.P.. .}....<..}G. .t@SA..."..b.eG..5.(. ....v.,{.g...[.....m.(.f........vd..I....f..,#.2y.b....(...a8.O..Dd~0.(..OF.~. .zrPP'..;2@.Pg:.....6....v.....vtY..N|.....b....4..fn......D........Vkp...T.t.$.@...dF ...

<<< skipped >>>

GET / HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:01 GMT

X-Pingback: hXXp://sewasolo.com/xmlrpc.php

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:01 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 7602

Content-Type: text/html; charset=UTF-8

X-Varnish: 5324551 8629268

Age: 12

X-Cache: HIT

X-Cache-Hits: 2

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........].r.8...T.; J./gEJ.n.by.q23...T........!..o../..].Y..N7...H........$"..?4...F.<|........&..u..{z....z.a.y.....B6.o.5.:.Rq0h4.i....E.k.......\.S2..0b.....G.....=..a..f7...52...yP......b...i..Nl..m.h..:lh.V.....9.Z....a52.p...5u........k..:.7...|.R.nh.;.>.......X.fAMt(.c.........{y....{..h.y`.t....~.8l.rO..i....qbr.....w.qh.1...6...m....T..%Q8..V!..4..F<c...V......8D.hf_....W...aC.....<...C...r8.bfG$.cF._?.m..'......4M...(&.....I..G.[....I....;,!P.....E.Q6..~. 1u.-&.....3.....v.v..eQLC.x..iM.....A..C..g.....hD..7..E..s.yS.m..5.....qJEYhuJ...0..{Rk.Q....#....V.K.R4.... ....F..AR...w\....Y...KT...(2........(.J..dvY;.K.n..$t..........^.".Wq.v....BQ.$p|jE..it..vc..s0U..j6o.?}...."u.8=....7{f..y`...ahp}...W....u....lL....s;..(w....9.uX.Y...thk.e........ev..............w;.d}.2..=.`d6Y.m4....o...m.K.....-.Y8.^Z..&.K......iz....^..o..........r..X...|o..s......6.t?5>.d.3>EO.V...O....lt...^C...Vp~j.sn.....z-..?.d.....>g.....3y.^....x9......W.....Q..G.B.....i..$X=d.%.....r..... ..K....D.6..L.h..85rV.TV.Q.'......}&.......A~d.Z5.O...J.-...ua..{..eA...'...-x.5,....,.F....._..,.a$"2$.k#........`~jp..>...}j....=..gr!."....p.'.......?x.....f{c'.......U4`3.L....,.....a.....<...A~....>...^.k.....!..G..|...v..l..:`Jm.n..:H.......j.fZ...!.......tX.8....=K."/.......ju(..A.6..e...8.m.~L.:...C...F.......wO.......tZ.n.......n....zs.>.c......o..u.Li<;j...`.v{.V.#.j>..-..).,..gt......[p...?.......O...J...1.q.C.l...GHU..^.]../`..j.....U...V5'3....._...>......h~l7p.......&r.opn.......}.F..

<<< skipped >>>

GET /wp-content/themes/dream/js/jquery.fitvids.js?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Wed, 13 May 2015 16:18:28 GMT

Cache-Control: max-age=2592000, public

Expires: Sat, 03 Feb 2018 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 1104

Content-Type: application/javascript

X-Varnish: 7089075 7799692

Age: 131606

X-Cache: HIT

X-Cache-Hits: 1039

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........V.o.6.....b...Z?<`.f'.............h.l1.E....n...).R.8.&.pD=.=.;>2..s9.9..Y.Z. .E.[........F.....J.46/.v...;a>.T.(.{.z?..Z.yf..x4..Y.....@..d...(J.......&r..../.....iQ).*7fQ6..T.0..3.Gt.........Z.B..m^.zbD.".QG.BnD1.huJ.Z$......T.R.(#Js.9r.)TEJ.M.....?. .....d./..r.J5.VfV..........>bi ....q...S.......z=6..........z...2h...O..a8 .Y....3di.5..!... .h..-...H*m..#-*1R.....}.s..y.X..T&.....R.6G..<....&...Y.<G. ...5._..2oJ.z.M...}{...%J...'..&9...(.G....@.u..d..E.......u.....AN.l...x8. .. ....v.R.....C,=.7.Q....cO.[J-l1..MN-...~,OS*.......w.......'t.3Ez._...[...aq1.......j.W....,.......<...5.......^...nU..z.X!....K.".6..y..N......o.b..;.5...`.....[T.i...L..r7.C.I.Z...V.J...Qnvb..F..*..xe.....X....}...@.=.ee.)...............;.....o...j.Fx..[..]iXV:.;c..r...!..O...L.....gS....R...z..c.N.W.&...F..>......JC#/...../....<.....Q..i0...y~H'..d........$..i.....\.....9...K....1.yu...........i|O....ik..O...x...f..(..o.q.&.O%v.m.}I..]N7.0%.%.peo$...0..tK....EJ.......j.?o.Nz.......j*.b._..T..?..=...x.a......n.D...c{.p'.I.o..O.#..R............, >............W.R..K..^...6..m..K._."..l{9....d...0.......

<<< skipped >>>

GET /wp-content/themes/dream/js/fitvids-doc-ready.js?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Wed, 13 May 2015 16:18:24 GMT

Cache-Control: max-age=2592000, public

Expires: Sat, 03 Feb 2018 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 142

Content-Type: application/javascript

X-Varnish: 5403640 5374642

Age: 131606

X-Cache: HIT

X-Cache-Hits: 1060

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

..........-.A.. .....K..B........&lIVYWB(.{C...0L.@LJq..P...7..w..........|..sR*lo...\B.G......|*...e..K..g.4..5y.'..p..tp~&}Rn.M..../C...........

GET /wp-content/themes/dream/js/base.js?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Wed, 13 May 2015 16:18:25 GMT

Cache-Control: max-age=2592000, public

Expires: Sat, 03 Feb 2018 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 225

Content-Type: application/javascript

X-Varnish: 8832772 2328552

Age: 131606

X-Cache: HIT

X-Cache-Hits: 1116

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...............0....)"#4...6...d`...[.Ms%M(...'.....]..w.wx......@.....}.5.X..Px.....|.....".....C..Q.gdL.`.j.e..]".3....Fy.......e.#_K.....w...A.j...kk....1.n4%..P.f....[..l..O.K...:..I. r........u......O[e4...i.....O'......HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 14:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:25 GMT..Cache-Control: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 225..Content-Type: application/javascript..X-Varnish: 8832772 2328552..Age: 131606..X-Cache: HIT..X-Cache-Hits: 1116..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive.................0....)"#4...6...d`...[.Ms%M(...'.....]..w.wx......@.....}.5.X..Px.....|.....".....C..Q.gdL.`.j.e..]".3....Fy.......e.#_K.....w...A.j...kk....1.n4%..P.f....[..l..O.K...:..I. r........u......O[e4...i.....O'..........

GET /wp-content/themes/dream/js/slider-setting.js?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:07:19 GMT

Last-Modified: Wed, 13 May 2015 16:18:27 GMT

Cache-Control: max-age=2592000, public

Expires: Mon, 05 Feb 2018 03:07:19 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 333

Content-Type: application/javascript

X-Varnish: 3488261 7088266

Age: 1436

X-Cache: HIT

X-Cache-Hits: 169

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

..........U.MN.0....)FE(NU.".2;.a._O`%.....=i)U.......D.....[/..,agt..vH.m.Hz....6.4..G.Y..,.r~..%..[.\.. .YZG.u...........P......6.....fAY......,.z..S<.@}..W..J.X.R/.."..o.x.w.....d....$.....Vf......$.....&.0 .......9...3|...g.O.L..[.E> ....M........X.U.....q.h..5...b.......:T. =Z.1....G...X..&S^U.....a.Zz:.........Eq.....d.l.*...HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 03:07:19 GMT..Last-Modified: Wed, 13 May 2015 16:18:27 GMT..Cache-Control: max-age=2592000, public..Expires: Mon, 05 Feb 2018 03:07:19 GMT..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 333..Content-Type: application/javascript..X-Varnish: 3488261 7088266..Age: 1436..X-Cache: HIT..X-Cache-Hits: 169..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive............U.MN.0....)FE(NU.".2;.a._O`%.....=i)U.......D.....[/..,agt..vH.m.Hz....6.4..G.Y..,.r~..%..[.\.. .YZG.u...........P......6.....fAY......,.z..S<.@}..W..J.X.R/.."..o.x.w.....d....$.....Vf......$.....&.0 .......9...3|...g.O.L..[.E> ....M........X.U.....q.h..5...b.......:T. =Z.1....G...X..&S^U.....a.Zz:.........Eq.....d.l.*.......

<<< skipped >>>

GET /harga-sewa-mobil-solo.html/ HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:36 GMT

X-Pingback: hXXp://sewasolo.com/xmlrpc.php

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:36 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 11121

Content-Type: text/html; charset=UTF-8

X-Varnish: 9167950

Age: 0

X-Cache: MISS

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........}.r.7..o.*..0..tW..!)Q.$.c;...I.Rn.............0...9...,....n.C..)..vm....H...F.....=._............w.....d..g.-.[.\.X...{w..f......N0..K...oZTGp.>..R$.M.<.Er....;kD....Kq....U.DI.M.?.>..\'._:..;...8f..&...x.=q.#,../X$..V..S..-6...[...2...h.....^.....|.(T.......'..s...p...aKv(q.O\}..._^..7..d.....;v.....U..;..6.;;;.]td..._[._.).....;..<.'..&,....A"...-......G...*.V....I.b)...........a<w?.........:....W.;..o.u...a7s7f.....A..K...a 7.3@..#.q.....^:s}.....m."...a..!.."..$.;.6........w....|c._.i.#.23..;........y".B...O......i....'.6sx.....v......4.s...XD..{n..v..',..A..4.A...........i.&?....YD.E„...Z...E...Ny.J....?..UC....<J.......g.7..M..u.s..i....i.Pg>......O..y.g.xz|..v.=cc.P....*.!.....i.s..w.[....$.r0.....`.`<.?..<fK.,..t.Bx.$.~]d!..nT....iT-..1%"2.l.&.(]5.8..V.nSd(.0........xl..."...8..=...).;..uz.....9............X..G....._..'.......:.-...z}..\.F..$.....3........Vi.Y..l...9.1.4.X=....4..Y....B.\.>.&....x.....(#.....8b. .T..BH]]i#...Zc.H.f..t'5PH.....noX.....x...4t..N.4.{..A....JT......F$.8.....E..3.V.B_`7.5Y..........$..K.i..cr\.n......`.........hV\....}.h&..QN.<..K.H.I..Y.>.]v...4......>.8\..\.,.../wB...v.*9<.R..*/.I....b.4.y..%....]0z...".. ..t.c.9.).............T.=...cN.~......`...v.....Z#Nv..6.\....~.I...n..4l.............L......U..c...*.......Y.....m.(..=..Y.,..(aZ..Xx."i...z...O..5..X./.V....im...d......3...u.6_fzn......g...}/X....f.....K.M.J....6....".Q..4./c7.`.V.(M..&6.._j...b.%C.. b?.C]...,afY.Q..JV.o,.Ff!...`.qm........v*C...(...X,q~..}kT%?u.,

<<< skipped >>>

GET /stat.php?id=1189654&web_id=1189654 HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s11.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 9938

Connection: keep-alive

Date: Sun, 05 Feb 2017 02:50:24 GMT

Last-Modified: Sun, 05 Feb 2017 02:50:24 GMT

Cache-Control: max-age=5400,s-maxage=5400

Via: cache12.l2nu16-1[37,200-0,M], cache62.l2nu16-1[38,0], kunlun7.cn9[0,200-0,H], kunlun4.cn9[0,0]

Age: 2444

X-Cache: HIT TCP_MEM_HIT dirn:9:571311288

X-Swift-SaveTime: Sun, 05 Feb 2017 02:50:24 GMT

X-Swift-CacheTime: 5400

Timing-Allow-Origin: *

EagleId: 77bc604414862654681645744e

(function(){function k(){this.c="1189654";this.R="z";this.N="";this.K="";this.M="";this.r="1486263024";this.P="hzs11.cnzz.com";this.L="";this.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz_CV" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};this.la()}function g(a,b){try{var c=.[];c.push("siteid=1189654");c.push("name=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referrer));c.push("page=" f(e.location.href));c.push("agent=" f(e.navigator.userAgent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,l=decodeURIComponent,n=unescape;k.prototype={la:function(){try{this.U(),this.J(),this.ia(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this.j(),this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa(),e[this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},na:function(){try{var a=this;e._czc={push:function(){return a.B.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[object Ar

<<< skipped >>>

GET /js/start_v5.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:49 GMT

Content-Type: application/javascript

Content-Length: 6527

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:14 GMT

Accept-Ranges: bytes

ETag: "0ffe78a3869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:49 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

var Page={init:function(){var a=this;a.adjustSize();a.bindEvent();a.bindNav();a.bindQQOnline();a.bindScroll();a.scrollPage();a.bindItem1();a.bindFeatureList();a.bindAgencyList();$(".nav.nav_1").click()},bindQQOnline:function(){$("#floatTrigger").bind("click",function(){if($("#online_qq_layer").attr("show")){$("#online_qq_layer").animate({right:"-140px"});$("#online_qq_layer").removeAttr("show")}else{$("#online_qq_layer").animate({right:"0px"});$("#online_qq_layer").attr("show","1")}return false});$("#online_qq_layer").animate({right:"-140px"});$("#online_qq_layer").removeAttr("show");$(document).bind("click",function(a){if($(a.target).isChildOf("#online_qq_layer")==false){$("#online_qq_layer").animate({right:"-140px"});$("#online_qq_layer").removeAttr("show")}});jQuery.fn.isChildAndSelfOf=function(a){return(this.closest(a).length>0)};jQuery.fn.isChildOf=function(a){return(this.parents(a).length>0)}},bindEvent:function(){var a=this;$(window).resize(function(){var b=$(window);setTimeout(function(){a.adjustSize()},300)}).resize()},bindItem1:function(){var e=this;var c=Math.ceil(Math.random()*11);var b=$("<img id='bg' src='/tpl/Home/138wo/common/new/images/bg" c ".jpg' />");var d=$(".w-user input[name='username']");var a=$(".w-user input[name='password']");b.on("load",function(){$(".item_1 .bgwrap").append(b);var f=(e.getClientHeight()-b.height())/2;if(f>0){b.css({height:"100%"})}else{b.css({"margin-top":f "px"})}b.fadeIn("200",function(){$(".item_1 .content").fadeIn(300)});$(".loading").hide()});$("

<<< skipped >>>

GET /templets/default/js/common.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 5457

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:27 GMT

Accept-Ranges: bytes

ETag: "80a3a7923869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

//reday ........function ready(fn) {...if (document.addEventListener) {....document.addEventListener('DOMContentLoaded', function () { fn && fn(); });...} else {....function loading() {.....try {......document.documentElement.doScroll('left');......fn && fn();.....} catch (e) {......setTimeout(loading, 1);.....}....}....setTimeout(loading, 1);...}..}...//...............function addEvent(obj, sEv, fn) {...if (obj.addEventListener) {....obj.addEventListener(sEv, fn, false);...} else {....obj.attachEvent('on' sEv, fn);...}..}...//......className;..function getByClass(oParent, sClass)..{...if(!!document.getElementsByClassName)...{....//..........return oParent.getElementsByClassName(sClass);...}... ...var aEle=oParent.getElementsByTagName('*');...var result=[];......var re=new RegExp('([^\\w\\-]|^)' sClass '([^\\w\\-]|$)');......for(var i=0;i<aEle.length;i )...{....if(re.test(aEle[i].className))....{.....result.push(aEle[i]);....}...}......return result;..}..//......className;..function addClass(obj, className) {...var reg = new RegExp('\\b' className '\\b');...if (!reg.test(obj.className)) {....if (obj.className == '') {.....obj.className = className;....} else {.....obj.className = ' ' className;....}...}..}..//......ClassName;..function removeClass(obj, className) {...var reg = new RegExp('\\b' className '\\b');...obj.className = obj.className.replace(reg, '').replace(/\s /g, ' ').replace(/^\s |\s $/g, '');..}..//..............function getStyle(obj, name) {...return obj.currentStyle ? obj.curren

<<< skipped >>>

GET /templets/default/js/slide_switch.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 3205

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT

Accept-Ranges: bytes

ETag: "80fd9953869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

function slider(id, event, speed, time) {...time = time || 3000;...speed = speed || 3;...event = event || 'click';...var o = document.getElementById(id);...if (!slider) return;...var $fbox = o.children[3], $focus = $fbox.children[0], $focusUl = $focus.children[0], $word = $focus.children[1], $focusLis = $focusUl.children, index = 0, interval, oli = null, $menu = o.children[2], $bleft = o.children[0], $bright = o.children[1], date = null, b = false;;...$menu.innerHTML = '';...for (var i = 0; i < $focusLis.length; i ) {....var $menuLi = document.createElement('li');....if (i == 0) $menuLi.className = 'btn_active'....else $menuLi.className = '';....var $menuA = document.createElement('a');....$menuA.setAttribute('index', i);....addEvent($menuA, event, function () {.....var idx = parseInt(this.getAttribute('index'));.....if (index != idx) {......clearInterval(interval);......setIndex(idx);.....}....})....$menuLi.appendChild($menuA);....$menu.appendChild($menuLi);...}...addEvent($bleft, 'click', function () {....date = new Date();....clearInterval(interval);....setIndex(index - 1);...});...addEvent($bright, 'click', function () {....date = new Date();....clearInterval(interval);....setIndex(index 1);...});...$fbox.onmouseover = function () {....clearInterval(interval);...}...$fbox.onmouseout = function () {....setIndex(index 1);...}...var $menuLis = $menu.children;...function setIndex(idx) {....b = false;....$word.style.display = 'none';....if (idx < 0) idx = $focusLis.length - 1;....if (idx > $focusLi

<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 564348

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1377

content-transfer-encoding: binary

Cache-Control: max-age=492941, public, no-transform, must-revalidate

Last-Modified: Fri, 3 Feb 2017 20:22:59 GMT

Expires: Fri, 10 Feb 2017 20:22:59 GMT

Date: Sun, 05 Feb 2017 03:31:23 GMT

Connection: keep-alive

0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..20170203202259Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20170203202259Z....20170210202259Z0...*.H..............|....).`..g.....r..cX...).r..K.. [..n.........a.:..5Vl^..Cx..X......(.I. C.n.......YR..a. 1.*E ......s.6Q..!]...|f...|O2......"#.5.4;..]..6.4".....`0....As....5N..Ie..-...W..4.....Z.,...K..PO.u..........'....b.hX.at..8..k6z..$..q'...UJKS...9./o...j..E..W.....0...0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0...............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA... #.''.CG..K@7z..7.\_..'.]q.f._.WN....

<<< skipped >>>

GET /classic.js HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: widgets.amung.us

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.9.6

Date: Sun, 05 Feb 2017 03:31:58 GMT

Content-Type: application/x-javascript

Last-Modified: Mon, 30 Jan 2017 17:59:34 GMT

Transfer-Encoding: chunked

Connection: keep-alive

ETag: W/"588f7f06-2496"

Expires: Tue, 07 Mar 2017 03:31:58 GMT

Cache-Control: max-age=2592000

Content-Encoding: gzip

1513.............Zy..H..*...4O......l....B\^.C....$.....R4..=......F" .*oU.O....R'...R.._...1....;v...dd.VH..9..v...O.?...;.....O.c..V......&....L..C.....s..wn....L...pb'{h.S.Jb.Q.0..}..c......[......*...y.[...........?.`.?.."/p......y..U........).Y..[m?c.h........c'.......Di...^.zez..f^d...a...NC.r.....s...._x.w...f...5.....L.....ja..#r.....i.h~j}...b..g'..V-c..vR>.N.K...-...?...?.'?.I..sW.B$dE..;....~......'.5..x..o.Z.....k...9Y.d...7.W Y...s3..y>:OF^...q.4.w.[.F...|o...!a ....K/.....69.x.....?.q.3......\........CP`6\m..p=.;....P..{..?|..e.8$zh...>...Sj@.....'?... .p...<Z.x.n/.}../....8..U./.^.|..w....~.C.j..(.....(@....~d........;}.q...).z...h..!f.....L-.......e..(....YR_...KL.@!.U..S_....0W-.Rc.p...?..V....X.....Qj0..=l...N..Hw#G..N".K.FTdF.,->.;.t.`q.7..,.. ;...;......g..?..{...<..(..YW...P...0...x..9..X..HW..JY. ..T..........\Y.P....o.v..-.v....s_..b.h.=4......[.'...x..;Y.qh.%...a......m.....1.t...^...be.e..z.E...ge1..-C..$.MX0..9 ._....`..h..!.2 ..I$.a.....2.nF.::.jG.7>...Em.. s.#...i....)3.-@.5..W.....,..IO....p.0G.........h.\.W.4.ejx..#4..YO....eV.r..R@..*.T..f&.j.Q...yq.*%*..O.R../u...D....6.x......U... ...N.....7_....E.(.|...^...0......=BC......YMp..v...(.P R...e .!..:8....zGs...<Z......b..K.3g.M$u.P..Db{.:...j,...#.......OR........iOtyS.ap..H..Z..>k....7O.h.x.....T\..p."O.ej.bX......U.,/..GF(..V$.-....y.v.YVK`.E9.ID,3).j...Z..<l.K..L{.Z..:.....A.I.a.....h-H.............gkM.....B.I3..S...P|.D.B...W.RCt....L...&=a..H..V.2..<CM.....D...,.w(......$...T...;=.....E..'..s.E

<<< skipped >>>

GET /i/?l=http://songhaiyouhong.blogspot.com/&j= HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: t.dtscout.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.0 (Ubuntu)

Date: Sun, 05 Feb 2017 03:31:58 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: close

X-S: 1-0

Set-Cookie: m=1; expires=Sun, 05-Feb-2017 11:31:58 GMT; Max-Age=28800; path=/; domain=dtscout.com

Set-Cookie: b=1; expires=Mon, 06-Feb-2017 03:31:58 GMT; Max-Age=86400; path=/; domain=dtscout.com

Set-Cookie: ey=1; expires=Wed, 08-Feb-2017 03:31:58 GMT; Max-Age=259200; path=/; domain=dtscout.com

Set-Cookie: ah=1; expires=Mon, 06-Feb-2017 03:31:58 GMT; Max-Age=86400; path=/; domain=dtscout.com

Set-Cookie: df=1486265518; expires=Tue, 05-Feb-2019 03:31:58 GMT; Max-Age=63072000; path=/; domain=dtscout.com

Set-Cookie: d=[]; expires=Fri, 04-Feb-2022 03:31:58 GMT; Max-Age=157680000; path=/; domain=dtscout.com

Expires: Sun, 05 Feb 2017 03:31:57 GMT

Cache-Control: no-cache

Content-Type: application/x-javascript

Set-Cookie: l=a7bp2ViWnK4WLBeNHiLHAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.dtscout.com; path=/

79c..function _dts_gp(t){var d={},e=t.split("?",2);if(2==e.length){e=e[1].split("&");for(var s=0;s<e.length;s ){var _=e[s].split("=",2);2==_.length&&(d[_[0]]=unescape(_[1]))}}return d}function _dtsi(){a=document.createElement("a"),a.href=window.location.href,_dts.host=a.hostname,"undefined"!=typeof document.referrer&&document.referrer.length>0?(_dts.r=document.referrer,_dts.p=_dts_gp(_dts.r),"q"in _dts.p?_dts.q=_dts.p.q:"query"in _dts.p?_dts.q=_dts.p.query:"p"in _dts.p?_dts.q=_dts.p.p:"text"in _dts.p?_dts.q=_dts.p.text:"wd"in _dts.p?_dts.q=_dts.p.wd:_dts.q=0):(_dts.r=0,_dts.q=0)}var _dts={};_dtsi();var j=document.createElement("img"); j.src="//bcp.crwdcntrl.net/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E";j.width=1;j.height=1;j.border=0;document.getElementsByTagName("body")[0].appendChild(j);var t,n=[];document.title&&document.title.length>0&&n.push("phint=__bk_t=" encodeURIComponent(document.title));var o=document.getElementsByTagName("meta");if(o)for(t=0;t<o.length;t )if("keywords"==o[t].name.toLowerCase()){n.push("phint=__bk_k=" encodeURIComponent(o[t].content));break}window.location.href&&n.push("phint=__bk_l=" encodeURIComponent(window.location.href)),n.push("r=" Math.floor(99999999*Math.random())),t=document.createElement("img"),t.width=0,t.height=0,t.style.visibility="hidden",t.src="//tags.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&" n.join("&"),document.getElementsByTagName("body")[0].appendChild(t);(function(){var s=document.createElement("scrip

<<< skipped >>>

GET /deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r= HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: de.tynt.com

Connection: Keep-Alive

Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519

HTTP/1.1 200

Cache-Control: max-age=86400

Expires: Mon, 06 Feb 2017 03:31:59 GMT

Content-Type: application/javascript

Content-Length: 4

Date: Sun, 05 Feb 2017 03:31:59 GMT

Connection: close

P3P: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

/**/..

GET /pa?p=2:3264541975:51 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: wpa.qq.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Server: tws

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..

GET /jquery-migrate-1.2.1.js HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: code.jquery.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:57 GMT

Content-Type: application/javascript; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT

Vary: Accept-Encoding

ETag: W/"54499a48-40ed"

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Cache-Control: max-age=315360000

Cache-Control: public

Access-Control-Allow-Origin: *

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Encoding: gzip

1993.............[ks.F..,..1...m....& Yq)..8.W".f.d%..C...p.P.b...s.g..E...p.*.(`......3....m...?-mqm^.."..y`......><..{.`....o8nZU.r.....t9......?..~=. ..}./..t2.@c.qO(..^..l.Ti....l..$.........*........J.6 ...~y....h.....9Z=s.f...g@........v.oN.....`9)ceU.......{..=z...eiM...U.`{{.2).UR... _V..|.....*- ...m.MJ.......$....Y,..th.....z[e.;....2.... ..[.*7U....(,.U.D......eu`...U:..y.f...#2.^....<4.dVZ..4.2....L& ...<.T.fd/Ks.a...).I .K...Md.l....8.C....'.,..F.TQ~$.G...z.....N....|2.hL........g......2..e2.l."....H*.,..Z.i..(.m.O9.........a.......@YIv.V...!.MF....m.....`...M [c.[L<...{;4.....t....y9...`...5%.lo.F...q.9WM5../..(.n.o.,......t.....}.......I8..j..L.F:...) .....XNL....,O#.........M2}W......=.f....d..=..*.Y..|..*V...[T.n]x.....<6.".*mQ.(....l......H@E.qD.Ni....qQ..T......B.....K[\.iUY...0!..s..@]..p ..U.I ....`{kk#....0.c.N..}n_....[6[.....y...9.._. ...VK._..}B.J... d2{.OJ>(.v.B....8.$.Y.....gH...rmQx.....o.....6.D....a~.S..)qK...m....L.GyA._......|X"....y..m.`....;..]1R.sX..L...z.aU1.Q>.n...n.T.sX.1..]2.x&.:.[...d.I....L.\,..B(...-...eZ\...........,g...).Y..1.K..J|M..x..u..G..f.u.o;=.....0.=..tc..:|...;.. ......C.-...b.|.. oc..y~Q.j'm..71.o..>=.D@(.v1.l9....jX.q..Gxh.[...&....LHkt.".O.a....k.t_$.B.T.Y.n?.7..-.........9....A.."...@.Lk.c)W...%........."G....U....... .zG.i:..l5...j..U.bfW..l.....>..F..../.....v..E.....L...E.#5ui..E....bm..v.&`A..rE..3.FE)0:...".....X.....n...x..L.....h...,.y.e...x....aq....g.....oeN.$E3..8s...4..T..'i.4E..YHj.p.l.!.\#d0{.i.b..R@.s.,..p..iri.

<<< skipped >>>

GET /font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: netdna.bootstrapcdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:57 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Sun, 27 Oct 2013 21:34:15 GMT

ETag: W/"350e379de80f210090217bbc6c3add46"

Server: NetDNA-cache/2.2

Expires: Wed, 31 Jan 2018 03:31:57 GMT

Cache-Control: max-age=31104000

Vary: Accept-Encoding

Access-Control-Allow-Origin: *

X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter

X-Cache: HIT

Content-Encoding: gzip

13db.............\k..Fv.>.......jD....&.....7k`.H...E..rS$..~x.....(. ..e.q......>u.>N..W..*.*.....z.`.jo...|.....D6.J.E.'...nK..W.}SU].5i.E.?..W...o.....v&.6Qm......z.:....c.....J.<......K;[.Q......6U..i.....}...'....j.E...).....<u......u.A)_.P..OgY.?..2^.G..........*...-._..FEh9.0Tt...?F....(.%Q(;....[w.....j.. 6T~T...>..~....M....>D.......6...>..~.\U._U.d..6..}..]<....}.\..W.d..~.}.?.r6?m1k. po.H{......;.y7.......=`0.e..U...5.So.L.-.....F(...l..u....3..0......)...7..a...~."...|..... fe.....}j.[...|}.....@.}.......K.W...F?.4.~j.......*....?...oi.w...?(................wW..g...h.I3..........O..k7...{.'.m..6........................W{.....>.fc..y,.T.>...6...s.....Sm^....}y.6...X.{.......]...w......9.Fc.}.6......0c~......[l!LA1>n......^.6._...u.b.lY........b.Ue.*U)......J\q..wP;....g....[.....M.>....5...39.>Om...O.~s...wP....Zx.."....Qx..N..A....Rt.qX.<...p.._1O.ly.g..KGc...V...i:.........d.....|.xZ..../.g/........\...}..n.|..6.vn0...Ur1.{.z.....c.ZP3..}...i.ca..l... ....rx...J...........;.;..~.\.P..@"._.....q..Rg......C5..w'.Z..-....#9.7&fjF...2t ..O..[.u......m4.{....Y2...n#......k.}n...kx.7in..U$.".....m....J1'...C.....v...>.....G .. G...?....'...as........-Z...-....Q...{...U.2..H...k.^....I.P...._.q.}.q]..<..V0i..yn.^....'.)......f....<......g.W....w....Y..vb....$j;..i....|x..8..P....N..7..........a.n....f..YS....}..6.o..*.S..x\..r....=.^]..yb.<.t.Z.:..a....1......a...>.xn.\......C._..}q.G.}91v.21.#.......;{.>...`Y......_...........m.T..~o.......AN

<<< skipped >>>

POST /urlcore/svcreq14032b.html HTTP/1.1

Content-Length: 41

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip

Host: urlspirit.spiritsoft.cn

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

f=7&v=101&c=1195&i=MBhRWwUlJnAdUXEKXyU=

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:09 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Content-Encoding: gzip

31a3.................8....l..-....;Y...6.}....(...}.....%......U.8$...........e.....9...tMX../..p......?Q...?.s......w:..<.....cY.9].f...G...........G...C]{.i.......[......,...!.~..~7/. i3~.s...w/.(w?.zYf.........3.h...o.....`?j....b.|....;...r.......@,.tL.Y...z.."h.\.cj.bk.`x..h...DX..p...5...p.c...k..<....B2$c..E......P..%)....~.. *.i...:>.Mg..\.,/....v.L.....0.]...R...P.:..mz*<&....F..s.$...t.P.&j..hM^PMX.$|.I....k~.FM..EVn........l^...Zv...?...q..m....Q..."m.b.[ .i.wi.?.d.......i..t.....o.........O..wt..o.........2.........S....(..#._....=...C......#...qn7..l..2ym.,..k....4...... ;.N..v)y.m..di./S;O.........2.ey.[p..I.......~'....J..*yU........Y..|..~..".'.c....y..{UM.49 Mb*.i?h| ...v.d...p@b.v....y.\W.Em:._y.Q:.....d9.....*..a.....Q....y.r.b.....r....w........#.$Eo.. "..........Y.N..tA^6.AN...sAr....^.. 2.........$.h.u....b...=.........23ws.;....m>._u6...C...!;..HN........<..<......pt.....<tb....n%/..A5.d.....U...W.>........ ....h....v.....d.<.].`4>,sX.O.?O...sw_.......k.....*..E..D.x....Y.>.y..G.........q.j. .;Q.4u.....1y..<~..X..{.....N...,wUV....a.A. .t?.d.......8.p..a......./...... ..!.*.%.8Ws.b.r...!m|6....zY~.n.C.gTO..p..|"......M......).....#|V.0.6{.s/ "t@O2.w....<..>.]...:.]..4......z.E".D-?..._.9c]..@.r..)@...Cb..\..S.."..3;.X... ..?&.....Lm..O..a(.<O.^...='.......3z6QH.<.E..>.{..0.=1B.{.o8.k...EVJ....."uM..........w].....rR...yij...p..f..d.qw..fC2.bl.....N5.....1...........Y ...C...1RQ"...]~.....i. R..X8.Y...2.D..m^.Y.m$...4$]......},.t?..s..

<<< skipped >>>

GET /pixel?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

HTTP/1.1 302 Found

Set-Cookie: mako_uid=15a0c542197-5fdd0000010f7778; Domain=eyeota.net; Path=/; Expires=Mon, 05 Feb 2018 03:32:04 GMT;

P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="hXXp://ps.eyeota.net/w3c/p3p.xml"

Location: /pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E

Content-Length: 0

Date: Sun, 05 Feb 2017 03:32:04 UTC

....

GET /pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15a0c542197-5fdd0000010f7778

HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 1025

Date: Sun, 05 Feb 2017 03:31:59 GMT

(new Image()).src = "http:\/\/cm.g.doubleclick.net\/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1";(new Image()).src = "http:\/\/ib.adnxs.com\/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1";(new Image()).src = "http:\/\/match.adsrvr.org\/track\/cmf\/generic?ttd_pid=eyeota&ttd_tpi=1";(new Image()).src = "http:\/\/rtd.tubemogul.com\/upi\/pid\/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu";(new Image()).src = "http:\/\/dmp.adform.net\/serving\/cookie\/match\/?party=1009";function eyeota_callback(){var script=document.createElement("script");script.setAttribute("type","text\/javascript");script.setAttribute("async","");script.setAttribute("defer","");script.setAttribute("src","http:\/\/ps.eyeota.net\/pixel?e_rc=1&pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E");var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(script, s);};setTimeout(eyeota_callback,5000);HTTP/1.1 200 OK..Content-Type: application/javascript..Content-Length: 1025..Date: Sun, 05 Feb 2017 03:31:59 GMT..(new Image()).src = "http:\/\/cm.g.doubleclick.net\/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1";(new Image()).src = "http:\/\/ib.adnxs.com\/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1";(new Image()).src = "http:\/\/match.adsrvr.org\/track\/cmf\/generic?ttd_pid=eyeota&ttd_tpi=1";(new Image()).src = "http:\/\/rtd.tubemogul.com\/upi\/pid\/lons7jax?p

<<< skipped >>>

GET /match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15a0c542197-5fdd0000010f7778

HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Sun, 05 Feb 2017 03:31:59 UTC

GIF89a...................!..NETSCAPE2.0.....!.......,................;....

GET /match?uid=3648886337069900944&bid=2cr76e1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15a0c542197-5fdd0000010f7778

HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Sun, 05 Feb 2017 03:31:59 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;....

GET /match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15a0c542197-5fdd0000010f7778

HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Sun, 05 Feb 2017 03:32:02 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Sun, 05 Feb 2017 03:32:02 GMT..GIF89a...................!..NETSCAPE2.0.....!.......,................;..

GET /track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: match.adsrvr.org

Connection: Keep-Alive

HTTP/1.1 302 Found

Cache-Control: private,no-cache, must-revalidate

Content-Type: text/html

Date: Sun, 05 Feb 2017 03:31:58 GMT

Location: hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Pragma: no-cache

Server: Microsoft-IIS/8.5

Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:31:59 GMT; path=/

Set-Cookie: TDCPM=CAEYBSgCMgsI7vSQ4cjg5jQQBTgB; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:31:59 GMT; path=/

X-AspNet-Version: 4.0.30319

Content-Length: 163

Connection: keep-alive

Redirecting to: <a href="hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1">hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1</a>....

GET /track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: match.adsrvr.org

Connection: Keep-Alive

Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; TDCPM=CAEYBSgCMgsI7vSQ4cjg5jQQBTgB

HTTP/1.1 302 Found

Cache-Control: private,no-cache, must-revalidate

Content-Type: text/html

Date: Sun, 05 Feb 2017 03:32:00 GMT

Location: hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Pragma: no-cache

Server: Microsoft-IIS/8.5

Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/

Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsI6LutvrLg5jQQBRgFIAEoAjILCO70kOHI4OY0EAU4AQ==; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/

X-AspNet-Version: 4.0.30319

Content-Length: 189

Connection: keep-alive

Redirecting to: <a href="hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou">hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou</a>HTTP/1.1 302 Found..Cache-Control: private,no-cache, must-revalidate..Content-Type: text/html..Date: Sun, 05 Feb 2017 03:32:00 GMT..Location: hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou..P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"..Pragma: no-cache..Server: Microsoft-IIS/8.5..Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/..Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsI6LutvrLg5jQQBRgFIAEoAjILCO70kOHI4OY0EAU4AQ==; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/..X-AspNet-Version: 4.0.30319..Content-Length: 189..Connection: keep-alive..Redirecting to: <a href="hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou">hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou</a>..

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ss.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1609

content-transfer-encoding: binary

Cache-Control: max-age=383792, public, no-transform, must-revalidate

Last-Modified: Thu, 2 Feb 2017 14:03:50 GMT

Expires: Thu, 9 Feb 2017 14:03:50 GMT

Date: Sun, 05 Feb 2017 03:31:44 GMT

Connection: keep-alive

0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....20170202140350Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C....L;........b.........20170202140350Z....20170209140350Z0...*.H.............X..AT.v.....yE..=y..........g..Y..0....Ev".^.=2>0..f..<...g.......3.........f$%..*}.wr.>.]..ERT...,..{.7.....9J..F`...NY.Z..aF>...xI#.Y['.....ne....>..D..=.xz>u.F....w/.......g..v<.\HzV.....f(....)..U..^...1.....Gf..;..C.8?.k.(......}=.0........t.....~...j...n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..170211235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCSP Responder0.."0...*.H.............0..........0........g........T.$h..=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B..4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>...

<<< skipped >>>

GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH HTTP/1.1

Cache-Control: max-age = 10800

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 07:50:34 GMT

If-None-Match: "6b9ba9eca642c891cc02365fc6161341647bd9fc"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:24 GMT

Content-Type: application/ocsp-response

Content-Length: 1518

Connection: keep-alive

Set-Cookie: __cfduid=d08017094d03ae3be0f852f439ba31eb21486265484; expires=Mon, 05-Feb-18 03:31:24 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 01:07:56 GMT

Expires: Thu, 09 Feb 2017 01:07:56 GMT

ETag: "6cc438305d4cb855f5ef18f975ca7b060ecb85bc"

Cache-Control: max-age=10800,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a0e546e5984-VIE

0..........0..... .....0......0...0...........%r2.]&.iO.).*V...20170205010756Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K........DN.BG....20170205010756Z....20170209010756Z0...*.H..............'n@w....g5..\....OLE'...w..m.".0...R.....-.*}hsC...PS.".g=<.3N...K...bLV.wH.gbq\...[Q............8.=...2.'SUs.n.o..L..g.K...>.^.......t......).~4G;..&.F..e....U........%..'iC.0[...N......9.K,r;. ..9.....0y..R?..uc....K=..[.NE....@.>.M<.H.Y.o..*...zY.^.:......0...0...0..........H....9...S....0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...161208000000Z..170415000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R1 - Signer 1.10.."0...*.H.............0..........b.Q........@....2Y_y%..0..I.S.....-.$=DZ.xx>..4...d.i&....:eh.....,.M.......R..... .P..L.].J.....\oe.G...=....>.e.>.....!.......;.J....,..............U.S..2.r..G.w..0~...F....P.n..#...i...?J.Bd(6.&3.C..%.]... ...f...q..0.f.........S....2H`.b..T`.O.....l.........0..0...U...........0...U.%..0... .......0...U.......0.0...U...........%r2.]&.iO.).*V.0...U.#..0...`{f.E....P/}..4....K0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H..............~.s..uk..\....)K.8p\..,.......d..V\..n.. ....u...m..:.cb-.'....."......K2.Z.....7./y.[_.........x.(_Zf<.....9.@...s..KjP...U0.S..8eU.K..N.M......;...P..u...m.f..~.U.....5.? ...!z...\..B..y-t...%...{C.5.".zO.......C...S.d...g....N..I..i[.y..PfAr.t..W

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: s2.symcb.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1763

content-transfer-encoding: binary

Cache-Control: max-age=371973, public, no-transform, must-revalidate

Last-Modified: Thu, 2 Feb 2017 10:48:48 GMT

Expires: Thu, 9 Feb 2017 10:48:48 GMT

Date: Sun, 05 Feb 2017 03:31:27 GMT

Connection: keep-alive

0..........0..... .....0......0...0.......WI.....L.c=...r..7Z..20170202104848Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..Q?.t8p.4@A.0........20170202104848Z....20170209104848Z0...*.H.............:..4A.E6....a3.!.4..}.P&...9..8.m....!.k...V@V....9j.....`8........2..)aE.Xb.R.`.......bV......yz.......|QN..1.......jc..GH(..O..@...r(..2h2t..3.....aZ|f:6.2\r.#B.............9@KJ.....LI..6nk..8...Me.....-.,....-qj.....t...5.f...O.^...8:*...@.{.{......X.:6....0...0...0..........^..)......<...T.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...161122000000Z..171214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 50.."0...*.H.............0.............................m..|........1rUZN.b.......t. d......O...NY.lR..k .Q.z.g.4(,...Rp.7...0C.j.)Z........ ~..3...x.b.-..... S^0<6...!.(..2}...T.fX}...6...(...1...#..H..|`.yy.<B.z.q$......u.-..K.!......y..8..--....?.,.[.[...5.e.4.....D..t.;....).J....\fV..G.........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://www.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0"..U....0...0.1.0...U....TGV-OFF-500...U.......WI.....L.c=...r..7Z0...U.#..0.....e......0..C9...3130...*.H.............<wN..g...S.

<<< skipped >>>

GET /templets/default/style/common.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:49 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:32 GMT

ETag: W/"094a2953869d11:0"

X-Powered-By: ASP.NET

Content-Encoding: gzip

Expires: Mon, 06 Feb 2017 03:31:49 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

9d2.............[[....~.....!..Q........<.!8yZh...i....477.!......8.6.B.YB..8v......._..9U...4....0....S........<..;.>....K/...r..&.,..I...}...oW...o_....p.-.|-..<..^..2.'\....x}....L..t".a..n...m.:.O.....,..(....y.G<.....1v.nJ....S....Czc....r..>...r.p|<<~8..6x89z=.....:~.a.x..O?.y.nB$K{.........{.e&.o...!.O.....^..3..."L.0.O...8..1>=-.xcN...._.^..i..q.q>.'.._d9/....r...ts..N...a........E9....\.M...e..{.....o..G.E..|..K....!/.)....C.."KB!.y...<d4TH.\!Y..eo..Z...[...2. ..e).....<>Y...rkj.....U...rx.r.5i.F.<@...%KN.@....w......~....<V......'yz...{.....b>.O..(....X.d[........<....Q..{.....A......0...X.&q...]...xe.I..7..K.....EL..y".r.....M./...5..l.&in.Q.2....&.*..O...\8........&....j{...ss.yr.N.s....^..OfH......}.Y_0......W..=eC0G.[.B> /.....R|".p..Y.../..zc.7...gR..|O....k...(R).DA.u..$.2"..c.....%....*:.F...z$.Ci....p...V{a..ez..l..].x%..~K....E6...... j_.@2v.H..D..4LVYx/..E\^......G.S..;..as!.ga.....1M.XM..W..)..&.0.}.W...,/T...~K...B.L.{!."..l<.8e#..4....".....q..Q.2.....@{.F:\.F..a...am.N....[.?..e......U..^.IW...Fq...8.."...T.M....d..y-.(...U..........Q.q.2.c.G..........z..`......:...$.......?>..]V.p..(XQ.B.T.z[.C0........a>..L..l:...".7....g(.....VJ..=yV..6.....L.B..o9?=../.1...sp....%."....F.K.&.....p4?.....".7S&..9..L.W>.C..:s....*.xr........Y'.............E.&.... .6c....pm.r.*QP.J...`~'.... .G................x.7^0 #.)..w.....F..G{....3.-3...6e.2.........&mSF-SzA.6e.6e...I..>.O...o.CZ.b.W.4.E...v.....F......q..6@....k&.....u.[.._'.6t.X

<<< skipped >>>

GET /templets/default/js/backgroundPosition.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 2329

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:27 GMT

Accept-Ranges: bytes

ETag: "80a3a7923869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

(function($) {.. if(!document.defaultView || !document.defaultView.getComputedStyle){.. var oldcss = jQuery.css;.. jQuery.css = function(elem, name, force){.. if(name === 'background-position'){.. name = 'backgroundPosition';.. }.. if(name !== 'backgroundPosition' || !elem.currentStyle || elem.currentStyle[ name ]){.. return oldcss.apply(this, arguments);.. }.. var style = elem.style;.. if ( !force && style && style[ name ] ){.. return style[ name ];.. }.. return oldcss(elem, 'backgroundPositionX', force) ' ' oldcss(elem, 'backgroundPositionY', force);.. };.. }.. var oldAnim = $.fn.animate;.. $.fn.animate = function(prop){.. if('background-position' in prop){.. prop.backgroundPosition = prop['background-position'];.. delete prop['background-position'];.. }.. if('backgroundPosition' in prop){.. prop.backgroundPosition = '(' prop.backgroundPosition ')';.. }.. return oldAnim.apply(this, arguments);.. };.. function toArray(strg){.. strg = strg.replace(/left|top/g,'0px');.. strg = strg.replace(/right|bottom/g,'100%');.. strg = strg.replace(/([0-9\.] )(\s|\)|$)/g,"$1px$2");.. var res = strg.match(/(-?[0-9\.] )(px|\%|em|pt)\s(-?[0-9\.] )(px|\%|em|pt)/);.. return [parseFloat(res[1],10),res[2],parseFloat(res[3],10),res[4]];.. }.. $.fx.step

<<< skipped >>>

GET /templets/default/js/navigator.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 4276

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:30 GMT

Accept-Ranges: bytes

ETag: "06771943869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

ready(function () {.. var oBox = document.getElementById('top_box');.. var oNav = getByClass(oBox, 'nav')[0];.. var oUl = oNav.getElementsByTagName('ul')[0];.. var aLi = oUl.children;.. var aUl2 = getByClass(oUl, 'ul2');.. var timer = null;.. var temp = null;.. var oWrap = document.getElementById('wrap');.. var oAlpha = getByClass(oWrap, 'alpha_bg')[0];.. function getBackgroundPositionXY(elem) {.. var backgroundPosition = '';.. if (elem.currentStyle) {.. if (elem.currentStyle.backgroundPositionX && elem.currentStyle.backgroundPositionY) {.. backgroundPosition = elem.currentStyle.backgroundPositionX " " elem.currentStyle.backgroundPositionY;.. } else {.. backgroundPosition = document.defaultView.getComputedStyle(elem, null).backgroundPosition.. }.. } else if (document.defaultView) {.. backgroundPosition = document.defaultView.getComputedStyle(elem, null).backgroundPosition;.. }.. return backgroundPosition;.. }.. for (var i = 0; i < aUl2.length; i ) {.. var aA = aUl2[i].getElementsByTagName('a');.. for (var j = 0; j < aA.length; j ) {.. (function (index) {.. aA[index].onmouseover = function () {.. var oPosX = getBackgroundPositionXY(this.children[0]);.. var arr = oPosX.split('px').join('').split(' ');.. var x = arr[0];.. var y = arr[1] - 52;..

<<< skipped >>>

GET /site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: tags.bluekai.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Sun, 05 Feb 2017 03:31:59 GMT

Server: Apache/2.2.24 (Unix)

X-XSS-Protection: 0

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"

Set-Cookie: bkdc=wdc; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com

Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com

Location: hXXp://tags.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6=

Content-Length: 0

BK-Server: ce09

Content-Type: text/html

....

GET /site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6= HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: tags.bluekai.com

Connection: Keep-Alive

Cookie: bkdc=wdc; bku=sty99vIzkkQxF2Rs

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:59 GMT

X-XSS-Protection: 0

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"

Pragma: no-cache

Expires: Thu, 01 Dec 1994 16:00:00 GMT

Cache-Control: max-age=0, no-cache, no-store

Content-Length: 62

Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com

BK-Server: 748b

Content-Type: image/gif

nnCoection: close

GIF89a.............!..NETSCAPE2.0.....!.......,...........L..;HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 03:31:59 GMT..X-XSS-Protection: 0..P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"..Pragma: no-cache..Expires: Thu, 01 Dec 1994 16:00:00 GMT..Cache-Control: max-age=0, no-cache, no-store..Content-Length: 62..Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com..BK-Server: 748b..Content-Type: image/gif..nnCoection: close..GIF89a.............!..NETSCAPE2.0.....!.......,...........L..;..

GET /pa?p=2:2409084321:51 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: wpa.qq.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Server: tws

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..

GET /v4/images/alexa.png HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: info.spiritsoft.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:08 GMT

Content-Type: image/png

Content-Length: 2012

Last-Modified: Fri, 08 Jul 2011 09:36:17 GMT

Connection: close

ETag: "4e16cf91-7dc"

Expires: Tue, 07 Feb 2017 03:31:08 GMT

Cache-Control: max-age=172800

Accept-Ranges: bytes

.PNG........IHDR.............o.......pHYs.......... ......gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...RIDATx.b...'.#3.......4..20...y..7...~....7.'......l?......e.X.........7.#..............Y.........h.../.....3..<....."..<#. ..{_._.z...'o.z.s..H...0.........?@..I......................<3.!!...................................c.>.............I.............t.....22............................. ..(".........sS.T@.........I.................$...........$.""....................../>6..........e.7 ......I..........x..... $..../5.bN...............................IG3.!%.......v......I....................&.pU................!..1........71..HP....................I................B...d*.....................J:..s2e;....#... E......% .........I.................>@..............................DA...........................I...............$.........>*....................................&..............I...............F.........v.................7...................$..............I.................................. ..:..0<.<4.................................I............................fM#9,.............<...............................E...../.._._...........S[..%D ..u..........$W4 .0_...0...f.?......r.o6.?...I........................N........................................................g./.ef......O...~..K........ ...._...b..Tg...._..>.`.....g.....p....LW. .....~....-......w....p.!P...@s....?o;..\..{.......g$....a*.....0...L.<,.f....I.............."...........&...."8.FK"........

<<< skipped >>>

GET /MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136|**; navigation_items=MLB812506136|05022017033130; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=CB6934BF0615753B5CD40EF0F9AF9E52; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: produto.mercadolivre.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 05 Feb 2017 03:31:46 GMT

Content-Type: text/html;charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

Content-Language: pt-BR

Set-Cookie: pmsctx=******IMLB812506136||**; Domain=.mercadolivre.com.br; Expires=Tue, 07-Mar-2017 03:31:38 GMT; Path=/

Set-Cookie: navigation_items=MLB812506136|05022017033138; Domain=.mercadolivre.com.br; Expires=Mon, 20-Feb-2017 03:31:38 GMT; Path=/

Vary: Accept-Encoding

X-Nginx-Host: e-0000a8ef

X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com

X-Nginx-UpstreamHost: , 10.63.1.163:80

X-Upstream-Server: nginx/1.8.0

X-Request-Id: 013a123d-be38-4bd8-a2dd-8106bcb2aae2

X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4

3441...............r.I.(......).%L...H....LU..J....R...p.!.".1p.p..~..}e.(.6 .g..mj...w.....@R...DeJ."|8~...~|...[.....h.n,....\......oC......iT... 6.h=t"60v.<0.....Z~.E....r.s..:...Y.......t..M...9.......h.o6...1aM/.....O.......N}...m.....};...R.....;....lc..?='$O.w..<....N..9~@.d..d.g.3v<....lS.....?.O.~..>.K.......Z[m.6!.,....'.a........u.w$`..3`..y...r.x...&..N"....7.(|kX..hn.Y3`.....xMY.b...!.....1.....)...........?...0=.w...V......C.Y.c.kx,...v.j)3..X\....1.dK.hf....Y..Qq.....ET.^XGfe.up.r=....=..,.=.......K..|0."...z.......}&...[J-..{6....Y..!).R.(,8s......F..F........2.....t....]....K-VY..w.F...k.M...-.....Qb.. d....Q}E.O..g.....0...~.....#.>.1.t.....Z{...@.x..5...Gl(4z.j......`.?t.~h?...~................R=..[.@..CP...1j.z.>A.[....{`]...i..k.....v..<.|.......Q....K.4p`.|....n.tr.4.....X.1..L1...........;..A.a.......}.....s".@.-....h....;.x.?.C.........$.'.r...$.:.=I........o..).....<..0{.j......J.'...Ad..q....8..S..... ..`2......S..0j:.:...~.{.T....3....}.../..a.,....N.~.$..t:.A...uP..8.Z.K.:..P"dvcyuee.ZK..7>..$t.3........q,.\.@x......Vg.|.....1....H......k..E..k....... ;..v..b.......,.*...%......R..sX.......a..........>..N..(v.....Y.M.PR...K...u.....vp6....,`u.x~.." .5O.NDIt..6.R..:ku.(`.#...o..6...mC.../O.....|9....~X#/.x...y..!...)..].Z1...q........i..C.n&@....i....!...y..cVo.,..v.W..v.cv.:.r......{42.).X.[..vF.......&.._...i.{....Ym..]Z.z.U..4..h.l.9..I...F...z..V.(M ..p`D.8j...T<...2.=.I.Bk........[.T~6|...`.F_/.2.I^<..]|....E..B...p.................*....@||...M

<<< skipped >>>

GET /noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/ HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: produto.mercadolivre.com.br

Connection: Keep-Alive

Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136||**; navigation_items=MLB812506136|05022017033138; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=CB6934BF0615753B5CD40EF0F9AF9E52; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268

HTTP/1.1 302 Found

Server: Tengine

Date: Sun, 05 Feb 2017 03:32:00 GMT

Content-Length: 0

Connection: keep-alive

Location: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212

Set-Cookie: JSESSIONID=064D2C24F45E44FDFE96B0D03BD65DCF; Path=/; HttpOnly

X-Nginx-Host: e-0000a8ef

X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com

X-Nginx-UpstreamHost: , 10.63.1.54:80

X-Upstream-Server: nginx/1.8.0

X-Request-Id: ab1fb97c-4686-4ca7-be18-0d24c3825b91

X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4

....

GET /MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: produto.mercadolivre.com.br

Connection: Keep-Alive

Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136||**; navigation_items=MLB812506136|05022017033138; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=064D2C24F45E44FDFE96B0D03BD65DCF; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268

HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 05 Feb 2017 03:32:00 GMT

Content-Type: text/html;charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

Content-Language: pt-BR

Set-Cookie: JSESSIONID=57CD1DDE1B406055A1718540162E95E8; Path=/; HttpOnly

Set-Cookie: pmsctx=******IMLB812506136|||**; Domain=.mercadolivre.com.br; Expires=Tue, 07-Mar-2017 03:32:00 GMT; Path=/

Set-Cookie: navigation_items=MLB812506136|05022017033200; Domain=.mercadolivre.com.br; Expires=Mon, 20-Feb-2017 03:32:00 GMT; Path=/

Vary: Accept-Encoding

X-Nginx-Host: e-0000a8ef

X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com

X-Nginx-UpstreamHost: , 10.63.1.196:80

X-Upstream-Server: nginx/1.8.0

X-Request-Id: 720f4897-5060-45e3-8097-1f76676c5f91

X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4

32f4...............r.H.(.l}E.}..v.$.p..#..j..-...>.VW(.@....,..<|.~>..........q#.9/...cw.....HQ.%...,.@. s. 3Wn<.} :.2r.M.....C,...f...wa....o.....u..4.Z.Dl........?....^..l.....f....m....imk..a.&.......?^....Z......kz...hX~....@&.u.aP..)_.......*J.7..@.lDN..........t.3...?&.>.....i..>L......Q...d.:.............C......;... lB^....O.;...h.>..7......0...|.cVT#.0...f.B.'.c....F.>5,.Rkn.Y3`....;.MY.|.pJC...........2./..................5.....a...e..X....8....Z..Z......4..li.f&.P.umZ...j.U5.Sa{....".`!r=....=..,.=..Bt{v..D......\s=.\.n.1n.I s.VR.bu...9u/.....<....3......i..j4.0/j$.v]..s]..N..$g.j.l.R..,s..\'.....M...-.....Qb.. d.f-.FZ_.O..`.....0.Hc....f.F.|.c.........O..o.......C....FoB..3~<.7..........._#..>...A..F.........<P.Z.jW{..........K..y`]...4...|M.......=..lv...4.b...=.....=x.....d...G.4lb9...f63.t.).....C..M. Rf.....M1z.....s".@.-..M.....=v&.D}..,..)0....H*#.r...$S:.=I....S.i[..'S.54..y....1.[.0g..Wr.....DV.....p....Lp7G....:.L|...A.h..FMgB.P..O}.....=t..A....#...7.~.3l...|.."{....u....v3pv[.....(.............7^.b.:..X...q......Z.....Do.Z..w...F.....P$....Y..l........&.# ...gt...I...Cp.....%.....N\...-`..k.V.6..g.l...V.....t..G..6.....A.PR...K...T.....v....Bq.0.'..w...c....(...n.).q.......12.N.#r.....m(8...I...../..........O.2#O|7..@8.u...V......X...F..h.D.\.&@.j........|..y..c..:.e...`h.......k..3...G#=C.......3"nD..........j.=....!...kw.V.3.;.Q.CM.5. .&}..4..~.4.8.@iZ.......G.w........b.B.Y....G.........7|....p......N..)....`.}\.. ........?C............ ........./..6.

<<< skipped >>>

GET /urlcore/olcfgs.dat?q=41 HTTP/1.1

Accept-Encoding: gzip

Host: urlspirit.spiritsoft.cn

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:05 GMT

Content-Type: application/octet-stream

Content-Length: 439

Connection: close

Last-Modified: Wed, 02 Apr 2014 08:26:13 GMT

ETag: "533bc9a5-1b7"

Accept-Ranges: bytes

.3..}...)u..r..DvS.-..%....(yX.[.....|........;....w.[.......m.9......[h.t.,.......F..d........*.^gg.......n6..g.....\..%a.V.X.J.*.i....;.Gk .X.;.up.... !../b....dCY.8.....#.<ZV.......a.R..W..QX..!5..;.P.l..?...8.=0{./f.......g...h|.....T..N(>...l........1..Vs..5P!.T...v...`..[#.....J.{#..I..Rc........s^._..B1v@.?.N.v^!..%.%)........~.. eBd..0..3`.@..\.@....;ti4>......U..om.t..p.L..n.{.\..1V....E.}..G,d..>Ys.XQ.1iX..Xw...{e.:......A.M...

GET /cgi-bin/CRL/2018/cdp.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 11 Oct 2016 17:15:01 GMT

If-None-Match: "20084-4aa-53e9a04525e5e"

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.public-trust.com

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Last-Modified: Tue, 24 Jan 2017 23:30:01 GMT

ETag: "20084-579-546df7ec18007"

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Connection: Keep-Alive

Date: Sun, 05 Feb 2017 03:33:14 GMT

Content-Length: 1401

0..u0......0...*.H........0u1.0...U....US1.0...U....GTE Corporation1'0%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Global Root..170124184934Z..170421184934Z0.."0....'....141119195306Z0....'B...141119195752Z0....'....141119200006Z0....'1-..150204203232Z0....'....150429193635Z0....'....150513182515Z0.........150603195456Z0....'.:..071121154528Z0....'....080514142515Z0....'....080924143337Z0....'#...081203144336Z0....''j..090209174351Z0....'b...100414181148Z0....'....080917150432Z0....'#...081203144209Z0....'#...081203144241Z0....'#...081203144304Z0....'%u..081203144409Z0....'/9..090318130930Z0....'8...090715181853Z0....'TU..100113191852Z0....'k...101130163724Z0....'.B..111107193907Z0....'@...141119200409Z0....'....080917150312Z0....'....140709175318Z0....'....141210173900Z0....'....150429193611Z0....'....150513182422Z0.........150603194732Z0....'i...150603194856Z0....'-E..141119195854Z0....'....141119200037Z0....'F...141217193909Z0....'F...141217193956Z0....'>...150603195600Z0....'.D..150701191141Z0....'.'..161214171840Z0....'.2..161214171840Z0....'.3..161214171840Z0....'.4..161214171840Z0....'.5..161214171840Z0....'....161214171840Z0....'....161214171840Z0....'....161214171840Z0....'....161214171840Z..0.0...U.......70...*.H.................[O..=.K.f..g.6.%(.t.A...............B.<....n7......`{..:as..;...:..%...L....I.t...l.....L3`.&..k.lD..Pi.P(......n..P../...s..

<<< skipped >>>

GET /v4/images/splogo.png HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: info.spiritsoft.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:08 GMT

Content-Type: image/png

Content-Length: 1339

Last-Modified: Fri, 08 Jul 2011 09:36:19 GMT

Connection: close

ETag: "4e16cf93-53b"

Expires: Tue, 07 Feb 2017 03:31:08 GMT

Cache-Control: max-age=172800

Accept-Ranges: bytes

.PNG........IHDR.............o.......pHYs.......... ......gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.*...a....M.w.2h.3HK2.....%....jl..~......h.........?...0|.`.qdpWb.dc`f`....._....v.cXy.A....|.N......../?...3h.3................c...........?......dX........B....C.:.W#.D..._.~.5.....?.Q ...#.. '..K...1,.g......@L.p........!R...;..?...f....... ..._.w>0.i0<..0m..E.....!(,..a...!....G../...~..?`.6..~..!..., ...!......!Z.A....<.........x./........`)..lL.'.3T/c.).....@.1V....%.....v.@...........j......._..~.,....|..1...p. C...@.1~..?j....C.:..O........@'...._..?.......7.].. .|..._2H32..f.. P.}......R..D.d'P)0.....D38..5......H.-.z..{......3p.2....P....T...2.{0|...2`..5C..33p...=...#(.Ai....m... S.. ..........."...",G..........8.........P)..b. .y..... ..7 .'..!..ds.....g..V...........v.....dG.................."\.g.~.d..).......NH..... )q.... ......s13..3.......g.~........U..ar.....J... .. p.b.<..!..K ..d.t....O.}.x....7w...? .....O.2L@A......l..&....[.A...f.......u..?~....j.$. .....W..L.>&(...@(.bbe..ah>.`k.p.......x ~.....v...?->.?.l....2..20.... .........08.2<....._)...~...L..L t.../.C..z... .4>..C..C.%.V.~`....TB..5? (5.]q.).2.,I. ..0........\b.f......Z..a.y..N.i~,............s..O.dy.Y..A..a......*...`.. ....]{.s..o;.....7...;._....w..... F......f....&......_.E.....P... .....`.I.Q....IEND.B`...

<<< skipped >>>

POST /urlcore/svcreq1413fd.css HTTP/1.1

Content-Length: 230

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip

Host: urlspirit.spiritsoft.cn

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

f=3&v=101&c=10494&i=MBhBRgB1aDtPQX5ZFRxUZGV8HER/C0QaBmNiKEAWcgsQHFxjN3hOS2kWAEwII3AjSV9pU0ZXRm1i

NVscOFMAFUZhLigFQjcNFB9VK2NlSA8hU0xICD48flcWM19eHxhkYStAQ3kNER5cK2JlSVFnGFZM

DTNwI0lfaU9LS0ZtYjVbBj9KABVUe3BvHAFpABMfXWIvEw==

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:12 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Content-Encoding: gzip

6e5..............m..6.........P.......nS....j..L'.N..`....^....!!....J.q..?~.L>.*./..'...1q...iL.1..._..qY.V.B..4..<...r.[.;.C.J..vU.B.}.;6EK.'..n..^..`...=..R.S.H5.H.aK....;qi........L.J,v&.(.{4.......<.~[.o6.YiY....e..D....a....,.B,..yf..0..fG.....H-..5..2....&V"[.....}.....KE.i0.<.yWD...K.-...<..<..v...7..|0..X.z.`...xys...K!ZW...(.$=pQG....-......'.;.C..H=...........#.!...zT..2...w.'*....p.......p.=Q.K:$...W...l.<s<......C..`.5.....BQ...N.........%..<.kQp...).T..,.......s....Mg..xH......3.e..aVX?.4.=w.6..m.O..SdA.?AdJ..=..$...W..m3Z.&.0...<(O...Ul<J*}.% ....SC7.T.Q.kBiy...{|...}.N!.t.;.(...Y..c......,. ..9.)..3........u.9...dP.BZ...p....#.z...1.x1<=.C..kv...;'f@.. ..NP...c.f.ch...U.L..z8<-....J..u.B....!..9.._..D..J............/.Z..e.T..OFY]3.B....!N..........J..L../...o.....vK.r9.zB^..T.*eEDc....k.$.....7.M.a.".&...43~.L..w....(L.LEB.....#M.....w..I...i^.~k......{..St..-U.L...b.*.'{(pQ`7?P.x...U.Wi[wH...........].6....G4.....)......Tb.G....X....m#\.xd...kbX...v.E.....g.6l.G[)..Q..vt.ha..........r...mdV.%..........p...l._...)T....9...1B..>....&.........[}.....j......D..6..<....X...-.....4.*..e....._...1.3Dt*..W....y....<...(.S..|...T.'.8......*.o.......x.._....AW..._...Myp.g9^.5.....{x.{O0.>Y...._$..._.l....v0..s.... .,....'.&.?.........{..]....._\.. |...{..,....C...c9.q.>...[.[.R..n@..~...d.B....:Q..[......O.G....Q.d...D]>.lS.....<l.......U.?.ee2........9...;@....X.....vy\..B$lj.x.~..i~.F.........P.....DLB...P..l>....4$..E...@vN..~L.^..[U..Wd.

<<< skipped >>>

GET /serving/cookie/match/?party=1009 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: dmp.adform.net

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: nginx

Date: Sun, 05 Feb 2017 03:31:59 GMT

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=15

Location: hXXp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009

Set-Cookie: uid=5648657701418802231; Expires=Thu, 06 Apr 2017 03:31:59 GMT; Domain=adform.net; Path=/

....

GET /serving/cookie/match/?CC=1&party=1009 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: dmp.adform.net

Connection: Keep-Alive

Cookie: uid=5648657701418802231

HTTP/1.1 302 Found

Server: nginx

Date: Sun, 05 Feb 2017 03:31:59 GMT

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=15

Location: hXXp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu1

HTTP/1.1 302 Found..Server: nginx..Date: Sun, 05 Feb 2017 03:31:59 GMT..Content-Length: 0..Connection: keep-alive..Keep-Alive: timeout=15..Location: hXXp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu1..

GET /map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: bcp.crwdcntrl.net

Connection: Keep-Alive

HTTP/1.1 302 Found

Cache-Control: no-cache

Date: Sun, 05 Feb 2017 03:31:59 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Location: hXXp://bcp.crwdcntrl.net/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E

P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV

Pragma: no-cache

Set-Cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net

X-Server: 172.25.10.205

Content-Length: 0

Connection: keep-alive

....

GET /map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: bcp.crwdcntrl.net

Connection: Keep-Alive

Cookie: _cc_cc=ctst

HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: image/gif

Date: Sun, 05 Feb 2017 03:31:59 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV

Pragma: no-cache

Set-Cookie: _cc_aud=ABR4nGNgYGCImDZnPQMcAAAbVQI6;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT

Set-Cookie: _cc_cc="ACZ4nGNQME8yMbc0MzQxNEg0NTZNtjAzTbMwMLA0SLW0TDVJM7dkAIKIaXPWMyAAADmrCkQ=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT;Max-Age=23328000

Set-Cookie: _cc_id=7b47961410a535c865f80090e99e4f79;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT

Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT

X-Server: 172.25.10.151

Content-Length: 49

Connection: keep-alive

GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Cache-Control: no-cache..Content-Type: image/gif..Date: Sun, 05 Feb 2017 03:31:59 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV..Pragma: no-cache..Set-Cookie: _cc_aud=ABR4nGNgYGCImDZnPQMcAAAbVQI6;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT..Set-Cookie: _cc_cc="ACZ4nGNQME8yMbc0MzQxNEg0NTZNtjAzTbMwMLA0SLW0TDVJM7dkAIKIaXPWMyAAADmrCkQ=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT;Max-Age=23328000..Set-Cookie: _cc_id=7b47961410a535c865f80090e99e4f79;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT..Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT..X-Server: 172.25.10.151..Content-Length: 49..Connection: keep-alive..GIF89a...................!.......,...........T..;..

<<< skipped >>>

GET /item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: world.taobao.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Server: Tengine

Date: Sun, 05 Feb 2017 03:31:30 GMT

Content-Type: text/html

Content-Length: 278

Connection: keep-alive

Location: hXXps://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c

Set-Cookie: thw=ua; Path=/; Domain=.taobao.com; Expires=Mon, 05-Feb-18 03:31:30 GMT;

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<h1>301 Moved Permanently</h1>..<p>The requested resource has been assigned a new permanent URI.</p>..<hr/>Powered by Tengine</body>..</html>..HTTP/1.1 301 Moved Permanently..Server: Tengine..Date: Sun, 05 Feb 2017 03:31:30 GMT..Content-Type: text/html..Content-Length: 278..Connection: keep-alive..Location: hXXps://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c..Set-Cookie: thw=ua; Path=/; Domain=.taobao.com; Expires=Mon, 05-Feb-18 03:31:30 GMT;..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<h1>301 Moved Permanently</h1>..<p>The requested resource has been assigned a new permanent URI.</p>..<hr/>Powered by Tengine</body>..</html>....

GET /qconn/wpa/button/button_111.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: pub.idqqimg.com

HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:51 GMT

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:51 GMT

Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT

Content-Type: image/gif

Content-Length: 3534

Keep-Alive: timeout=60

Vary: Origin

X-Cache-Lookup: Hit From Disktank

......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.

<<< skipped >>>

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT

If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com

HTTP/1.1 200 OK

Server: Apache

ETag: "cd1ddd31776c69c9c6e1b249f22bc66b:1486264533"

Last-Modified: Sun, 05 Feb 2017 03:15:33 GMT

Date: Sun, 05 Feb 2017 03:31:17 GMT

Content-Length: 325

Connection: keep-alive

Content-Type: application/pkix-crl

0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170205030300Z..170215030300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..............^.bm}&?.....m;u.DK..^..1.....n9.N.U...C......^..N?........&]..K~.5..k...a.{.2..*M7...5....s.f..t...........fe{O..HZ....~...~.{HTTP/1.1 200 OK..Server: Apache..ETag: "cd1ddd31776c69c9c6e1b249f22bc66b:1486264533"..Last-Modified: Sun, 05 Feb 2017 03:15:33 GMT..Date: Sun, 05 Feb 2017 03:31:17 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170205030300Z..170215030300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..............^.bm}&?.....m;u.DK..^..1.....n9.N.U...C......^..N?........&]..K~.5..k...a.{.2..*M7...5....s.f..t...........fe{O..HZ....~...~.{..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1

Cache-Control: max-age = 511667

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT

If-None-Match: "57ff143e-1d7"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sun, 05 Feb 2017 03:31:21 GMT

Etag: "5896643a-1d7"

Expires: Sat, 11 Feb 2017 15:31:21 GMT

Last-Modified: Sat, 04 Feb 2017 23:31:06 GMT

Server: ECS (vie/F2D5)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0.......>.i...G...&....cd ...20170204220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170204220000Z....20170211220000Z0...*.H...............:.U...H.#o.....rC%.O[q......C#....k.D.G.O. ......u..J9.2.'h.70O>=n{d.*..@.. ...*...|.5......Pd%{..j~.x.4.zag.....0..M..baj.{AF3o.]...X.@..l.Y?_y......C."/..cT...{......v..i....:...Q.:<.....v..c.R.<.`.~JR._..B%#.3bH:.........m.}......:.v....!).[.h.mr./. .HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03:31:21 GMT..Etag: "5896643a-1d7"..Expires: Sat, 11 Feb 2017 15:31:21 GMT..Last-Modified: Sat, 04 Feb 2017 23:31:06 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20170204220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170204220000Z....20170211220000Z0...*.H...............:.U...H.#o.....rC%.O[q......C#....k.D.G.O. ......u..J9.2.'h.70O>=n{d.*..@.. ...*...|.5......Pd%{..j~.x.4.zag.....0..M..baj.{AF3o.]...X.@..l.Y?_y......C."/..cT...{......v..i....:...Q.:<.....v..c.R.<.`.~JR._..B%#.3bH:.........m.}......:.v....!).[.h.mr./. .....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sun, 05 Feb 2017 03:31:26 GMT

Etag: "589676f7-1d7"

Expires: Sat, 11 Feb 2017 15:31:26 GMT

Last-Modified: Sun, 05 Feb 2017 00:51:03 GMT

Server: ECS (vie/F385)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170205002900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170205002900Z....20170211234400Z0...*.H.............1....vDO.<L..{../...1.~.m......M[A..S .*=j....D..D-.L..HT..d.y....N...@..6jR...T.`.O.)|.h..4......W..H.W2.zD. .....X.....:.a._V...c..M.9.`q..>7..@._T&g...=sS....O..^d.... ].?..dwT#d.e......P...<......n.j(u...n..l....F.."?g.9..F .....\....h9].'3n...`q..V...HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03:31:26 GMT..Etag: "589676f7-1d7"..Expires: Sat, 11 Feb 2017 15:31:26 GMT..Last-Modified: Sun, 05 Feb 2017 00:51:03 GMT..Server: ECS (vie/F385)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170205002900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170205002900Z....20170211234400Z0...*.H.............1....vDO.<L..{../...1.~.m......M[A..S .*=j....D..D-.L..HT..d.y....N...@..6jR...T.`.O.)|.h..4......W..H.W2.zD. .....X.....:.a._V...c..M.9.`q..>7..@._T&g...=sS....O..^d.... ].?..dwT#d.e......P...<......n.j(u...n..l....F.."?g.9..F .....\....h9].'3n...`q..V.....

<<< skipped >>>

GET /v4/js/main.js HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: info.spiritsoft.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:07 GMT

Content-Type: application/x-javascript

Last-Modified: Mon, 18 Apr 2016 17:54:30 GMT

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Expires: Sun, 05 Feb 2017 05:31:07 GMT

Cache-Control: max-age=7200

Content-Encoding: gzip

503.............WMo.D.>.).a..d.M..B(....B.....K.Vc{.5qlw.N[......8!....k.......E...}g..q.@P.a.;....._.k4i......'. ..tQ....<s.F...d..., <.......=..X.~...T1.9mO...9.K...r^..R.R..h....`O.7]....Dg~ ..c /K..2.....5....l.....7...g...W.~.SaN....C.............3.l=...e.}...:;.B....E..;..n..x...o_.}....o....Z..Q......x'..b..L.......?......~.................Z......$..5./.....}.....&I.N.k...g...b..........u..7I@..d.NDC.<.X.s....=.L...c.'...T/.y...C.Q.H^.sA..._.lj.k.1X.g.!`...P.......EL..-.r...`....I&d...<?...'^...T.M.o..x7....&..R.\8;:0*....ns"y._.\....";...D.q..`.........A.....>......o....)-[r[d.......z2/....[..;nr....u|.$M..E).;....I ..(.LX.....08..0\k.^f..v..l.......t$r..\..).......j..j..sb>,......4..?W.gS..|VIkf.*..}56....w.....^._.z,......1.#kq..v..y.q........z..4L....;...Z..`..&..|....>1.`:.^7..8.5......@3.p...Fy....5..*....=[......0.[...-..8;.....m4.g....d}..m....y66B.$.p.q.r........QM{..f.>...k.....KH..O.P`.8.h.....13.]..g.&.#0s.|qHG..Q...\]k...s....B.........P'm ...f...*..$.F....dB6:4].....V.T...o......v.....M...9LOU.3.....P6!..omBO....."..9...~..%Cr.q....&6.G^F.9...'........|tbk.<{F.1(....|.@GZ....v.G].....5E.a..*.p.9]...S..$A.#.m....X.r...>.C..S....kX......[.TP....Y2.!..USC8.;hTQY.Y..&N.i....x..O.t..!..?.B..Z.3...xBcU....zr...2b..n.uA..r.q:.l2M."H<.5......-...oj8F.......0..

<<< skipped >>>

GET /v4/images/sound_high.gif HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: info.spiritsoft.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:07 GMT

Content-Type: image/gif

Content-Length: 356

Last-Modified: Tue, 20 Dec 2011 07:08:05 GMT

Connection: close

ETag: "4ef03455-164"

Expires: Tue, 07 Feb 2017 03:31:07 GMT

Cache-Control: max-age=172800

Accept-Ranges: bytes

GIF89a...............K.....$..............v..\..9............!..NETSCAPE2.0.....!...2...,..........[..I..8....Y......)1.1.dA.C.%...C.v....{.......%}.M..dJ.B.......a7..).B... ..*.c....v.(...'..!...2...,.......... ...*.&..Fc.0dU.-.C.@...Q.mE.%....h....K.(...!...2...,..........N.. ....Q....=.. c...A.@..F0. ..ZsY..l.4.~....<.....GI..6..*.$....z.L.....1S....;..

GET /?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: VVV.google.com.ua

HTTP/1.1 302 Found

Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl

Cache-Control: private

Content-Type: text/html; charset=UTF-8

P3P: CP="This is not a P3P policy! See hXXps://VVV.google.com/support/accounts/answer/151657?hl=en for more info."

Date: Sun, 05 Feb 2017 03:31:12 GMT

Server: gws

Content-Length: 278

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Set-Cookie: NID=96=NtkQbqImM7_dkkk-pZguAwVxZghdo7G92OC77-9aO5hCowVRIN4e4cnMROIenFvajQOZeKJi_UURAxJiT66cE8xmEMl0h0sffG-gzKT03iES27_4bvpHQghYp2ZreKQD; expires=Mon, 07-Aug-2017 03:31:12 GMT; path=/; domain=.google.com.ua; HttpOnly

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl..Cache-Control: private..Content-Type: text/html; charset=UTF-8..P3P: CP="This is not a P3P policy! See hXXps://VVV.google.com/support/accounts/answer/151657?hl=en for more info."..Date: Sun, 05 Feb 2017 03:31:12 GMT..Server: gws..Content-Length: 278..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Set-Cookie: NID=96=NtkQbqImM7_dkkk-pZguAwVxZghdo7G92OC77-9aO5hCowVRIN4e4cnMROIenFvajQOZeKJi_UURAxJiT66cE8xmEMl0h0sffG-gzKT03iES27_4bvpHQghYp2ZreKQD; expires=Mon, 07-Aug-2017 03:31:12 GMT; path=/; domain=.google.com.ua; HttpOnly..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl">here</A>...</BODY></HTML>....

<<< skipped >>>

GET /v4/lib/jquery/jquery-1.11.1.min.js HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: info.spiritsoft.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:07 GMT

Content-Type: application/x-javascript

Last-Modified: Sat, 16 Apr 2016 16:24:38 GMT

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Expires: Sun, 05 Feb 2017 05:31:07 GMT

Cache-Control: max-age=7200

Content-Encoding: gzip

920a..............gw#....~>..k(.YL-.g...%.$K...-K...B(......A.......P..`K>s..w]..Y..........\...X..yurx....w........2.=.0<.b~7.tW..,..j.?......p...M'.b.,v......n..{.n.k.7.....j....m1.....w.bo........b.......{8...n........V...u?.6w.WZ..b.zgV...|../..?.E..n.(.;......w^OVc~.....E..[.v.........^.'.b....p.w...j<Yf.....v...e6...K.PVp.....U6...n9.F\0...w.l..?d.||..?_-&.Qv..qw.......m.X.....4o..kd7y._?~M..p8......!..G.._,/...../..|r|....~.h..y..fyp...G....A......h....Y...x...u.E..p.......|5.....Z....X..w..|.............l......................N.Zn.3*V.(.S..Nw.n........}.9t._.f.w/......W..u.I.b.....Qa.j......[B..-^}g...@....x.~..Y.! ..q..N......YO.......Y.X.....{.>........[9n..Z.....5.5<8...N...-Fv..j`8Y,...]Y....1.L..|...w..[.<.....w....^.8.wm....xo.w.....y...}~..g.Gg.7l.......F|.%n..%X..A.O......]<dl.....(.8....u/(b3Y.AVdC.}7,....z....'..x.. .`..t(.....EwVb...^.*.U......[......7.....A.Z.us.:i.{.Oho..w|p.:...O.4.n.R..."........;..N......%;U..h7................(...TM.v...ju.=......{{..n...N....-{...{Ztk..b.i..j>...... ..(~Tn\.....".=.h.7...tW...n.4[..Eq;......g`.F..M.?......qV..T..N..$.l>O.sK.>...C..0..39aR.$>r......^.....FWol|....-....f..94.Q7..-.~1.o.d7.).;.......y....P...onWo..o.u......r.....}..............R.u.p6../X8..n....i.x ...Y".... .0.Y#..h%O..JR.5.p.{...eO..~P{...'..{}8.=..4i....;q..V.H...t....:y.!..l.*.]....o4...A....g.......E...>k........~..;-;...t..cn.=...........v..*/..o.z.<..C....Sq......q.5`V.....^.Q....B.qBf.\.9 k0.k............B.Eb..A...PW...|...........6.txV...

<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:45 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=d4afa0b190486942f6c8f8a68c37c38ea1486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT

Expires: Thu, 09 Feb 2017 03:14:08 GMT

ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a9082bc5984-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3

<<< skipped >>>

GET /stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=流量精灵&h=1&rnd=258009459 HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: hzs11.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 05 Feb 2017 03:31:18 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Thu, 16 Apr 2015 02:22:34 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /1234567890.functions HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: mrx9.ddns.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 404 Not Found

Server: Mini web server 1.0 ZTE corp 2005.

Content-Type: text/html; charset=iso-8859-1

Accept-Ranges: bytes

Connection: close

Cache-Control: no-cache,no-store

<HTML>. <HEAD><TITLE>404 Not Found</TITLE></HEAD>. <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">. <H2>404 Not Found</H2>.The requested URL was not found on this server..<!--.Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..Padding so that MSIE deigns to show this error instead of its own canned one..-->.</body>.</html>...

GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Fri, 27 Feb 2015 02:41:28 GMT

Cache-Control: max-age=2592000, public

Expires: Sat, 03 Feb 2018 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 33287

Content-Type: application/javascript

X-Varnish: 5324554 4751826

Age: 131606

X-Cache: HIT

X-Cache-Hits: 1477

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

............yw.../....".G..%Jl..'.!<....x.....h/L.$N"..d...o...*....s.[....E.P..k...y....w....m....^..O.,8yqq.........Vw.<..VKu..2.Q..[|..6..., .......t.w....D....J..l.E..q]..'.U~7/NO.|.....f....Q..W...X...j.\.a.P.4...2K..nV.'.....f..........m..Irr?[...~....)...M...,O....._...............'.Mg[U...ds.E.............2KvjL....TM...(....i.tP.h...^.6..D]..4.~{..n.Z.....A.y...yj.U.........*....A-.._.W....^}............|.V..l.=;W.....^...o..|2S.................-G..z...0a....p.h....].[m.......=O...d7./.n..f.<. l..{Y2...n....Uv....|.....2..s.t....G....jeX...$..T.ULi$.b3)8k.......14......#..)....y5/*=."..a.T.z..-)Y.E.n.%Wi;.S..._....l.D.KI.4.zyO..q.......G.........g...X....Ay..;...)Oq.2....,.&].....v.k........2.....h..G.~....]......Fz_.c.%0..A...]....?.....Q;..8....!.b....Pc:.v".....N.4.....f..Q.?.......H.%........R.TW.....a'...7.~f.5..{.B.$...hF.Md.N.....r:@E.[.D.E.. @........h2.G.R.~&.(....S......l)sM7.5.S5..A.. ....O.%....... N...Mw...4d4..u..i.....j..\..p.J5.hR...D.MB.<.W..........A......X......>%(.y..m./..1.\...Me../...x.Z.....]..C..$ZD......S.._3Q.}K...4J.(..q.yz.Dt........ofYK...RT.l.l..g.U.....X..W...Q..y.y...II.k..U.pig.[J.......qF..'..*/...l..;}*[.m..A$..?=.\..L...{...-P^v.....o.^....~...*S..{.[./."@.4....!..I2[X.7-o..;Y..M.[_Z.8.z^....Dg...x:....Q9...N.o.J......l......0.....L.....l3[...J....u....E.,.9p...$.@..G..W.........P......|.Mk....juo..Ll5....%.}H.=...2.{...cwf..N.',.`|Y....9./.k2,.|..-F...tS$7.bNH5.........d.Q.P..c............u..|..r.....qn.... .....A.B.....AlP.Ly[.....l/..DF...........]M.

<<< skipped >>>

GET /harga-sewa-mobil-solo.html HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Sun, 05 Feb 2017 03:31:36 GMT

X-Pingback: hXXp://sewasolo.com/xmlrpc.php

Location: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:36 GMT

Content-Length: 0

Content-Type: text/html; charset=UTF-8

X-Varnish: 6606142

Age: 0

X-Cache: MISS

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Connection: keep-alive

HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:36 GMT..X-Pingback: hXXp://sewasolo.com/xmlrpc.php..Location: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/..Cache-Control: max-age=2592000..Expires: Tue, 07 Mar 2017 03:31:36 GMT..Content-Length: 0..Content-Type: text/html; charset=UTF-8..X-Varnish: 6606142..Age: 0..X-Cache: MISS..Server: Rocket Booster..X-Powered-By: Warna Web Accelerator..Connection: keep-alive..

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Sun, 05 Feb 2017 02:35:27 GMT

Expires: Sun, 05 Feb 2017 03:35:27 GMT

Last-Modified: Sat, 04 Feb 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 541

X-XSS-Protection: 1; mode=block

Age: 3366

Cache-Control: public, max-age=3600

0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170204010002Z..170214010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U........0...*.H...............2;..{......h........u<...uyR .Ixm.O.........M..l..c.I..R.QQ...5......xF|.9.....]..j.._..^.-...c.. :..F......Z.t`.%z."..=.[~.....R.*.&...b7..9....XQbr..B.....0...&{.g.p....%.^X... ..$9...d.@.......x..l...*.....v.$..up@..=.jT..^..;^..@.........gG..I.....V9HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sun, 05 Feb 2017 02:35:27 GMT..Expires: Sun, 05 Feb 2017 03:35:27 GMT..Last-Modified: Sat, 04 Feb 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Age: 3366..Cache-Control: public, max-age=3600..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170204010002Z..170214010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U........0...*.H...............2;..{......h........u<...uyR .Ixm.O.........M..l..c.I..R.QQ...5......xF|.9.....]..j.._..^.-...c.. :..F......Z.t`.%z."..=.[~.....R.*.&...b7..9....XQbr..B.....0...&{.g.p....%.^X... ..$9...d.@.......x..l...*.....v.$..up@..=.jT..^..;^..@.........gG..I.....V9..

<<< skipped >>>

GET /css/lrtk.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:49 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 03:50:47 GMT

ETag: W/"8055f623669d11:0"

X-Powered-By: ASP.NET

Content-Encoding: gzip

Expires: Mon, 06 Feb 2017 03:31:49 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

438.............VAS.6.>.....c:.T.v...92ez....SF..[.l.Y&....je9.Mh.79.Z....~.Rn.IV..../..hI.$...H#..D..G$..|F...s./H.9I..d.tA..KVsC$.x..(...Uc.*..[C5.." ....F.NLN..[`.~.KAu&...{kT.1Qf.Z)....Z.&X.B.].....V.Z.........Z....i..OR.<...rc?N..M5.?{.TI....lf....0%{...Z.M.Mr../...H.I.KQ[7f'yR...%...x..S....F..G.p....._G........@.Di.n.L...r...-K....?..-.J.......#(.k....2..6...I...'a.[>....Qd...u%.-..2Bl.39...E....*J..9?..b..s...*.........{./?...........O.VM..h...LnDA3^.<?/...E.q=....V$.........-. 1."..M./...a........M...h......4..C.......F. .YBV..CvE....-._...l[...J.H..c........B."W .z;.g~.............3G..rz.uv}..C.ac..q...D1v.(...M.E.&...[.@'.G\{~.....9]z.O..............@....u.m!K'i..]7..3..ge7*...M$I....OP.Z.a.D...e. <>>.s........u.u......l..v..g...:.......>... .....QJ;...;...w...8.r..|k...C~4..H...o...H..B...?K....s...(O....g'....].]u......&...........tt..Y...0.H ..A{N....u..GW.....0......?a...._*.&. K.16r...!.....m{.....f.6....!..k......^1.j.M..g.Zl9;........y..qb..y][.....K....&.?.K....?...*...yxu..z..]...j......N`........H....M._.........Ak:.f. .X....}70.$G>...8....P%..8.....0......

GET /templets/default/js/ie8.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 789

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:28 GMT

Accept-Ranges: bytes

ETag: "03a40933869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

...ready(function () {.. function createHtml() {.. var oBox = document.getElementById('top_box');.. var oNav = getByClass(oBox, 'nav')[0];.. var rootUl = oNav.getElementsByTagName('ul')[0];.. var oUl = rootUl.getElementsByTagName('ul');.. for (var n = 0; n < oUl.length; n ) {.. for (var i = 0; i < oUl[n].children.length; i ) {.. var oli = oUl[n].children[0];.. var oi = document.createElement('i');.. oi.className = 'ibk';.. oUl[n].children[i].appendChild(oi);.. }.. }.. }.. if (window.navigator.userAgent.toLowerCase().indexOf('msie 8.0') != -1 || window.navigator.userAgent.toLowerCase().indexOf('msie 7.0') != -1) {.. createHtml();.. }..})HTTP/1.1 200 OK..Server: wts/1.1..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: application/javascript..Content-Length: 789..Connection: keep-alive..Last-Modified: Wed, 17 Feb 2016 04:06:28 GMT..Accept-Ranges: bytes..ETag: "03a40933869d11:0"..X-Powered-By: ASP.NET..Expires: Mon, 06 Feb 2017 03:31:50 GMT..Cache-Control: max-age=86400..X-Cache: from WT263CDN.....ready(function () {.. function createHtml() {.. var oBox = document.getElementById('top_box');.. var oNav = getByClass(oBox, 'nav')[0];.. var rootUl = oNav.getElementsByTagName('ul')[0];.. var oUl = rootUl.getElementsByTagName('ul');.. for (var n = 0; n < oUl.length; n ) {.. for (var i = 0; i < oUl[n].children.leng

<<< skipped >>>

GET / HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: songhaiyouhong.blogspot.com

Connection: Keep-Alive

HTTP/1.1 200 OK

X-Robots-Tag: all,noodp

Content-Type: text/html; charset=UTF-8

Expires: Sun, 05 Feb 2017 03:31:57 GMT

Date: Sun, 05 Feb 2017 03:31:57 GMT

Cache-Control: private, max-age=0

Last-Modified: Fri, 27 Jan 2017 04:54:12 GMT

ETag: W/"50401b8047fb190437946c475bae5313f38b1f2f5ddb23c28b8b5b2024efbf02"

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 27378

Server: GSE

.............s.9.(...W..n........L{eYnk..<...n...H...I...(Y.....^\........fv6f/.?...2.@.P.$e...y.....$..D"3....zx......6..#....'...(W*.6. ..'....O.>a5...C......3...0..*...s.|...A..E.=B.a1.X.....{....TI....Q.....h...iP.....Adju.l........ .j.Y..G.....C{an.$.8........Mp....;....$t&a..:.......C.......Qy...j..e.....<{..b..*) ..7.8@..=v...3q|;.|.:r'...w....7..m..............}..\.~......|-..j...=p*...v}..b..x..k.b..n....'v...:..NG./t.I..3^...77........{O......X..A...b,.P.......A.....(4.5...`.:/..?...P}.jIb.8>t.ca..!T xWp..Oc.Q.ol4.[..v....5.`cg.......S.U....N............NB.....Y.^._..g.... .V..9....{.C.....C...]..".3..RC.H2u...]....?....`..urV.n"c..[..k......cw..{...M...Xb....I.7Y......M.....1.....Y..L..gv`.`..Ah...w...[gF...|..{..&.e ....lj.m..9v&3.._'......,.e.......8....c.<..=.d...a.`.J.........ju.~...[#g2......M.y.......`....oE...}...X._.9..Nw....I.Xx`w.!...!..}.;t.&....1...!.0.....5^..R...V$...z.Lzn.M...@.wO......<...s.M.J7..........',(r:k..!..n..V9w{..Fy.Q.om.0..y.).=.@.q..*n.......*.,.z...$.Vq?.}....=|.N..5{<.....t.U.i..7;.~.....;;.F..Q....5...qt.)....)._9x.N..B...px.V.....Qv...#...f...3.........bu..g<U.....cQ:...>..>.D.G.....?.F...@......G@FP..Oz`.N......(.w.;a..a?.C...^..d../~..:....m..%..9g..e.u.....3.k.c..1Y..]..j...x....g..<{...B...........M..i...1.Cq........3...&....M....}.......!...h.Q0p'-..S..s'.V.]..v.:..p.Al...hdO.l.aW~..vW.R.......@.<..I...\D...0c.>$8.<.. .9v(T..Q.}...&.>{.....w0.E.T..............Q....#..Ad.&.....{6a....N.V.~.S./............PP..V.p........

<<< skipped >>>

GET /css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Sun, 05 Feb 2017 03:31:14 GMT

Date: Sun, 05 Feb 2017 03:31:14 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

16e..............Ao.@.......I..../.5 V1X*.bV...,..`..^hj..........|o.....@...%.>...2.PZh.`...j...d..A..5D_......A.e.-.,. lAT>.Q.9..R...KH(2L.*..c..gU-.fb...q..lk.c....%R.4...n.4....c=a0...8.0.....Uw.q*.u...L..Ui..J....g......j.._..s...g..{P-n..JB.W....{a.,.|.E.K'..........5......v..OW..t.f.v..B.L.y(...7.3e*!..B..;.......?.Aa.-....L;$:.......M..F.s~z7wUs.........sx.......a.....YJ.......0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:14 GMT..Date: Sun, 05 Feb 2017 03:31:14 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..16e..............Ao.@.......I..../.5 V1X*.bV...,..`..^hj..........|o.....@...%.>...2.PZh.`...j...d..A..5D_......A.e.-.,. lAT>.Q.9..R...KH(2L.*..c..gU-.fb...q..lk.c....%R.4...n.4....c=a0...8.0.....Uw.q*.u...L..Ui..J....g......j.._..s...g..{P-n..JB.W....{a.,.|.E.K'..........5......v..OW..t.f.v..B.L.y(...7.3e*!..B..;.......?.Aa.-....L;$:.......M..F.s~z7wUs.........sx.......a.....YJ.......0......

GET /css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Sun, 05 Feb 2017 03:31:57 GMT

Date: Sun, 05 Feb 2017 03:31:57 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

1c0..............]s.@...{....3E...r. .W......, ...."b....j;.N.c..v..g...s....<.\....a..Z(.jRXx.$@#i._Wo.....U@.&>..Ns..%S.(..Y. ...AZ.....?K..7uqFaR&.....E.......2..j...S>:t.~v....o.U.....*...Dv.....O..m#....Gb/..N..C...?}...V-w..m.[..=P:...5...2...,V.e. ......96.....Vp6.k.H.&..[.j..e..a...O...o.s....d..v...Z...)....0H..d...G......h..5Y%3n....e.e.............K..o....ui....}.......h...a6G.C........}*r...4.7.......5:{..@*co.d>l......x.....3...S.;.......a......,.......0..

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:45 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=d11022d4d0b1d2b32de0b161cc05690c31486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT

Expires: Thu, 09 Feb 2017 03:14:08 GMT

ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"

Cache-Control: public, no-transform, must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 32c34a9092af5996-VIE

0..........0..... .....0......0...0.......M........u....%...G..20170205031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|......S.."........20170205031408Z....20170209031408Z0...*.H.............i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3

<<< skipped >>>

GET /CRL/Omniroot2025.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sat, 16 Nov 2013 06:15:02 GMT

If-None-Match: "200da-5b6-4eb453c33260e"

User-Agent: Microsoft-CryptoAPI/6.1

Host: cdp1.public-trust.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Date: Sun, 05 Feb 2017 03:32:02 GMT

Etag: "200c0-cba-546dfb468d5d3"

Last-Modified: Tue, 24 Jan 2017 23:45:01 GMT

Server: ECS (arn/45A4)

X-Cache: HIT

Content-Length: 3258

0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root..170124185021Z..170421185021Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..130130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140212185542Z0....'yr..150701184507Z0....'#...100303201301Z0....''q..100414175202Z0....'L...110224181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..101208175749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..110815145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...120111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....100216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..101208175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...111207220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...130123162633Z0....'....130904190524Z0....'....131024214319Z0....'....140129172435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...140709171930Z0....'/:..141119193302Z0....'J...150603184605Z0....'k...150603185020Z0....'k...150603185058Z0....'k...150603185131Z0....'k...120111220827Z0....'8...140716191203Z0....'....131219195909Z0....'....140219171545Z0....'k...151105070000Z0....'q...160126173

<<< skipped >>>

GET /js/adv_out.js HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: st-n.ads1-adnow.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.8.1

Date: Sun, 05 Feb 2017 03:31:57 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 31 Jan 2017 15:33:47 GMT

Transfer-Encoding: chunked

Connection: keep-alive

ETag: W/"5890ae5b-3136"

Expires: Sun, 05 Feb 2017 03:36:57 GMT

Cache-Control: max-age=300

Content-Encoding: gzip

1431.............Z{w.....O.u.r. d......M.'.L..&...0....l..$...~..Uw..8...91..~Tu...X\.u..f..u..>.O.4.....~..#....:..W.....}w....?\|...._.....?../.z>.....M8.F..8I.w.........gG...ys.....q.o....q...Y..Q.0.V0.....j.?2..WuMf,.....k.|:J.'''m.s.....:3V .l.x/>.tly<.u....a.E1..!..........w..^.i.C....:..h..=o.8.k.<....g.......T.J.'...@)ZX_N.N.i..)..B>..t..2d4..[`.LW.y..jx..ysZe..3w<k.S....s_w....a.J... ......Z.4y.p.F.l.u-.&...w.6?..im.H...:.e...;O...Y.E.....Wa..h..........r....Fc.[p. L5#.7v\....L?........[e.suf..9n.h.....o^....T..F:..E.,..(.ET.....wu0N...6..H.....a.o.....u......is..J.ZG3...ay,.u.....st......].9.j....(5.9.y...~.W..E7....M..L...4..]....b!.iu.eyVM.9N;{'..a....y .u.yNio.%...............}>?.&3P~........7....1.94....UHa.F.B3...k....*..&.H..:..FW.F..N.}.@.......).....$... ..mH. .....Y=;F...J.........-.k.F.6..`.WR...[xBl..#.z.....5..8).... ..fp..).....^.#..|.}zx.n..K.).{Fj9~X.X~...#p...!.o......G -.%..p<kg...um......O.$...E...c...$...1....-1.....=<p.S.._.......awl...=l.....`.=...[.p.P.M..Z1..=..$..[..T.....M.P..g..(.jN0.|.....>HR...*N^h..ZWci......)..|....j.........R.E...UA..)-d_...$Y...F.x,.x...Z..j\!....X...jx...7"*j.?~ .D..........k...Z-.E....hTa*......wG.i.4.Bn..l.6/.hc).|......P8X^.....~:^...../....n.?.....6}...8......V.......X..6-.a...Z.|...a.:....>a>.p.]hXfE.!dL......yl&o.U..hf.....".W.Y.0...Z..~....."*.;'*..x.7;..#...,z...a..>.Y. @....zR\Yn$l.7......k...Cg(..3....Z K.....37.^..^....:...b.......,.m$ .p4......P..g`...g-.|.3.|r-.....{..9.-.ca....:j...p.q.....[-(N..m

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= HTTP/1.1

Cache-Control: max-age = 363986

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sun, 17 Nov 2013 16:06:48 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1454

content-transfer-encoding: binary

Cache-Control: max-age=446216, public, no-transform, must-revalidate

Last-Modified: Fri, 3 Feb 2017 07:24:47 GMT

Expires: Fri, 10 Feb 2017 07:24:47 GMT

Date: Sun, 05 Feb 2017 03:31:21 GMT

Connection: keep-alive

0..........0..... .....0......0...0........FC..&..<.0...Y......20170203072447Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..%...0a.. ...M|......20170203072447Z....20170210072447Z0...*.H...............gV.v.k.W.m..$[.o.n{h...uW`..<.Q...s...7..;a..Mn`.2....h,e;.........<6....>..cF....y.N.......L-b[.'`.z.78y..H..!^.s.v...l..a....Te...........VdQW..?.XO..Tg....T.....Z..u.{..j.....!..MPS......a......5c.[..#.....,.9......^\0.J|.... ....[.;1z....0.c.`..>........0...0...0..4.......My_e.\....'....j0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...161122000000Z..171214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 50.."0...*.H.............0.............4..IP.....B..h.....]..).]w.!"..a..{...="....._...~.s1.E.......;...6&/...\2..A....\..T aH:.8lH^.....l.v.$...K=sZf.*.|.%.Pb.......B..*f.T\w.:.s.... ....9..4..cV...3.qc.c..j<.f.....>1X.I...P%?.........5R-....Ca14..X.U....u.....:.z.\.k..b.E.v..,.J................0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-OFF-470...*.H.............G..\..R.P..e]...N.....m.....4f......b4"8v..b.R....`.Auz..........2=...@..........5..cWh....J......r...g.h......Kw'...j.@...x.....

<<< skipped >>>

GET /qconn/wpa/button/button_111.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: pub.idqqimg.com

HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:51 GMT

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:51 GMT

Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT

Content-Type: image/gif

Content-Length: 3534

Keep-Alive: timeout=60

Vary: Origin

X-Cache-Lookup: Hit From Disktank

......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.

<<< skipped >>>

GET /css?family=Tangerine:400,700&ver=3.9.2 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Sun, 05 Feb 2017 03:31:57 GMT

Date: Sun, 05 Feb 2017 03:31:57 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

101..............[K.0.... r..LS......-..d:....%mY..&]...w. "(.^....}..h.%...z.|."W...=..(s-.A.Y.(A.6e...[.<...Gq.z...(.......@U. snK.j.l.Z.\.#n.d...h.QB.m......m2.jSQ8?.O.._.4......U.7uT.)....(.............B.FF.[......./6S[.y}9zZ..Sy...=...3..w.4;...f.z...........a....J.Y.......0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:57 GMT..Date: Sun, 05 Feb 2017 03:31:57 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..101..............[K.0.... r..LS......-..d:....%mY..&]...w. "(.^....}..h.%...z.|."W...=..(s-.A.Y.(A.6e...[.<...Gq.z...(.......@U. snK.j.l.Z.\.#n.d...h.QB.m......m2.jSQ8?.O.._.4......U.7uT.)....(.............B.FF.[......./6S[.y}9zZ..Sy...=...3..w.4;...f.z...........a....J.Y.......0..

GET /core.php?web_id=1189654&t=z HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 763

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:18:38 GMT

Last-Modified: Sun, 05 Feb 2017 03:18:38 GMT

Expires: Sun, 05 Feb 2017 03:33:38 GMT

Via: cache1.l2nu16-1[41,200-0,M], cache16.l2nu16-1[42,0], kunlun7.cn9[0,200-0,H], kunlun8.cn9[1,0]

Age: 760

X-Cache: HIT TCP_MEM_HIT dirn:-2:-2

X-Swift-SaveTime: Sun, 05 Feb 2017 03:18:38 GMT

X-Swift-CacheTime: 900

Timing-Allow-Origin: *

EagleId: 77bc604814862654783473720e

!function(){var p,q,r,a=encodeURIComponent,b="1189654",c="",d="",e="online_v3.php",f="hzs11.cnzz.com",g="1",h="text",i="z",j="站长统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="1",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=" f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&k["callRequest"]([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnzz.com/img/" c ".gif",p="<a href='" q "' target=_blank title='" j "'><img border=0 hspace=0 vspace=0 src='" r "'></a>"):p="<a href='" q "' target=_blank title='" j "'>" j "</a>",k["createIcon"]([p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Type: application/javascript..Content-Length: 763..Connection: keep-alive..Date: Sun, 05 Feb 2017 03:18:38 GMT..Last-Modified: Sun, 05 Feb 2017 03:18:38 GMT..Expires: Sun, 05 Feb 2017 03:33:38 GMT..Via: cache1.l2nu16-1[41,200-0,M], cache16.l2nu16-1[42,0], kunlun7.cn9[0,200-0,H], kunlun8.cn9[1,0]..Age: 760..X-Cache: HIT TCP_MEM_HIT dirn:-2:-2..X-Swift-SaveTime: Sun, 05 Feb 2017 03:18:38 GMT..X-Swift-CacheTime: 900..Timing-Allow-Origin: *..EagleId: 77bc604814862654783473720e..!function(){var p,q,r,a=encodeURIComponent,b="1189654",c="",d="",e="online_v3.php",f="hzs11.cnzz.com",g="1",h="text",i="z",j="站长统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="1",n=l "//

<<< skipped >>>

GET /wp-content/themes/dream/font-awesome/css/font-awesome.min.css?ver=4.2.12 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Fri, 03 Feb 2017 14:57:48 GMT

Last-Modified: Wed, 13 May 2015 16:18:58 GMT

Cache-Control: max-age=2592000, public

Expires: Sun, 05 Mar 2017 14:57:48 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 5042

Content-Type: text/css

X-Varnish: 8474625 7832084

Age: 131606

X-Cache: HIT

X-Cache-Hits: 1043

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........\M...q..W.wC..EWO..]..V.C.....V..|.I...$........n.D....z.{...i......D..>.._.e......6....VUb..O....e.S......e.\..i..?......T.............&.K_..=....._..../.v..........~..u..........x...dy9~p...?<.:;v.......`.>v."R...P....._....C...(....M....7.?.*.y...jDm.........E....w...S{cPs.;....>.....z-N].u......'.E....kWS.E.....|./.[.......KY.eZ....z.b..l..~f.`)}....}......W....._...;....<IK..])e.}]m$/%oE......j_o1'./m.K...,Oo.'.........8..|....g...-......d.?.}$.A.....UX.....p..7a..../o/27g;.d...ur.#..bx.. F....o..s.r.R....Xq}...Wro..]./..U[:..U.....K...V.....%7...QP..V....}..I...'EF5.....J..b....o....H...O/y..s..O6...-.P..#....ao ~.B......Z;..]...R.U} J...../w.......A..U=P..i.a8.T.l.Y.._y-..r..k.I..u!ki..Q........u.$....h....?..3.....G..7..C.N..q.w.0.t.9...........M.P.<<....d;6Z.d~....\....5.....jUa....2.k?...*..}z...0...j.u..p.l.;.....v..#U.*.Q&..9...(m..QRe.b0..l.g..7....7...E%.V..~.@>.m..n.<......K....[.k.....W...v..YL....2K...vu..........5..gO.].#.5...N......'..y%.....d.w.?.w.x...4g."...{.......g.. dm....L.J..,../>..m........lt.......?.......6.Z.?.3D$.B.G.6.]*.Z.....@...z9..7...#...k..a7.[.T.~?......'.1...Z~...M.....,.'......z.1...J.N...^......l.....V....'I.^lddO..DD.l.%Dx......{...{.X.....3...=.......Z2........F ..zO.\..e..i...}YfRgn@}.....5...%.T.B.g.3|cg......x.Y........."m.E..F....&x..I<C.b.zO....2.z42ys....9..x.f..o#|N..Tl......(....3.C.&. ).C..D.=...[{..J......L.1~..{...X..d.y..b.mI..G...Q......6...kEv.9W.=.l.....P. ....i...Q. ..].....C...5..@....`..L.rQO...LP4m4..(.S.Y

<<< skipped >>>

GET /wp-content/themes/dream/js/jquery.cycle.all.min.js?ver=2.9999.5 HTTP/1.1

Accept: */*

Referer: hXXp://sewasolo.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:07:19 GMT

Last-Modified: Wed, 13 May 2015 16:18:32 GMT

Cache-Control: max-age=2592000, public

Expires: Mon, 05 Feb 2018 03:07:19 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 8430

Content-Type: application/javascript

X-Varnish: 8474626 2547585

Age: 1436

X-Cache: HIT

X-Cache-Hits: 173

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

...........=ks.F... .J.. ....[R..y...$.%...zuU ...A..@S2..~.=o.|.V...D.fzzfzz.9.]~y.r.t...*...o.&I..IVwq...q9w~.....8K.o.Y..c...w..b.D...Sg.MV.(-C....3/......o.....b..M....{.D..d..<...N{......;....C.y.....(/........z_9...}..'...@.].....(-...J.Q......./4..|....z.`...To^....).m..Q1.....=...,w...r..l.g.t..n.{.9P)....0w>Dy.....x.>.A_.,/. ...t.-.I\>...{.<[.Q.[.q...^.i4^....!t..G..Q1K2..)`|'.u.N.5.2-.$....=.`.s.}K.n..."....2...|XF.wY...I...;Z..s....y/._.o..{.[. X.@.%J.&..U.:Q....Av#=x..-..<.a.i...bX...WDI4)....w.v...;. .$QzW......@t..E.-]...4.~........4.o_...Y..X.9...8.s.$.F.<[.lt...m....ke.......c#1].....VY.)...n.|...H....Y.l....9;..V..v..N..!..[=...(.......e..a#$...nD/..7R.@.`.;"b....z..........w......`..vkpf#.Z4..%^D..d......zT .t.qU..0?..C.....%8'...............v.G-...7...4........".xzwQ.&"B.....`1k..,sf.Z0..6.n!Wv'.n..W..k.Rm..'.....!.P.7..."*.0/.`4..m.8]e.....a.......Y........S.m....3^>.'..a>-h..7.Q....4J........>.C..#...Y...S..!.4..F(.4..p..%.....l.w.i...3.l...X...MT.?..@...O....uN...|..]..X.rV."...3.bV...#yU....g.5-.._v?..E..5... ....x9.E.....m.y...)..2.X...<..M..V...$a.u.3Z..*.... ...#......$..a.I.$pa/.y.... ...)....G.Y..9#{.....v...W.Z.2E...B....{...F....G.X.o.........^o.*...@evw.D@.....{....a.4.G...`9....8.].%..h....i...l}....s......K.?a.y.A...>wx2?...B,..n...GzI......h......N.....m.a-a;......3...;i..w)*.7....X..t....H">>a..I.5.y....N?..$....g..L........r.jcH..;...! ....l.{.....U.Q..$..y?o.m.....F.8.9.]...(.\).zYJ.7....@.Ug..D...gM].............X|j.>.......;.^.

<<< skipped >>>

GET /tag/sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah/ HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: sewasolo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:46 GMT

X-Pingback: hXXp://sewasolo.com/xmlrpc.php

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:46 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 46612

Content-Type: text/html; charset=UTF-8

X-Varnish: 11095906

Age: 0

X-Cache: MISS

Server: Rocket Booster

X-Powered-By: Warna Web Accelerator

Accept-Ranges: bytes

Connection: keep-alive

....................4.wH5mH.NWo@.$.`.Ii$..D#..;v..-. .*..,..FS3..g...p.X.#<.. ..M.P._d......._..O_......Z.....z.9.]m....I.....I........n........n.?.6.....,...........fU.C3.8....6....|Wo..'...~...Iu...fgp..b\.X4...f.?N.v..m...7..yq.o...u.7..'...m7.I.2.{qb.....g].<.s.;.L......YG......Mwv.m..l7...l...P..v.4/_.L.m7o7. ...i..........c..^M..4....P....nY.....U....Y........O_|.M..O...<..........>.|~N.z...f....V......g..<.n.v?V...y.........5=.......iM...l....f........w.9...`jv.mwgw.G/.........-...3..|..S..j.jh..2.w....?5....W.yu..]=.......i.........L..^.... .V].0.j...;.Jw..|...M..v....X......003x>.....n`f..........s~R.....L.}...8.7.L765.....t4...v...f..a....}N.*2..V..[=...G......?q............e.........:.V.y.6.*ZWa...S.]=.*..?......c....a.......q.......S.....fQZ:..nG..."_v.....`.n,..^..u..P/....,.....'x.I..O...}.[t.g?...mw..j...sC........?....*....q>.........^6.......8...q.......8?9=1.2......1tS...<...YD...-.....................`6.Nv....M..............5...v70.......G.s.................dc..M.s.c..L..<:]..9[6.......~..}|r.8y...........gF...`H..... _...I.]..ON.......E..j..p.#........./^.P....Wcoz....._.a..[4.__?......O/.N../.>:.8.xtzs6v.1S...........q..q....c..........W/^,.._...[?.....wz..la~........_].......v.=......5TV...s..-7|.`...........G..gf.....U.Y||.......Kx...Qpx.....7....0...&.2<..~._.........>.......?..7...^....o.x...g...0/.#x.....K........g.b........Y.M.....>>1_..6.o.za.....W..Nk..1.K7#n..X.....I...G.mI...n26F..-..SVy.F...W..:....,4;n.#..f.............5.......g.g..|....

<<< skipped >>>

GET /js/jquery.tipsy.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:49 GMT

Content-Type: application/javascript

Content-Length: 7388

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:13 GMT

Accept-Ranges: bytes

ETag: "80684f8a3869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:49 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

// tipsy, facebook style tooltips for jquery.// version 1.0.0a.// (c) 2008-2010 jason frame [jason@onehackoranother.com].// releated under the MIT license..(function($) {. . function fixTitle($ele) {. if ($ele.attr('title') || typeof($ele.attr('original-title')) != 'string') {. $ele.attr('original-title', $ele.attr('title') || '').removeAttr('title');. }. }. . function Tipsy(element, options) {. this.$element = $(element);. this.options = options;. this.enabled = true;. fixTitle(this.$element);. }. . Tipsy.prototype = {. show: function() {. var title = this.getTitle();. if (title && this.enabled) {. var $tip = this.tip();. . $tip.find('.tipsy-inner')[this.options.html ? 'html' : 'text'](title);. $tip[0].className = 'tipsy'; // reset classname in case of dynamic gravity. $tip.remove().css({top: 0, left: 0, visibility: 'hidden', display: 'block'}).appendTo(document.body);. . var pos = $.extend({}, this.$element.offset(), {. width: this.$element[0].offsetWidth,. height: this.$element[0].offsetHeight. });. . var actualWidth = $tip[0].offsetWidth, actualHeight = $tip[0].offsetHeight;. var gravity = (typeof this.options.gravity == 'function'). ? this.options.gravity.call(this.$elemen

<<< skipped >>>

GET /templets/default/js/jquery.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: VVV.sdcysoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: wts/1.1

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: application/javascript

Content-Length: 277976

Connection: keep-alive

Last-Modified: Wed, 17 Feb 2016 04:06:29 GMT

Accept-Ranges: bytes

ETag: "80d0d8933869d11:0"

X-Powered-By: ASP.NET

Expires: Mon, 06 Feb 2017 03:31:50 GMT

Cache-Control: max-age=86400

X-Cache: from WT263CDN

/*!.. * jQuery JavaScript Library v1.9.1.. * hXXp://jquery.com/.. *.. * Includes Sizzle.js.. * hXXp://sizzlejs.com/.. *.. * Copyright 2005, 2012 jQuery Foundation, Inc. and other contributors.. * Released under the MIT license.. * hXXp://jquery.org/license.. *.. * Date: 2013-2-4.. */..(function( window, undefined ) {..// Can't do this because several apps including ASP.NET trace..// the stack via arguments.caller.callee and Firefox dies if..// you try to trace through "use strict" call chains. (#13335)..// Support: Firefox 18 ..//"use strict";..var...// The deferred used on DOM ready...readyList,...// A central reference to the root jQuery(document)...rootjQuery,...// Support: IE<9...// For `typeof node.method` instead of `node.method !== undefined`...core_strundefined = typeof undefined,...// Use the correct document accordingly with window argument (sandbox)...document = window.document,...location = window.location,...// Map over jQuery in case of overwrite..._jQuery = window.jQuery,...// Map over the $ in case of overwrite..._$ = window.$,...// [[Class]] -> type pairs...class2type = {},...// List of deleted data cache ids, so we can reuse them...core_deletedIds = [],...core_version = "1.9.1",...// Save a reference to some core methods...core_concat = core_deletedIds.concat,...core_push = core_deletedIds.push,...core_slice = core_deletedIds.slice,...core_indexOf = core_deletedIds.indexOf,...core_toString = class2type.toString,...core_hasOwn = class2type.hasOwnProperty,...core_trim = core_version.trim,.

<<< skipped >>>

GET /b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/ HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: ic.tynt.com

Connection: Keep-Alive

Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519

HTTP/1.1 200 OK

Server: nginx/1.10.1

Date: Sun, 05 Feb 2017 03:31:59 GMT

Content-Type: image/gif

Content-Length: 35

Last-Modified: Fri, 16 Apr 2010 15:38:20 GMT

Connection: close

ETag: "4bc8846c-23"

Cache-Control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"

Expires: "Sat, 26 Jul 1997 05:00:00 GMT"

Set-Cookie: uid=CmUMK1iWnK9eI1ja1raBAg==; expires=Mon, 05-Feb-18 03:31:59 GMT; domain=tynt.com; path=/

P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"

Accept-Ranges: bytes

P3P: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GIF89a.............,...........D..;..

GET /css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2 HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Sun, 05 Feb 2017 03:31:57 GMT

Date: Sun, 05 Feb 2017 03:31:57 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

171..............Oo.@...~...I.DJ./J...............H.~.JSmL....q........8".kB......B.."(.I..@s..-..]Lr.. ...DG5s..GD.1L.......D..)....(...x..E...............].qa..<.t.......S...L....5..r..J.g..RT7..Z..nu..~YR).U..*...7..p17.bd..O.:W...H.s....R.1.y.^g.F]4.....3...M.W......D>...@.|u..w.*.p.z.HS%/..a"..}S...l.a.r.*.(]X.f..o.~....(...!....1..3FZ.4...z.N....us....o.n...#.........a.....O/.......0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:57 GMT..Date: Sun, 05 Feb 2017 03:31:57 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..171..............Oo.@...~...I.DJ./J...............H.~.JSmL....q........8".kB......B.."(.I..@s..-..]Lr.. ...DG5s..GD.1L.......D..)....(...x..E...............].qa..<.t.......S...L....5..r..J.g..RT7..Z..nu..~YR).U..*...7..p17.bd..O.:W...H.s....R.1.y.^g.F]4.....3...M.W......D>...@.|u..w.*.p.z.HS%/..a"..}S...l.a.r.*.(]X.f..o.~....(...!....1..3FZ.4...z.N....us....o.n...#.........a.....O/.......0..

GET /pa?p=2:3313361925:51 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: wpa.qq.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Sun, 05 Feb 2017 03:31:50 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Server: tws

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..0..

GET /1234567890.functions HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: mrx9.ddns.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 404 No

GET /qconn/wpa/button/button_111.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.sdcysoft.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: pub.idqqimg.com

HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sun, 05 Feb 2017 03:31:51 GMT

Cache-Control: max-age=2592000

Expires: Tue, 07 Mar 2017 03:31:51 GMT

Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT

Content-Type: image/gif

Content-Length: 3534

Keep-Alive: timeout=60

Vary: Origin

X-Cache-Lookup: Hit From Disktank

......JFIF.....`.`.....C....................................................................C.........................................................................O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...k...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4........[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(....F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x........m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?.......P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..$............x....B.G....(......=;S../gJ<.N...JR..?.?e..|..u.K.

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ss.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1609

content-transfer-encoding: binary

Cache-Control: max-age=353267, public, no-transform, must-revalidate

Last-Modified: Thu, 2 Feb 2017 05:39:19 GMT

Expires: Thu, 9 Feb 2017 05:39:19 GMT

Date: Sun, 05 Feb 2017 03:31:32 GMT

Connection: keep-alive

0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....20170202053919Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C....6!..u.....1...oL....20170202053919Z....20170209053919Z0...*.H.............A.w.4[.....FWS..G,.>A_`.Mp...g........_._.".%g...~.M.<.......I....3}.6P..).. ....$......M.....EW.-.........`.v...o.E.....7.......).F_.....j..k?(\..g......U.].=]5j......>b'...4?...sW.C..H.O...N.....n.".#..g..=7.....^...'U..b.BM.....m.!4./:.\..s.9..............n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..170211235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCSP Responder0.."0...*.H.............0..........0........g........T.$h..=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B..4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>.....r.....j...

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ss.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1609

content-transfer-encoding: binary

Cache-Control: max-age=383774, public, no-transform, must-revalidate

Last-Modified: Thu, 2 Feb 2017 14:03:50 GMT

Expires: Thu, 9 Feb 2017 14:03:50 GMT

Date: Sun, 05 Feb 2017 03:31:43 GMT

Connection: keep-alive

0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....20170202140350Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C....L;........b.........20170202140350Z....20170209140350Z0...*.H.............X..AT.v.....yE..=y..........g..Y..0....Ev".^.=2>0..f..<...g.......3.........f$%..*}.wr.>.]..ERT...,..{.7.....9J..F`...NY.Z..aF>...xI#.Y['.....ne....>..D..=.xz>u.F....w/.......g..v<.\HzV.....f(....)..U..^...1.....Gf..;..C.8?.k.(......}=.0........t.....~...j...n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..170211235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCSP Responder0.."0...*.H.............0..........0........g........T.$h..=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B..4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>...

<<< skipped >>>

GET /v4/css/style.css HTTP/1.1

Accept: */*

Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: info.spiritsoft.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 05 Feb 2017 03:31:16 GMT

Content-Type: text/css

Content-Length: 806

Last-Modified: Fri, 17 Jun 2016 08:02:04 GMT

Connection: close

ETag: "5763ae7c-326"

Expires: Sun, 05 Feb 2017 05:31:16 GMT

Cache-Control: max-age=7200

Accept-Ranges: bytes

*{. margin:0px;. padding:0px;. font-size:12px;.}.body.{..background-color:#ffffff;. overflow:hidden;. line-height:18px;.}.table.{. table-layout:fixed;.}.#Div_Main.{. width:100%;. height:100%;. text-align:center;. vertical-align:middle;.}.#Div_Play.{. position:absolute;. z-index:101;. width:150px;. height:20px;. text-align:right;.}.#Div_Play span.{. width:16px;. height:16px;. margin-right:3px;. text-align:center;. color:#ffffff;. font-family:"Microsoft Sans Serif";. font-weight:bolder;. font-size:9px;. background-color:#d3d3cd;. cursor:pointer;. border:solid 1px;. border-color:#ece9d8;.}..PlayLoop.{..top:95px;. left:432px;.}..PlayLoopGJ.{..top:84px;. left:214px;.}..PlayBody.{. width:100%;. height:100%;.}...

GET / HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=88=C6CEKO82itAhdU0twN6URqunh6Sn9EPCs-teRRQ4QRgNCJP-EG6VgSTOkC7BafUzPUi-GjuRAoRi6F4Sx78Gd_cLieG7apk740DNnT0oV6phUdJTT3H8MUyjxWiFq3Dm

HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=UTF-8

Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ

Content-Length: 262

Date: Sun, 05 Feb 2017 03:31:12 GMT

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ..Content-Length: 262..Date: Sun, 05 Feb 2017 03:31:12 GMT..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ">here</A>...</BODY></HTML>....

GET /js/300/addthis_widget.js HTTP/1.1

Accept: */*

Referer: hXXp://songhaiyouhong.blogspot.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)

Accept-Encoding: gzip, deflate

Host: s7.addthis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 05 Feb 2017 03:31:57 GMT

Content-Type: text/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Feb 2017 16:20:58 GMT

ETag: "54622-5478e8ce06e80"

Content-Encoding: gzip

Timing-Allow-Origin: *

Surrogate-Key: client_dist

Cache-Control: public, no-check, max-age=600

CF-Cache-Status: HIT

X-Host: s7.addthis.com

X-Distribution: 99

Server: cloudflare-nginx

CF-RAY: 32c34addd40d595a-VIE

1b110...............z.......WA#...A...<)..-.i...=.Ng...........@.......ol......d'Y._...>P@.P5j.8W...v.dQ........u...h.MN..{I.m.u.....&N....O:..I.[.6..7..tm.b....O..#]5d.._..q.....s....6{b.....zv....u...7.l.jo.....c.q.e..L...2.........*\.g.G...^.no?..i.qo/.o..E..lV7.@.{.;...X....4.FW3.4.x.^GYp..n6a...z....F<.%.2c..H..L.\..~....k..d..Z.s..E..|(<M>..d.Qj.J:...........zG.$.?....&..W:o....*S......=G...S.:.r...~z.-.nOM.z.ZaN.e....5..ZS......c.M. .l6.O.._....P.*.........>.u.....)3...."....:.....U.....{....2.....0z....E..=.u....I.......|..,....._.:.......a63...`..?.Y.DD..&..n.o...[{j..4./...4....0........F..M.^E.5s.....g... H..hj...0.....H.x.q.}....&.= sw.......~...b1.m{>./..=.,t.A...X.2X.'.(...p..&:6t&....-..lg..mkb..j.l..........}.5....r.`<...h..x.`.0.!..'...Y......`...ab,.o...\..qh{.I..&.5q.'..'..G.`.O.C.....7...@b..:..3......|...#o.........._.c...r4./..._.......`..o..so>.N.....F.m.~1..o.. ...e.c'.......x9...E....0\..6....K../......h.1....`................s{...x..^h/......,{4..].}.....=.!.0...K.....~=.v83.`0...=....1........,G.?.O.....}.l8..3S..,..b1....b<....0 j.G....s.0.G.Q.9....,..5_,|7.....0..C..,..0./B..mob..X.0.......ht.x~........x..xa.\.H...Do....!......>...........K..0t.......Ck0v.h.;......0.,.q.N..3...g....9.s..h..G(.X:.r....U......X....-......0.....G5oa....Z...x....|{..@a<Y....`.,F...}>....hl/...`.X...."...0hg............Gv`[........{....7\`.....t..v..w...e...........0.4....}..... ...0X..........x.L.kw.......e..,.[.......,........9`.`.....C.b]..pi.@$\..kd......q..;.

<<< skipped >>>

Map

The Backdoor connects to the servers at the folowing location(s):

Strings from Dumps

jingling.exe_2472:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

tG

tG

SSSSSh

SSSSSh

SSSSh

SSSSh

t%SSh-

t%SSh-

uùu

uùu

8%ukP

8%ukP

8.uJIQ@P

8.uJIQ@P

tSHt.HHt

tSHt.HHt

t.hH_G

t.hH_G

.VVVVVSRSSj

.VVVVVSRSSj

tGHt.Ht&

tGHt.Ht&

spiritsoft@126.com

spiritsoft@126.com

updurl

updurl

requrl2

requrl2

requrl1

requrl1

requrl

requrl

(hXXp://service.spiritsoft.cn)

(hXXp://service.spiritsoft.cn)

rlurl

rlurl

sburl

sburl

1.2.3

1.2.3

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x

f=%d&v=%d&c=%d&i=%s

f=%d&v=%d&c=%d&i=%s

urls

urls

furl

furl

furls

furls

turl

turl

turls

turls

usefurl

usefurl

useturl

useturl

maxfurl

maxfurl

maxturlct

maxturlct

maxturl

maxturl

|%d|%d

|%d|%d

%d|%d|%d|%d|%d|%d|%s|%d|%u

%d|%d|%d|%d|%d|%d|%s|%d|%u

arr_urls

arr_urls

CoGetClassObjectFromURL

CoGetClassObjectFromURL

googlepinyin2.ime

googlepinyin2.ime

googlepinyin.ime

googlepinyin.ime

jpwb.ime

jpwb.ime

sogouwb.ime

sogouwb.ime

sogoupy.ime

sogoupy.ime

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

URLDownloadToFileA

URLDownloadToFileA

URLDownloadToFileW

URLDownloadToFileW

URLDownloadToCacheFileA

URLDownloadToCacheFileA

URLDownloadToCacheFileW

URLDownloadToCacheFileW

kernel32.dll

kernel32.dll

mscoree.dll

mscoree.dll

Please contact the application's support team for more information.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

.mixcrt

.mixcrt

KERNEL32.DLL

KERNEL32.DLL

GetProcessWindowStation

GetProcessWindowStation

USER32.DLL

USER32.DLL

operator

operator

inflate 1.2.3 Copyright 1995-2005 Mark Adler

inflate 1.2.3 Copyright 1995-2005 Mark Adler

d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb

d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb

PSAPI.DLL

PSAPI.DLL

GetProcessHeap

GetProcessHeap

KERNEL32.dll

KERNEL32.dll

RegisterHotKey

RegisterHotKey

UnregisterHotKey

UnregisterHotKey

ExitWindowsEx

ExitWindowsEx

EnumDesktopWindows

EnumDesktopWindows

USER32.dll

USER32.dll

SetViewportOrgEx

SetViewportOrgEx

GDI32.dll

GDI32.dll

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

RegDeleteKeyW

RegDeleteKeyW

RegCreateKeyExW

RegCreateKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegEnumKeyExW

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteW

ShellExecuteW

SHFileOperationW

SHFileOperationW

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

SHLWAPI.dll

SHLWAPI.dll

COMCTL32.dll

COMCTL32.dll

RASAPI32.dll

RASAPI32.dll

WS2_32.dll

WS2_32.dll

VERSION.dll

VERSION.dll

WINMM.dll

WINMM.dll

FindCloseUrlCache

FindCloseUrlCache

FindNextUrlCacheEntryW

FindNextUrlCacheEntryW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

FindFirstUrlCacheEntryW

FindFirstUrlCacheEntryW

HttpOpenRequestA

HttpOpenRequestA

HttpOpenRequestW

HttpOpenRequestW

WININET.dll

WININET.dll

CreateURLMoniker

CreateURLMoniker

urlmon.dll

urlmon.dll

GetCPInfo

GetCPInfo

GetConsoleOutputCP

GetConsoleOutputCP

CreateDialogIndirectParamA

CreateDialogIndirectParamA

CreateDialogIndirectParamW

CreateDialogIndirectParamW

RegOpenKeyExA

RegOpenKeyExA

.?AVCInputURLDlg@@

.?AVCInputURLDlg@@

.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLInfoListCtrl@@

.?AVCURLInfoListCtrl@@

.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@

.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@

.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@

.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@

.?AVCURLAreaDlg@@

.?AVCURLAreaDlg@@

.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLMessageLoop@@

.?AVCURLMessageLoop@@

.?AVCURLCurveDlg@@

.?AVCURLCurveDlg@@

.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLOptDlg@@

.?AVCURLOptDlg@@

.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@

.?AVCDLURLTestDlg@@

.?AVCDLURLTestDlg@@

.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLOSDlg@@

.?AVCURLOSDlg@@

.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@

.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@

.?AVCTaskStepFromURL@@

.?AVCTaskStepFromURL@@

.?AVCTaskStepTargetURL@@

.?AVCTaskStepTargetURL@@

.?AVCTaskStepURL@@

.?AVCTaskStepURL@@

.?AVCTaskStepSubURL@@

.?AVCTaskStepSubURL@@

.?AVCTuoIWebBrowser@@

.?AVCTuoIWebBrowser@@

.?AUIWebBrowser2@@

.?AUIWebBrowser2@@

.?AUIWebBrowserApp@@

.?AUIWebBrowserApp@@

.?AUIWebBrowser@@

.?AUIWebBrowser@@

zcÁ

zcÁ

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX

bd.dat

bd.dat

urlcore.dat

urlcore.dat

product.dat

product.dat

Spiritsoft\urlspirit

Spiritsoft\urlspirit

https

https

hXXp://user.qzone.qq.com/%s

hXXp://user.qzone.qq.com/%s

hXXp://user.qzone.qq.com/

hXXp://user.qzone.qq.com/

hXXp://

hXXp://

hXXps://

hXXps://

5e3342fd-8290-4b05-a431-4c1b2f4b2e53

5e3342fd-8290-4b05-a431-4c1b2f4b2e53

keycode

keycode

Hotkey

Hotkey

A9486DFB-C8ED-4e57-A71C-802E9A67F5C0

A9486DFB-C8ED-4e57-A71C-802E9A67F5C0

@%d/%d

@%d/%d

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

urlspace

urlspace

(%d%%)

(%d%%)

(jingling.exe)

(jingling.exe)

(4.0.4)

(4.0.4)

maxurls

maxurls

%s?v=%d.%d.%d.%d-%d%d%d%d

%s?v=%d.%d.%d.%d-%d%d%d%d

URLINFO%d

URLINFO%d

urlct

urlct

4.0.4

4.0.4

%s?q=%d

%s?q=%d

hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat

hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat

(%d)-

(%d)-

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

tcfg.dat

tcfg.dat

@%d%%

@%d%%

%u,%s

%u,%s

hlpdfurl

hlpdfurl

hlpbuyfurl

hlpbuyfurl

hlpfurl

hlpfurl

hlpsubturl

hlpsubturl

hlpbuyturl

hlpbuyturl

hlpturl

hlpturl

hXXp://up.spiritsoft.cn/v3/urltest.exe

hXXp://up.spiritsoft.cn/v3/urltest.exe

urltest

urltest

"%s" %s%s %s%s %s%s

"%s" %s%s %s%s %s%s

/URL=

/URL=

/SubURL=

/SubURL=

/TURL=

/TURL=

urltest.exe

urltest.exe

%d~%d

%d~%d

%sx

%sx

xxxxxxxxxxx

xxxxxxxxxxx

spiritsoft.cn

spiritsoft.cn

us%d.

us%d.

urlspirit.spiritsoft.cn

urlspirit.spiritsoft.cn

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

Content-Length: %d

Content-Length: %d

Host: %s

Host: %s

Host: %s:%d

Host: %s:%d

HTTP/1.1

HTTP/1.1

application/x-www-form-urlencoded

application/x-www-form-urlencoded

hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s

hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s

dbghelp.dll

dbghelp.dll

urlcore2-taskcore-0010

urlcore2-taskcore-0010

rjingling.exe

rjingling.exe

B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

"%s" /idx=%d

"%s" /idx=%d

B%s-%d

B%s-%d

{21918AFB-D09D-4836-84CE-F6352A910B82-%d}

{21918AFB-D09D-4836-84CE-F6352A910B82-%d}

{E3E23319-4433-40bd-A611-79EEA469B90B-%d}

{E3E23319-4433-40bd-A611-79EEA469B90B-%d}

{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}

{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}

urlcore3-taskcore-%d

urlcore3-taskcore-%d

Ftaskworker.exe

Ftaskworker.exe

durlmon.dll

durlmon.dll

blog.sina.com.cn

blog.sina.com.cn

go

go

Curlcore3-taskcore-

Curlcore3-taskcore-

Opera

Opera

Windows

Windows

Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

Lgooglepinyin2.ime

Lgooglepinyin2.ime

{05300401-BCBC-11D0-85E3-00C04FD85AB4}

{05300401-BCBC-11D0-85E3-00C04FD85AB4}

{2933BF90-7B36-11D2-B20E-00C04F983E60}

{2933BF90-7B36-11D2-B20E-00C04F983E60}

{F5078F33-C551-11D3-89B9-0000F81FE221}

{F5078F33-C551-11D3-89B9-0000F81FE221}

{F5078F32-C551-11D3-89B9-0000F81FE221}

{F5078F32-C551-11D3-89B9-0000F81FE221}

{F6D90F11-9C73-11D3-B32E-00C04F990BB4}

{F6D90F11-9C73-11D3-B32E-00C04F990BB4}

{88D969C5-F192-11D4-A65F-0040963251E5}

{88D969C5-F192-11D4-A65F-0040963251E5}

{88D96A0A-F192-11D4-A65F-0040963251E5}

{88D96A0A-F192-11D4-A65F-0040963251E5}

{F5078F35-C551-11D3-89B9-0000F81FE221}

{F5078F35-C551-11D3-89B9-0000F81FE221}

{ED8C108E-4349-11D2-91A4-00C04F7969E8}

{ED8C108E-4349-11D2-91A4-00C04F7969E8}

{F6D90F16-9C73-11D3-B32E-00C04F990BB4}

{F6D90F16-9C73-11D3-B32E-00C04F990BB4}

{d27cdb6e-ae6d-11cf-96b8-444553540000}

{d27cdb6e-ae6d-11cf-96b8-444553540000}

{8F6B0360-B80D-11D0-A9B3-006097942311}

{8F6B0360-B80D-11D0-A9B3-006097942311}

{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}

{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}

{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}

{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}

{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}

{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}

{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}

{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}

{25336920-03F9-11CF-8FD0-00AA00686F13}

{25336920-03F9-11CF-8FD0-00AA00686F13}

{3050F406-98B5-11CF-BB82-00AA00BDCE0B}

{3050F406-98B5-11CF-BB82-00AA00BDCE0B}

{00020420-0000-0000-C000-000000000046}

{00020420-0000-0000-C000-000000000046}

{8856F961-340A-11D0-A96B-00C04FD705A2}

{8856F961-340A-11D0-A96B-00C04FD705A2}

{F5078F36-C551-11D3-89B9-0000F81FE221}

{F5078F36-C551-11D3-89B9-0000F81FE221}

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36

Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36

Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1

Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1

Mozilla/

Mozilla/

Windows NT

Windows NT

Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)

Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)

Dedu.cn

Dedu.cn

gov.cn

gov.cn

org.cn

org.cn

net.cn

net.cn

com.cn

com.cn

dsound.dll

dsound.dll

mf.dll

mf.dll

AcroRd32.exe

AcroRd32.exe

rKernel32.dll

rKernel32.dll

jingling.exe

jingling.exe

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe

msctls_hotkey32

msctls_hotkey32

urlcore

urlcore

"spiritsoft@126.com"

"spiritsoft@126.com"

hXXp://service.spiritsoft.cn

hXXp://service.spiritsoft.cn

...:%s --

...:%s --

IP: %s --

IP: %s --

: %d --

: %d --

2014.10.10.101

2014.10.10.101

4.0.4.1

4.0.4.1

jingling.exe_2472_rwx_00422000_00001000:

tSHt.HHt

tSHt.HHt

iexplore.exe_3572:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

>.uzf

>.uzf

.us;}

.us;}

IEFRAME.dll

IEFRAME.dll

MLANG.dll

MLANG.dll

iertutil.dll

iertutil.dll

urlmon.dll

urlmon.dll

ole32.dll

ole32.dll

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

msvcrt.dll

msvcrt.dll

USER32.dll

USER32.dll

KERNEL32.dll

KERNEL32.dll

ADVAPI32.dll

ADVAPI32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

GetWindowsDirectoryW

GetWindowsDirectoryW

_amsg_exit

_amsg_exit

_wcmdln

_wcmdln

UrlApplySchemeW

UrlApplySchemeW

PathIsURLW

PathIsURLW

UrlCanonicalizeW

UrlCanonicalizeW

UrlCreateFromPathW

UrlCreateFromPathW

iexplore.pdb

iexplore.pdb

KEYW

KEYW

KEYWh

KEYWh

KEYWD

KEYWD

.ENNNG.

.ENNNG.

a.ry.v

a.ry.v

l.igM4

l.igM4

?1%SGf

?1%SGf

xh.JW^

xh.JW^

.97777"7" " " !

.97777"7" " " !

3.... ))

3.... ))

8888888888888

8888888888888

8888888888

8888888888

.lPV)

.lPV)

úW1

úW1

.ApX/

.ApX/

H.ZAf

H.ZAf

ð[U

ð[U

%s!FK

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

888777777

Y.hilkRROMLK=C,

Y.hilkRROMLK=C,

..(((($$

..(((($$

3...((((%

3...((((%

3....(.''$

3....(.''$

3.2...((((%

3.2...((((%

33.2....(,'

33.2....(,'

55323222...

55323222...

(%&'00443445?

(%&'00443445?

00.,,,4(

00.,,,4(

000.,,9(

000.,,9(

0020..9(

0020..9(

003200;(

003200;(

(#'( (''''!'!

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Microsoft.InternetExplorer.Default

user32.dll

user32.dll

Kernel32.DLL

Kernel32.DLL

xfire.exe

xfire.exe

wlmail.exe

wlmail.exe

winamp.exe

winamp.exe

waol.exe

waol.exe

sidebar.exe

sidebar.exe

psocdesigner.exe

psocdesigner.exe

np.exe

np.exe

netscape.exe

netscape.exe

netcaptor.exe

netcaptor.exe

neoplanet.exe

neoplanet.exe

msn.exe

msn.exe

mshtmpad.exe

mshtmpad.exe

mshta.exe

mshta.exe

loader42.exe

loader42.exe

infopath.exe

infopath.exe

iexplore.exe

iexplore.exe

iepreview.exe

iepreview.exe

groove.exe

groove.exe

explorer.exe

explorer.exe

dreamweaver.exe

dreamweaver.exe

contribute.exe

contribute.exe

aol.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

"%s" %s

Kernel32.dll

Kernel32.dll

\AppPatch\sysmain.sdb

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

kernel32.dll

{00000000-0000-0000-0000-000000000000}

{00000000-0000-0000-0000-000000000000}

\\?\Volume

\\?\Volume

shell:%s

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Frame_URLEntered

Imaging_CreateWebPagePreview

Imaging_CreateWebPagePreview

WS_ExecuteQuery

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

IEXPLORE.EXE

Windows

Windows

9.00.8112.16421

9.00.8112.16421

iexplore.exe_3428:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

>.uzf

>.uzf

.us;}

.us;}

IEFRAME.dll

IEFRAME.dll

MLANG.dll

MLANG.dll

iertutil.dll

iertutil.dll

urlmon.dll

urlmon.dll

ole32.dll

ole32.dll

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

msvcrt.dll

msvcrt.dll

USER32.dll

USER32.dll

KERNEL32.dll

KERNEL32.dll

ADVAPI32.dll

ADVAPI32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

GetWindowsDirectoryW

GetWindowsDirectoryW

_amsg_exit

_amsg_exit

_wcmdln

_wcmdln

UrlApplySchemeW

UrlApplySchemeW

PathIsURLW

PathIsURLW

UrlCanonicalizeW

UrlCanonicalizeW

UrlCreateFromPathW

UrlCreateFromPathW

iexplore.pdb

iexplore.pdb

KEYW

KEYW

KEYWh

KEYWh

KEYWD

KEYWD

.ENNNG.

.ENNNG.

a.ry.v

a.ry.v

l.igM4

l.igM4

?1%SGf

?1%SGf

xh.JW^

xh.JW^

.97777"7" " " !

.97777"7" " " !

3.... ))

3.... ))

8888888888888

8888888888888

8888888888

8888888888

.lPV)

.lPV)

úW1

úW1

.ApX/

.ApX/

H.ZAf

H.ZAf

ð[U

ð[U

%s!FK

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

888777777

Y.hilkRROMLK=C,

Y.hilkRROMLK=C,

..(((($$

..(((($$

3...((((%

3...((((%

3....(.''$

3....(.''$

3.2...((((%

3.2...((((%

33.2....(,'

33.2....(,'

55323222...

55323222...

(%&'00443445?

(%&'00443445?

00.,,,4(

00.,,,4(

000.,,9(

000.,,9(

0020..9(

0020..9(

003200;(

003200;(

(#'( (''''!'!

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Microsoft.InternetExplorer.Default

user32.dll

user32.dll

Kernel32.DLL

Kernel32.DLL

xfire.exe

xfire.exe

wlmail.exe

wlmail.exe

winamp.exe

winamp.exe

waol.exe

waol.exe

sidebar.exe

sidebar.exe

psocdesigner.exe

psocdesigner.exe

np.exe

np.exe

netscape.exe

netscape.exe

netcaptor.exe

netcaptor.exe

neoplanet.exe

neoplanet.exe

msn.exe

msn.exe

mshtmpad.exe

mshtmpad.exe

mshta.exe

mshta.exe

loader42.exe

loader42.exe

infopath.exe

infopath.exe

iexplore.exe

iexplore.exe

iepreview.exe

iepreview.exe

groove.exe

groove.exe

explorer.exe

explorer.exe

dreamweaver.exe

dreamweaver.exe

contribute.exe

contribute.exe

aol.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

"%s" %s

Kernel32.dll

Kernel32.dll

\AppPatch\sysmain.sdb

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

kernel32.dll

{00000000-0000-0000-0000-000000000000}

{00000000-0000-0000-0000-000000000000}

\\?\Volume

\\?\Volume

shell:%s

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Frame_URLEntered

Imaging_CreateWebPagePreview

Imaging_CreateWebPagePreview

WS_ExecuteQuery

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

IEXPLORE.EXE

Windows

Windows

9.00.8112.16421

9.00.8112.16421

svchost.exe_1256:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

msvcrt.dll

msvcrt.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-WIN-Service-Core-L1-1-0.dll

API-MS-WIN-Service-Core-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

RPCRT4.dll

RPCRT4.dll

ole32.dll

ole32.dll

ntdll.dll

ntdll.dll

_amsg_exit

_amsg_exit

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

GetProcessHeap

GetProcessHeap

svchost.pdb

svchost.pdb

version="5.1.0.0"

version="5.1.0.0"

name="Microsoft.Windows.Services.SvcHost"

name="Microsoft.Windows.Services.SvcHost"

Host Process for Windows Services

Host Process for Windows Services

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost

Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost

\PIPE\

\PIPE\

Host Process for Windows Services

Host Process for Windows Services

6.1.7600.16385 (win7_rtm.090713-1255)

6.1.7600.16385 (win7_rtm.090713-1255)

svchost.exe

svchost.exe

Windows

Windows

Operating System

Operating System

6.1.7600.16385

6.1.7600.16385

svchost.exe_1256_rwx_10000000_0004A000:

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

ServerKeyloggerU

ServerKeyloggerU

789:;

789:;

%SERVER%

%SERVER%

URLMON.DLL

URLMON.DLL

shell32.dll

shell32.dll

hXXp://

hXXp://

advapi32.dll

advapi32.dll

kernel32.dll

kernel32.dll

mpr.dll

mpr.dll

version.dll

version.dll

comctl32.dll

comctl32.dll

gdi32.dll

gdi32.dll

opengl32.dll

opengl32.dll

user32.dll

user32.dll

wintrust.dll

wintrust.dll

msimg32.dll

msimg32.dll

GetKeyboardType

GetKeyboardType

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

oleaut32.dll

oleaut32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyW

RegCreateKeyW

GetWindowsDirectoryW

GetWindowsDirectoryW

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

shlwapi.dll

shlwapi.dll

SHDeleteKeyW

SHDeleteKeyW

FindExecutableW

FindExecutableW

URLDownloadToCacheFileW

URLDownloadToCacheFileW

wininet.dll

wininet.dll

FtpPutFileW

FtpPutFileW

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryW

GetKeyboardState

GetKeyboardState

ntdll.dll

ntdll.dll

ShellExecuteW

ShellExecuteW

KWindows

KWindows

TServerKeylogger

TServerKeylogger

x.html

x.html

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

[Execute]

[Execute]

KeyDelBackspace

KeyDelBackspace

.html

.html

XtremeKeylogger

XtremeKeylogger

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

.functions

.functions

icon=shell32.dll,4

icon=shell32.dll,4

shellexecute=

shellexecute=

autorun.inf

autorun.inf

\Microsoft\Windows

\Microsoft\Windows

\Microsoft\Windows\

\Microsoft\Windows\

ÞFAULTBROWSER%

ÞFAULTBROWSER%

svchost.exe

svchost.exe

mrx9.ddns.net

mrx9.ddns.net

100mrx9.ddns.net

100mrx9.ddns.net

Microsoft.exe

Microsoft.exe

ÞFA

ÞFA

{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}

{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

{0.HKCU

{0.HKCU

2.8.1

2.8.1

PTF.ftpserver.com

PTF.ftpserver.com

ftpuser

ftpuser

s.net

s.net

iexplore.exe_1452:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

>.uzf

>.uzf

.us;}

.us;}

IEFRAME.dll

IEFRAME.dll

MLANG.dll

MLANG.dll

iertutil.dll

iertutil.dll

urlmon.dll

urlmon.dll

ole32.dll

ole32.dll

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

msvcrt.dll

msvcrt.dll

USER32.dll

USER32.dll

KERNEL32.dll

KERNEL32.dll

ADVAPI32.dll

ADVAPI32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

GetWindowsDirectoryW

GetWindowsDirectoryW

_amsg_exit

_amsg_exit

_wcmdln

_wcmdln

UrlApplySchemeW

UrlApplySchemeW

PathIsURLW

PathIsURLW

UrlCanonicalizeW

UrlCanonicalizeW

UrlCreateFromPathW

UrlCreateFromPathW

iexplore.pdb

iexplore.pdb

KEYW

KEYW

KEYWh

KEYWh

KEYWD

KEYWD

.ENNNG.

.ENNNG.

a.ry.v

a.ry.v

l.igM4

l.igM4

?1%SGf

?1%SGf

xh.JW^

xh.JW^

.97777"7" " " !

.97777"7" " " !

3.... ))

3.... ))

8888888888888

8888888888888

8888888888

8888888888

.lPV)

.lPV)

úW1

úW1

.ApX/

.ApX/

H.ZAf

H.ZAf

ð[U

ð[U

%s!FK

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

888777777

Y.hilkRROMLK=C,

Y.hilkRROMLK=C,

..(((($$

..(((($$

3...((((%

3...((((%

3....(.''$

3....(.''$

3.2...((((%

3.2...((((%

33.2....(,'

33.2....(,'

55323222...

55323222...

(%&'00443445?

(%&'00443445?

00.,,,4(

00.,,,4(

000.,,9(

000.,,9(

0020..9(

0020..9(

003200;(

003200;(

(#'( (''''!'!

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Microsoft.InternetExplorer.Default

user32.dll

user32.dll

Kernel32.DLL

Kernel32.DLL

xfire.exe

xfire.exe

wlmail.exe

wlmail.exe

winamp.exe

winamp.exe

waol.exe

waol.exe

sidebar.exe

sidebar.exe

psocdesigner.exe

psocdesigner.exe

np.exe

np.exe

netscape.exe

netscape.exe

netcaptor.exe

netcaptor.exe

neoplanet.exe

neoplanet.exe

msn.exe

msn.exe

mshtmpad.exe

mshtmpad.exe

mshta.exe

mshta.exe

loader42.exe

loader42.exe

infopath.exe

infopath.exe

iexplore.exe

iexplore.exe

iepreview.exe

iepreview.exe

groove.exe

groove.exe

explorer.exe

explorer.exe

dreamweaver.exe

dreamweaver.exe

contribute.exe

contribute.exe

aol.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

"%s" %s

Kernel32.dll

Kernel32.dll

\AppPatch\sysmain.sdb

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

kernel32.dll

{00000000-0000-0000-0000-000000000000}

{00000000-0000-0000-0000-000000000000}

\\?\Volume

\\?\Volume

shell:%s

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Frame_URLEntered

Imaging_CreateWebPagePreview

Imaging_CreateWebPagePreview

WS_ExecuteQuery

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

IEXPLORE.EXE

Windows

Windows

9.00.8112.16421

9.00.8112.16421

iexplore.exe_1452_rwx_10000000_0004A000:

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

ServerKeyloggerU

ServerKeyloggerU

789:;

789:;

%SERVER%

%SERVER%

URLMON.DLL

URLMON.DLL

shell32.dll

shell32.dll

hXXp://

hXXp://

advapi32.dll

advapi32.dll

kernel32.dll

kernel32.dll

mpr.dll

mpr.dll

version.dll

version.dll

comctl32.dll

comctl32.dll

gdi32.dll

gdi32.dll

opengl32.dll

opengl32.dll

user32.dll

user32.dll

wintrust.dll

wintrust.dll

msimg32.dll

msimg32.dll

GetKeyboardType

GetKeyboardType

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

oleaut32.dll

oleaut32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyW

RegCreateKeyW

GetWindowsDirectoryW

GetWindowsDirectoryW

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

shlwapi.dll

shlwapi.dll

SHDeleteKeyW

SHDeleteKeyW

FindExecutableW

FindExecutableW

URLDownloadToCacheFileW

URLDownloadToCacheFileW

wininet.dll

wininet.dll

FtpPutFileW

FtpPutFileW

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryW

GetKeyboardState

GetKeyboardState

ntdll.dll

ntdll.dll

ShellExecuteW

ShellExecuteW

KWindows

KWindows

TServerKeylogger

TServerKeylogger

x.html

x.html

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

[Execute]

[Execute]

KeyDelBackspace

KeyDelBackspace

.html

.html

XtremeKeylogger

XtremeKeylogger

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

.functions

.functions

icon=shell32.dll,4

icon=shell32.dll,4

shellexecute=

shellexecute=

autorun.inf

autorun.inf

\Microsoft\Windows

\Microsoft\Windows

\Microsoft\Windows\

\Microsoft\Windows\

ÞFAULTBROWSER%

ÞFAULTBROWSER%

svchost.exe

svchost.exe

mrx9.ddns.net

mrx9.ddns.net

100mrx9.ddns.net

100mrx9.ddns.net

Microsoft.exe

Microsoft.exe

ÞFA

ÞFA

{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}

{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

{0.HKCU

{0.HKCU

2.8.1

2.8.1

PTF.ftpserver.com

PTF.ftpserver.com

ftpuser

ftpuser

s.net

s.net

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe

%Program Files%\Internet Explorer\iexplore.exe

%Program Files%\Internet Explorer\iexplore.exe

jingling.exe_1532:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

tG

tG

SSSSSh

SSSSSh

SSSSh

SSSSh

t%SSh-

t%SSh-

uùu

uùu

8%ukP

8%ukP

8.uJIQ@P

8.uJIQ@P

tSHt.HHt

tSHt.HHt

t.hH_G

t.hH_G

.VVVVVSRSSj

.VVVVVSRSSj

tGHt.Ht&

tGHt.Ht&

spiritsoft@126.com

spiritsoft@126.com

updurl

updurl

requrl2

requrl2

requrl1

requrl1

requrl

requrl

(hXXp://service.spiritsoft.cn)

(hXXp://service.spiritsoft.cn)

rlurl

rlurl

sburl

sburl

1.2.3

1.2.3

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x

f=%d&v=%d&c=%d&i=%s

f=%d&v=%d&c=%d&i=%s

urls

urls

furl

furl

furls

furls

turl

turl

turls

turls

usefurl

usefurl

useturl

useturl

maxfurl

maxfurl

maxturlct

maxturlct

maxturl

maxturl

|%d|%d

|%d|%d

%d|%d|%d|%d|%d|%d|%s|%d|%u

%d|%d|%d|%d|%d|%d|%s|%d|%u

arr_urls

arr_urls

CoGetClassObjectFromURL

CoGetClassObjectFromURL

googlepinyin2.ime

googlepinyin2.ime

googlepinyin.ime

googlepinyin.ime

jpwb.ime

jpwb.ime

sogouwb.ime

sogouwb.ime

sogoupy.ime

sogoupy.ime

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

URLDownloadToFileA

URLDownloadToFileA

URLDownloadToFileW

URLDownloadToFileW

URLDownloadToCacheFileA

URLDownloadToCacheFileA

URLDownloadToCacheFileW

URLDownloadToCacheFileW

kernel32.dll

kernel32.dll

mscoree.dll

mscoree.dll

Please contact the application's support team for more information.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

.mixcrt

.mixcrt

KERNEL32.DLL

KERNEL32.DLL

GetProcessWindowStation

GetProcessWindowStation

USER32.DLL

USER32.DLL

operator

operator

inflate 1.2.3 Copyright 1995-2005 Mark Adler

inflate 1.2.3 Copyright 1995-2005 Mark Adler

d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb

d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb

PSAPI.DLL

PSAPI.DLL

GetProcessHeap

GetProcessHeap

KERNEL32.dll

KERNEL32.dll

RegisterHotKey

RegisterHotKey

UnregisterHotKey

UnregisterHotKey

ExitWindowsEx

ExitWindowsEx

EnumDesktopWindows

EnumDesktopWindows

USER32.dll

USER32.dll

SetViewportOrgEx

SetViewportOrgEx

GDI32.dll

GDI32.dll

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

RegDeleteKeyW

RegDeleteKeyW

RegCreateKeyExW

RegCreateKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegEnumKeyExW

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteW

ShellExecuteW

SHFileOperationW

SHFileOperationW

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

SHLWAPI.dll

SHLWAPI.dll

COMCTL32.dll

COMCTL32.dll

RASAPI32.dll

RASAPI32.dll

WS2_32.dll

WS2_32.dll

VERSION.dll

VERSION.dll

WINMM.dll

WINMM.dll

FindCloseUrlCache

FindCloseUrlCache

FindNextUrlCacheEntryW

FindNextUrlCacheEntryW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

FindFirstUrlCacheEntryW

FindFirstUrlCacheEntryW

HttpOpenRequestA

HttpOpenRequestA

HttpOpenRequestW

HttpOpenRequestW

WININET.dll

WININET.dll

CreateURLMoniker

CreateURLMoniker

urlmon.dll

urlmon.dll

GetCPInfo

GetCPInfo

GetConsoleOutputCP

GetConsoleOutputCP

CreateDialogIndirectParamA

CreateDialogIndirectParamA

CreateDialogIndirectParamW

CreateDialogIndirectParamW

RegOpenKeyExA

RegOpenKeyExA

.?AVCInputURLDlg@@

.?AVCInputURLDlg@@

.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLInfoListCtrl@@

.?AVCURLInfoListCtrl@@

.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@

.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@

.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@

.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@

.?AVCURLAreaDlg@@

.?AVCURLAreaDlg@@

.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLMessageLoop@@

.?AVCURLMessageLoop@@

.?AVCURLCurveDlg@@

.?AVCURLCurveDlg@@

.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLOptDlg@@

.?AVCURLOptDlg@@

.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@

.?AVCDLURLTestDlg@@

.?AVCDLURLTestDlg@@

.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@

.?AVCURLOSDlg@@

.?AVCURLOSDlg@@

.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@

.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@

.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@

.?AVCTaskStepFromURL@@

.?AVCTaskStepFromURL@@

.?AVCTaskStepTargetURL@@

.?AVCTaskStepTargetURL@@

.?AVCTaskStepURL@@

.?AVCTaskStepURL@@

.?AVCTaskStepSubURL@@

.?AVCTaskStepSubURL@@

.?AVCTuoIWebBrowser@@

.?AVCTuoIWebBrowser@@

.?AUIWebBrowser2@@

.?AUIWebBrowser2@@

.?AUIWebBrowserApp@@

.?AUIWebBrowserApp@@

.?AUIWebBrowser@@

.?AUIWebBrowser@@

zcÁ

zcÁ

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX

PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX

bd.dat

bd.dat

urlcore.dat

urlcore.dat

product.dat

product.dat

Spiritsoft\urlspirit

Spiritsoft\urlspirit

https

https

hXXp://user.qzone.qq.com/%s

hXXp://user.qzone.qq.com/%s

hXXp://user.qzone.qq.com/

hXXp://user.qzone.qq.com/

hXXp://

hXXp://

hXXps://

hXXps://

5e3342fd-8290-4b05-a431-4c1b2f4b2e53

5e3342fd-8290-4b05-a431-4c1b2f4b2e53

keycode

keycode

Hotkey

Hotkey

A9486DFB-C8ED-4e57-A71C-802E9A67F5C0

A9486DFB-C8ED-4e57-A71C-802E9A67F5C0

@%d/%d

@%d/%d

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

urlspace

urlspace

(%d%%)

(%d%%)

(jingling.exe)

(jingling.exe)

(4.0.4)

(4.0.4)

maxurls

maxurls

%s?v=%d.%d.%d.%d-%d%d%d%d

%s?v=%d.%d.%d.%d-%d%d%d%d

URLINFO%d

URLINFO%d

urlct

urlct

4.0.4

4.0.4

%s?q=%d

%s?q=%d

hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat

hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat

(%d)-

(%d)-

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

tcfg.dat

tcfg.dat

@%d%%

@%d%%

%u,%s

%u,%s

hlpdfurl

hlpdfurl

hlpbuyfurl

hlpbuyfurl

hlpfurl

hlpfurl

hlpsubturl

hlpsubturl

hlpbuyturl

hlpbuyturl

hlpturl

hlpturl

hXXp://up.spiritsoft.cn/v3/urltest.exe

hXXp://up.spiritsoft.cn/v3/urltest.exe

urltest

urltest

"%s" %s%s %s%s %s%s

"%s" %s%s %s%s %s%s

/URL=

/URL=

/SubURL=

/SubURL=

/TURL=

/TURL=

urltest.exe

urltest.exe

%d~%d

%d~%d

%sx

%sx

xxxxxxxxxxx

xxxxxxxxxxx

spiritsoft.cn

spiritsoft.cn

us%d.

us%d.

urlspirit.spiritsoft.cn

urlspirit.spiritsoft.cn

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

Content-Length: %d

Content-Length: %d

Host: %s

Host: %s

Host: %s:%d

Host: %s:%d

HTTP/1.1

HTTP/1.1

application/x-www-form-urlencoded

application/x-www-form-urlencoded

hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s

hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s

dbghelp.dll

dbghelp.dll

urlcore2-taskcore-0010

urlcore2-taskcore-0010

rjingling.exe

rjingling.exe

B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

"%s" /idx=%d

"%s" /idx=%d

B%s-%d

B%s-%d

{21918AFB-D09D-4836-84CE-F6352A910B82-%d}

{21918AFB-D09D-4836-84CE-F6352A910B82-%d}

{E3E23319-4433-40bd-A611-79EEA469B90B-%d}

{E3E23319-4433-40bd-A611-79EEA469B90B-%d}

{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}

{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}

urlcore3-taskcore-%d

urlcore3-taskcore-%d

Ftaskworker.exe

Ftaskworker.exe

durlmon.dll

durlmon.dll

blog.sina.com.cn

blog.sina.com.cn

go

go

Curlcore3-taskcore-

Curlcore3-taskcore-

Opera

Opera

Windows

Windows

Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

Lgooglepinyin2.ime

Lgooglepinyin2.ime

{05300401-BCBC-11D0-85E3-00C04FD85AB4}

{05300401-BCBC-11D0-85E3-00C04FD85AB4}

{2933BF90-7B36-11D2-B20E-00C04F983E60}

{2933BF90-7B36-11D2-B20E-00C04F983E60}

{F5078F33-C551-11D3-89B9-0000F81FE221}

{F5078F33-C551-11D3-89B9-0000F81FE221}

{F5078F32-C551-11D3-89B9-0000F81FE221}

{F5078F32-C551-11D3-89B9-0000F81FE221}

{F6D90F11-9C73-11D3-B32E-00C04F990BB4}

{F6D90F11-9C73-11D3-B32E-00C04F990BB4}

{88D969C5-F192-11D4-A65F-0040963251E5}

{88D969C5-F192-11D4-A65F-0040963251E5}

{88D96A0A-F192-11D4-A65F-0040963251E5}

{88D96A0A-F192-11D4-A65F-0040963251E5}

{F5078F35-C551-11D3-89B9-0000F81FE221}

{F5078F35-C551-11D3-89B9-0000F81FE221}

{ED8C108E-4349-11D2-91A4-00C04F7969E8}

{ED8C108E-4349-11D2-91A4-00C04F7969E8}

{F6D90F16-9C73-11D3-B32E-00C04F990BB4}

{F6D90F16-9C73-11D3-B32E-00C04F990BB4}

{d27cdb6e-ae6d-11cf-96b8-444553540000}

{d27cdb6e-ae6d-11cf-96b8-444553540000}

{8F6B0360-B80D-11D0-A9B3-006097942311}

{8F6B0360-B80D-11D0-A9B3-006097942311}

{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}

{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}

{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}

{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}

{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}

{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}

{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}

{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}

{25336920-03F9-11CF-8FD0-00AA00686F13}

{25336920-03F9-11CF-8FD0-00AA00686F13}

{3050F406-98B5-11CF-BB82-00AA00BDCE0B}

{3050F406-98B5-11CF-BB82-00AA00BDCE0B}

{00020420-0000-0000-C000-000000000046}

{00020420-0000-0000-C000-000000000046}

{8856F961-340A-11D0-A96B-00C04FD705A2}

{8856F961-340A-11D0-A96B-00C04FD705A2}

{F5078F36-C551-11D3-89B9-0000F81FE221}

{F5078F36-C551-11D3-89B9-0000F81FE221}

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36

Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36

Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1

Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1

Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1

Mozilla/

Mozilla/

Windows NT

Windows NT

Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)

Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)

Dedu.cn

Dedu.cn

gov.cn

gov.cn

org.cn

org.cn

net.cn

net.cn

com.cn

com.cn

dsound.dll

dsound.dll

mf.dll

mf.dll

AcroRd32.exe

AcroRd32.exe

rKernel32.dll

rKernel32.dll

taskworker.exe

taskworker.exe

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0

System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}

System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe

msctls_hotkey32

msctls_hotkey32

urlcore

urlcore

"spiritsoft@126.com"

"spiritsoft@126.com"

hXXp://service.spiritsoft.cn

hXXp://service.spiritsoft.cn

...:%s --

...:%s --

IP: %s --

IP: %s --

: %d --

: %d --

2014.10.10.101

2014.10.10.101

jingling.exe

jingling.exe

4.0.4.1

4.0.4.1

jingling.exe_1532_rwx_00422000_00001000:

tSHt.HHt

tSHt.HHt

jingling.exe_1532_rwx_00446000_00002000:

t.hH_G

t.hH_G

jingling.exe_1532_rwx_685D8000_00001000:

g(h-V}h

g(h-V}h

SearchProtocolHost.exe_3912:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

ADVAPI32.dll

ADVAPI32.dll

ntdll.DLL

ntdll.DLL

KERNEL32.dll

KERNEL32.dll

msvcrt.dll

msvcrt.dll

USER32.dll

USER32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

TQUERY.DLL

TQUERY.DLL

MSSHooks.dll

MSSHooks.dll

IMM32.dll

IMM32.dll

SHLWAPI.dll

SHLWAPI.dll

SrchCollatorCatalogInfo

SrchCollatorCatalogInfo

SrchDSSLogin

SrchDSSLogin

SrchDSSPortManager

SrchDSSPortManager

SrchPHHttp

SrchPHHttp

SrchIndexerQuery

SrchIndexerQuery

SrchIndexerProperties

SrchIndexerProperties

SrchIndexerPlugin

SrchIndexerPlugin

SrchIndexerClient

SrchIndexerClient

SrchIndexerSchema

SrchIndexerSchema

Msidle.dll

Msidle.dll

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

RegDeleteKeyW

RegDeleteKeyW

RegDeleteKeyExW

RegDeleteKeyExW

8%uiP

8%uiP

Invalid parameter passed to C runtime function.

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

0xx=

0xx=

%s(%d)

%s(%d)

tid="0x%x"

tid="0x%x"

pid="0x%x"

pid="0x%x"

tagname="%s"

tagname="%s"

tagid="0x%x"

tagid="0x%x"

el="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

time="d/d/d d:d:d.d"

logname="%s"

logname="%s"

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

SHELL32.dll

SHELL32.dll

PROPSYS.dll

PROPSYS.dll

ntdll.dll

ntdll.dll

RegCloseKey

RegCloseKey

RegCreateKeyExW

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegEnumKeyExW

ReportEventW

ReportEventW

_amsg_exit

_amsg_exit

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

SearchProtocolHost.pdb

SearchProtocolHost.pdb

2 2(20282|2

2 2(20282|2

4%5S5

4%5S5

Software\Microsoft\Windows Search

Software\Microsoft\Windows Search

https

https

kernel32.dll

kernel32.dll

msTracer.dll

msTracer.dll

msfte.dll

msfte.dll

lX-X-X-XX-XXXXXX

lX-X-X-XX-XXXXXX

SOFTWARE\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

tquery.dll

tquery.dll

%s\%s

%s\%s

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

Windows Search Service

Windows Search Service

0xx%p%S%d

0xx%p%S%d

advapi32.dll

advapi32.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

winhttp.dll

winhttp.dll

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

Software\Microsoft\Windows Search\Tracing\EventThrottleState

%S(%d)

%S(%d)

tagname="%S"

tagname="%S"

logname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s.mui

.\%s\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

%s\%s\%s.mui

Microsoft Windows Search Protocol Host

Microsoft Windows Search Protocol Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchProtocolHost.exe

SearchProtocolHost.exe

Windows

Windows

7.00.7601.17610

7.00.7601.17610

SearchFilterHost.exe_1828:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

ADVAPI32.dll

ADVAPI32.dll

ntdll.DLL

ntdll.DLL

KERNEL32.dll

KERNEL32.dll

msvcrt.dll

msvcrt.dll

USER32.dll

USER32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

TQUERY.DLL

TQUERY.DLL

IMM32.dll

IMM32.dll

MSSHooks.dll

MSSHooks.dll

mscoree.dll

mscoree.dll

SHLWAPI.dll

SHLWAPI.dll

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

RegDeleteKeyW

RegDeleteKeyW

RegDeleteKeyExW

RegDeleteKeyExW

8%uiP

8%uiP

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

Invalid parameter passed to C runtime function.

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

RegCloseKey

RegCloseKey

RegCreateKeyExW

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegEnumKeyExW

ReportEventW

ReportEventW

_amsg_exit

_amsg_exit

SearchFilterHost.pdb

SearchFilterHost.pdb

version="5.1.0.0"

version="5.1.0.0"

name="Microsoft.Windows.Search.MSSFH"

name="Microsoft.Windows.Search.MSSFH"

3 3(30383|3

3 3(30383|3

kernel32.dll

kernel32.dll

Software\Microsoft\Windows Search

Software\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

Windows Search Service

Windows Search Service

tquery.dll

tquery.dll

advapi32.dll

advapi32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

0xx%p%S%d

0xx%p%S%d

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

Software\Microsoft\Windows Search\Tracing\EventThrottleState

0xx=

0xx=

%S(%d)

%S(%d)

tid="0x%x"

tid="0x%x"

pid="0x%x"

pid="0x%x"

tagname="%S"

tagname="%S"

tagid="0x%x"

tagid="0x%x"

el="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

time="d/d/d d:d:d.d"

logname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s.mui

.\%s\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

%s\%s\%s.mui

%s\%s

%s\%s

winhttp.dll

winhttp.dll

Microsoft Windows Search Filter Host

Microsoft Windows Search Filter Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchFilterHost.exe

SearchFilterHost.exe

Windows

Windows

7.00.7601.17610

7.00.7601.17610