Gen.Variant.Barys.52129_e21ecc1489 – Adaware

Trojan.Win32.Reconyc.gsom (Kaspersky), Gen:Variant.Barys.52129 (AdAware), Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericPhysicalDrive0.YR (Lavasoft MAS)Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: e21ecc148911358e9761f5db3fc8ad61

SHA1: e24642325b68076485072929af0b26bbd5a1eff8

SHA256: ba5d4ed9f53433ab1f884c9d8a3d00232ba61cbaee746ac0495b75e7c06bb633

SSDeep: 24576:p5pMggb6FXbGg1C1TLbRvnSLL/hxFrsVuEHjQx71i:pvqbSGg1C1TLt L/hxhGuy

Size: 974568 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171, UPolyXv05_v6

Company: no certificate found

Created at: 2011-05-24 18:16:01

Analyzed on: Windows7 SP1 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

dllhost.exe:2248
%original file name%.exe:2988

The Trojan injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:2988 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe (7850 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe (1512 bytes)

Registry activity

The process dllhost.exe:2248 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadDecisionTime" = "30 D0 51 ED 9A 29 D2 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = "{E549E976-C5F2-4E77-819D-55BC9B7C25BC}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e0-73-f1]
"WpadDecision" = "3"
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e0-73-f1]
"WpadDecisionTime" = "30 D0 51 ED 9A 29 D2 01"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadDecision" = "3"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadNetworkName" = "Network 2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 39 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 0B 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadDecisionReason" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dllhost.exe -start" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe -start"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process %original file name%.exe:2988 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

Dropped PE files

MD5	File path
f0a5d797a0e7c272dbea87dd67a768f3	c:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe
e752024624548a4b0df528af6b8efbf3	c:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
dllhost.exe:2248
%original file name%.exe:2988
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe (7850 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe (1512 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dllhost.exe -start" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe -start"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: FileZilla Project
Product Name: FileZilla
Product Version: Unidentified build
Legal Copyright: Copyright (c) 2004-2016 Tim Kosse, 1997-2016 Simon Tatham.
Legal Trademarks:
Original Filename: FZSFTP
Internal Name: FZSFTP
File Version: Unidentified build
File Description:
Comments:
Language: Language Neutral

Company Name: FileZilla ProjectProduct Name: FileZillaProduct Version: Unidentified buildLegal Copyright: Copyright (c) 2004-2016 Tim Kosse, 1997-2016 Simon Tatham.Legal Trademarks: Original Filename: FZSFTPInternal Name: FZSFTPFile Version: Unidentified buildFile Description: Comments: Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	71955	72192	4.55918	3c72b06e02f4afbad83d6aa896575140
.rdata	77824	13612	13824	3.44888	62fb898719481a603059fc42554f80ef
.data	94208	10604	2048	2.55588	4cb364a72e7c9869ec05686d3fe4aabe
.rsrc	106496	4096	4096	3.25975	add2e10db1cbbcac9c10e4a427c280e0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://api.faceboolad.com/api//send
hxxp://api.faceboolad.com/api/report?type=1&code=Windows 7 Ultimate Edition Service Pack 1 x86 (Build:7601) \| Internet Explorer 9.0.8112.16421
hxxp://api.faceboolad.com/
hxxp://www.adlcx.com/click.php?c=9&key=qz4n70dim7ol9955d9dq8457	69.164.218.142
hxxp://lxudv.com/?a=539528&c=1430992&m=32&s1=&s2=1494351	72.3.166.133
hxxp://www180.myway.com/index.jhtml
hxxp://a1255.g.akamai.net/images/download/spokesperson/html5/audio/spokesperson.js
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/asset1_3/1471015421274.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/michael.lockwood/assetRebuttal_1/1470778641078.png
hxxp://googleadapis.l.google.com/css?family=Maven Pro:700,900\|Roboto:400,700,900
hxxp://e3432.b.akamaiedge.net/prd/ttdetectUtil.js
hxxp://e3432.b.akamaiedge.net/images/anx/anemone-1.2.7.js
hxxp://www180.myway.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868192&anxrd=imcrack.ad-jump.com&anxrk=-&anxrm=referral&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=091394C9-D018-47FC-AB78-FA6F5E967ED3&anxe=backFill&anxr=1438916606
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/background/1471015123308.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/background999/1471015850415.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/asset1_15/1471016865981.png
hxxp://a1255.g.akamai.net/images/download/myway/pbmw_0215.png
hxxp://e3432.b.akamaiedge.net/prd/ttdetect.html?&op=g&cobrand=BNH&xdm_e=http://free.mytransitguide.com&xdm_c=default4346&xdm_p=1
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/button1_1/1471019347967.gif
hxxp://a1255.g.akamai.net/images/download/mapsgalaxy/checkbox-large.png
hxxp://gstaticadssl.l.google.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff
hxxp://gstaticadssl.l.google.com/s/roboto/v15/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff
hxxp://gstaticadssl.l.google.com/s/roboto/v15/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/crx-tooltab-swap3/BNH.png
hxxp://www180.myway.com/localStorage.jhtml
hxxp://www180.myway.com/mirrorCookies.jhtml
hxxp://www180.myway.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868242&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1169750588
hxxp://a1255.g.akamai.net/images/download/symantec/nortonseal.gif
hxxp://www180.myway.com/installError.jhtml?errorType=browser&errorCode=blockedCountry
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/222010004/background999/1458663898223.png
hxxp://www180.myway.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/installError.jhtml&anxl=en-US&anxlv=1476834869133&anxrd=free.mytransitguide.com&anxrp=index.jhtml&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&errorCode=blockedCountry&errorType=browser&anxe=installErrorLanding&anxr=361991559
hxxp://www180.myway.com/favicon.ico
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEHoPQd8czRTcsmkpjuIsajU=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSsjeGdqHvYWM4yo25qR2M70nK2oAQURk/B4IjafdN4m8huWS+w5PcdkOICEF5+ixQmE7FVqQByLDZZvTU=
hxxp://gpla1.wac.v2cdn.net/CRL/Omniroot2025.crl
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc=
hxxp://cs3.wpc.v0cdn.net/pki/mscorp/crl/MSIT Machine Auth CA 2(1).crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://crl.comodoca.com.cdn.cloudflare.net/AddTrustExternalCARoot.crl	104.16.92.188
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBEqAG035RBv1sp8w++6zBg=
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEDO099rCgtT22XaI8/R3kQY=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAisW18hq2CY
hxxp://crl.comodoca.com.cdn.cloudflare.net/UTN-DATACorpSGC.crl	104.16.92.188
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEEsY6Q+7vYaPyv66+coRxyE=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEAdrg7dKqon
hxxp://gpla1.wac.v2cdn.net/PublicSureServerSV.crl
hxxp://cdn.globalsigncdn.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM
hxxp://cdn.globalsigncdn.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
hxxp://cdn.globalsigncdn.com/rootr2/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm+IHV2ccHsBqBt5ZtJot39wZhi4CCwQAAAAAAURO8EpV
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBoenwTt2h3GcY8iVw==
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAMwQYKxJVsR
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHUW2dw1OuXl
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBW8iC8YNRkC
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGZimYWX7CS+
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAFb1O5EN2Za
hxxp://a1158.b.akamai.net/MFUwUzBRME8wTTAJBgUrDgMCGgUABBTkLVLomfJQOu5CFIgPOR73ljBRHAQU+L36r3N3xscb+UtNEafRM6+vchECFEOZrYpYgDwxeWGj/HetMtWiXvU/
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCO1K2+o5D5i
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSySC/85E/LNAiBe/rxiqbyloQ6UQQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8CEDY0nhjJnCZptlYubOWtcTI=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRVuMwyhZnBGWkFKlkeoNe9zdlbSwQUK5o1rgEYODDhcHoF4BF2o869kBQCEBbfOFWwaAAL65vNdl55UHU=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCENN6nuImvRO
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCn5KPFJmjBe
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDysFK5r8h11
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEExA26X5iPrlelfWRXSV+Ys=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHiWTKIt8ymy
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEQDmMy02FbF
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEAdrg7dKqon	216.58.209.78
hxxp://crl.comodoca.com/UTN-DATACorpSGC.crl	104.16.92.188
hxxp://tg.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRVuMwyhZnBGWkFKlkeoNe9zdlbSwQUK5o1rgEYODDhcHoF4BF2o869kBQCEBbfOFWwaAAL65vNdl55UHU=	23.63.139.27
hxxp://akz.imgfarm.com/images/anx/anemone-1.2.7.js
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCENN6nuImvRO	216.58.209.78
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBoenwTt2h3GcY8iVw==	104.16.27.216
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEQDmMy02FbF	216.58.209.78
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCO1K2+o5D5i	216.58.209.78
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	212.30.134.169
hxxp://free.mytransitguide.com/favicon.ico	74.113.235.138
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/button1_1/1471019347967.gif	212.30.134.183
hxxp://free.mytransitguide.com/index.jhtml	74.113.235.138
hxxp://ttdetect.staticimgfarm.com/prd/ttdetect.html?&op=g&cobrand=BNH&xdm_e=http://free.mytransitguide.com&xdm_c=default4346&xdm_p=1
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl	212.30.134.169
hxxp://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEExA26X5iPrlelfWRXSV+Ys=	23.63.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGZimYWX7CS+	216.58.209.78
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM	104.16.25.216
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl	93.184.220.20
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/asset1_15/1471016865981.png	212.30.134.183
hxxp://mytransitguide.dl.myway.com/mirrorCookies.jhtml	74.113.235.138
hxxp://free.mytransitguide.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868192&anxrd=imcrack.ad-jump.com&anxrk=-&anxrm=referral&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=091394C9-D018-47FC-AB78-FA6F5E967ED3&anxe=backFill&anxr=1438916606	74.113.235.138
hxxp://crl.comodoca.com/AddTrustExternalCARoot.crl	104.16.92.188
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/michael.lockwood/assetRebuttal_1/1470778641078.png	212.30.134.183
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio=	23.63.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAisW18hq2CY	216.58.209.78
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0=	23.63.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBW8iC8YNRkC	216.58.209.78
hxxp://ocsp.globalsign.com/rootr2/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm+IHV2ccHsBqBt5ZtJot39wZhi4CCwQAAAAAAURO8EpV	104.16.25.216
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEHoPQd8czRTcsmkpjuIsajU=	23.63.139.27
hxxp://ak.imgfarm.com/images/download/symantec/nortonseal.gif	212.30.134.183
hxxp://free.mytransitguide.com/installError.jhtml?errorType=browser&errorCode=blockedCountry	74.113.235.138
hxxp://fonts.gstatic.com/s/roboto/v15/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff	173.194.113.216
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/background999/1471015850415.png	212.30.134.183
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/crx-tooltab-swap3/BNH.png	212.30.134.183
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH	104.16.25.216
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl	212.30.134.169
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSySC/85E/LNAiBe/rxiqbyloQ6UQQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8CEDY0nhjJnCZptlYubOWtcTI=	23.63.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAMwQYKxJVsR	216.58.209.78
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEDO099rCgtT22XaI8/R3kQY=	23.63.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=	23.63.139.27
hxxp://free.mytransitguide.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868242&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1169750588	74.113.235.138
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/222010004/background999/1458663898223.png	212.30.134.183
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=	23.63.139.27
hxxp://ak.imgfarm.com/images/download/mapsgalaxy/checkbox-large.png	212.30.134.183
hxxp://imcrack.ad-jump.com/
hxxp://free.mytransitguide.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/installError.jhtml&anxl=en-US&anxlv=1476834869133&anxrd=free.mytransitguide.com&anxrp=index.jhtml&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&errorCode=blockedCountry&errorType=browser&anxe=installErrorLanding&anxr=361991559	74.113.235.138
hxxp://fonts.googleapis.com/css?family=Maven Pro:700,900\|Roboto:400,700,900	173.194.220.95
hxxp://crl.omniroot.com/PublicSureServerSV.crl	93.184.220.20
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl	212.30.134.169
hxxp://evsecure-ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBEqAG035RBv1sp8w++6zBg=	23.63.139.27
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/asset1_3/1471015421274.png	212.30.134.183
hxxp://fonts.gstatic.com/s/roboto/v15/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff	173.194.113.216
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHiWTKIt8ymy	216.58.209.78
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEEsY6Q+7vYaPyv66+coRxyE=	23.63.139.27
hxxp://vassg142.ocsp.omniroot.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBTkLVLomfJQOu5CFIgPOR73ljBRHAQU+L36r3N3xscb+UtNEafRM6+vchECFEOZrYpYgDwxeWGj/HetMtWiXvU/	2.20.254.105
hxxp://fonts.gstatic.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff	173.194.113.216
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc=	23.63.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHUW2dw1OuXl	216.58.209.78
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/background/1471015123308.png	212.30.134.183
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCn5KPFJmjBe	216.58.209.78
hxxp://ak.imgfarm.com/images/download/spokesperson/html5/audio/spokesperson.js	212.30.134.183
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAFb1O5EN2Za	216.58.209.78
hxxp://my.pcmaps.net/api/report?type=1&code=Windows 7 Ultimate Edition Service Pack 1 x86 (Build:7601) \| Internet Explorer 9.0.8112.16421
hxxp://ttdetect.staticimgfarm.com/prd/ttdetectUtil.js
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDysFK5r8h11	216.58.209.78
hxxp://su.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSsjeGdqHvYWM4yo25qR2M70nK2oAQURk/B4IjafdN4m8huWS+w5PcdkOICEF5+ixQmE7FVqQByLDZZvTU=	23.63.139.27
hxxp://mscrl.microsoft.com/pki/mscorp/crl/MSIT Machine Auth CA 2(1).crl	93.184.221.200
extended-validation-ssl.verisign.com	69.58.181.71

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBEqAG035RBv1sp8w++6zBg= HTTP/1.1

Cache-Control: max-age = 471678

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 28 Nov 2013 01:44:29 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: evsecure-ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1761

content-transfer-encoding: binary

Cache-Control: max-age=461826, public, no-transform, must-revalidate

Last-Modified: Mon, 17 Oct 2016 08:11:50 GMT

Expires: Mon, 24 Oct 2016 08:11:50 GMT

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

0..........0..... .....0......0...0......l..T.#4...c.K.... *...20161017081150Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313...*.m7..o..|.........20161017081150Z....20161024081150Z0...*.H..............w......).J.kh..,.V.....G..........N......8...u...B.L^'....;-....S./.q.xN..d..1.qan........MS..W.u...q...4.......|a:...D]........s...U/....W.U...H.,.......5.9..k.5[..A.*.ey.k.G...2.C...........&....8.<....O.....o.;.._.2..8...A/5. ..6...s..bn%S.\.._x..."..|....0...0...0.......... .7.$.T.4.....u.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 40.."0...*.H.............0........./..C.n..RRd-G..mB...m.0Q..^f..A...av.9....?Q..(.j(..$..P..?[v....9. ...u....v..-<l....^.Z.C.f.V...$7............G.D.....@T{.....|...msV...{.q...2..y.............".u.d.p.%... U.I.0..0.x.-`..Yi....6.lw<....N.k\.....]s...O... 0....TH.cB.Q.Z...}...p.1....>2 ..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0 ..U....0...0.1.0...U....TGV-C-600...U......l..T.#4...c.K.... *.0...U.#..0.....e......0..C9...3130...*.H.................qL.....R.

<<< skipped >>>

GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Fri, 20 Sep 2013 05:02:11 GMT

If-None-Match: "96d8890beb5ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Thu, 18 Aug 2016 00:36:25 GMT

Accept-Ranges: bytes

ETag: "43ea118de8f8d11:0"

Server: Microsoft-IIS/8.5

VTag: 791324526700000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 550

Cache-Control: max-age=900

Date: Tue, 18 Oct 2016 23:55:00 GMT

Connection: keep-alive

0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..160817211657Z..161116093657Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......90... .....7......161115212657Z0...*.H.............j..~...,.Iq....f.0...?...w..0...%....|..".u.'..u.....K8B2T..5..qJ..5.;...5.....H....Ac=..MH...B.%....=.i....j.k....uU.......d.q.@.nJ.0.V..y.2..5..H....e.#)51o.kr]..L.VI..s....rk.mk&.-.'.N...6QK*Y2d.....f~C.T..D...Hd.....4.dX..zQ...3h/..........W....r..jz..HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Thu, 18 Aug 2016 00:36:25 GMT..Accept-Ranges: bytes..ETag: "43ea118de8f8d11:0"..Server: Microsoft-IIS/8.5..VTag: 791324526700000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 550..Cache-Control: max-age=900..Date: Tue, 18 Oct 2016 23:55:00 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..160817211657Z..161116093657Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......90... .....7......161115212657Z0...*.H.............j..~...,.Iq....f.0...?...w..0...%....|..".u.'..u.....K8B2T..5..qJ..5.;...5.....H....Ac=..MH...B.%....=.i....j.k....uU.......d.q.@.nJ.0.V..y.2..5..H....e.#)51o.kr]..L.VI..s....rk.mk&.-.'.N...6QK*Y2d.....f~C.T..D...Hd.....4.dX..zQ...3h/.......

<<< skipped >>>

GET /pki/crl/products/WinPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 01 Oct 2013 05:02:51 GMT

If-None-Match: "8071417b63bece1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 02 Dec 2015 18:30:06 GMT

Accept-Ranges: bytes

ETag: "0cb60772f2dd11:0"

Server: Microsoft-IIS/8.5

VTag: 279207026700000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 530

Cache-Control: max-age=900

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

0...0.....0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..151202080000Z..430418080000Z.A0?0...U.#..0.......p............<.J0... .....7.......0...U......90...*.H..............I...MYp.....yh..$3..F.D....Qe]....~...>.Ye.h...L.nQ..091.=.G..s.D.........g)...4.'........B....l#....c...e..U......Z .[.,.x..h:M~..mS./p..F......l.G.H<.".y.B.5.."\|.Hi`N=j.....;w.......o.*......C)....U..3Mt.}......X......H.....|d...s..`.8F.l.......R.C........

GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 29 Oct 2013 05:02:50 GMT

If-None-Match: "b8b5df1d64d4ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Tue, 27 Sep 2016 05:00:38 GMT

Accept-Ranges: bytes

ETag: "773de167c18d21:0"

Server: Microsoft-IIS/8.5

VTag: 438422257000000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 554

Cache-Control: max-age=900

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..160926163316Z..161226045316Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......a0... .....7......161225164316Z0...*.H.............&............G.$.-..dc.....7.m..N.`.U......^F.V....%ej..p4...>.[)0.......Z..v.../..b-.....v.A$......z.k.U....@S.._...I.........h*@6.)WM..u....I....ew.7...._.....Y...iFWaQ.}....X.........Y.!..J.j*............<L......L,...Y...c...:.WE..C..Q..|G....j<..z~6q......

GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1

Cache-Control: max-age = 808

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 09 Oct 2013 05:02:17 GMT

If-None-Match: "9c3f3dbaacc4ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Tue, 06 Sep 2016 05:01:54 GMT

Accept-Ranges: bytes

ETag: "6b18dc9fb7d21:0"

Server: Microsoft-IIS/8.5

VTag: 438846125700000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 813

Cache-Control: max-age=900

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....microsoft1-0 ..U...$Microsoft Root Certificate Authority..160905204847Z..161205090847Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..%..*..S.Y..0... .....7.......0...U......00... .....7......161204205847Z0...*.H.............".....s..B#.bK..Hv...m,x..e.ec..j...y....6.e......Cp.....7G.0..AH..A.e......I...j....W.obU0.?.....Q.#.\.t..v.4E.......jF.Zm....u...P....88.....nC./.._2&.. .h....Q..z{wl.....?...M..'..s[..\M.t....J.Vb..,G..t....nk._...t.T.c[...kKW&D...#.."9.....X./.w.....%..0....K%.H...x.%..'..}.....P.3;.Y...pe z.!...:X..f..r..i1...F...0.......2.~x.n.R.E...' ..>.)...}GT...>...P.^..]....{..> 2..N.m....!..1gL..jl@...B..5.o....s..6...d..N.u...|%.q..-../.....(.Xm.X...r9...........[.DQ.......Y..;.. U.......xu-%*.-....~..$U.../...HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Tue, 06 Sep 2016 05:01:54 GMT..Accept-Ranges: bytes..ETag: "6b18dc9fb7d21:0"..Server: Microsoft-IIS/8.5..VTag: 438846125700000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 813..Cache-Control: max-age=900..Date: Tue, 18 Oct 2016 23:55:01 GMT..Connection: keep-alive..0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....microsoft1-0 ..U...$Microsoft Root Certificate Authority..160905204847Z..161205090847Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..%..*..S.Y..0... .....7.......0...U......00... .....7...

<<< skipped >>>

GET /api//send HTTP/1.1

Connection: Keep-Alive

Accept: */*

Referer: hXXp://VVV.facebook.com

User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Server: 8A1KWS0VvVvS1KwfZEU2OjqEO2QytEYfHy7EYfqyGEXftyiEefQymEU2GyEV0ftyaEQfGyQEafHyGE227yYEtfayAjZE4fTyQVs2tjoVvfXyeE4fTytV12QjZEwfTy5Vk2PjvVG2qj3VlKYFoOuSHA3NPSPACNaSZAoOyS1ABA3NPS7AHNlKbAWN3S3A4NWSZAoORSvAvN7SMFQOlKsAsOaKMFkOASYA4NkS1A3OQKqFaOtKWFMOiK1KlAaN4SXAQNvSeAMOFSoFMOiKoFXNXSZAaN1KsFMO1K0FMOqSvAQNXSoF3O1KoFHOZEl2Hj0V020jij3VvfXyZEvfPyZEo20jvVvfXytE4fTyaVY2mjYV12TyfV7fOu

Server-Key: fFyOEKpU2AjNVS9DzLugb5hR6JxIdcnrTMvoClZ1WiBk40PH7GQateYqX3ws8m

Host: api.faceboolad.com

HTTP/1.1 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Length: 326

Content-Type: text/plain; charset=gb2312

Expires: -1

Server: Microsoft-IIS/8.5

Server-Key: 6yMPmIpEqY7aorGt42i1ezSCjWsVLNdb0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 18 Oct 2016 23:54:12 GMT

[CODE]6yMPmIpEqY7aorGt42i1ezSCjWsVLNdi7fM5M27F7fMB7fMt7fMB7fMM7fMF7fM5M27B727kM27q7275M27o7fMRMfMF7fMF7fMt7fMp7fMRMfM5M27B7275M27M7fMj7fMz7fMt7fMB7fMRMfMv72787fMD7fMo7fMj7fMM7fMB7fMRMfMkMfM57fMq7fMHMfMD7fMv727W7fMt7fMF7fMB7fMv727B7fM77fMo7fMRMfMv727F7fMM7fM87fM87fMRMfMF7fMF7fM87275M27e7J7b0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA[CODE]HTTP/1.1 200 OK..Cache-Control: no-cache..Pragma: no-cache..Content-Length: 326..Content-Type: text/plain; charset=gb2312..Expires: -1..Server: Microsoft-IIS/8.5..Server-Key: 6yMPmIpEqY7aorGt42i1ezSCjWsVLNdb0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:12 GMT..[CODE]6yMPmIpEqY7aorGt42i1ezSCjWsVLNdi7fM5M27F7fMB7fMt7fMB7fMM7fMF7fM5M27B727kM27q7275M27o7fMRMfMF7fMF7fMt7fMp7fMRMfM5M27B7275M27M7fMj7fMz7fMt7fMB7fMRMfMv72787fMD7fMo7fMj7fMM7fMB7fMRMfMkMfM57fMq7fMHMfMD7fMv727W7fMt7fMF7fMB7fMv727B7fM77fMo7fMRMfMv727F7fMM7fM87fM87fMRMfMF7fMF7fM87275M27e7J7b0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA[CODE]....

GET /api//send HTTP/1.1

Connection: Keep-Alive

Accept: */*

Referer: hXXp://VVV.facebook.com

User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Server: cPFsBkrg15wgFs6cLKtGyG0ctS2szczKlsnczKfs7ciKnsrc0K2sUc4SosZgwKnsfcnKosWc7Kls7cKSzs2c2K0s5gLKjs9czSUGzGwgLKNsocBKFs7pFkf5D4XkAXQpbk05wpjk65zpYynXA4Hkr5upbkb5xpokL5A4ck15jpok85bplkYyM5Bpuku5jpBkL5A4VkF5Fp2kDXz4YyU5U4oyDXq45kn5jpqk15u4zy7Xo4WyBXD4wyAXApuk25npzpFkf5D4XkAXD4wyAX6p6kL5op1yUXFs9cBKFsWg1SfGogLKNs9cLKjs9cwS0Grg0SqGwguSFs6cLKLKjs9c1SqGBgLKNszcBKFsugzSUGWgASFs6cWKXE

Server-Key: Xs4cyKtZ5GpgkSRJaEmHPMVQCvhTeOdID9AFYx1LwBq8ljrb02ozfW7nu6UN3i

Host: api.faceboolad.com

HTTP/1.1 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Length: 326

Content-Type: text/plain; charset=gb2312

Expires: -1

Server: Microsoft-IIS/8.5

Server-Key: D6smHbt9nW4ajPMEBhUzrV0oZYf3LT85Cqw7v2RekGFJOpQXdlugINcxKSiy1A

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 18 Oct 2016 23:54:33 GMT

[CODE]D6smHbt9nW4ajPMEBhUzrV0oZYf3LT8mndnSntnBndn2ndnxDdn2ndnindnBndnSntnJntnRntnhntnSntnfndnendnBndnBndnxDdnWndnendnSntnJntnSntnindnxndnrndnxDdn2ndnendnbntnuDdnQndnfndnxndnindn2ndnendnandn7ndnRndnpndnQndnbntnzndnxDdnBndn2ndnbntn2ndnjndnfndnendnbntnBndnindnuDdnuDdnendnBndnBndngntnSntncDHn5Cqw7v2RekGFJOpQXdlugINcxKSiy1A[CODE]HTTP/1.1 200 OK..Cache-Control: no-cache..Pragma: no-cache..Content-Length: 326..Content-Type: text/plain; charset=gb2312..Expires: -1..Server: Microsoft-IIS/8.5..Server-Key: D6smHbt9nW4ajPMEBhUzrV0oZYf3LT85Cqw7v2RekGFJOpQXdlugINcxKSiy1A..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:33 GMT..[CODE]D6smHbt9nW4ajPMEBhUzrV0oZYf3LT8mndnSntnBndn2ndnxDdn2ndnindnBndnSntnJntnRntnhntnSntnfndnendnBndnBndnxDdnWndnendnSntnJntnSntnindnxndnrndnxDdn2ndnendnbntnuDdnQndnfndnxndnindn2ndnendnandn7ndnRndnpndnQndnbntnzndnxDdnBndn2ndnbntn2ndnjndnfndnendnbntnBndnindnuDdnuDdnendnBndnBndngntnSntncDHn5Cqw7v2RekGFJOpQXdlugINcxKSiy1A[CODE]....

GET /api//send HTTP/1.1

Connection: Keep-Alive

Accept: */*

Referer: hXXp://VVV.facebook.com

User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Server: yCeMZGjKRKfticmyeM3F8tSM8FuybMzc0yjMzcQcSyAMzc0yBMjcdy8qXc4tfMzcQyzMXcbySMVcSyMqucjyjMBcKteMvcsHl9cCXKZ9RJdHu8fJsHS9Z9lGsHl8RJOKv9VGRKr9bGbKs8uJNHO9WGSKv92GiKl9iGNHF9sG2Kl9rGjK09oJ5KZ9lGlKv9ZGeKNHC9eGnK29oJjHs8HClHQ8oJfH89uG2KB9sGdHb8XJBHu8vJsH08RJoKX9vGmKu9iGQKN8HGicpyZMeMSFXtsqbFpycqicpyZMicbtRqQFXteM6cpyeMvcpyfqBF0tBqWFftlqicmyeMicryeMsFVtiqicmybMZMicltuqdFbtsqicmybMHh

Server-Key: cHy8MJ43FKt9qGEPhw1k5CTaOYgI7DxUpNisnoeRZf2WvVr0jBuXbQzSml6dAL

Host: api.faceboolad.com

HTTP/1.1 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Length: 326

Content-Type: text/plain; charset=gb2312

Expires: -1

Server: Microsoft-IIS/8.5

Server-Key: xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuW9epiLdnCj1HF24GElDk37XzTbacoOA

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 18 Oct 2016 23:54:53 GMT

[CODE]xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuWV9V2VdVCVZVDVZVMVZVDVZVTgZVCVZV2VdVxZZV3gdVlVdV2VdVgVZVEVZVCVZVCVZVMVZVpVZVEVZV2VdVxZZV2VdVTgZVhZZVzVZVMVZVDVZVEVZV5VdVXgZVlgZVgVZVhZZVTgZVDVZVEVZVjVZVBVZVzgZV5VZVlgZV5VdVwVZVMVZVCVZVDVZV5VdVDVZVYVZVgVZVEVZV5VdVCVZVTgZVXgZVXgZVEVZVCVZVCVZVpVdV2VdV4VZVW9epiLdnCj1HF24GElDk37XzTbacoOA[CODE]HTTP/1.1 200 OK..Cache-Control: no-cache..Pragma: no-cache..Content-Length: 326..Content-Type: text/plain; charset=gb2312..Expires: -1..Server: Microsoft-IIS/8.5..Server-Key: xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuW9epiLdnCj1HF24GElDk37XzTbacoOA..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:53 GMT..[CODE]xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuWV9V2VdVCVZVDVZVMVZVDVZVTgZVCVZV2VdVxZZV3gdVlVdV2VdVgVZVEVZVCVZVCVZVMVZVpVZVEVZV2VdVxZZV2VdVTgZVhZZVzVZVMVZVDVZVEVZV5VdVXgZVlgZVgVZVhZZVTgZVDVZVEVZVjVZVBVZVzgZV5VZVlgZV5VdVwVZVMVZVCVZVDVZV5VdVDVZVYVZVgVZVEVZV5VdVCVZVTgZVXgZVXgZVEVZVCVZVCVZVpVdV2VdV4VZVW9epiLdnCj1HF24GElDk37XzTbacoOA[CODE]....

GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM HTTP/1.1

Cache-Control: max-age = 10800

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 08:39:04 GMT

If-None-Match: "06a163dbd612a346836873636bdef55a96277740"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.globalsign.com

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:55:02 GMT

Content-Type: application/ocsp-response

Content-Length: 1518

Connection: keep-alive

Set-Cookie: __cfduid=d975481d0f654520f877d50caea5b10371476834902; expires=Wed, 18-Oct-17 23:55:02 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Tue, 18 Oct 2016 21:30:17 GMT

Expires: Sat, 22 Oct 2016 21:30:17 GMT

ETag: "257c1131a25b2609ecae361ba0598bd5f556df9a"

Cache-Control: max-age=10800,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 2f3feb3e61464008-SOF

0..........0..... .....0......0...0.......ue......$I1......dO..20161018213017Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K......../N.E.....20161018213017Z....20161022213017Z0...*.H...............O<....2.....D5n..d...z.Qjt.O..H..A?..{. cz>.....O.....JS.jrX..X.:...!........9{..........k..Z3'..^^.6......_.H...e.0ao8||C...X8..]...............2..4..>..v.:i\{.._.8K.3.1...............ekQU.....f....s...74....$....?#.%....d..H...../.o}.._MT8N.....G6..P....0...0...0..........H.i..E...\...I0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...160807000000Z..161115000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R1 - Signer 1.20.."0...*.H.............0.........ga..)..*.n/X..z.<.....E'..rB(Z\'1..,....g.e.{.}...4...8.sU....@...h.3D.C......i.LKu..7..uv.#...3hN....1.-..u[.........D../jS.....`....#.M.vm.:Pj~.t].Fq......B.M.NI~H`..L.n....2.W.....f_>5b. ....]......p.6.E. ..P..a....Y......W.......:....K.~..2%G......^0.........0..0...U...........0...U.%..0... .......0...U.......0.0...U.......ue......$I1......dO0...U.#..0...`{f.E....P/}..4....K0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H..............$..L...N.x4..FX.j.u.......;.0..>.C)9........z....n..k,....f...K....A...a..@...b.qZ....Z......4.L.i...=.C.....0(*....................1..R.B|..Zn..u.......=2H..^..63.......?!_s..b]J...._...o.B..P...H. .s7..s.~..P..@...S...l..9.....$.....3....P6.'.$.........

<<< skipped >>>

GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH HTTP/1.1

Cache-Control: max-age = 10800

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 07:50:34 GMT

If-None-Match: "6b9ba9eca642c891cc02365fc6161341647bd9fc"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.globalsign.com

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:55:02 GMT

Content-Type: application/ocsp-response

Content-Length: 1518

Connection: keep-alive

Set-Cookie: __cfduid=d975481d0f654520f877d50caea5b10371476834902; expires=Wed, 18-Oct-17 23:55:02 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Tue, 18 Oct 2016 21:13:10 GMT

Expires: Sat, 22 Oct 2016 21:13:10 GMT

ETag: "1acc958039cac58f38ed73070a4ab877c9948adb"

Cache-Control: max-age=10800,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 2f3feb3eb15b4008-SOF

0..........0..... .....0......0...0.......ue......$I1......dO..20161018211310Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K........DN.BG....20161018211310Z....20161022211310Z0...*.H..............0C-}..Z.2..H.B(~......h9i. .Q..].D.^g~.nRi..O.y.V..v.....W.......:.."....X.oc....F...;..3....Ip.8d.Z.....]g......$.z.....G...sP./...E&....{*.%.$".L.R5G'.^i..|..8.K...G.)._......z.;4-..v.F. ..0...M..1u.e$...?...}...T..@.I.r...]..xm.f......b..M...*'l...........0...0...0..........H.i..E...\...I0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...160807000000Z..161115000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R1 - Signer 1.20.."0...*.H.............0.........ga..)..*.n/X..z.<.....E'..rB(Z\'1..,....g.e.{.}...4...8.sU....@...h.3D.C......i.LKu..7..uv.#...3hN....1.-..u[.........D../jS.....`....#.M.vm.:Pj~.t].Fq......B.M.NI~H`..L.n....2.W.....f_>5b. ....]......p.6.E. ..P..a....Y......W.......:....K.~..2%G......^0.........0..0...U...........0...U.%..0... .......0...U.......0.0...U.......ue......$I1......dO0...U.#..0...`{f.E....P/}..4....K0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H..............$..L...N.x4..FX.j.u.......;.0..>.C)9........z....n..k,....f...K....A...a..@...b.qZ....Z......4.L.i...=.C.....0(*....................1..R.B|..Zn..u.......=2H..^..63.......?!_s..b]J...._...o.B..P...H. .s7..s.~..P..@...S...l..9.....$.....3....P6.'.$...........

<<< skipped >>>

GET /rootr2/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm+IHV2ccHsBqBt5ZtJot39wZhi4CCwQAAAAAAURO8EpV HTTP/1.1

Cache-Control: max-age = 10800

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 08:41:57 GMT

If-None-Match: "682f048b8d31cb3f1cc888edf96fec2777d7e64b"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.globalsign.com

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:55:02 GMT

Content-Type: application/ocsp-response

Content-Length: 1507

Connection: keep-alive

Set-Cookie: __cfduid=d975481d0f654520f877d50caea5b10371476834902; expires=Wed, 18-Oct-17 23:55:02 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Tue, 18 Oct 2016 22:49:23 GMT

Expires: Sat, 22 Oct 2016 22:49:23 GMT

ETag: "334916d0bb4c722abbed7a67dfa3cf398d236868"

Cache-Control: max-age=10800,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 2f3feb3f01714008-SOF

0..........0..... .....0......0...0...........1.IVp*.@N~.......20161018224923Z0n0l0D0... .........\.1n........U.:.yB......Wg...j..Y..-.............DN.JU....20161018224923Z....20161022224923Z0...*.H..............:c.!`4.&lo..P..c0.=..{, &.....s....f.. .B....../U...p2.A...=.qNq.4w.........U<...J=..t2.@kw0...f..........3.w..P?z0...L.K5z."..........B}1./.....6....Ez=.....K0.:R).Iiy.....".Z....D...C...@...QZbtPE.wZ...-Q.=....h........u.,.f..w0.Z...._.8.{..Vi}.m.a8Z..'....0...0...0..........H.j...N... .<i0...*.H........0L1 0...U....GlobalSign Root CA - R21.0...U....GlobalSign1.0...U....GlobalSign0...161007000000Z..170115000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R2 - Signer 1.10.."0...*.H.............0.........N.......B>.|..S...@.......C.a.C.........V...Cf|G.....,......|.b..K.T.x<L.K...6Q..zeh.....Zd.n...0km86...\...n..v..O.......9...)...|...#.....j.......%W..vH`..Z.=..1[.d.y...)..n.&3,Z...#..Q....A.&...i..r"0.!6.g._..7...&.]..4 .$........IG..sw.....c.J.../.7b.........0..0...U...........0...U.%..0... .......0...U.......0.0...U...........1.IVp*.@N~.....0...U.#..0......Wg...j..Y..-.....0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H.............s2..o"..2]=~.=..K.D...{n......,hd.....~TKr.R...K..u.&....lx...^.G...n9.x..~..o.R..:...\I..c<.]I..Ps..uh...<.(..HnJT....m..o.f%..'4^.)...z.-...$s.iI......M....B..3y./..3. .]2.......v.-.l...,..r.k.{^.OW!.......b.k......_Px'....IF............m.(.~.:...r#t#[.3..

<<< skipped >>>

GET /images/vicinio/dsp-images/michael.lockwood/assetRebuttal_1/1470778641078.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 09 Aug 2016 21:37:20 GMT

ETag: "85a217-15af-539aa56665f89"

Accept-Ranges: bytes

Content-Length: 5551

Cache-Control: max-age=309362158

Expires: Fri, 07 Aug 2026 21:37:20 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

.PNG........IHDR...,...........^8...vIDATx...kl.e.._iKO@....P..B.-.r>...2.3....c...$....;...5a.w2fg>..YW..j\.E.......|XO...v9.C.li;{.z......P........L`...\.^.}_..D".........................2#.!C&W[..NT..H. ....e.......I..)Ie..dBH...P.h...Ky]NR......b.....N..-..tM..HMK.r...D.l.;..%%.!.2.-.#. ..,..]]....%..[w_CR\A......(%&..d.d.dKrLr.!1O...,...%.Q....k.H...^...j.\..S..X...q.B......P.c..h.'.L.i.}iq.-.c*.h..K?_T.B.....C)2)6.`2QRj2I...2..5W..q..h..l..p....W..T......t.J."...........&.$.&... ..Z.z.P.8Uj.I..l..t..R..5"VK. .U...c..%b...!T..5.....d.d.d.!$...suX-.9Sj.Bjw..r...X.....V...{VA...5p...4.p.!...4.d.."..&KL..,#....R...&.H..........U,...EZzO Ta....`.&..i%.."........g..j.:.z.5&kM..BB.Z..z...R.KE`.R..R..R.%.H.m...eia%...4OV.JV...%..`...._z.._.8p......O{{...}mmm......K..Mt-Jm6.<xpWss...v.......#.]..U.I M..&.)......]e.:VwV........f....|...m..]:.........G....:...5kk..p..={..5mk[j|..i.....a...B.|..]..Isd..X.*))i...?|..c.. (.a#.....w.{..;m.{.*......c.e.. U.^.Rp.l.........-[..{.......`xaj.y.....Z...i...ji8Z.e..,......i...F.=Uhll.`..o...._......64.Ib.8.D..wYIa....A...%....N..8{......wv..W.0...={.....y...qA..!K\..,.ta%...1r_.X...'..|..W|...............#...... ]..v'..e.j7.....k._#@.......tY......0C........(C..~.d..f,imme.. .hkk{[......"qD.Z...>V4ae.Q....s....;..W..?tvv......e..q...B...g.V..Se...d..x..).B....Y....T..&.#...........U..]..Fu]]]g.....S.g...E..X9j.=ta.{.s...R9..-k.z..........'..#r.....k.'..%.Ij......a..........$..t'......<)...#..v.2y..\y..:..=.W..w.j....'..B=......V.L.....*........ n..\..NV...a.bia.

<<< skipped >>>

GET /anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868192&anxrd=imcrack.ad-jump.com&anxrk=-&anxrm=referral&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=091394C9-D018-47FC-AB78-FA6F5E967ED3&anxe=backFill&anxr=1438916606 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: free.mytransitguide.com

Connection: Keep-Alive

Cookie: sessionData="ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="; anx="

HTTP/1.1 204 No Content

Date: Tue, 18 Oct 2016 23:54:28 GMT

Server: Apache-Coyote/1.1

Via: 1.1 VVV.mapsgalaxy.com

Content-Length: 0

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

....

GET /installError.jhtml?errorType=browser&errorCode=blockedCountry HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: free.mytransitguide.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:54:28 GMT

Server: Apache-Coyote/1.1

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Expires: -1

Cache-Control: no-store, no-cache, must-revalidate

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Type: text/html;charset=UTF-8

Content-Language: en-UA

Set-Cookie: sessionData="eM8hGio79AhShEic3iyflDqBDEWs0qHfCkXaLgses0EowfzQMAz7Spf5cdb4uN yb9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlT5YmMQwFlCvR5hn6iYMaMPblvFok1L/uyROAZ4/H5ml2w0coDerWYSusuZsNWOS4Uw/YAb7w35L7Jn5kaZtkCgF5yP6Eh0f PwQ8lXGEDaf7r8WP7z4uyjeW3BC0l3kswI6qbLTs5/lcidHLJAKWvAMzBuHgzE5peSufxGV90jebaNwsedd32MQE6Ck2T7xP 91B2By gwEyvKWzDA/E2W Ojq92fB FumE956LuEhkV qiV/RoSReyMIYDxTSkY8/v1OpT7cPdbRSIod021Qb0mWGKtM0vyOHoxhBIQEEg Tgoa/QIH r21bW9EdgpgW05o5Cn3JjGhxk0LeAFUJ4j bX4RqCA0EGE/TaqQCWxS/6KurG7Uqdju1OxmZeNOU0x/4biAuF7mTNWiyc5MisutUv7d7pbIqRp182dUKo9Hn898aMj3DzSC7jYIVueiYNzm9DepmxqIcGnVdVfC1NWkT3JCtbm0NhR0894bR33UEjADKa4FkUpOmSiNZK tklb25Sa48J409tpDt0DsDPYsDEOyAQI52oGLmCJicWeRUZmv/Zz8U7UHNXXJbaQBjassYTEWh/jRICH5VbMv20BqiDkstX9eoE3WpJ2PL1qThTGGtNpdhTn8XXuP4pQ NQFTMS65B0WHK9Uh/IDfSGw=="; Version=1; Domain=.mytransitguide.com; Path=/

Set-Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en_UA; Path=/

Set-Cookie: anx="u=A21D5714-8440-42E1-A400-95A248EEA772&fv=1476834868192&lv=1476834869133&nv=4&t=-&v=-&p=-&si=-&sn=dubprdsndlbfe45.dub.jabodo.com&od=imcrack.ad-jump.com&op=-&ok=-&om=referral&ob=-&oc=-&os=-&w=1276&h=846&cd=24&f=10.0&g=-&xad=MyTransitGuide&xlang=en&xrp=^BNH^orgyyy^S18478^ua&xrt=S18478&xuer=1&xgc=false&xrco=BNH&xrca=orgyyy&xrcc=ua&xkw=Transit Guide&tbGuid=26D30FD4-B3DF-4784-895E-E537F71AD018&xh=8681&xi=MSNI&xtp=vhigh&xp=vicinio&xtt=template_new&xpp=^BNH^orgyyy^S18478^ua&xs=29954&xt=intdefault&xcid=4dff599246e047698ff2f0ebb1fd4041&xx=install&xracl=&xckoid=&xgds=&xmvte=&xit=&xmvtv=&xmvtt=&xckid=&xrm=&xrs=&xnt=&xft=&surveyUrl=&xct=&xiad=&xbkw=&xg=&xn=&xu="; Version=1; Domain=.mytransitguide.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:29 GMT; Path=/

Via: 1.1 VVV.mapsgalaxy.com

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Transfer-Encoding: chunked

a..............2000.....z... .[y.....oHY$ER..=.%y....^K..]........l...C.]..... .....>..lg<I#...C.P.*...?..._....N^._...S6..>{.....cVi...u.x}............l....D^....__?...*.8....___7.7.Ax.~.f..a........M7v O.j.{3.'Q7.N{ooO..`.}..\v |.x{...../3... .L......../.].."...,......."a.(...O.N....<.8bH.......V..I.'q..v. l .......H..6.9a..........^.m..p.c....^<k.V.z.....n%..A.. &.7q.M...... V......ON.0.............,..$N.(2..a.1..Ox....:B...-.,2..........@.L...&.f..p.g..........s._...8u...7".zC.}.....A..M.. .zV.......N.]q..r...h.gKT."../...@.j...._.a.0..}.C....w9J..1Ng....U...g. ....$.p]$4.....fB.$z...K......2!..!..n......|.a.Fk$..V>H..>(.W......C...........C.......<.......g{T1e.N99..N}>..D.]~.,...x.Hv.2.S....ut.F.......:N3....E1.^ ..d.."`..}'....!...%MH.I6.k....... ..`j2;....d..q0I...$8?:?}y......*.I...a7v.`..X.....y<...........n...2.......vE4ucW.3...%..Zg~Fw...!.v.....'..9.O.m:....c.-... N.]..[$BL.....i.A...nk......j.....2o.nMD.%.)j8.h...(P..@.R.0Q.O...........Q....7..a.L.4.....u2....MxN.S.G.. 0.x.........0xJ..F...uF...>,.%I.......AF.u..DI] .s4.7Z..o..J........aV..._....g2..T.[....2..w.......!iO....y...Q......w.%....0R.Q.a0....6..&<......#..L......4sUQR......q....V.gD.Y.a.S0..qW..`.T..pc.m.......aU.G...u4.?P..w.1H.."|_I^h.d.......W....9(...5...s..X..@.{B.l...8....X6.....P.R.F{ -..9.......&..E.L3....d.......0E........ M....5.y.y...w.!.(Y.C...Z..dA.M....Sd.0,..E....Q.nq..kM..b..s....M.....@cq.X9.....)3y...z%...........,...>..Os..x..=.`hY......L.T|...U....v.3.`x.P#.M....a..i.........6M.

<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: free.mytransitguide.com

Connection: Keep-Alive

Cookie: sessionData="eM8hGio79AhShEic3iyflDqBDEWs0qHfCkXaLgses0EowfzQMAz7Spf5cdb4uN yb9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlT5YmMQwFlCvR5hn6iYMaMPblvFok1L/uyROAZ4/H5ml2w0coDerWYSusuZsNWOS4Uw/YAb7w35L7Jn5kaZtkCgF5yP6Eh0f PwQ8lXGEDaf7r8WP7z4uyjeW3BC0l3kswI6qbLTs5/lcidHLJAKWvAMzBuHgzE5peSufxGV90jebaNwsedd32MQE6Ck2T7xP 91B2By gwEyvKWzDA/E2W Ojq92fB FumE956LuEhkV qiV/RoSReyMIYDxTSkY8/v1OpT7cPdbRSIod021Qb0mWGKtM0vyOHoxhBIQEEg Tgoa/QIH r21bW9EdgpgW05o5Cn3JjGhxk0LeAFUJ4j bX4RqCA0EGE/TaqQCWxS/6KurG7Uqdju1OxmZeNOU0x/4biAuF7mTNWiyc5MisutUv7d7pbIqRp182dUKo9Hn898aMj3DzSC7jYIVueiYNzm9DepmxqIcGnVdVfC1NWkT3JCtbm0NhR0894bR33UEjADKa4FkUpOmSiNZK tklb25Sa48J409tpDt0DsDPYsDEOyAQI52oGLmCJicWeRUZmv/Zz8U7UHNXXJbaQBjassYTEWh/jRICH5VbMv20BqiDkstX9eoE3WpJ2PL1qThTGGtNpdhTn8XXuP4pQ NQFTMS65B0WHK9Uh/IDfSGw=="; anx="u=A21D5714-8440-42E1-A400-95A248EEA772&fv=1476834868192&lv=1476834869174&nv=5&t=-&v=-&p=-&si=-&sn=dubprdsndlbfe45.dub.jabodo.com&od=imcrack.ad-jump.com&op=-&ok=-&om=referral&ob=-&oc=-&os=-&w=1276&h=846&cd=24&f=10.0&g=-&xad=MyTransitGuide&xlang=en&xrp=^BNH^orgyyy^S18478^ua&xrt=S18478&xuer=1&xgc=false&xrco=BNH&xrca=orgyyy&xrcc=ua&xkw=Transit Guide&tbGuid=26D30FD4-B3DF-4784-895E-E537F71AD018&xh=8681&xi=MSNI&xtp=vhigh&xp=vicinio&xtt=template_new&xpp=^BNH^orgyyy^S18478^ua&xs=29954&xt=intdefaul

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:54:28 GMT

Server: Apache-Coyote/1.1

Accept-Ranges: bytes

ETag: W/"894-1476801494000"

Last-Modified: Tue, 18 Oct 2016 14:38:14 GMT

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Type: image/x-icon

Via: 1.1 VVV.mapsgalaxy.com

Keep-Alive: timeout=5, max=98

Connection: Keep-Alive

Transfer-Encoding: chunked

a..............e7..c``.B... )..... ......@!....8..sC0........DX........~.......(u.._d.@..M?.Zv...DX...@.i...... ..b.....|......D@.....4.Q.G.[..0. ..:.b2.z.-@)..H8...T..._....."...&'.........l.........z..,........10.930....@v..P.H......i?..7O...4.~.....0..HTTP/1.1 200 OK..Date: Tue, 18 Oct 2016 23:54:28 GMT..Server: Apache-Coyote/1.1..Accept-Ranges: bytes..ETag: W/"894-1476801494000"..Last-Modified: Tue, 18 Oct 2016 14:38:14 GMT..Content-Encoding: gzip..Vary: Accept-Encoding..Content-Type: image/x-icon..Via: 1.1 VVV.mapsgalaxy.com..Keep-Alive: timeout=5, max=98..Connection: Keep-Alive..Transfer-Encoding: chunked..a..............e7..c``.B... )..... ......@!....8..sC0........DX........~.......(u.._d.@..M?.Zv...DX...@.i...... ..b.....|......D@.....4.Q.G.[..0. ..:.b2.z.-@)..H8...T..._....."...&'.........l.........z..,........10.930....@v..P.H......i?..7O...4.~.....0..

GET /CRL/Omniroot2025.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sat, 16 Nov 2013 06:15:02 GMT

If-None-Match: "200da-5b6-4eb453c33260e"

User-Agent: Microsoft-CryptoAPI/6.1

Host: cdp1.public-trust.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Date: Tue, 18 Oct 2016 23:55:00 GMT

Etag: "200c0-b1c-53e9a04540058"

Last-Modified: Tue, 11 Oct 2016 17:15:02 GMT

Server: ECS (arn/45CB)

X-Cache: HIT

Content-Length: 2844

0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root..161011160654Z..170106160654Z0.._0....'k...120111220757Z0....'k...120111220847Z0....'.C..130130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140212185542Z0....'yr..150701184507Z0....'#...100303201301Z0....''q..100414175202Z0....'L...110224181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..101208175749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..110815145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...120111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....100216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..101208175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...111207220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...130123162633Z0....'....130904190524Z0....'....131024214319Z0....'....140129172435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...140709171930Z0....'/:..141119193302Z0....'J...150603184605Z0....'k...150603185020Z0....'k...150603185058Z0....'k...150603185131Z0....'k...120111220827Z0....'8...140716191203Z0....'....131219195909Z0....'....140219171545Z0....'k...151105070000Z0....'q...160126173

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEExA26X5iPrlelfWRXSV+Ys= HTTP/1.1

Cache-Control: max-age = 444549

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 11 Oct 2016 13:33:22 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: sf.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1725

content-transfer-encoding: binary

Cache-Control: max-age=502817, public, no-transform, must-revalidate

Last-Modified: Mon, 17 Oct 2016 19:34:12 GMT

Expires: Mon, 24 Oct 2016 19:34:12 GMT

Date: Tue, 18 Oct 2016 23:55:04 GMT

Connection: keep-alive

0..........0..... .....0......0...0.......].[ .A.|1.rC_H.5F....20161017193412Z0s0q0I0... ...................F....0.yV......{&.K......&.......L@......zW.Et.......20161017193412Z....20161024193412Z0...*.H..............y}...^....'....?...<..hc.............$-...L..I.0...n<z._...x.qF....Y..x...-.......8.........g.e9..=..2....%.bX8S,s^.K#.C.-%..o...'d.......;f\ .*.....y .XS-..hr..G"G.....x.2G`............P}...>.SW q.}...8.VX..,!.n..O.w%...s..u(r......1.a<.!.&..9K..Co.{?.,0....0...0...0...........3..-......F....0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...160928000000Z..161227235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0..........0CTS.....D7.=.s/..|..P...mS.....,.,).?C..r8.H...]....R.&....#..}.[G8C.|P.Z...[........Y.m..5...#.{yp^d;..^.=c~}P5.....=0...U..."!j.1.(.Q...n....O3.-:.R.;..A...............}.......JN..1E....I..!.y.:u.Jw..S......8.s..P..d........ ..t.u......X.cM...N:."a ...........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-D-21700...*.H.............h.S...i..v...l.p,'JO....*.mGF`...(..MU|.vn.....*.^.2...

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEHoPQd8czRTcsmkpjuIsajU= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: s2.symcb.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1761

content-transfer-encoding: binary

Cache-Control: max-age=382579, public, no-transform, must-revalidate

Last-Modified: Sun, 16 Oct 2016 10:07:20 GMT

Expires: Sun, 23 Oct 2016 10:07:20 GMT

Date: Tue, 18 Oct 2016 23:54:29 GMT

Connection: keep-alive

0..........0..... .....0......0...0......l..T.#4...c.K.... *...20161016100720Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..z.A......i)..,j5....20161016100720Z....20161023100720Z0...*.H.................6........(...UG..d.X0...Y^./.S.S]K.y....Q....]...UI..(8.f...!....gA...-...:.^cD.L.5)y...L....P....).rD...t........K..A\\.....\.%.N.....[CT}...,r2.mE8sC.<^6..X.#.:9*&..OY...=0.|......x...d*Kj.......dc.ZM....)..:...b... V5..K...j......t.......=p...xT........0...0...0.......... .7.$.T.4.....u.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 40.."0...*.H.............0........./..C.n..RRd-G..mB...m.0Q..^f..A...av.9....?Q..(.j(..$..P..?[v....9. ...u....v..-<l....^.Z.C.f.V...$7............G.D.....@T{.....|...msV...{.q...2..y.............".u.d.p.%... U.I.0..0.x.-`..Yi....6.lw<....N.k\.....]s...O... 0....TH.cB.Q.Z...}...p.1....>2 ..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0 ..U....0...0.1.0...U....TGV-C-600...U......l..T.#4...c.K.... *.0...U.#..0.....e......0..C9...3130...*.H.................qL.....R.

<<< skipped >>>

GET /images/anx/anemone-1.2.7.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: akz.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7k

Last-Modified: Mon, 08 Jul 2013 20:02:48 GMT

ETag: "774114-a236-874e8a00"

Accept-Ranges: bytes

Content-Type: application/x-javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 11189

Cache-Control: max-age=211838894

Expires: Thu, 06 Jul 2023 20:02:42 GMT

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

...........}mw.F..g.9..X.....eIN...n...u.I..I{......$...p(.....?......t.>."qf0....`0..a..r.%q.M.YV..|...H.e...W.RD....yt.W.MV/.z.F.2.....G.t9I .u.<..*..U..E........h]d...;.V..=Z....Y..._......IYM.........D.,ZfB@7}.....".....t.uJ=.........$.........U.....D.R.E......BK...:....,.......}O.z....LqX-@.M..q]..U..%.`Z&.%....._..l..S.:/.?....,.9F0u.N.Q.'.h...k(. ')V....[.....)..6..^.9............l*[.3...&.n2.hs..M...6...."....Ed7!..sN.*..0KU....>.BR.WY..KX.{.q..7....*b7...1...:.ey.h......2.C4..z...I......G"......Y..%M.J~'i1-.q.D.a..Q......T@7.."n8.@...-W.z..r&...5.....I......Vt.b .'qr..'....D.....|X..|.&E.i<U......i}.ZI.r...EB .f...Ti...2 ......</..UU......uqH._....k..Dj......>H....S...D...l.Ga.O...%..E........\.....vL..}.....t....S.$..&....f.b.Y.....".F..R?Z....X...r5......R....d..0.7..5.).X...,I..5.. .n..X@!h.Mw.T...l.*..N...:.26.!.=....-.[-J.5nQH.eV.k.{<......EM.4M.r...u........:.....#)'......x...U..G)...E.k....isbP.;..s[Mx..x...y.3P....0ThZ... .....m.pQF..v!..P..*0YV..."..E........|g.)P.. 8".#.....]....pK.'. .uBJ.am?..(......c......92.../%...........6...u.Q..".a>}]<#1.t.......R...^.$ b......n.?..7..8.{P.n....d...aS%...#...$.....f.`...F.W.%l5..U..T$U.Z..1.a.S.?..h...={.,z....{.r..Pa... .@{<.M.I=....Y..4]...P.[...r............F.u!..i.....?........R@._.O...{....w.....F.x......k.mO.....nt...[tM...........Y.;C.........&T....3...;..tG\..J.....H...".......,..f@H?...:!.. O.9.:>.~. ..`..aL..7.......L....8..K..k{8..e.I..Wv7....Ou.|>`"w...a.u{'..a...v...Qv..|.mm(3.... ..1L.....Qn.).T9L.~..]l

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio= HTTP/1.1

Cache-Control: max-age = 432038

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 11 Oct 2016 10:05:24 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: s2.symcb.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1761

content-transfer-encoding: binary

Cache-Control: max-age=554557, public, no-transform, must-revalidate

Last-Modified: Tue, 18 Oct 2016 09:53:44 GMT

Expires: Tue, 25 Oct 2016 09:53:44 GMT

Date: Tue, 18 Oct 2016 23:55:03 GMT

Connection: keep-alive

0..........0..... .....0......0...0......l..T.#4...c.K.... *...20161018095344Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..=x..vI`.a}.....*....20161018095344Z....20161025095344Z0...*.H................X.I...Z........K.?......oes..|:.n..(....pp.....z .p..o.x..EO.....K*c.ax.l....7..'.da0...Mz.F.l.6....ut..f<...R..Gi..k.y......*8)QU&.j....7.BP..8.^..4.%)..rH1...w.[^....S0.d.....3)....J...eJ\H..9......t............F..&.[.Vi..$.p:<.E.I..l.X.`.P...].h.2.3.....0...0...0.......... .7.$.T.4.....u.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 40.."0...*.H.............0........./..C.n..RRd-G..mB...m.0Q..^f..A...av.9....?Q..(.j(..$..P..?[v....9. ...u....v..-<l....^.Z.C.f.V...$7............G.D.....@T{.....|...msV...{.q...2..y.............".u.d.p.%... U.I.0..0.x.-`..Yi....6.lw<....N.k\.....]s...O... 0....TH.cB.Q.Z...}...p.1....>2 ..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0 ..U....0...0.1.0...U....TGV-C-600...U......l..T.#4...c.K.... *.0...U.#..0.....e......0..C9...3130...*.H.................qL....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1

Cache-Control: max-age = 547348

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 19 Nov 2013 21:12:41 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=446579, public, no-transform, must-revalidate

Last-Modified: Mon, 17 Oct 2016 03:54:24 GMT

Expires: Mon, 24 Oct 2016 03:54:24 GMT

Date: Tue, 18 Oct 2016 23:55:00 GMT

Connection: keep-alive

0..........0..... .....0......0...0......75.<.2/.H....G%>*K^...20161017035424Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5..........^.3@..cL.1.......20161017035424Z....20161024035424Z0...*.H...............p...F..T.4..F...s..o.~.u..p)R7.=D.....a.<z......E..j.5.D.~.....A....A.......G....&.h..^9..'\.|...F: _.......7'o.g.^)..#...B..@I.z o..M(..#..q..../e..6.o.{.[.I....%%_ .g.c..bE........K.$..y/V..:O..j.:W.......B..R..a...^l..j;$.R.j.&....@..R..s..)/.hrL%...5...#0...0...0..........m.&..{.)K..8...I0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...160929000000Z..161228235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0..........&;AD.cf.......S..g$/.\......."...D..L.............k!.h.m......@U...T8...g..7\..3.C0.b....CR.....p...\Y..C.[`l....Q......G(.....{W. ....J].M`......y!<...3.@j.&....._/..j.c{.&v-Y....L....a]C....a...dd..*o..&.[.O#..>....Q.....F ..e....<.' =...m.@$.w{>.A.............0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........https://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-D-21

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= HTTP/1.1

Cache-Control: max-age = 363986

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sun, 17 Nov 2013 16:06:48 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1452

content-transfer-encoding: binary

Cache-Control: max-age=372958, public, no-transform, must-revalidate

Last-Modified: Sun, 16 Oct 2016 07:29:50 GMT

Expires: Sun, 23 Oct 2016 07:29:50 GMT

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

0..........0..... .....0......0...0.........Yt...........z.(...20161016072950Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..%...0a.. ...M|......20161016072950Z....20161023072950Z0...*.H.............MLu....<.....uHr.........Ad.h..k_....'b..J..2E...|.....F}.......Z...Pk.c.@....J.......^T....i.&A.gz_x..!..........s.H4F....c&h9i..o..C$.*.....Lr8.f..,..#....\.......~hdN..3.A.H.f.RbqT..M..Jb.I.'.....Yhk~..O~.)E.7}..E*..Z:.......~r.me.yJ.r...)`.ou.2.k.=0V......0...0...0..2.......@1Kyh.i.L....p..0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 40.."0...*.H.............0..........K...8..p...<.\"J6.A!../.nL...6.........!.),......9].N6Kz.WC..8.)z.by.z..[% #..^t.^...*..M....p..{AW..[...d.]p...VY..F..d....>wv.5...?......g>qJ...oF.jOW:.'n....4vK.....p..@.%......=..^..1.^..e^..w...g.......gM...H..m..P..t (..)B.....1,`..!&.Ry.=:.6-c..=w........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0 ..U....0...0.1.0...U....TGV-C-570...*.H............o....8qO..."....5.E.....S.k&.Bd...2T@=._..H...S%...m. ...Gd........#.Ty/r..GH/..].G....o5..J.v.$...."...R.><....Jl..z.....=^`8......

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEDO099rCgtT22XaI8/R3kQY= HTTP/1.1

Cache-Control: max-age = 512217

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 19 Nov 2013 09:17:20 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 5

content-transfer-encoding: binary

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

0....HTTP/1.1 200 OK..Server: nginx/1.4.7..Content-Type: application/ocsp-response..Content-Length: 5..content-transfer-encoding: binary..Date: Tue, 18 Oct 2016 23:55:01 GMT..Connection: keep-alive..0....>....

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1

Cache-Control: max-age = 440358

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 18 Nov 2013 13:12:21 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1452

content-transfer-encoding: binary

Cache-Control: max-age=455940, public, no-transform, must-revalidate

Last-Modified: Mon, 17 Oct 2016 06:32:09 GMT

Expires: Mon, 24 Oct 2016 06:32:09 GMT

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

0..........0..... .....0......0...0.........Yt...........z.(...20161017063209Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20161017063209Z....20161024063209Z0...*.H............. >7P.b..J.b.@...p. ..`m.G.H.p..vP....o..."...m<._......=.c"...._Y.6..e.]..#-......p.S....o..VZ|'b..l..6LIK.t..v..<.jL...s.N......~#(.=...z.4..J{C.k^C..2.J... .v....M*.....t....s.i....%,...O~..Yt.;.GM^....nx..&..$nqw6.rW.._]OH.,..en..D...sY..A.O\[o..T...6.h....0...0...0..2.......@1Kyh.i.L....p..0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 40.."0...*.H.............0..........K...8..p...<.\"J6.A!../.nL...6.........!.),......9].N6Kz.WC..8.)z.by.z..[% #..^t.^...*..M....p..{AW..[...d.]p...VY..F..d....>wv.5...?......g>qJ...oF.jOW:.'n....4vK.....p..@.%......=..^..1.^..e^..w...g.......gM...H..m..P..t (..)B.....1,`..!&.Ry.=:.6-c..=w........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0 ..U....0...0.1.0...U....TGV-C-570...*.H............o....8qO..."....5.E.....S.k&.Bd...2T@=._..H...S%...m. ...Gd........#.Ty/r..GH/..].G....o5..J.v.$...."...R.><....Jl..z.....=^`8......

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEEsY6Q+7vYaPyv66+coRxyE= HTTP/1.1

Cache-Control: max-age = 589790

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 20 Nov 2013 09:32:32 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 5

content-transfer-encoding: binary

Date: Tue, 18 Oct 2016 23:55:01 GMT

Connection: keep-alive

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1

Cache-Control: max-age = 435806

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 11 Oct 2016 11:05:46 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=544650, public, no-transform, must-revalidate

Last-Modified: Tue, 18 Oct 2016 07:08:21 GMT

Expires: Tue, 25 Oct 2016 07:08:21 GMT

Date: Tue, 18 Oct 2016 23:55:04 GMT

Connection: keep-alive

0..........0..... .....0......0...0......75.<.2/.H....G%>*K^...20161018070821Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20161018070821Z....20161025070821Z0...*.H..............{Ij52|../.O....,..[x0X..YQ.>..o$#.~.w...c....<A....4...M.......\...pM.G..@9M..S.......-.s......J.....L[Z......)"..d...1c.Rb7l..i.....RW.5...<..5.:..)a......F...W]S|.......G....s}}.....w.-.pZ...2.u.R..h...]...4......D.**,?..T.#..\../Z...............u..m.FR...#0...0...0..........m.&..{.)K..8...I0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...160929000000Z..161228235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0..........&;AD.cf.......S..g$/.\......."...D..L.............k!.h.m......@U...T8...g..7\..3.C0.b....CR.....p...\Y..C.[`l....Q......G(.....{W. ....J].M`......y!<...3.@j.&....._/..j.c{.&v-Y....L....a]C....a...dd..*o..&.[.O#..>....Q.....F ..e....<.' =...m.@$.w{>.A.............0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........https://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TG

<<< skipped >>>

GET /images/vicinio/dsp-images/jeremy.jacinto/button1_1/1471019347967.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 12 Aug 2016 16:29:08 GMT

ETag: "98507e-6a72-539e261bf57cc"

Accept-Ranges: bytes

Content-Length: 27250

Cache-Control: max-age=309617885

Expires: Mon, 10 Aug 2026 16:29:08 GMT

Content-Type: image/gif

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

GIF89ah........I..J.....JN..M..I..1..L..K..J..G..H..O..E..F..B..2..3..0..1..4....I:..9..8..7..6..5..0..E..8..H..6..4..A..M..?..@..=..<..3..K..L..2..J..G..D..N..5..C..D..1..B..2..C..;..9..?..:..:..6..<..>..>..7..5..3..4..;..0..;..7..0..M..8..2../..H..5..L..=..5.....A..8..>..6..B..1..G..1..F..@.....G..4..:..I..9..K..9..?..N..3..<..J..B.....<.....F.....D..A........d..8..J..=.....?..K..@..E../.....J..3..3Wj...L.....7..b..5..C..p.P.....k:..2..F..E..6..7..G.....E.....0..H../..K..4........C........I.....>.....M..=.....C....[..z?..s..S..<....kD..B.....F..D..............;.....L.....;..E..@..>.....u..I..I..G..P.....C....l......4]yN........B.....T.\A..0.................M.....|.Kf.....>~.:afh..1n.J..............1..I...../..M..N..M..........\~.K.........N..G..0..0.....}.JH........2Ui!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:8B19039560A911E683C1C55997016247" xmpMM:DocumentID="xmp.did:8B19039660A911E683C1C55997016247"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8B19039360A911E683C1C55997016247" st

<<< skipped >>>

GET /images/vicinio/dsp-images/222010004/background999/1458663898223.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/installError.jhtml?errorType=browser&errorCode=blockedCountry

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 22 Mar 2016 16:24:59 GMT

ETag: "d60bc-264b0-52ea5a7985c6e"

Accept-Ranges: bytes

Content-Length: 156848

Cache-Control: max-age=297233021

Expires: Fri, 20 Mar 2026 16:24:59 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:29 GMT

Connection: keep-alive

.PNG........IHDR...T.........JL......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="xmp.did:08801174072068118C14B382F3F4B1D6" xmpMM:DocumentID="xmp.did:9B41C227E86D11E5AF6AF3244915D9CA" xmpMM:InstanceID="xmp.iid:9B41C226E86D11E5AF6AF3244915D9CA" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a3a90085-b1fa-4a83-9998-d427570c3d8e" stRef:documentID="adobe:docid:photoshop:be0e3ae9-2cdc-1179-a614-eb38104d91c4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..$...`uIDATx...i.-.u..V...=.......D.QL.'J....M.v"..c.2...b;B.#p.(...N....$V..v.I.,....AB1.....x .. .)...$.M.......:......w...D..w...T..{M....t..w.........;.y...D.....r..n....d9.F....g.....D...w....7..).J..y|...u|....;..>o...................O?.L].xs.|...A.}.n.......r...:e.......L...-...3..-..M...}...5......,W.|....`......2..'.3Z..p;.g.Vo].y]..f.s~....2...5.....Y.&.....7w.?.=1?..:..a^o@........,z.......>.g6..a......

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAisW18hq2CY HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 404 Not Found

Date: Tue, 18 Oct 2016 23:55:01 GMT

Content-Type: text/html; charset=UTF-8

Server: ocsp_responder

Content-Length: 1668

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//VVV.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//VVV.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}. </style>. <a href=//VVV.google.com/><span id=logo aria-label=Google></span></a>. <p><b>404.</b> <ins>Tha

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEAdrg7dKqon HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 404 Not Found

Date: Tue, 18 Oct 2016 23:55:02 GMT

Content-Type: text/html; charset=UTF-8

Server: ocsp_responder

Content-Length: 1668

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAMwQYKxJVsR HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 15 Oct 2016 23:08:58 GMT

Expires: Wed, 19 Oct 2016 23:08:58 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 261965

0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130203Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...0A..%[.....20161015130203Z....20161022130203Z0...*.H.............O._W..7...s.....f....hv.,.r....9......h..k...o..-..ogC..8..9....d.L....:.r.ba.xmCz]....@......f9.....YE.e..f...-..o......L.7jf...6z_.n8J.f....R...`d...,[..T.Y2..E....l..`dY..qn...~m..W..{oA4.........)..|j=...2n...$:L.H..i.s.]...i!K.GQ.gGeW..].r..&d.~.> .......

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHUW2dw1OuXl HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Mon, 17 Oct 2016 19:15:17 GMT

Expires: Fri, 21 Oct 2016 19:15:17 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 103186

0..........0..... .....0......0...0......J......h.v....b..Z./..20161017070324Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..u...5:......20161017070324Z....20161024070324Z0...*.H.............h.....A.~..7.]Xr}oCv..p..W.p..~......z..>..9..J..]...J`x.......f}..w.-.hu.....~..... ..jO#....YO..^..C.f.5!.., V}....|...Hz. ..r....6'....8&.l5.....5q.Q..c...6b.s...#.3..U..w....I.(....8 ........r..*cf..7.K.....F=i......d...8@.[i.........U..>..N....Q....N.....

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBW8iC8YNRkC HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 15 Oct 2016 23:45:56 GMT

Expires: Wed, 19 Oct 2016 23:45:56 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 259747

0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130256Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...../.5......20161015130256Z....20161022130256Z0...*.H..............fY..A...Ztd...{b......K.....v.j....-RLZ..q..w8...Dkk!.C[....g.Q.........c}=D'.............s....p|.1..._...M.}.....1I.bT;fd...6......2!.;sh"j.;...w._.IK.....w..&Q.y.w.._.....EDo........5.....N...x....V.!NI.B...=%O7.......'.Zr...k{%F..H=..F......T.z.W..G.......

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGZimYWX7CS+ HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Mon, 17 Oct 2016 20:30:14 GMT

Expires: Fri, 21 Oct 2016 20:30:14 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 98689

0..........0..... .....0......0...0......J......h.v....b..Z./..20161017130113Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..fb....$.....20161017130113Z....20161024130113Z0...*.H.............{....Y%.C..Cj..."..Ei.dA..8....P..|d.N.5..............*Xx.hZa.K^.@n..pL.:iM... ...H..ANkC;0....J._.. .}....d'^.....k.T^..u..y..{.C`..j..~_..:.l.8...`.!...e.W.k.L.7.KQ..q....|1.t.(.3..S".N.L{.J....{J`..".u`._..R:*....Y.6Z.o.M .Z...*..L.AC.......0.^....uB)......

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAFb1O5EN2Za HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 18 Oct 2016 22:03:40 GMT

Expires: Sat, 22 Oct 2016 22:03:40 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 6683

0..........0..... .....0......0...0......J......h.v....b..Z./..20161018130354Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...[..D7fZ....20161018130354Z....20161025130354Z0...*.H............."9._...e7|.o..|s......!..z...KY.......9.........9ys..B.I.....D...).g.&Q4..~#...7....]......rY....L ..Hm2. !7.}..... 2..T.f........./p....Q03...!`.-U=1.v..;.c....l.:.......,E.....!.1.......qt$t...h .'.m.....H3......)..b...[.y......X...S..L.Jo.p.s.j.....c...HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Tue, 18 Oct 2016 22:03:40 GMT..Expires: Sat, 22 Oct 2016 22:03:40 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 6683..0..........0..... .....0......0...0......J......h.v....b..Z./..20161018130354Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...[..D7fZ....20161018130354Z....20161025130354Z0...*.H............."9._...e7|.o..|s......!..z...KY.......9.........9ys..B.I.....D...).g.&Q4..~#...7....]......rY....L ..Hm2. !7.}..... 2..T.f........./p....Q03...!`.-U=1.v..;.c....l.:.......,E.....!.1.......qt$t...h .'.m.....H3......)..b...[.y......X...S..L.Jo.p.s.j.....c.......

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCO1K2+o5D5i HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 15 Oct 2016 23:23:18 GMT

Expires: Wed, 19 Oct 2016 23:23:18 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 261105

0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130233Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..#. o..>b....20161015130233Z....20161022130233Z0...*.H.............0U.Y.|....z...b.o......Mv-o..z....\]...-:....w....'.KX..5...|&.U..Y...*....b..m'.6..4.c.p.@<q.Y.q...O..9.a,.yT\.^Ea1...C.......J.....*g.c..);)..X..n?;D.3..o.m.1.3."....UF...D...*..?..'...K...Qf. .....a..H#r.g.....M......=u2."[.Yy.......VU.-X..v$.....S~o...HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 15 Oct 2016 23:23:18 GMT..Expires: Wed, 19 Oct 2016 23:23:18 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 261105..0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130233Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..#. o..>b....20161015130233Z....20161022130233Z0...*.H.............0U.Y.|....z...b.o......Mv-o..z....\]...-:....w....'.KX..5...|&.U..Y...*....b..m'.6..4.c.p.@<q.Y.q...O..9.a,.yT\.^Ea1...C.......J.....*g.c..);)..X..n?;D.3..o.m.1.3."....UF...D...*..?..'...K...Qf. .....a..H#r.g.....M......=u2."[.Yy.......VU.-X..v$.....S~o.......

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCENN6nuImvRO HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 15 Oct 2016 23:06:59 GMT

Expires: Wed, 19 Oct 2016 23:06:59 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 262084

0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130247Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..CM.{...N....20161015130247Z....20161022130247Z0...*.H.............-....`!..xa...v...E...........%...n.....>.r...L0..F...A...G._..b.v.}............43...6......`X..Y...9....Dp0r.j.Jl....t.t3._L!$.h.{.."...)... P(`2..2.....o.....\..*.8...........N.......!.gK7&.....c.Y..tx.v2.\j..yI.j.u\6...$Py.]Y~./..........0...~.B{.....!O....

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCn5KPFJmjBe HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 15 Oct 2016 23:13:53 GMT

Expires: Wed, 19 Oct 2016 23:13:53 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 261670

0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130030Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..).(.I.0^....20161015130030Z....20161022130030Z0...*.H.............3.3^....4..bk......2....L.y....4.$b..*.....ca.4Bv....U..E...[>c.....Rl..!.r....|.@.O. ...:....X.....}..8q"j,.........d....j.....9...,..2@..X<~.......q3^qK.H...1..W-.a<w...[..w...Z.}^...9..=..)..1.....P....}!h.2...q0.....^.bO&..O.......`..C35.e....(.u..K...HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 15 Oct 2016 23:13:53 GMT..Expires: Wed, 19 Oct 2016 23:13:53 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 261670..0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130030Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..).(.I.0^....20161015130030Z....20161022130030Z0...*.H.............3.3^....4..bk......2....L.y....4.$b..*.....ca.4Bv....U..E...[>c.....Rl..!.r....|.@.O. ...:....X.....}..8q"j,.........d....j.....9...,..2@..X<~.......q3^qK.H...1..W-.a<w...[..w...Z.}^...9..=..)..1.....P....}!h.2...q0.....^.bO&..O.......`..C35.e....(.u..K.......

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDysFK5r8h11 HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 18 Oct 2016 04:57:02 GMT

Expires: Sat, 22 Oct 2016 04:57:02 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 68281

0..........0..... .....0......0...0......J......h.v....b..Z./..20161017190157Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..<...k..u....20161017190157Z....20161024190157Z0...*.H..............N........'..#6..M...f.<.bMn......).;.u1...NE........Lt..k.\..z..jq..VR....MD9........'oI.....v....F.y.j.h.....ql..w..o.......R{..q..v0.VA.;..E....Lo...........7h#:....B`.|..._.-kj.k....A..........U.&jv.<....r...M?.........0y..r.U.e.#.].d..9'z.z.......K..sHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Tue, 18 Oct 2016 04:57:02 GMT..Expires: Sat, 22 Oct 2016 04:57:02 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 68281..0..........0..... .....0......0...0......J......h.v....b..Z./..20161017190157Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..<...k..u....20161017190157Z....20161024190157Z0...*.H..............N........'..#6..M...f.<.bMn......).;.u1...NE........Lt..k.\..z..jq..VR....MD9........'oI.....v....F.y.j.h.....ql..w..o.......R{..q..v0.VA.;..E....Lo...........7h#:....B`.|..._.-kj.k....A..........U.&jv.<....r...M?.........0y..r.U.e.#.].d..9'z.z.......K..s....

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHiWTKIt8ymy HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 15 Oct 2016 23:13:26 GMT

Expires: Wed, 19 Oct 2016 23:13:26 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 261698

0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130212Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..x.L.-.).....20161015130212Z....20161022130212Z0...*.H.............l.q&..5(.m./B..0.F..A.B...A....W.....s..p..)2......J"....y......5o...<8.Wz!v........w...$v.w..4 ....]....,7...m:..[...d3\2.8../M..2..S9..r...&.~b?T.......o$=D....x...x......$M...3..<.2}No5v:{p;.....<..g...*cv..>t..EfwDt......9K.V_.....4.M.?C'(C:g..]..,..B,....

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEQDmMy02FbF HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Mon, 17 Oct 2016 20:39:25 GMT

Expires: Fri, 21 Oct 2016 20:39:25 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 98139

0..........0..... .....0......0...0......J......h.v....b..Z./..20161017130117Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..D.....V.....20161017130117Z....20161024130117Z0...*.H.............m.e..?...M.q0l.O..x....r/...2.bxg..iS._..nI.......>......1...#.=X..~....Q...gx.!#...j..r......)J.z.._9...M.<..Ul......g...S.....r..W<.'..\..Lh.m....9.t.#....lC....=.........n..JCw..@.[...W....y...e.#.....0..B.!....z@.7 .&.K}}p.^....~.....T.%.`.TG.h.h...}.sHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Mon, 17 Oct 2016 20:39:25 GMT..Expires: Fri, 21 Oct 2016 20:39:25 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 98139..0..........0..... .....0......0...0......J......h.v....b..Z./..20161017130117Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..D.....V.....20161017130117Z....20161024130117Z0...*.H.............m.e..?...M.q0l.O..x....r/...2.bxg..iS._..nI.......>......1...#.=X..~....Q...gx.!#...j..r......)J.z.._9...M.<..Ul......g...S.....r..W<.'..\..Lh.m....9.t.#....lC....=.........n..JCw..@.[...W....y...e.#.....0..B.!....z@.7 .&.K}}p.^....~.....T.%.`.TG.h.h...}.s..

GET /prd/ttdetect.html?&op=g&cobrand=BNH&xdm_e=http://free.mytransitguide.com&xdm_c=default4346&xdm_p=1 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ttdetect.staticimgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 17 Aug 2016 14:30:23 GMT

ETag: "3f18a8-6b15-53a454e3f7ab3"

Accept-Ranges: bytes

Content-Type: text/html; charset=ISO-8859-1

Vary: Accept-Encoding

Content-Encoding: gzip

Cache-Control: max-age=26145807

Expires: Thu, 17 Aug 2017 14:37:55 GMT

Date: Tue, 18 Oct 2016 23:54:28 GMT

Content-Length: 10125

Connection: keep-alive

...........}iw.....w.....d.M...T...Mzb''v.{ Y.@..$*$.!..o.{c A.r...z.Z....{............Uc...O.....^.?3.{..7.......i..<....y..C~K..$J....t.EG.....~. ..y#.[@.9..;...'s...h9..8.[.."..7.<....uA..<...(I-..A.|...........|>.'O...1.%..Oy.L..oS..`..^.....4^z9..........s/.l*.O`m..!..v.og../.[........?9..>...C.[Ct..............N........(..P?...3}.,.L.-.v ..qf....<.....i8.../...i. .v.....W.N..2..f...O..e#..T.9,..y..).^'q(.B..P'..<$.I.K.{~..K....t.}...];../t= .......D.C;..S(kg.8........]r...^....*"V .\..:..G.7..........=X[.7...<.....z.n......h}8.|8zp..;c:f.....?..x.l4<{.at....^.Gq.>I.......@4.7]........|...8..P.,.....k..4.O...._{...g7p..._O...._.8^..]....=./|...u..[.E.....3..T.9....N.U.Y....t....2EA.5..8a...b{..\..v..\|Y.,.1..hC*^.5.....3XC...9P?.)!..Av..b*...M....U......ko...P...KM.Q{.eW..r.^_......x.iNF..g.Rm. 0..rq..f...dZ._.;...;.RY.DUk.9..q....0.z........s..j..hy.....W.)...He..~...<A."#W.....,..2.....e...5.........q.'..,.P.;...7.......[..........v....w....f..;?.......l..!aCj. .p........8.....s....V.`.........;Z.{Gt2.q..M...}...lz......9@.].,....S....m......@v.u........=..w.n......f..=W.....|..'.qB...t..B\.....ZKl.Z........ e{.,,......5N(!6M\..iw@Z..Cl..z........g..2h.1..|..M..!...@..g...4$.a.c...!....n...0X..L....-=u.6.%\.S..)....Rn|.|.z#.S...Z..o......E.lU..K........}m...ve...$I..s...v.....0^.T.6.....d>......I.#..F.T........8?.C..0...#l.6.$...9.v...Za(2e.r5.........:...)..z..j...yH(.].).......I.H%.I......d7T...."V..........=_r...GD9.,...4..g.....v..L@.L...\..e...\&..e.I....a..<.

<<< skipped >>>

GET /api/report?type=1&code=Windows 7 Ultimate Edition Service Pack 1 x86 (Build:7601) | Internet Explorer 9.0.8112.16421 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Host: my.pcmaps.net

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Server: Microsoft-IIS/8.5

X-AspNetMvc-Version: 5.2

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 18 Oct 2016 23:54:12 GMT

Content-Length: 15

{"status":true}HTTP/1.1 200 OK..Cache-Control: private..Content-Type: application/json; charset=utf-8..Server: Microsoft-IIS/8.5..X-AspNetMvc-Version: 5.2..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:12 GMT..Content-Length: 15..{"status":true}..

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBoenwTt2h3GcY8iVw== HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Oct 2016 06:16:22 GMT

If-None-Match: "4a49c69908e933f536cd8546fd48854f6c2b3f7b"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp2.globalsign.com

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:55:03 GMT

Content-Type: application/ocsp-response

Content-Length: 1570

Connection: keep-alive

Set-Cookie: __cfduid=d4cbed9bdb999a8bea99b4cd2694be2661476834903; expires=Wed, 18-Oct-17 23:55:03 GMT; path=/; domain=.globalsign.com; HttpOnly

Last-Modified: Tue, 18 Oct 2016 22:11:50 GMT

Expires: Sat, 22 Oct 2016 22:11:50 GMT

ETag: "dc59b7ee5cbaaf39a02513301d77d712a983fcb4"

Cache-Control: public, max-age=339407

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 2f3feb3fe7da4056-SOF

0..........0..... .....0......0...0.......M........u....%...G..20161018221150Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|..........q."W....20161018221150Z....20161022221150Z0...*.H.............Y..42.........BY...S.?.7...t:......z._...-.".h (\x`.......,.....7..~3..og.Q..#.........y.t.....Wm..g..3.....@<;.~.5R.X..y.X......XN..-@... ..'.c..z.9V..V....2...]......[.j....... ]P..........h.3#...g.<.(.(.9.%.>.n.............~....d9n.Q.?.....<..f.E......e...K0..G0..C0.. ........f{o?...d...0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...160725033205Z..161025033205Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016072511411M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............TeQ...^5Y.is!...O..>DJ(.b..[C.D...KJ\.c;..X.;xV<....N..z>q..{>...0d...!K.........$f.....cD.U.....g"6.........1.I..T.@.1.D...4.L[..bB......Z...0...Tx.4NX....4...T.n.....A.H.R.`O.t../.".e

<<< skipped >>>

GET /?a=539528&c=1430992&m=32&s1=&s2=1494351 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://imcrack.ad-jump.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: lxudv.com

HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=utf-8

Location: hXXp://free.mytransitguide.com/index.jhtml

Server: Microsoft-IIS/8.0

p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: sid=vLmk2t0VnalhlyCgjgrxwxcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; path=/; HttpOnly

Set-Cookie: trk=PJb8yxhbiO4auCsDYltbpBcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; expires=Mon, 18-Oct-2021 23:54:21 GMT; path=/; HttpOnly

Set-Cookie: c38465=vLmk2t0VnaluOgGD2kGsP 2xndCvf0zA kpG/3/ABnwdFAkm5pFJoNMevdOkv9Ra; domain=.lxudv.com; expires=Fri, 18-Nov-2016 00:54:21 GMT; path=/; HttpOnly

Date: Tue, 18 Oct 2016 23:54:21 GMT

Content-Length: 159

<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://free.mytransitguide.com/index.jhtml">here</a>.</h2>..</body></html>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=utf-8..Location: hXXp://free.mytransitguide.com/index.jhtml..Server: Microsoft-IIS/8.0..p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"..Set-Cookie: sid=vLmk2t0VnalhlyCgjgrxwxcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; path=/; HttpOnly..Set-Cookie: trk=PJb8yxhbiO4auCsDYltbpBcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; expires=Mon, 18-Oct-2021 23:54:21 GMT; path=/; HttpOnly..Set-Cookie: c38465=vLmk2t0VnaluOgGD2kGsP 2xndCvf0zA kpG/3/ABnwdFAkm5pFJoNMevdOkv9Ra; domain=.lxudv.com; expires=Fri, 18-Nov-2016 00:54:21 GMT; path=/; HttpOnly..Date: Tue, 18 Oct 2016 23:54:21 GMT..Content-Length: 159..<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://free.mytransitguide.com/index.jhtml">here</a>.</h2>..</body></html>....

<<< skipped >>>

GET /images/vicinio/dsp-images/jeremy.jacinto/asset1_3/1471015421274.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 12 Aug 2016 15:23:41 GMT

ETag: "67f289-2244-539e177aedfcc"

Accept-Ranges: bytes

Content-Length: 8772

Cache-Control: max-age=309598940

Expires: Mon, 10 Aug 2026 15:23:41 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

.PNG........IHDR.......N.....vf......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:BC00057560A011E6846DB5CE753C7B74" xmpMM:DocumentID="xmp.did:BC00057660A011E6846DB5CE753C7B74"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BC00057360A011E6846DB5CE753C7B74" stRef:documentID="xmp.did:BC00057460A011E6846DB5CE753C7B74"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..]...eu>........... j.`Bk1.Q.FK..)%....I4..j..-iE.kXt[.."`........ .@....h..,.........{g.t...s...{..o..M:...;w...}................D..(......g,A..i.x3......>R.?.;....] ..m. v.i..h...s..>Z..q.J.[{.....s....'.G.k...?.._....J!f{...v.....oj..d..z.t.E.9.... .9.S..F3.9&..B.G.,...'.......o....; ...P.a.(6...8.........kR..R)1M.)}..O....cKw.1.X.?t...ex..Mx...zO.__.J.y.E..,...#v.W...='.1...l.....(I......P{F.#.3..a.........e...............rO..!P1qi3.m/.q......'-...l....<1:..<...,.@A%..-..@.ZL.3m<v.~i....r%Xk. .......g..4V.....w...-.1..Q......._.yZ3......../.....^...G...

<<< skipped >>>

GET /images/vicinio/dsp-images/jeremy.jacinto/asset1_15/1471016865981.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 12 Aug 2016 15:47:46 GMT

ETag: "7ba137-145ae-539e1cdcd39fe"

Accept-Ranges: bytes

Content-Length: 83374

Cache-Control: max-age=309615403

Expires: Mon, 10 Aug 2026 15:47:46 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:FC8309A560A311E6BEADAEE121A9F7AD" xmpMM:DocumentID="xmp.did:FC8309A660A311E6BEADAEE121A9F7AD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FC8309A360A311E6BEADAEE121A9F7AD" stRef:documentID="xmp.did:FC8309A460A311E6BEADAEE121A9F7AD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>8.3.....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

<<< skipped >>>

GET /images/download/spokesperson/html5/audio/spokesperson.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 10 Aug 2016 20:37:05 GMT

ETag: "8c0e4d-836b-539bd9cc03e40"

Accept-Ranges: bytes

Content-Length: 33643

Cache-Control: max-age=315290129

Expires: Sat, 08 Aug 2026 20:37:05 GMT

Content-Type: application/javascript

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

<<< skipped >>>

GET /images/vicinio/dsp-images/jeremy.jacinto/background999/1471015850415.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 12 Aug 2016 15:30:51 GMT

ETag: "c23b03-11deb-539e1914596f0"

Accept-Ranges: bytes

Content-Length: 73195

Cache-Control: max-age=309599369

Expires: Mon, 10 Aug 2026 15:30:51 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

.PNG........IHDR.......;........ ....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:B5C5FA1560A111E6A80CCD989B9637E2" xmpMM:DocumentID="xmp.did:B5C5FA1660A111E6A80CCD989B9637E2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B5C5FA1360A111E6A80CCD989B9637E2" stRef:documentID="xmp.did:B5C5FA1460A111E6A80CCD989B9637E2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.,.....[IDATx.....uMV.........dhFA....0.@@@h.E........h4..C...h".@d&"B..D.....0.......nl.....>...O...kU.s...{.......}..].j.W.Z ...........x.&.......@H....... ..................i........4.......B.&.......@H....... ..................i...................wY_oqx=..z......z......O<.~..........>.....'..w............;.^...z......P..O...... .^.^_.9.>......w.^_|x}....47......<tB.....>..... 6......9.^....?..........>.........Z......z..q....{............!sZ..........k..g..zY..K6...V.......^?....>...../.........P9.H....A....*.....i.s.;.g.....z....W.5...~.0.......x.$Q......w.qx.

<<< skipped >>>

GET /images/vicinio/dsp-images/crx-tooltab-swap3/BNH.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 25 Mar 2016 20:59:54 GMT

ETag: "3fa382-381d-52ee5d8498564"

Accept-Ranges: bytes

Content-Length: 14365

Cache-Control: max-age=297523112

Expires: Mon, 23 Mar 2026 20:59:54 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

.PNG........IHDR... ...F.....45......tEXtSoftware.Adobe ImageReadyq.e<...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98512F760C206811822AC896686AF388" xmpMM:DocumentID="xmp.did:6A5DF37E9CF911E5B22EA406C34067A8" xmpMM:InstanceID="xmp.iid:6A5DF37D9CF911E5B22EA406C34067A8" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:94EA77E508206811822AC3D65860D978" stRef:documentID="xmp.did:98512F760C206811822AC896686AF388"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......4KIDATx....|..........z.l......m0..........=0y$....4.....i$.B..{!...S..i6.`p.M...n...}g..... .V ......A.w..;.3.7..s%.0@..A..A..q20g \.j.4..F6]...l.QS..A..A........M..... V..\@J..0.ae.~...kjjL.yy..l.L..^3).sV..$Af.5....kH......L...U.u1...n..'B........... .. ..n{.B!tuua.....}.M_cB$2B.$...eee....OX..y... ......\)i...iD..!.B........1.....A..Q......c.../...1.....'.....?>!<.af...Yh.....>..,..1L.h.......F..-.A..*.~?b...8.{Y.'R.| .$=.gH....%......../..\.9.....!B4M._.A.G....|>....j.R...A.Ga.J.9s&."....y/.[D9W&.V...

<<< skipped >>>

GET /PublicSureServerSV.crl HTTP/1.1

Cache-Control: max-age = 150326

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 20 Nov 2013 09:46:05 GMT

If-None-Match: "2b0037-c0d1-a6553140"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=864000

Content-Type: application/x-pkcs7-crl

Date: Tue, 18 Oct 2016 23:55:02 GMT

Etag: "4028c-511dc-53f2b845f2e20"

Expires: Fri, 28 Oct 2016 23:55:02 GMT

Last-Modified: Tue, 18 Oct 2016 22:50:20 GMT

Server: ECS (arn/46BA)

X-Cache: HIT

Content-Length: 332252

0....0.......0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybertrust Public SureServer SV CA..161018223231Z..161028223231Z0....0......... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I..101116165848Z0.........,U./...101116173007Z0.........,U.h...101116172944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0.........,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..101116195619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0.........-..4...110315204303Z0........../P....120206141831Z0..........I..@..120124180322Z0..........JP....110222182509Z0..........Jf/Y..120213142815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0..........YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu...120220131416Z0..........^..^..111007192320Z0..........`.w...120213144727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0..........hlG...120213145015Z0..........h.....120130140408Z0............j...120110213653Z0...........}....110406160143Z0............$...110401005006Z0................110401005536Z0............W...120308151704Z0.............h..120228141105Z0................110314145902Z0............`...110322142311Z0................110322142551Z0............lb..120110213802Z0.............0..130201130700Z0............OB..110321165802Z0.............o..110321172720Z0...........g.:..120221183148Z0...........Ud...110516131110Z0............h5..120229174140Z0................1202

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSsjeGdqHvYWM4yo25qR2M70nK2oAQURk/B4IjafdN4m8huWS+w5PcdkOICEF5+ixQmE7FVqQByLDZZvTU= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: su.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1603

content-transfer-encoding: binary

Cache-Control: max-age=506849, public, no-transform, must-revalidate

Last-Modified: Mon, 17 Oct 2016 20:36:49 GMT

Expires: Mon, 24 Oct 2016 20:36:49 GMT

Date: Tue, 18 Oct 2016 23:54:29 GMT

Connection: keep-alive

0..?......80..4.. .....0.....%0..!0........gd..}.....x.....3...20161017203649Z0s0q0I0... .............{.X.2.njGc;.r....FO....}.x..nY/........^~..&..U..r,6Y.5....20161017203649Z....20161024203649Z0...*.H.............-...P^.._...:..[7.C5...23.k...!.>.S.....X.........m....qV.>y..[.............c_......AE.e..J]..LQ.....X.^..9.W/..~.i.J.......-%l.. ._._.D.}{....!.....V(..3..jd4V...0.......w.r..~.........w..F.QE7S... OI........:?....<....*c.%/./.o......[......<............)...h0..d0..`0..H.......:q.......r6...).0...*.H........0{1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1,0*..U...#Symantec Class 3 EV SSL SGC CA - G20...160822000000Z..161120235959Z0=1;09..U...2Symantec Class 3 EV SSL SGC CA - G2 OCSP Responder0.."0...*.H.............0..........p.t..a....=$..t.t...}\.9,(.............#..._Zf{..h......-.g.S.i.p...{..z.L>e...H....n,E...{,U#..g......{.L.....x.....~..|.."...... ..^....`.....{.7..|.2:...Vm...bN|.,8..J..aRa..T.e..V.A....|..*$..........D....:......{8...5..2....t..H....'.(B.X/%J..1..r.A.........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-17070...U.#..0...FO....}.x..nY/......0...U........gd..}.....x.....3.0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H............._...<...ZU.'.e......P.......!Y'.J.X.h...\.Ts.9..s_{..@....`...h*hp..?...n..)r..O....j(.'d.fE......@e.......!.T}......8..q....b~G.e|....{~A.\bf.v.1uYP.k.-.^ ......~..;.....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSySC/85E/LNAiBe/rxiqbyloQ6UQQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8CEDY0nhjJnCZptlYubOWtcTI= HTTP/1.1

Cache-Control: max-age = 356574

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 10 Oct 2016 12:54:45 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.thawte.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1612

content-transfer-encoding: binary

Cache-Control: max-age=385155, public, no-transform, must-revalidate

Last-Modified: Sun, 16 Oct 2016 10:52:31 GMT

Expires: Sun, 23 Oct 2016 10:52:31 GMT

Date: Tue, 18 Oct 2016 23:55:03 GMT

Connection: keep-alive

0..H......A0..=.. .....0......0..*0......jwG.8s...r:ts.0.:.I...20161016105231Z0s0q0I0... .........H/..O.4..{.......:Q...l..`.....>.t c...Y...64....&i.V.l..q2....20161016105231Z....20161023105231Z0...*.H..............nc$'.$.i.. &..*J.z'.o6.T2|/1.7.h.....o...0...<.<L.o....$1..t..T..g..dt.!.F...t...9.u...j.5h?.ZB>CB.l.z.4C..........G...i9..:.. vn.tn....8.5C?g...o.!.<..G...:..6..t...&.....s......D)..*.b.cr.k.;F.....e.G."O....p../.%...{...SE.8.....Fb.....z....D.....m. ......q0..m0..i0..Q.......h`(V......*....R0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2008 thawte, Inc. - For authorized use only1$0"..U....thawte Primary Root CA - G30...151124000000Z..161214235959Z0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1503..U...,thawte Primary Root CA - G3 OCSP Responder 40.."0...*.H.............0....................Zs.8..W.D..c...H.....p.4I.........n..E...T.3...):w].s\`..t2........G.Gj|w).~i18J`....D....'t..e&q.Ga]>tw...0s.|I.R..!o.-.....G.. F-.s.......O..7_p9.:.............^..i..}.K..S3.1.9Z..N|w...u...Ay.*|%....y.nU..U.q.y.y. ....\.w.j........Cu{.!k............0..0...U.%..0... .......0... .....0......0...U.......0.0...U...........0 ..U....0...0.1.0...U....TGV-C-650...U......jwG.8s...r:ts.0.:.I.0...U.#..0....l..`.....>.t c...Y.0...*.H...............A...../W.....x.V.Km.H7Q.[..(..i..Y.........ÃŒ....eI..j...|..O...k....X>r/{..\h.<..N.G...........Y.8..@i`..>..W...?..{...^G.)0S.>;..;4a#..)(.O{..

<<< skipped >>>

GET /css?family=Maven Pro:700,900|Roboto:400,700,900 HTTP/1.1

Accept: text/css

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Tue, 18 Oct 2016 23:54:28 GMT

Date: Tue, 18 Oct 2016 23:54:28 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

182..............Oo.0......74..c.....Q.S..e..R-.A.u.w.L.........}._.T.bS.....S..&........6...).g..`].6q-......&....Q..P..@...;...s&s..`......I.#q\....<.Q...X..Y.u.%\ r~...K]8..R@.PX..G.YU....L.f......j/.....~../M3..d...T._..?.X..K.8....rr...7..k....{...?..dFhb..o.a..........&.._.. ....U.wec,..2..........U./8......'.9[hO..o.X.`g...Q.V..H.Lm.>.7DhM}q...|..1....8a}O.......'-.I..B..............a....Xx........0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Tue, 18 Oct 2016 23:54:28 GMT..Date: Tue, 18 Oct 2016 23:54:28 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..182..............Oo.0......74..c.....Q.S..e..R-.A.u.w.L.........}._.T.bS.....S..&........6...).g..`].6q-......&....Q..P..@...;...s&s..`......I.#q\....<.Q...X..Y.u.%\ r~...K]8..R@.PX..G.YU....L.f......j/.....~../M3..d...T._..?.X..K.8....rr...7..k....{...?..dFhb..o.a..........&.._.. ....U.wec,..2..........U./8......'.9[hO..o.X.`g...Q.V..H.Lm.>.7DhM}q...|..1....8a}O.......'-.I..B..............a....Xx........0..

<<< skipped >>>

GET / HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: imcrack.ad-jump.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Last-Modified: Mon, 10 Oct 2016 19:51:21 GMT

Accept-Ranges: bytes

ETag: "b9ac77ac2f23d21:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

Date: Tue, 18 Oct 2016 23:54:23 GMT

Content-Length: 103

GET /images/vicinio/dsp-images/jeremy.jacinto/background/1471015123308.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 12 Aug 2016 15:18:44 GMT

ETag: "8721c4-530-539e165ed0c5d"

Accept-Ranges: bytes

Content-Length: 1328

Cache-Control: max-age=309613661

Expires: Mon, 10 Aug 2026 15:18:44 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

.PNG........IHDR.......A.....S.cY....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:C9177305609C11E69F659152BDA6B005" xmpMM:DocumentID="xmp.did:C9177306609C11E69F659152BDA6B005"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C9177303609C11E69F659152BDA6B005" stRef:documentID="xmp.did:C9177304609C11E69F659152BDA6B005"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>^.......IDATx..W[r. .C..P..C...P7K.._.L...1................"..7...$..l4....&.}#...*......O.....!u...*c.....^...W.m...Kb76.. .8.9 .....Å¸..NU......$.......0VI~...\..Q*.....W..@.5...Ku....xZ.........-..9...Tv.h.Gz.J...a.~o.W.._.j.....8.Wx4.K7..8..F.....Z...A.:.....x.aPo.D.5.L@"N.......^.Y ...t.w...40W....T.......n....b*.\.....]W.2k.....9.~8......5.S..7...>w.n..C.:...._.z..^8..X.m...}.%...I[...(...0.[ez...X.`.B...Tt...W....|.vw..n....IEND.B`.....

<<< skipped >>>

GET /images/download/mapsgalaxy/checkbox-large.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 21 Sep 2015 13:37:13 GMT

ETag: "7a6825-5d6-52041faa34aad"

Accept-Ranges: bytes

Content-Length: 1494

Cache-Control: max-age=299315503

Expires: Thu, 18 Sep 2025 13:37:13 GMT

Content-Type: image/png

Date: Tue, 18 Oct 2016 23:54:28 GMT

Connection: keep-alive

.PNG........IHDR.......<......6......tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:18D531CE588611E5A10CFEFF4F01D22E" xmpMM:DocumentID="xmp.did:18D531CF588611E5A10CFEFF4F01D22E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:18D531CC588611E5A10CFEFF4F01D22E" stRef:documentID="xmp.did:18D531CD588611E5A10CFEFF4F01D22E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......HIDATx.b...e..`b....F. s6o.,!!A..w.....D1ZZZZFF.r..}.6...F..=j....F..=..!.._...-......H2.6'G[.C..Z{...f'..!..}....$ .......Y.Y...W..J.T.a.|.4.l..?_.`..?../..ID*x...t..o.)5:.r..O.....?.x..".;.N[.| .873W.j......Yr....'.R[^.....)....H..I.......K.X.{.V...W.P..._.&\*.../...Z.A....1.j...........My..=D.......s.A.rV.|<.2..Z..G........M......g?^... ...^A .T.l..`.....gb/.....{...\7...:..s#?... ..r7.a.....4....F.P.T....Bd....^k4K.....:K>n.n..#.$.4q..L...U...Q.......bcb]n0.._..Z&Z*p.....Xe.i.z.:._.EH.......M.Y.$Y6...1@.}..l.fn.H.|B.J.u.]`..`2G.........UO...Y.z...../`... rjt<.Q...V...

<<< skipped >>>

GET /images/download/symantec/nortonseal.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 16 Oct 2014 19:12:51 GMT

ETag: "b7e8b3-b51-5058f08e6247b"

Accept-Ranges: bytes

Content-Length: 2897

Cache-Control: max-age=263954565

Expires: Sun, 13 Oct 2024 19:12:51 GMT

Content-Type: image/gif

Date: Tue, 18 Oct 2016 23:54:29 GMT

Connection: keep-alive

GIF89a..X............................@@@.....................```..................000.....h .....J..................ppp.........PPP........Y.....,.................w.a...;............@1....dde........U223...999..............S...P@.....xa.|D..1..9.y.KKL..=.....T...0$.P=...............................................................................................................................!.......,......X.....[..............................................1! ....Y......M.....Z.......'.R.!....ZZ.[.......H3..[%...[.3Y.. ...,Y...81....JE......F...."..............k.3j.......o0jp....'.......,L.`.93...X~h......@...:sE..).YP...........jK(S.....A..A...K....h..]..EO.0.D.2p... Q...`.oB F.iQWL...6x..Y.. .."<.{.....s......B6...!.$........I.*36[3.....X.7Z}..............%...@...3_8VD...|.@....al......`..k.(, .)..,.....a...,t...C....A`.5.TR...y..|.e..K.....K....Y. .l..W %.%..{5..BU2Dr.5.i.....(...x..2.P.\s. G.`..X....0H/.I...9..0.i..PU..Lp.59.@E..e.#x.....#.....i.E..XX .m.....-p.f.....X..`6/m....a.....x`?..r......~.P..1...........H........9......... :....8@...$..E..)..Z.z%..B`ix..0.\.%...[,0.#.....-mP..[,jc.y&.........\...q...seJ..h0..

GET /pki/mscorp/crl/MSIT Machine Auth CA 2(1).crl HTTP/1.1

Cache-Control: max-age = 6793

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 18 Nov 2013 23:37:31 GMT

If-None-Match: "b61f5b26b7e4ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: mscrl.microsoft.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=7129

Content-Type: application/pkix-crl

Date: Tue, 18 Oct 2016 23:55:00 GMT

Etag: "ad925b8a3c1d11:0"

Last-Modified: Wed, 08 Jun 2016 16:35:08 GMT

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

Server: ECAcc (arn/46C8)

VTag: 279919325300000000

X-Cache: HIT

X-Powered-By: ASP.NET

Content-Length: 163018

0..|.0..{....0...*.H........0..1.0.....&...,d....com1.0.....&...,d....microsoft1.0.....&...,d....corp1.0.....&...,d....redmond1.0...U....MSIT Machine Auth CA 2..160608162453Z..160616164453Z0..z.0)....=.........130522112904Z0.0...U.......0).....3........130522112904Z0.0...U.......0)..M.\.........130522100146Z0.0...U.......0)....K.........130522100145Z0.0...U.......0)...........Z..130522100145Z0.0...U.......0).....j.....I..130522100145Z0.0...U.......0)....q.....q...130522094611Z0.0...U.......0).....C....q=..130522055646Z0.0...U.......0)..P.......j...130522055646Z0.0...U.......0)..c.......:...130522053344Z0.0...U.......0)..[..x....F0..130521142635Z0.0...U.......0)..[.......F...130521142635Z0.0...U.......0)..`.ii....9...130521142635Z0.0...U.......0)..`.X.....9...130521142635Z0.0...U.......0)..[.......F/..130521142143Z0.0...U.......0).....9....p...130520132837Z0.0...U.......0)..Q.4u....]...130520115050Z0.0...U.......0).....p....p...130520110806Z0.0...U.......0)...z......fQ..130520094526Z0.0...U.......0)..........e...130520094526Z0.0...U.......0)..........e...130520094526Z0.0...U.......0)... K.....p...130520094519Z0.0...U.......0)... H.....p...130520094519Z0.0...U.......0)...zF,....o...130520070955Z0.0...U.......0)..f..E....P...130518074816Z0.0...U.......0...\,jN....FD..130402211200Z0...../w....U...130328232900Z0...p.R.....G1..130226223400Z0....e......?...130220163500Z0....[......*...121221223500Z0...A......."...121206221900Z0...A......."...121206221900Z0...A......."...121206221800Z0...A..\...."...121206221700Z0...A.

<<< skipped >>>

GET /s/roboto/v15/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1

Accept: */*

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://free.mytransitguide.com

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Date: Thu, 06 Oct 2016 15:46:11 GMT

Expires: Fri, 06 Oct 2017 15:46:11 GMT

Last-Modified: Wed, 14 Jan 2015 22:46:39 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 18572

X-XSS-Protection: 1; mode=block

Age: 1066097

Cache-Control: public, max-age=31536000

wOFF......H.......~.........................GPOS............B...GSUB...`...\.....&.ROS/2.......U...`....cmap...........8..!Zcvt .......Z...Z...=fpgm.......=......c.gasp...X............glyf...d..6...a.:. .hdmx..BX...d........head..B....6...6....hhea..B........$.]..hmtx..C....G...v..8.loca..E\........Le3qmaxp..G.... ... ....name..G8.........D-/post..G........ .m.dprep..G..........w83x.....dG.....Zq.b.v2Z .m.6.b.N......o..F..^t....U...#i.&.z....5I[.w...k.....2.{.9._.#..f.Y%........_v..Wj...$'...`..6....'8.z ......^.W.....h'..^.....]...3..}...}.?.}..p....gx;{......R...Vp?...^Gw..t..............l..a...v.N.Y.hW........:P..P..#..QJW..4V.5A.5E'.T..3t...........@..#}.O..>...B_.{.....~..-.B-.b..J..j.Q..T.5..,....qGtn...(j..).oR.v......e1.`E:........a2L.*.bu:.jt.<...........!|...'0..f.l..sa.....X..`1..U...@6../.. ...[..N....H.q..{......:.*t.5.. .....A..d.f.`.6..~..r]a..v.R..qz.>.#.:wF..c..T..Q4..B2.I=....J.$vM:.~._a.L...B..]oE.l.. .2a2...`~.s......G...."X......'.]..C&L.'`>,...........}..p.a..-c..V2.......W..W.^....y....~.i0..X... .2a.]...Sms........X..`1...*X.k .......S.l.D.........9H\eX..:......jeAtG.. ..|.b9:.....O..bN.Fn...iz.V...............'_.0g.?......a[b........./WJ..].2|.......\..:....._.50.#.m.>.;q.!......Vg...4..b..f2..E..c...0$4....Ld.4AVk9...{.U.h..i......f......o.!3....F......$K....l......2$.(..W..f....-..........V1...."d...........?...L...5.8 I|.......h...g/.....s.V.?)B.".h.....!......u.....J..2..Y.z...Z......#K.r....=......o}.ZK.?1.\.._...$....y.=y....T..9)x.....*..ti..Q....&........y....m.5.

<<< skipped >>>

POST /mirrorCookies.jhtml HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

Host: mytransitguide.dl.myway.com

Content-Length: 2844

Connection: Keep-Alive

Cache-Control: no-cache

sessionData=,,-1,false,1,"ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh+SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx+RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh+VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH+GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye+ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="&language=,,-1,false,1,en&partnerId=,,-1,false,1,^BNH^orgyyy^S18478^ua&installDate=,,-1,false,1,2016101902&ttabFirstInstall=,,-1,false,1,true&coId=,,-1,false,1,4dff599246e047698ff2f0e

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:54:29 GMT

Server: Apache-Coyote/1.1

Access-Control-Allow-Origin: hXXp://free.mytransitguide.com

Access-Control-Allow-Methods: GET, POST

Access-Control-Max-Age: 1000

X-XSS-Protection: 0

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Type: text/html

Set-Cookie: sessionData="ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: language=en; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: partnerId=^BNH^orgyyy^S18478^ua; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: installDate=2016101902; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: ttabFirstInstall=true; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: coId=4dff599246e047698ff2f0ebb1fd4041; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: npsSurveyUrl=""; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: toolbarId=499A6693-B752-4D80-A711-A1A68D9D06CA; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: partnerSubId=""; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: dlput=S18478; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: installType=MSNI; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: successUrl="hXXp://free.mytransitguide.com/installComplete.jhtml"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: chromeShowToolbar=nowhere; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: ChromeExtensionCopies=stubby; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: newTabURL="hXXp://hp.myway.com/mytransitguide/s18478/index.html?n=780BD6C7&"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: newTabCache=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: newTabBubbleURL="hXXp://free.mytransitguide.com/chromeInstruct.jhtml?tabView=bubble"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: newTabInstructURL="hXXp://free.mytransitguide.com/chromeInstruct.jhtml?tabView=instruct"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: newTabSuccessURL="hXXp://free.mytransitguide.com/chromeInstruct.jhtml?tabView=success"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: dynamicKeyword="Transit Guide"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: dynamicImageUrl="hXXp://ak.imgfarm.com/images/vicinio/cobrands/BNH/MyTransitGuide_1465240174340.png"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: pixelUrl="hXXp://free.mytransitguide.com/install_pixels.jhtml?partner=^BNH^orgyyy^S18478^ua&coId=4dff599246e047698ff2f0ebb1fd4041&tbGuid=[TBUID]"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: defaultSearchOption=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: defaultSearch=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: homePageOption=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: homePage=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: countryCode=UA; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: cakeId=""; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: campaign=orgyyy; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: cobrand=BNH; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/

Set-Cookie: anx="xracl=&xckoid=&xgds=&lv=1476834869119&xad=&xmvte=&xit=&xlang=&xmvtv=&xmvtt=&xckid=&xrm=&xrp=&xrs=&xrt=&xnt=&xft=&nv=1&fv=1476834869119&xuer=&ob=-&oc=-&od=free.mytransitguide.com&xgc=&sn=dubprdsndlbfe46.dub.jabodo.com&ok=-&om=referral&xrco=&xrca=&op=index.jhtml&xrcc=&os=-&surveyUrl=&xkw=&g=-&xct=&xiad=&xbkw=&tbGuid=&xg=&xh=&xi=&xtp=&xn=&xp=&xtt=&xpp=&xs=&xt=&xu=&xcid="; Version=1; Domain=.myway.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:29 GMT; Path=/

Via: 1.1 VVV.mapsgalaxy.com

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

Set-Cookie: ltm-1d=rd119o00000000000000000000ffff0a904c36o80; expires=Wed, 19-Oct-2016 23:54:29 GMT; path=/

a..............53..-.A..0...Rr.....im.B.....W..0...>4s..2.....I...w.3..<.a.&....TqP.....]..x.7...KX.....0..&ok=-&om=referral&xrco=&xrca=&op=index.jhtml&xrcc=&os=-&surveyUrl=&xkw=&g=-&xct=&xiad=&xbkw=&tbGuid=&xg=&xh=&xi=&xtp=&xn=&xp=&xtt=&xpp=&xs=&xt=&xu=&xcid="; Version=1; Domain=.myway.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:29 GMT; Path=/..Via: 1.1 VVV.mapsgalaxy.com..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Transfer-Encoding: chunked..Set-Cookie: ltm-1d=rd119o00000000000000000000ffff0a904c36o80; expires=Wed, 19-Oct-2016 23:54:29 GMT; path=/..a..............53..-.A..0...Rr.....im.B.....W..0...>4s..2.....I...w.3..<.a.&....TqP.....]..x.7...KX.....0..

<<< skipped >>>

GET /index.jhtml HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://imcrack.ad-jump.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: free.mytransitguide.com

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:54:27 GMT

Server: Apache-Coyote/1.1

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Expires: -1

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

Cache-Control: post-check=0, pre-check=0

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Type: text/html;charset=UTF-8

Content-Language: en-UA

Set-Cookie: userSegment=""; Domain=.mytransitguide.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

Set-Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en_UA; Path=/

Set-Cookie: anx="xracl=&xckoid=&xgds=&lv=1476834868192&xad=MyTransitGuide&xmvte=&xit=&xlang=en&xmvtv=&xmvtt=&xckid=&xrm=&xrp=^BNH^orgyyy^S18478^ua&xrs=&xrt=S18478&xnt=&xft=&nv=1&fv=1476834868192&xuer=1&ob=-&oc=-&od=imcrack.ad-jump.com&xgc=false&sn=dubprdsndlbfe45.dub.jabodo.com&ok=-&om=referral&xrco=BNH&xrca=orgyyy&op=-&xrcc=ua&os=-&surveyUrl=&xkw=Transit Guide&g=-&xct=&xiad=&xbkw=&tbGuid=499A6693-B752-4D80-A711-A1A68D9D06CA&xg=&xh=8681&xi=MSNI&xtp=vhigh&xn=&xp=vicinio&xtt=template_new&xpp=^BNH^orgyyy^S18478^ua&xs=29954&xt=intdefault&xu=&xcid=4dff599246e047698ff2f0ebb1fd4041"; Version=1; Domain=.mytransitguide.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:28 GMT; Path=/

Via: 1.1 VVV.mapsgalaxy.com

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

Set-Cookie: ltm-1d=rd119o00000000000000000000ffff0a904c35o80; expires=Wed, 19-Oct-2016 23:54:29 GMT; path=/

1a88.............}kw.8.......`8....z.m7;....;N..;.=.dt(...H............|.r....N.$..B.P(..@.....? .gU.g..W.V..!..`2..........?D..P.eJ.....#.....{...w.....*....w....,{...ye...?..~......i.....$a.F.o.j...-.*M......M.f........[......r..l..o..US....$qK.t....8....=7..4LG..........X.......6....zq.X.@..i........A.YX.r..,.v..h...t..n.....\;.n....c...8.R......m..7..QN.q...,..b..k.4.z.'..Rbo.....&Ho..........q.A2..)rNC.C.Z^...y@.......xI.?o......b..N..C......N...(...d#./..J.>.w..?.h..'.....J.g.M...^.#.H..Eq.P.N....w....P..DB.....0...........j}...........]{../......z...;98.....$...o....=.^..k/......O....K...M.?.q......nO.u......x..w./.x.l..Q..p...IE.4:.n.x.K.z#.v.|.Bv2.I.... .......L...,...p.%W....3.M.8.,..q4.9.....].'!.n#.7.I.....N..k.../'... ..gW.....4...}n.......M.w?yq..GA............A.......D....U.kU.?........8m{.).....3.... H@.z......K..Q..xf}...[ ...&r..T.....Au..2.....z. ...%....c.....p....9...(...h..5Xj/k<P$2...........-,..P;..!.j.2rU..L`..A..X.?.i.'..P.8q.q?.)E..$..Zm..A...9).....1.P.......yVmg..u..0.X...".p....%.z.~X..P.q|. .4.....S.=...K^{..}1(.k}.0~.b...=2F.K.....].6K..k}..LD.x..9~.....&...7....RW..1...._....8v3....=.................,{........[............6.....G!.!...]N........sB..M%..!...jL.5....5...@...=....z...x. ...7j...6.Q~.C.......$#...&...).|......@.3.....YkQ}..A.iU....b.$..Q..S_.........j'...2.8S...f.x...N.. .$...<.d[4......i.....e8.;.2...f\...D.K..;ZI...M.Xb....Wo*..\.[..I.$......t..b...l......I?......,V..`4..~r...@.>./.?.3.b....&~...1RF..B#%.6@.....}..U}F.Y....Q.9........2.A.UQ..T....*...)

<<< skipped >>>

GET /anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868242&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1169750588 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: free.mytransitguide.com

Connection: Keep-Alive

HTTP/1.1 204 No Content

Date: Tue, 18 Oct 2016 23:54:28 GMT

Server: Apache-Coyote/1.1

Via: 1.1 VVV.mapsgalaxy.com

Content-Length: 0

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

HTTP/1.1 204 No Content..Date: Tue, 18 Oct 2016 23:54:28 GMT..Server: Apache-Coyote/1.1..Via: 1.1 VVV.mapsgalaxy.com..Content-Length: 0..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive......

GET /anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/installError.jhtml&anxl=en-US&anxlv=1476834869133&anxrd=free.mytransitguide.com&anxrp=index.jhtml&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&errorCode=blockedCountry&errorType=browser&anxe=installErrorLanding&anxr=361991559 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://free.mytransitguide.com/installError.jhtml?errorType=browser&errorCode=blockedCountry

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: free.mytransitguide.com

Connection: Keep-Alive

HTTP/1.1 204 No Content

Date: Tue, 18 Oct 2016 23:54:28 GMT

Server: Apache-Coyote/1.1

Via: 1.1 VVV.mapsgalaxy.com

Content-Length: 0

Keep-Alive: timeout=5, max=98

Connection: Keep-Alive

HTTP/1.1 204 No Content..Date: Tue, 18 Oct 2016 23:54:28 GMT..Server: Apache-Coyote/1.1..Via: 1.1 VVV.mapsgalaxy.com..Content-Length: 0..Keep-Alive: timeout=5, max=98..Connection: Keep-Alive..

GET /prd/ttdetectUtil.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ttdetect.staticimgfarm.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 17 Aug 2016 14:30:22 GMT

ETag: "3f18a9-53ea-53a454e3136a3"

Accept-Ranges: bytes

Content-Type: application/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Cache-Control: max-age=26145773

Expires: Thu, 17 Aug 2017 14:37:21 GMT

Date: Tue, 18 Oct 2016 23:54:28 GMT

Content-Length: 7730

Connection: keep-alive

...........\{s.F.....5...pD...........?..d.(.....D.4.ZRH.g....0.A)....J...3.......(.......vk.....l........7.c/.\{..b.%....;aC.w.wW...N.i.....\o!..7/^%...C^..2/.......A&W...VU_S.C~u..'..p..l.&`y.....Q..d........5.[l...}.?r..i .........c....A..a...........O..`....".......Gb..x,<.&...?...c.z../j.....(.:p....X./.J.w4.}.v...w.......m9....\.....W...1U&..'..2._.IL...!..@.....^....0Gw...s.A..Kv..:.m..5...6.E..O.>...gS...8.....S....*K...Uqi..V.[...0....j!.y.q_...#......O..@F../.....B1.)....Mg....."a}$o>.L..b\..}.OQ.AS6eu.fc..6".r..#..q.JmE02....k.l.'..0[.j.X......j.G.bh`.-"...q.P$m{,.....A/...zG#7.{.......[$=1...g.............mZ....sW..Q....B6.C...ra*..........mh...............nf.=...ZF..4)"..u.!.0T.}lU.L.YN5N{.8Y..... .4.T..3..x..A.[..:...O...C{....=&.w#...kT.........).....u.^.G............J.....o.rN/....{x.e.......pv6...Nzq..np..Qxq....~.... U.T....a..CC.....=...R...>....cF...dA`.'PxA.....A.wH62e......H7..~q.....Z...4..T*.J...|..7..`...Q.....).=....QC..Xi6.q.._..Pj.J..$.K..eZO.v.e.u/....Y....rY.`P-..6........n.f.,..^.= .M...5.*3..\....5.....ze.....>.Ty.N.. .$.4....i...GB....)p......[.XM....-...v...".6..ls...... .U.....TX.......DH6?.mz1..fw..............8S..3/L.b.]O..?..............'...l...O....l[dk..]..-*....".......[{.....i..t.5......A....... ..bj....m.Nz.B......H}.....".L..(..;........6)..S.I..l..2.4.b.......X.J..9e..o.G...Wl.xg.\%.55..k..V....W.\.Q...1.3@M..1.......!J..k..........C`...6=.9....!.@.?*......".3.X..$.;..^#@...v....9Y........,......L...W...2A3.....0>..`.._p.rz6.m..GOKM^d..@..=...*..6..

<<< skipped >>>

GET /s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff HTTP/1.1

Accept: */*

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://free.mytransitguide.com

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Date: Wed, 05 Oct 2016 21:44:05 GMT

Expires: Thu, 05 Oct 2017 21:44:05 GMT

Last-Modified: Wed, 14 Jan 2015 22:47:37 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 18520

X-XSS-Protection: 1; mode=block

Age: 1131023

Cache-Control: public, max-age=31536000

wOFF......HX................................GDEF.......@...L.0..GPOS...............IGSUB.......\.....&.ROS/2.......V...`....cmap...T.......8..!Zcvt .......L...L$A..fpgm...H...;....g.\.gasp................glyf......6r..b&....hdmx..B....d........head..Bh...6...6.F..hhea..B........$...}hmtx..B....E...v.ZQ.loca..E.........:.!.maxp..F.... ... ....name..F..........o,.post..G........ .m.dprep..G.........t...x......P..............@.C.e....N..4.{.qt...r.q.................#x....p#L.......si...m.:..m..m.6..m....\....v..xVm.....T.....g..".*..............[..f8.....'d..o.b.....-...x@...K....Gc..k...$..w}.T7.y]....Q....eu.]qw.........2X..\R....ujR..3wW...k.IK$......o.......9_....-..'....d!;..G......d....X.1..Ld....,f3...c1.Y.Z...-D.C,qlg..H{^mv;.6.-B...CN|4....k.Z..|...gR.^..?4....AxIO.?..]{)D$J..$..cJ|.V;@................AZe/..r.).....A~...R..O;..(.FZ..F..F|......z1......l<um.v...-..-..m...&..S.....R.&..#.].....)..N.'|.w......}I._....e.....% .Xv.M........7;.....%Y$.........v.w...2J.G... .d.,.]Ke.,...RV..jY#ke.l.h..X..x.. [e.l..;$..-./m?_.q...,....JO(..b..];..2_..BY$.Z..V~.}.....d.v.Ek]....U.V..Y .......E2R....4............]...$...U.Z..ZY'.dQ.E.Ã»%N...)..&=E.../d.,...H..7...d.,.....-..Ã»%N<a..B....x......;e-.....v.t6....b.....J..}.~?.".}.Q./Dmo;......`.?.D..;V...........m.-..~...(.)..u.......,.....G.~....V......`..OX4X&. ..............v.Vj..s.S..}W....6..).l.<'....:..;.`..Z....v.$.m...[@...`{......wPjGl...i.a... ....~?X.4C.,..]...v0....'=..;....y<T..........w~....P.z.....k&.O..~...:...X79w.........7..>..;VC.?

<<< skipped >>>

GET /MFUwUzBRME8wTTAJBgUrDgMCGgUABBTkLVLomfJQOu5CFIgPOR73ljBRHAQU+L36r3N3xscb+UtNEafRM6+vchECFEOZrYpYgDwxeWGj/HetMtWiXvU/ HTTP/1.1

Cache-Control: max-age = 339923

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 09:41:21 GMT

If-None-Match: "c06e9a4e33eec9dd813b8faff15397229f914d2a"

User-Agent: Microsoft-CryptoAPI/6.1

Host: vassg142.ocsp.omniroot.com

HTTP/1.1 200 OK

Server: nginx

Content-Type: application/ocsp-response

Content-Length: 1746

Last-Modified: Tue, 18 Oct 2016 23:39:37 GMT

ETag: "ad53c6a6b1b3444f6b77a37ebef2d7484963ffca"

Cache-Control: public, no-transform, must-revalidate, max-age=339881

Expires: Sat, 22 Oct 2016 22:19:44 GMT

Date: Tue, 18 Oct 2016 23:55:03 GMT

Connection: keep-alive

0..........0..... .....0......0...0......\r...Ev.C..*....omJ...20161018233937Z0w0u0M0... .........-R...P:.B...9...0Q.......sw....KM...3..r...C...X.<1ya..w.2..^.?....20161018233937Z....20161022233937Z0...*.H.............>b.}.DN.|.......=.x...!...L5. _.<.. :....ZI.k)RLB......j._L....\.vi.t..'.-......B,.....!i..J...M...@..R...wv.HO..2....f.y?....#..7..3...`..-c..u..2O.....i.A.H1.....3..u...'J.=....|nfj..6y..........\...{.O.De.'....~...}.nl..O........&.Xx#.......?..Ujc_Q.W......0...0...0...........1....n.SsnC.K.]I.w90...*.H........0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cybertrust1.0,..U...%Verizon Akamai SureServer CA G14-SHA20...160407064154Z..170407064154Z0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cybertrust1%0#..U....vassg142-OCSP Responder 20160.."0...*.H.............0.........w.;..Eu..'f.c^....Qe.O...U.....d.\?.....S.r'g.d..ES.NA.t....<.....#?.."...*Pm.<..s........v...<....8......A@.....7h...r$.T..8=......\....>......z=t3?(.....i.>t.^.....]7.9..j.E. ....{.$w..Y,...hf..6......L._9,.....i...S...)/.."^.K.O...bb^....V....'p...'V..........H0..D0... .....0......0L..U. .E0C0A.. .....>..0402.. ........&hXXps://secure.omniroot.com/repository0~.. ........r0p06.. .....0..*hXXps://cacert.a.omniroot.com/vassg142.crt06.. .....0..*hXXps://cacert.a.omniroot.com/vassg142.der0...U...........0...U.%..0... .......0...U.#..0.......sw....KM...3..r.0...U......\r...Ev.C..*....omJ.0...*.H.............l/0j.Z.z.......n-..

<<< skipped >>>

GET /click.php?c=9&key=qz4n70dim7ol9955d9dq8457 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://imcrack.ad-jump.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.adlcx.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Tue, 18 Oct 2016 23:54:27 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.6.22

Set-Cookie: IMT1476834867338=FmQjHNSenT91Chmd0gil8Q==1utnwaBcjG6ua2Jx283vHQ==; expires=Thu, 20-Oct-2016 05:54:27 GMT; Max-Age=108000; path=/; domain=VVV.adlcx.com

Location: hXXp://lxudv.com/?a=539528&c=1430992&m=32&s1=&s2=1494351

0..HTTP/1.1 302 Moved Temporarily..Server: nginx..Date: Tue, 18 Oct 2016 23:54:27 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.6.22..Set-Cookie: IMT1476834867338=FmQjHNSenT91Chmd0gil8Q==1utnwaBcjG6ua2Jx283vHQ==; expires=Thu, 20-Oct-2016 05:54:27 GMT; Max-Age=108000; path=/; domain=VVV.adlcx.com..Location: hXXp://lxudv.com/?a=539528&c=1430992&m=32&s1=&s2=1494351..0..

GET /s/roboto/v15/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1

Accept: */*

Referer: hXXp://free.mytransitguide.com/index.jhtml

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://free.mytransitguide.com

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Date: Thu, 06 Oct 2016 00:37:34 GMT

Expires: Fri, 06 Oct 2017 00:37:34 GMT

Last-Modified: Wed, 14 Jan 2015 22:48:06 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 18568

X-XSS-Protection: 1; mode=block

Age: 1120614

Cache-Control: public, max-age=31536000

wOFF......H.......~.........................GDEF.......@...L.0..GPOS...........N....GSUB.......\.....&.ROS/2...,...U...`....cmap...........8..!Zcvt ...,...B...B.N$.fpgm...p...>....S.W.gasp................glyf......6...a..`.Mhdmx..Bd...d........head..B....6...6....hhea..C........$.&..hmtx..C ...G...v..A.loca..Eh........Q.8.maxp..G(... ... ....name..GH..........,.post..G........ .m.dprep..G..........6~.x......P..............@.C.e....N..4.{.qt...r.q.................#x......].../....W...l..m..m..m..=U[...R.....[...wn...I)TI...T.T%}..{.V..i..-..U.Nm.Gn!3b..w....}..[6..F_D.%.@.Kb.t.I..=.. NRng...,p.9..=N2'..g....S....qZ..9..>.@F.3.......7.A........."..W2. ?b..9....T.~...M....U:eT&eS....G.UB.T^.TQUTM5T[.5IS4U..\ .R..Zk.V..^..Q..C;.K.u@'tR.tZ.tQ.tYWtU.t[..,.s.{.\..{.SrQ#P.=W.Ln;../..jm.........[..6_n.V.. .....0.%.K*,/..z..XI|.."..$.Fl.l..A5..$....#2....m...[...|...>.>..J.../...7P).O...Yo.....5Uc."._..O.=......4......m.w..\B...%.........._|.5.k*..YY..s6;.%..s......F..7...-..X:e#...QQ{.bP.JBE....g.{..0..dr..r.W.JX..a...[..0...p...{.N.)8....\. p..Q.:...p...!)...r.#..W.m.u..X.`}....@.........>.../.J3.IGtO...*.j...&).s.RBQ....P.*.h..o.L..p...8...4.$...Aq(..a4...p.N.i.PE{..p......n.. ..d...>2......`?.Rs..Aq(....*.V..h4.q8.'......\..p... i9* ...$.W...T....K.ho....a..v]...y...X..=..B.UH../..eX).._.s..xe.....'.W....F.>d.l....l)..l{.d..<.[..m...wV.~...v...O..o..m."...>......s.2..[.0.".....e........],......@..h].,d..%!k(.$_g..S......{.E....lz.j...B%..uh......s;b.x..6O....@z$.,d..^..w#..8r...RG.[.......%

<<< skipped >>>

GET /AddTrustExternalCARoot.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 19 Nov 2013 13:17:06 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.comodoca.com

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:55:01 GMT

Content-Type: application/x-pkcs7-crl

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly

Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT

ETag: W/"5806650e-22a"

X-CCACDN-Mirror-ID: rmdccacrl3

Cache-Control: public, max-age=14400

CF-Cache-Status: HIT

Expires: Wed, 19 Oct 2016 03:55:01 GMT

Server: cloudflare-nginx

CF-RAY: 2f3feb3351384050-SOF

25a..0..V0..>...0...*.H........0o1.0...U....SE1.0...U....AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root..161018180814Z..161022180814Z0i0!..S{vVO)...iC.".,y..151214155830Z0!..F....L...e.n.B.d..151214155830Z0!..:...u....t........151214155830Z.00.0...U.#..0......z4.&...&T....$.T.0...U........0...*.H...................83^pX...C..=...;!kY....k...Zy...5.....:..o.Mk.R....._......\.\od..D=...yF.)...M%......A5<5..x.8..$...?.X...}...........$$..l.N.;.S..|i.{......6.9@.......W.V..X..P..:.c..;..'N."Cbf!=f[.K.DR.go..~..;.....)g9..*.c..B.7.@.|o.......r...J..;....b..E...{. 3..0..HTTP/1.1 200 OK..Date: Tue, 18 Oct 2016 23:55:01 GMT..Content-Type: application/x-pkcs7-crl..Transfer-Encoding: chunked..Connection: keep-alive..Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly..Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT..ETag: W/"5806650e-22a"..X-CCACDN-Mirror-ID: rmdccacrl3..Cache-Control: public, max-age=14400..CF-Cache-Status: HIT..Expires: Wed, 19 Oct 2016 03:55:01 GMT..Server: cloudflare-nginx..CF-RAY: 2f3feb3351384050-SOF..25a..0..V0..>...0...*.H........0o1.0...U....SE1.0...U....AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root..161018180814Z..161022180814Z0i0!..S{vVO)...iC.".,y..151214155830Z0!..F....L...e.n.B.d..151214155830Z0!..:...u....t........151214155830Z.00.0...U.#..0......z4.&...&T....$.T.0...U........0...*.H...................83^pX...C..=

<<< skipped >>>

GET /UTN-DATACorpSGC.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 19 Nov 2013 13:17:06 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.comodoca.com

HTTP/1.1 200 OK

Date: Tue, 18 Oct 2016 23:55:01 GMT

Content-Type: application/x-pkcs7-crl

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly

Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT

ETag: W/"5806650e-22e"

X-CCACDN-Mirror-ID: rmdccacrl6

Cache-Control: public, max-age=14400

CF-Cache-Status: HIT

Expires: Wed, 19 Oct 2016 03:55:01 GMT

Server: cloudflare-nginx

CF-RAY: 2f3feb3792c84050-SOF

239..0..50......0...*.H........0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U....The USERTRUST Network1!0...U....hXXp://VVV.usertrust.com1.0...U....UTN - DATACorp SGC..161018180814Z..161022180814Z0#0!....^{.j.......^....161004055749Z.00.0...U.#..0...S2........].N...E..O0...U........0...*.H...............-_.:...9.~....Xt.@...= CV....}[..T.,3..[*yw......i..7..p.[....y3W...2_|i.q.7.''}_~....2(A...K.jC.....(fP........?.L...z.h].*. .|......Eg..Dh~.( M....m-. .1'.H... 3@.......$.C../rq.....}<K....>Q...*_..a.`H....\.s..v.Q....0..mR.......H.H.3..........OB.......0..HTTP/1.1 200 OK..Date: Tue, 18 Oct 2016 23:55:01 GMT..Content-Type: application/x-pkcs7-crl..Transfer-Encoding: chunked..Connection: keep-alive..Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly..Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT..ETag: W/"5806650e-22e"..X-CCACDN-Mirror-ID: rmdccacrl6..Cache-Control: public, max-age=14400..CF-Cache-Status: HIT..Expires: Wed, 19 Oct 2016 03:55:01 GMT..Server: cloudflare-nginx..CF-RAY: 2f3feb3792c84050-SOF..239..0..50......0...*.H........0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U....The USERTRUST Network1!0...U....http://VVV.usertrust.com1.0...U....UTN - DATACorp SGC..161018180814Z..161022180814Z0#0!....^{.j.......^....161004055749Z.00.0...U.#..0...S2........].N...E..O0...U........0...*.H...............-_.:...9.~....Xt.@...= CV....}[..T.,3..[*yw......i..7..p.[....y3W...2_|i.q.7.''}_~...

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRVuMwyhZnBGWkFKlkeoNe9zdlbSwQUK5o1rgEYODDhcHoF4BF2o869kBQCEBbfOFWwaAAL65vNdl55UHU= HTTP/1.1

Cache-Control: max-age = 360742

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 10 Oct 2016 14:02:11 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: tg.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1451

content-transfer-encoding: binary

Cache-Control: max-age=408357, public, no-transform, must-revalidate

Last-Modified: Sun, 16 Oct 2016 17:17:47 GMT

Expires: Sun, 23 Oct 2016 17:17:47 GMT

Date: Tue, 18 Oct 2016 23:55:03 GMT

Connection: keep-alive

0..........0..... .....0......0...0......|.....Q.......Uh..z...20161016171747Z0s0q0I0... ........U..2....i.*Y......[K.. .5...80.pz...v.........8U.h.....v^yPu....20161016171747Z....20161023171747Z0...*.H..............._..5..7..T....g.:`.........*....P.C..9t1......1....w.|.....kbl......"=.B)...w...h%.V8J.M. d.y..*......!8q2......?\"#...f.3.,..&..9.......!..).`...B.......*...z.F...O.]....3 .fQ.e.........sF...T.......d.YT...}X....}..p...k...:..Q|...O.E..f\.H.?.L.Z....|......0...0...0..........e......L.B......0...*.H........0C1.0...U....US1.0...U....thawte, Inc.1.0...U....thawte SHA256 SSL CA0...160829000000Z..161127235959Z0O1.0...U....US1.0...U....thawte, Inc.1)0'..U... thawte SHA256 SSL OCSP Responder0.."0...*.H.............0................#.....]......F#...Q...b:k.._n.X..!a.;<..a.......c....|.OsP..f..p.2r"2c&...8.:>vq.........2P..U....r..2.."N.!.gN....8.Y......D2.zF......Ln...Z..J..)..B{.1.p#|...e...$.A{...n.B.....o......L1...g...].......$cpYK.vC.D=.N..F2..j...=.....Yi.......u..r...........0..0... .....0......0"..U....0...0.1.0...U....TGV-D-17700...U.#..0... .5...80.pz...v.....0...U......|.....Q.......Uh..z.0...U.......0.0...U.%..0... .......0...U...........0...*.H.............C..7...X}.(.w9 9..*9.0x^Q.h....o. ..J...B.dc.6.%a_^?Z...8V.....O.aMh..I...1u.......v.VE7..h....t.o.m.=......U.@.V..'......v....4.......!.xV.es.....\......eM...C.|....$..I...-.. ...n.c*......Tz..6T..gU..XQ.^....P.LB..H....y.o}.i...I.......5...j!.g.D's........

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_2988:

!Require Windows

.text

`.rdata

@.data

.rsrc

ttNt_Nt.Nt

:Language:%u!

Sorry, this program requires Microsoft Windows 2000 or later.

COMCTL32.dll

KERNEL32.dll

GetKeyState

USER32.dll

GDI32.dll

ShellExecuteW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

MSVCRT.dll

_acmdln

Enhanced SFX for 7-Ziptrue

X%cX%c

7zSfxString%d

0xx

"%s".

Could not overwrite file "%s".

Could not create file "%s".

0xX.

7-Zip: Internal error, code 0xX.

7-Zip: Internal error, code %u.

7-Zip: Unsupported method.

Error during execution "%s".

"setup.exe".

Could not find "setup.exe".

Could not find command for "%s".

) "%s".

Could not delete file or folder "%s".

Could not create folder "%s".

Error in line %d of configuration data:

Could not open archive file "%s".

1.4.1 [x86] build 2100 (2011-04-28)

9.20 (2010-12-18)

Supported methods and filters:

@7zSfxFolderd

7ZSfxx.cmd

setup.exe

7ZipSfx.x

@ (%u%s)

SFTP module for FileZilla based on PuTTY's psftp component

FZSFTP

dllhost.exe_2248:

.text

`.rdata

@.data

.rsrc

t$(SSh

~%UVW

u$SShe

kernel32.dll

advapi32.dll

shlwapi.dll

ntdll.dll

user32.dll

Kernel32.dll

ole32.dll

shell32.dll

crypt32.dll

wininet.dll

psapi.dll

RegOpenKeyA

RegCloseKey

MsgWaitForMultipleObjects

@.reloc

.FGy#

8_Eu.QP

] ;_ }9

.6.78.9:;

B.CDEFGH

large file support is disabled

unknown operation

SQL logic error or missing database

rekey

hexrekey

hexkey

foreign_keys

foreign_key_list

foreign_key_check

defer_foreign_keys

sqlite_compileoption_get

sqlite_compileoption_used

sqlite_crypt

sqlite_log

sqlite_source_id

sqlite_version

sqlite_attach

sqlite_detach

sqlite_stat4

sqlite_stat3

sqlite_stat1

sqlite_rename_parent

sqlite_rename_trigger

sqlite_rename_table

FOREIGN KEY

GetProcessHeap

RowKey

3.9.2

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY

@failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

Adelayed %dms for lock/sharing conflict at line %d

sqlite_user

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

SQLITE_

os_win.c:%d: (%lu) %s(%s) - %s

%s%c%s

%s(%d)

FOREIGN KEY constraint failed

%s prohibited in %s

%r %s BY term out of range - should be between 1 and %d

Expression tree is too large (maximum depth %d)

too many SQL variables

variable number must be between ?1 and ?%d

too many columns in %s

%s OR name=%Q

type='trigger' AND (%s)

table %s may not be altered

sqlite_

%s cannot use variables

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

duplicate column name: %s

too many columns on %s

DELETE FROM %Q.%s WHERE %s=%Q

sqlite_stat%d

cannot modify %s because it is a view

table %s may not be modified

foreign key mismatch - "%w" referencing "%w"

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

table %s: xBestIndex returned an invalid plan

no such vfs: %s

%s mode not allowed: %s

no such %s mode: %s

FROM '%q'.'%q%s' AS x

,%s(x.'c%d%q')

,%s(?)

unknown tokenizer: %s

unrecognized matchinfo request: %c

>reserved fts5 column name: %s

unrecognized column option: %s

unindexed

-near %d

-col {%d

-col %d

, %d)

%s%s%z%s

no such tokenizer: %s

hex literal too big: %s

unknown column "%s" in foreign key definition

number of columns in foreign key does not match the number of columns in the referenced table

foreign key on %s should reference only one column of table %T

a JOIN clause is required before %s

duplicate WITH table name: %s

error during initialization: %s

no entry point [%s] in shared library [%s]

sqlite3_

unable to open shared library [%s]

%s.%s

sqlite3_extension_init

USE TEMP B-TREE FOR %s

COMPOUND SUBQUERIES %d AND %d %s(%s)

%s:%d

recursive reference in a subquery: %s

multiple recursive references: %s

table %s has %d values for %d columns

circular reference: %s

multiple references to recursive table: %s

SCAN TABLE %s%s%s

vtable constructor did not declare schema: %s

vtable constructor failed: %s

vtable constructor called recursively: %s

no such module: %s

%s.xBestIndex() malfunction

prefix length out of range: %d

%s-shm

unable to use function %s in the requested context

CREATE TABLE %Q.%s(%s)

%s %T cannot reference objects in database %s

sqlite_master

sqlite_temp_master

default value of column [%s] is not constant

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

%s.rowid

no such collation sequence: %s

cannot join using column %s - column not present in both tables

cannot have both ON and USING clauses in the same join

a NATURAL join may not have an ON or USING clause

column%d

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

too many arguments on %s() - max %d

json_%s() needs an odd number of arguments

parse error in rank function: %s

%s: %s

%s: %s.%s

%s: %s.%s.%s

misuse of aliased aggregate %s

not authorized to use function: %s

the "." operator

too many terms in %s BY clause

%.*s"%w"%s

%s%.*s"%w"

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

Cannot add a PRIMARY KEY column

automatic extension loading failed: %s

illegal first argument to %s

%s {%s}

d-d-d d:d:d

d:d:d

d-d-d

view %s is circularly defined

recursive aggregate queries not supported

LIMIT clause should come after %s not before

ORDER BY clause should come after %s not before

zeroblob(%d)

sqlite3_get_table() called with two or more incompatible queries

ANY(%s)

VIRTUAL TABLE INDEX %d:%s

USING INTEGER PRIMARY KEY (rowid%s?)

INDEX %s

COVERING INDEX %s

PRIMARY KEY

AS %s

TABLE %s

SUBQUERY %d

, T.c%d

%Q.'%q_%s'

parse error in "%s"

reserved fts5 table name: %s

no such column: %s

{%ssegid=%d h=%d pgno=%d}

{id=%d leaves=%d..%d}

{lvl=%d nMerge=%d nSeg=%d

%d(%lld)

porter

?API call with %s database connection pointer

cannot limit WAL size: %s

2nd reference to page %d

invalid page number %d

automatic index on %s(%s)

database corruption at line %d of [%.10s]

recovered %d frames from WAL file %s

bind on a busy prepared statement: [%s]

%z - %s

malformed database schema (%s)

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

Failed to read ptrmap key=%d

failed to get page %d

%d of %d pages missing from overflow list starting at %d

freelist leaf count too big on page %d

recovered %d pages from %s

unknown database: %s

Fragmentation of %d bytes reported as %d on page %d

Multiple uses for byte %u of page %d

Offset %d out of range %d..%d

On page %d at right child:

On tree page %d cell %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

Page %d:

Pointer map page %d is referenced

Page %d is never used

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

at most %d tables in a join

unknown database %s

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

MJ delete: %s

-mjX9X

MJ collide: %s

%s-mjXXXXXX9XXz

database %s is locked

cannot detach database %s

no such database: %s

database schema is locked: %s

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

PRAGMA vacuum_db.synchronous=OFF

cannot VACUUM - SQL statements in progress

SELECT %s WHERE rowid = ?

INSERT INTO %Q.'%q_content' VALUES(%s)

SELECT %s WHERE rowid=?

SELECT %s FROM %s AS T

REPLACE INTO %Q.'%q_content' VALUES(%s)

SELECT %s FROM %s T WHERE T.%Q=?

SELECT %s FROM %s T WHERE T.%Q = ? ORDER BY T.%Q DESC

SELECT %s FROM %s T WHERE T.%Q >= ? AND T.%Q

CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);

CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);

CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));

CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

CREATE TABLE %Q.'%q_content'(%s)

%z, 'c%d%q'

docid INTEGER PRIMARY KEY

ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';

fts5: error creating shadow table %q_%s: %s

CREATE TABLE %Q.'%q_%q'(%s)%s

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

unsupported file format

no such trigger: %S

no such table column: %s.%s

malformed MATCH expression: [%s]

FTS expression tree is too large (maximum depth %d)

statement aborts at %d: [%s] %s

abort at %d in [%s]: %s

%s constraint failed

%s constraint failed: %s

database table is locked: %s

cannot change %s wal mode from within a transaction

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot commit transaction - SQL statements in progress

cannot release savepoint - SQL statements in progress

no such savepoint: %s

cannot open savepoint - SQL statements in progress

sqlite_sequence

there is already an index named %s

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

no such index: %S

unable to identify the object to be reindexed

unsupported encoding: %s

NULL value in %s.%s

*** in database %s ***

no such table: %s

%s.%s.%s

'%s' is not a function

too many references to "%s": max 65535

sqlite_sq_%p

expected %d columns for '%s' but got %d

cannot create INSTEAD OF trigger on table: %S

cannot create %s trigger on view: %S

cannot open value of type %s

cannot open %s column for writing

no such column: "%s"

cannot open view: %s

cannot open table without rowid: %s

cannot open virtual table: %s

indexed

foreign key

EXECUTE %s%s SUBQUERY %d

there is already another table or index with this name: %s

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

view %s may not be altered

sqlite_altertab_%s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

CREATE%s INDEX %.*s

expressions prohibited in PRIMARY KEY and UNIQUE constraints

sqlite_autoindex_%s_%d

index %s already exists

there is already a table named %s

virtual tables may not be indexed

views may not be indexed

table %s may not be indexed

cannot create a TEMP index on non-TEMP table "%s"

PRAGMA %Q.page_size

SELECT 1 FROM %Q.sqlite_master WHERE tbl_name='%q_stat'

%s_segments

SELECT stat FROM %Q.sqlite_stat1 WHERE tbl = '%q_rowid'

CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))

invalid fts5 file format (found %d, expected %d) - run 'rebuild'

wrong number of arguments to function %s

segid, term, pgno, PRIMARY KEY(segid, term)

id INTEGER PRIMARY KEY, block BLOB

%s_data

SELECT segid, term, (pgno>>1), (pgno&1) FROM %Q.'%q_idx' WHERE segid=%d

SELECT rowid, rank FROM %Q.%Q ORDER BY %s(%s%s%s) %s

no such function: %s

SELECT %s

SELECT count(*) FROM %Q.'%q_%s'

no such fts5 table: %s.%s

SELECT pw=sqlite_crypt(?1,pw), isAdmin FROM "%w".sqlite_user WHERE uname=?2

INSERT INTO sqlite_user(uname,isAdmin,pw) VALUES(%Q,%d,sqlite_crypt(?1,NULL))

CREATE TABLE sqlite_user(

uname TEXT PRIMARY KEY,

UPDATE sqlite_user SET isAdmin=%d, pw=sqlite_crypt(?1,NULL) WHERE uname=%Q

DELETE FROM sqlite_user WHERE uname=%Q

unable to open database: %s

Invalid key value

database %s is already in use

too many attached databases - max %d

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

table "%s" has more than one primary key

CREATE TABLE %Q.sqlite_sequence(name,seq)

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE %s %.*s

PRIMARY KEY missing on table %s

%d %d %d %d

k PRIMARY KEY, v

id INTEGER PRIMARY KEY, sz BLOB

, c%d

id INTEGER PRIMARY KEY

misuse of aggregate: %s()

SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s

SELECT %s ORDER BY rowid %s

%s: table does not support scanning

cannot %s contentless fts5 table: %s

%d values for %d columns

table %S has %d columns but %d values were supplied

table %S has no column named %s

-- TRIGGER %s

use DROP VIEW to delete view %s

use DROP TABLE to delete table %s

table %s may not be dropped

sqlite_stat

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)

missing %s parameter in fts4 constructor

error parsing prefix parameter: %s

unrecognized order: %s

unrecognized matchinfo: %s

unrecognized parameter: %s

notindexed

%s, %s

CREATE TABLE x(%s

CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)

%z, %Q HIDDEN, %s HIDDEN)

%z%s%Q

Visual C CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

%S#[k

?#%X.y

GetProcessWindowStation

KERNEL32.dll

GetCPInfo

sqlite3.dll

sqlite3_aggregate_context

sqlite3_aggregate_count

sqlite3_auto_extension

sqlite3_backup_finish

sqlite3_backup_init

sqlite3_backup_pagecount

sqlite3_backup_remaining

sqlite3_backup_step

sqlite3_bind_blob

sqlite3_bind_blob64

sqlite3_bind_double

sqlite3_bind_int

sqlite3_bind_int64

sqlite3_bind_null

sqlite3_bind_parameter_count

sqlite3_bind_parameter_index

sqlite3_bind_parameter_name

sqlite3_bind_text

sqlite3_bind_text16

sqlite3_bind_text64

sqlite3_bind_value

sqlite3_bind_zeroblob

sqlite3_bind_zeroblob64

sqlite3_blob_bytes

sqlite3_blob_close

sqlite3_blob_open

sqlite3_blob_read

sqlite3_blob_reopen

sqlite3_blob_write

sqlite3_busy_handler

sqlite3_busy_timeout

sqlite3_cancel_auto_extension

sqlite3_changes

sqlite3_clear_bindings

sqlite3_close

sqlite3_close_v2

sqlite3_collation_needed

sqlite3_collation_needed16

sqlite3_column_blob

sqlite3_column_bytes

sqlite3_column_bytes16

sqlite3_column_count

sqlite3_column_database_name

sqlite3_column_database_name16

sqlite3_column_decltype

sqlite3_column_decltype16

sqlite3_column_double

sqlite3_column_int

sqlite3_column_int64

sqlite3_column_name

sqlite3_column_name16

sqlite3_column_origin_name

sqlite3_column_origin_name16

sqlite3_column_table_name

sqlite3_column_table_name16

sqlite3_column_text

sqlite3_column_text16

sqlite3_column_type

sqlite3_column_value

sqlite3_commit_hook

sqlite3_compileoption_get

sqlite3_compileoption_used

sqlite3_complete

sqlite3_complete16

sqlite3_config

sqlite3_context_db_handle

sqlite3_create_collation

sqlite3_create_collation16

sqlite3_create_collation_v2

sqlite3_create_function

sqlite3_create_function16

sqlite3_create_function_v2

sqlite3_create_module

sqlite3_create_module_v2

sqlite3_data_count

sqlite3_db_config

sqlite3_db_filename

sqlite3_db_handle

sqlite3_db_mutex

sqlite3_db_readonly

sqlite3_db_release_memory

sqlite3_db_status

sqlite3_declare_vtab

sqlite3_enable_load_extension

sqlite3_enable_shared_cache

sqlite3_errcode

sqlite3_errmsg

sqlite3_errmsg16

sqlite3_errstr

sqlite3_exec

sqlite3_expired

sqlite3_extended_errcode

sqlite3_extended_result_codes

sqlite3_file_control

sqlite3_finalize

sqlite3_free

sqlite3_free_table

sqlite3_get_autocommit

sqlite3_get_auxdata

sqlite3_get_table

sqlite3_global_recover

sqlite3_initialize

sqlite3_interrupt

sqlite3_key

sqlite3_key_v2

sqlite3_last_insert_rowid

sqlite3_libversion

sqlite3_libversion_number

sqlite3_limit

sqlite3_load_extension

sqlite3_log

sqlite3_malloc

sqlite3_malloc64

sqlite3_memory_alarm

sqlite3_memory_highwater

sqlite3_memory_used

sqlite3_mprintf

sqlite3_msize

sqlite3_mutex_alloc

sqlite3_mutex_enter

sqlite3_mutex_free

sqlite3_mutex_leave

sqlite3_mutex_try

sqlite3_next_stmt

sqlite3_open

sqlite3_open16

sqlite3_open_v2

sqlite3_os_end

sqlite3_os_init

sqlite3_overload_function

sqlite3_prepare

sqlite3_prepare16

sqlite3_prepare16_v2

sqlite3_prepare_v2

sqlite3_profile

sqlite3_progress_handler

sqlite3_randomness

sqlite3_realloc

sqlite3_realloc64

sqlite3_rekey

sqlite3_rekey_v2

sqlite3_release_memory

sqlite3_reset

sqlite3_reset_auto_extension

sqlite3_result_blob

sqlite3_result_blob64

sqlite3_result_double

sqlite3_result_error

sqlite3_result_error16

sqlite3_result_error_code

sqlite3_result_error_nomem

sqlite3_result_error_toobig

sqlite3_result_int

sqlite3_result_int64

sqlite3_result_null

sqlite3_result_subtype

sqlite3_result_text

sqlite3_result_text16

sqlite3_result_text16be

sqlite3_result_text16le

sqlite3_result_text64

sqlite3_result_value

sqlite3_result_zeroblob

sqlite3_result_zeroblob64

sqlite3_rollback_hook

sqlite3_rtree_geometry_callback

sqlite3_rtree_query_callback

sqlite3_set_authorizer

sqlite3_set_auxdata

sqlite3_shutdown

sqlite3_sleep

sqlite3_snprintf

sqlite3_soft_heap_limit

sqlite3_soft_heap_limit64

sqlite3_sourceid

sqlite3_sql

sqlite3_status

sqlite3_status64

sqlite3_step

sqlite3_stmt_busy

sqlite3_stmt_readonly

sqlite3_stmt_status

sqlite3_strglob

sqlite3_stricmp

sqlite3_strnicmp

sqlite3_table_column_metadata

sqlite3_test_control

sqlite3_thread_cleanup

sqlite3_threadsafe

sqlite3_total_changes

sqlite3_trace

sqlite3_transfer_bindings

sqlite3_update_hook

sqlite3_uri_boolean

sqlite3_uri_int64

sqlite3_uri_parameter

sqlite3_user_add

sqlite3_user_authenticate

sqlite3_user_change

sqlite3_user_data

sqlite3_user_delete

sqlite3_value_blob

sqlite3_value_bytes

sqlite3_value_bytes16

sqlite3_value_double

sqlite3_value_dup

sqlite3_value_free

sqlite3_value_int

sqlite3_value_int64

sqlite3_value_numeric_type

sqlite3_value_subtype

sqlite3_value_text

sqlite3_value_text16

sqlite3_value_text16be

sqlite3_value_text16le

sqlite3_value_type

sqlite3_vfs_find

sqlite3_vfs_register

sqlite3_vfs_unregister

sqlite3_vmprintf

sqlite3_vsnprintf

sqlite3_vtab_config

sqlite3_vtab_on_conflict

sqlite3_wal_autocheckpoint

sqlite3_wal_checkpoint

sqlite3_wal_checkpoint_v2

sqlite3_wal_hook

sqlite3_win32_is_nt

sqlite3_win32_mbcs_to_utf8

sqlite3_win32_set_directory

sqlite3_win32_sleep

sqlite3_win32_utf8_to_mbcs

sqlite3_win32_write_debug

zcÃ

2,292}: ;

7074787

)0:0&171

? ?$?(?,?

2 2.272^2

6(7,7074709

8Å’8-:2:o:t:

6(7,70747|7

0 0$0(0,0004080

Software\\Microsoft\\Windows\\CurrentVersion\\Run

\\.\PhysicalDrive0000000-000000-000000-000000-000000

@Windows 10

Windows Server Technical Preview

Windows Vista

Windows Server 2008

Windows 7

Windows Server 2008 R2

Windows 8

Windows Server 2012

Windows 8.1

Windows Server 2012 R2

Windows 2000

Windows XP

Windows Server 2003 R2

Windows Storage Server 2003

Windows Home Server

Windows XP Professional x64 Edition

Windows Server 2003

Windows 98

Web Server Edition

{"code":"{Code}","type":{type},"ver":"{Ver}","browser":"{Browser}","user":"{User}","pass":"{Pass}","cookies":"{Cookies}","aid":{Aid},"utype":{uType}}

{Pass}

hXXp://api.faceboolad.com/api//send

WinHttp.WinHttpRequest.5.1

hXXp://VVV.facebook.com

Server-Key

Chrome

Firefox

facebook.com

select name,encrypted_value from cookies where host_key = '.facebook.com'

\Local\Google\Chrome\User Data

\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies

\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies

\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies

hXXps://VVV.facebook.com/

select name,value from moz_cookies where host = '.facebook.com'

\Roaming\Mozilla\Firefox\Profiles

\cookies.sqlite

select username_value, password_value, signon_realm from logins

hXXp://api.faceboolad.com/api//GetTask?code=

[ImageUrl]

Dalvik/2.1.0 (Linux; U; Android 6.0.1; MI NOTE LTE MIUI/6.8.11)

twitter.com

select name,encrypted_value from cookies where host_key = '.twitter.com'

hXXps://VVV.twitter.com/

select name,value from moz_cookies where host = '.twitter.com'

hXXps://m.facebook.com/

hXXps://m.facebook.com/settings/email/

hXXps://VVV.facebook.com/settings

VBScript.RegExp

hXXps://m.facebook.com/composer/mbasic/?av={c_user}&refid=8

fb_dtsg={fb_dtsg}&charset_test=Ã¢â€šÂ¬,Ã‚Â´,Ã¢â€šÂ¬,Ã‚Â´,Ã¦Â°Â´,Ãâ€,Ãâ€ž&privacyx={privacyx}&target={c_user}&c_src=feed&cwevent=composer_entry&referrer=feed&ctype=inline&cver=amber&rst_icv=&xc_message=&view_privacy=

hXXps://m.facebook.com/home.php

hXXps://m.facebook.com

text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

application/x-www-form-urlencoded

hXXps://m.facebook.com/composer/mbasic/?av={c_user}&refid=7&ref=wizard

hXXps://m.facebook.com/home.php?ref=wizard&_rdr

hXXps://m.facebook.com/composer/mbasic/?csid=94c178a8-8774-424a-8c53-9994984e3fba&incparms[0]=xc_message&av={c_user}

------WebKitFormBoundarydDyitWHTKuC21cBZ

Ã¢â€šÂ¬,Ã‚Â´,Ã¢â€šÂ¬,Ã‚Â´,Ã¦Â°Â´,Ãâ€,Ãâ€ž

94c178a8-8774-424a-8c53-9994984e3fba

web_m_touch

Ã¥Ââ€˜Ã¥Â¸Æ’

Content-Disposition: form-data; name="file0"; filename="test.jpg"

hXXps://m.facebook.com/composer/mbasic/?mnt_query&csid=94c178a8-8774-424a-8c53-9994984e3fba

multipart/form-data; boundary=----WebKitFormBoundarydDyitWHTKuC21cBZ

hXXps://m.facebook.com/home.php?stype=phs&sk=live&gfid=

hXXps://mobile.twitter.com/settings

hXXps://api.twitter.com/1.1/users/lookup.json?include_blocking=true&include_blocked_by=true&include_can_dm=true&include_followed_by=true&include_mute_edge=true&screen_name=

Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs=1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA

hXXps://api.twitter.com/1.1/friendships/create.json

hXXps://api.twitter.com/1.1/statuses/update.json

&media_type=image/jpeg

hXXps://upload.twitter.com/i/media/upload.json?command=INIT&total_bytes=

hXXps://mobile.twitter.com/compose/tweet

hXXps://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=

multipart/form-data; boundary=----WebKitFormBoundaryUbnK77J90KHiGB65

hXXps://mobile.twitter.com

------WebKitFormBoundaryUbnK77J90KHiGB65

------WebKitFormBoundaryUbnK77J90KHiGB65--

hXXps://upload.twitter.com/i/media/upload.json?command=FINALIZE&media_id=

select count(*) from sqlite_master where type='table' and tbl_name='

select tbl_name from sqlite_master where type='table' and tbl_name'sqlite_sequence'

Adodb.Stream

function URlEncode(temp){return(encodeURIComponent(temp));}

function URlDecode(temp){return(decodeURIComponent(temp));}

function Utf8Decode(temp){return(URlDecode(decodeURI(temp)));}

URlDecode

URlEncode

%d&&'

123456789

00003333

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

OLEAUT32.dll

SHELL32.dll

USER32.dll

WINMM.dll

WINSPOOL.DRV

WS2_32.dll

WinExec

RegOpenKeyExA

RegCreateKeyExA

GetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

ShellExecuteA

GetKeyState

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

.PAVCException@@

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

.PAVCFileException@@

: %d]

(*.*)|*.*||

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

windows

.PAVCNotSupportedException@@

out.prn

(*.prn)|*.prn|

%d.%d

%d/%d

1.6.9

unsupported zlib version

png_read_image: unsupported transformation

%d / %d

Bogus message code %d

libpng error: %s

libpng warning: %s

1.1.3

bad keyword

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

(%d-%d):

%ld%c

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

SQLite

SQLite3 Database Library

3.9.2.1

SQLite3

(*.*)

svchost.exe_2244:

.text

`.rdata

@.data

.rsrc

f9z.vk

__MSVCRT_HEAP_SELECT

user32.dll

MsgWaitForMultipleObjects

EnumDesktopWindows

USER32.dll

SHLWAPI.dll

GetProcessHeap

KERNEL32.dll

RegCreateKeyA

RegOpenKeyA

RegCloseKey

RegEnumKeyA

RegDeleteKeyA

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEACC.dll

OLEAUT32.dll

GetCPInfo

Software\Microsoft\Windows\CurrentVersion\Uninstall\MyTransitGuideTooltab Uninstall Internet Explorer

Click On Web Ads : {0} !

\chrome.exeSOFTWARE\Wow6432Node\SetupCompany

Windows 10

Windows Server Technical Preview

Windows Vista

Windows Server 2008

Windows 7

Windows Server 2008 R2

Windows 8

Windows Server 2012

Windows 8.1

Windows Server 2012 R2

Windows 2000

Windows XP

Windows Server 2003 R2

Windows Storage Server 2003

Windows Home Server

Windows XP Professional x64 Edition

Windows Server 2003

Windows 98

Web Server Edition

\Internet Explorer\iexplore.exe

Scripting.FileSystemObject

AlwaysShowMenus

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

DisplayVersionSOFTWARE\Mozilla\Mozilla Firefox\

SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\

PathToExe

Software\\Microsoft\\Windows\\CurrentVersion\\Run

hXXp://my.pcmaps.net/api/report?type={type}&code={code}

WinHttp.WinHttpRequest.5.1

iexplore.exe

hXXp://imcrack.ad-jump.com

document.getElementById('HPChkbxImg').click();

document.getElementById('download_btn1').click();

IExplore Url : {0} !

&7{00020400-0000-0000-C000-000000000046}

Sleep : FindIExploreSetupWindowsHandle......

FindIExploreSetupWindowsHandle TimeOut !

hXXp://my.pcmaps.net/list.txt

shlwapi.dll

kernel32.dll

advapi32.dll

ntdll.dll

Kernel32.dll

shell32.dll

User32.dll

OLEACC.DLL

program internal error number is %d.

:"%s"

:"%s".

zcÃ

C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe

334788??

"!"''* ..593=

!''',,,033=

"""'(*,,934=

"&(*-.103

"""'*-,5

22//444\

&&&&())-/-//39:9

&&&)))-//3/49

!&&*)()))///4:

&*)()/))/32

$&&&&)/-//3/9

!$!&)))00//44:

!$&&()))-/222

$&&&()/)02:

,$&&))))-/2

#''. 7777

,&&(&)))

FileZilla FTP Client

3.22.1

FileZilla_3.22.1_win32-setup.exe

iexplore.exe_3496:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

ÃºW1

.ApX/

H.ZAf

Ã°[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

iexplore.exe_3544:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

ÃºW1

.ApX/

H.ZAf

Ã°[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

SearchProtocolHost.exe_4036:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

MSSHooks.dll

IMM32.dll

SHLWAPI.dll

SrchCollatorCatalogInfo

SrchDSSLogin

SrchDSSPortManager

SrchPHHttp

SrchIndexerQuery

SrchIndexerProperties

SrchIndexerPlugin

SrchIndexerClient

SrchIndexerSchema

Msidle.dll

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

0xx=

%s(%d)

tid="0x%x"

pid="0x%x"

tagname="%s"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%s"

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

SHELL32.dll

PROPSYS.dll

ntdll.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

MsgWaitForMultipleObjects

SearchProtocolHost.pdb

2 2(20282|2

4%5S5

Software\Microsoft\Windows Search

https

kernel32.dll

msTracer.dll

msfte.dll

lX-X-X-XX-XXXXXX

SOFTWARE\Microsoft\Windows Search

tquery.dll

%s\%s

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

0xx%p%S%d

advapi32.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

winhttp.dll

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

%S(%d)

tagname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

Microsoft Windows Search Protocol Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchProtocolHost.exe

Windows

7.00.7601.17610

SearchFilterHost.exe_4092:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

IMM32.dll

MSSHooks.dll

mscoree.dll

SHLWAPI.dll

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

SearchFilterHost.pdb

version="5.1.0.0"

name="Microsoft.Windows.Search.MSSFH"

3 3(30383|3

kernel32.dll

Software\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

tquery.dll

advapi32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

0xx%p%S%d

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

0xx=

%S(%d)

tid="0x%x"

pid="0x%x"

tagname="%S"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

%s\%s

winhttp.dll

Microsoft Windows Search Filter Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchFilterHost.exe

Windows

7.00.7601.17610