Trojan.Win32.Reconyc.gsom (Kaspersky), Gen:Variant.Barys.52129 (AdAware), Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericPhysicalDrive0.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: e21ecc148911358e9761f5db3fc8ad61
SHA1: e24642325b68076485072929af0b26bbd5a1eff8
SHA256: ba5d4ed9f53433ab1f884c9d8a3d00232ba61cbaee746ac0495b75e7c06bb633
SSDeep: 24576:p5pMggb6FXbGg1C1TLbRvnSLL/hxFrsVuEHjQx71i:pvqbSGg1C1TLt L/hxhGuy
Size: 974568 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171, UPolyXv05_v6
Company: no certificate found
Created at: 2011-05-24 18:16:01
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
dllhost.exe:2248
%original file name%.exe:2988
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:2988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe (7850 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe (1512 bytes)
Registry activity
The process dllhost.exe:2248 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"MaxFileSize" = "1048576"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadDecisionTime" = "30 D0 51 ED 9A 29 D2 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = "{E549E976-C5F2-4E77-819D-55BC9B7C25BC}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e0-73-f1]
"WpadDecision" = "3"
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e0-73-f1]
"WpadDecisionTime" = "30 D0 51 ED 9A 29 D2 01"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadDecision" = "3"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadNetworkName" = "Network 2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 39 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASMANCS]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 0B 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\dllhost_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E549E976-C5F2-4E77-819D-55BC9B7C25BC}]
"WpadDecisionReason" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dllhost.exe -start" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe -start"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process %original file name%.exe:2988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
Dropped PE files
MD5 | File path |
---|---|
f0a5d797a0e7c272dbea87dd67a768f3 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe |
e752024624548a4b0df528af6b8efbf3 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
dllhost.exe:2248
%original file name%.exe:2988 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe (7850 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe (1512 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dllhost.exe -start" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe -start" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: FileZilla Project
Product Name: FileZilla
Product Version: Unidentified build
Legal Copyright: Copyright (c) 2004-2016 Tim Kosse, 1997-2016 Simon Tatham.
Legal Trademarks:
Original Filename: FZSFTP
Internal Name: FZSFTP
File Version: Unidentified build
File Description:
Comments:
Language: Language Neutral
Company Name: FileZilla ProjectProduct Name: FileZillaProduct Version: Unidentified buildLegal Copyright: Copyright (c) 2004-2016 Tim Kosse, 1997-2016 Simon Tatham.Legal Trademarks: Original Filename: FZSFTPInternal Name: FZSFTPFile Version: Unidentified buildFile Description: Comments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 71955 | 72192 | 4.55918 | 3c72b06e02f4afbad83d6aa896575140 |
.rdata | 77824 | 13612 | 13824 | 3.44888 | 62fb898719481a603059fc42554f80ef |
.data | 94208 | 10604 | 2048 | 2.55588 | 4cb364a72e7c9869ec05686d3fe4aabe |
.rsrc | 106496 | 4096 | 4096 | 3.25975 | add2e10db1cbbcac9c10e4a427c280e0 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://api.faceboolad.com/api//send | |
hxxp://api.faceboolad.com/api/report?type=1&code=Windows 7 Ultimate Edition Service Pack 1 x86 (Build:7601) | Internet Explorer 9.0.8112.16421 | |
hxxp://api.faceboolad.com/ | |
hxxp://www.adlcx.com/click.php?c=9&key=qz4n70dim7ol9955d9dq8457 | 69.164.218.142 |
hxxp://lxudv.com/?a=539528&c=1430992&m=32&s1=&s2=1494351 | 72.3.166.133 |
hxxp://www180.myway.com/index.jhtml | |
hxxp://a1255.g.akamai.net/images/download/spokesperson/html5/audio/spokesperson.js | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/asset1_3/1471015421274.png | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/michael.lockwood/assetRebuttal_1/1470778641078.png | |
hxxp://googleadapis.l.google.com/css?family=Maven Pro:700,900|Roboto:400,700,900 | |
hxxp://e3432.b.akamaiedge.net/prd/ttdetectUtil.js | |
hxxp://e3432.b.akamaiedge.net/images/anx/anemone-1.2.7.js | |
hxxp://www180.myway.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868192&anxrd=imcrack.ad-jump.com&anxrk=-&anxrm=referral&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=091394C9-D018-47FC-AB78-FA6F5E967ED3&anxe=backFill&anxr=1438916606 | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/background/1471015123308.png | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/background999/1471015850415.png | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/asset1_15/1471016865981.png | |
hxxp://a1255.g.akamai.net/images/download/myway/pbmw_0215.png | |
hxxp://e3432.b.akamaiedge.net/prd/ttdetect.html?&op=g&cobrand=BNH&xdm_e=http://free.mytransitguide.com&xdm_c=default4346&xdm_p=1 | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/jeremy.jacinto/button1_1/1471019347967.gif | |
hxxp://a1255.g.akamai.net/images/download/mapsgalaxy/checkbox-large.png | |
hxxp://gstaticadssl.l.google.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff | |
hxxp://gstaticadssl.l.google.com/s/roboto/v15/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff | |
hxxp://gstaticadssl.l.google.com/s/roboto/v15/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/crx-tooltab-swap3/BNH.png | |
hxxp://www180.myway.com/localStorage.jhtml | |
hxxp://www180.myway.com/mirrorCookies.jhtml | |
hxxp://www180.myway.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868242&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1169750588 | |
hxxp://a1255.g.akamai.net/images/download/symantec/nortonseal.gif | |
hxxp://www180.myway.com/installError.jhtml?errorType=browser&errorCode=blockedCountry | |
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/222010004/background999/1458663898223.png | |
hxxp://www180.myway.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/installError.jhtml&anxl=en-US&anxlv=1476834869133&anxrd=free.mytransitguide.com&anxrp=index.jhtml&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&errorCode=blockedCountry&errorType=browser&anxe=installErrorLanding&anxr=361991559 | |
hxxp://www180.myway.com/favicon.ico | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEHoPQd8czRTcsmkpjuIsajU= | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSsjeGdqHvYWM4yo25qR2M70nK2oAQURk/B4IjafdN4m8huWS+w5PcdkOICEF5+ixQmE7FVqQByLDZZvTU= | |
hxxp://gpla1.wac.v2cdn.net/CRL/Omniroot2025.crl | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | |
hxxp://cs3.wpc.v0cdn.net/pki/mscorp/crl/MSIT Machine Auth CA 2(1).crl | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
hxxp://crl.comodoca.com.cdn.cloudflare.net/AddTrustExternalCARoot.crl | 104.16.92.188 |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBEqAG035RBv1sp8w++6zBg= | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEDO099rCgtT22XaI8/R3kQY= | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAisW18hq2CY | |
hxxp://crl.comodoca.com.cdn.cloudflare.net/UTN-DATACorpSGC.crl | 104.16.92.188 |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEEsY6Q+7vYaPyv66+coRxyE= | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEAdrg7dKqon | |
hxxp://gpla1.wac.v2cdn.net/PublicSureServerSV.crl | |
hxxp://cdn.globalsigncdn.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM | |
hxxp://cdn.globalsigncdn.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH | |
hxxp://cdn.globalsigncdn.com/rootr2/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm+IHV2ccHsBqBt5ZtJot39wZhi4CCwQAAAAAAURO8EpV | |
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBoenwTt2h3GcY8iVw== | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAMwQYKxJVsR | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHUW2dw1OuXl | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBW8iC8YNRkC | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGZimYWX7CS+ | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAFb1O5EN2Za | |
hxxp://a1158.b.akamai.net/MFUwUzBRME8wTTAJBgUrDgMCGgUABBTkLVLomfJQOu5CFIgPOR73ljBRHAQU+L36r3N3xscb+UtNEafRM6+vchECFEOZrYpYgDwxeWGj/HetMtWiXvU/ | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCO1K2+o5D5i | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSySC/85E/LNAiBe/rxiqbyloQ6UQQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8CEDY0nhjJnCZptlYubOWtcTI= | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRVuMwyhZnBGWkFKlkeoNe9zdlbSwQUK5o1rgEYODDhcHoF4BF2o869kBQCEBbfOFWwaAAL65vNdl55UHU= | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCENN6nuImvRO | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCn5KPFJmjBe | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio= | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDysFK5r8h11 | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEExA26X5iPrlelfWRXSV+Ys= | |
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHiWTKIt8ymy | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEQDmMy02FbF | |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEAdrg7dKqon | 216.58.209.78 |
hxxp://crl.comodoca.com/UTN-DATACorpSGC.crl | 104.16.92.188 |
hxxp://tg.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRVuMwyhZnBGWkFKlkeoNe9zdlbSwQUK5o1rgEYODDhcHoF4BF2o869kBQCEBbfOFWwaAAL65vNdl55UHU= | 23.63.139.27 |
hxxp://akz.imgfarm.com/images/anx/anemone-1.2.7.js | |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCENN6nuImvRO | 216.58.209.78 |
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBoenwTt2h3GcY8iVw== | 104.16.27.216 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEQDmMy02FbF | 216.58.209.78 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCO1K2+o5D5i | 216.58.209.78 |
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 212.30.134.169 |
hxxp://free.mytransitguide.com/favicon.ico | 74.113.235.138 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/button1_1/1471019347967.gif | 212.30.134.183 |
hxxp://free.mytransitguide.com/index.jhtml | 74.113.235.138 |
hxxp://ttdetect.staticimgfarm.com/prd/ttdetect.html?&op=g&cobrand=BNH&xdm_e=http://free.mytransitguide.com&xdm_c=default4346&xdm_p=1 | |
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 212.30.134.169 |
hxxp://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEExA26X5iPrlelfWRXSV+Ys= | 23.63.139.27 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGZimYWX7CS+ | 216.58.209.78 |
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM | 104.16.25.216 |
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl | 93.184.220.20 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/asset1_15/1471016865981.png | 212.30.134.183 |
hxxp://mytransitguide.dl.myway.com/mirrorCookies.jhtml | 74.113.235.138 |
hxxp://free.mytransitguide.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868192&anxrd=imcrack.ad-jump.com&anxrk=-&anxrm=referral&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=091394C9-D018-47FC-AB78-FA6F5E967ED3&anxe=backFill&anxr=1438916606 | 74.113.235.138 |
hxxp://crl.comodoca.com/AddTrustExternalCARoot.crl | 104.16.92.188 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/michael.lockwood/assetRebuttal_1/1470778641078.png | 212.30.134.183 |
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio= | 23.63.139.27 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAisW18hq2CY | 216.58.209.78 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= | 23.63.139.27 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBW8iC8YNRkC | 216.58.209.78 |
hxxp://ocsp.globalsign.com/rootr2/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm+IHV2ccHsBqBt5ZtJot39wZhi4CCwQAAAAAAURO8EpV | 104.16.25.216 |
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEHoPQd8czRTcsmkpjuIsajU= | 23.63.139.27 |
hxxp://ak.imgfarm.com/images/download/symantec/nortonseal.gif | 212.30.134.183 |
hxxp://free.mytransitguide.com/installError.jhtml?errorType=browser&errorCode=blockedCountry | 74.113.235.138 |
hxxp://fonts.gstatic.com/s/roboto/v15/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff | 173.194.113.216 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/background999/1471015850415.png | 212.30.134.183 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/crx-tooltab-swap3/BNH.png | 212.30.134.183 |
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH | 104.16.25.216 |
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 212.30.134.169 |
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSySC/85E/LNAiBe/rxiqbyloQ6UQQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8CEDY0nhjJnCZptlYubOWtcTI= | 23.63.139.27 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAMwQYKxJVsR | 216.58.209.78 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEDO099rCgtT22XaI8/R3kQY= | 23.63.139.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.63.139.27 |
hxxp://free.mytransitguide.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868242&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1169750588 | 74.113.235.138 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/222010004/background999/1458663898223.png | 212.30.134.183 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.63.139.27 |
hxxp://ak.imgfarm.com/images/download/mapsgalaxy/checkbox-large.png | 212.30.134.183 |
hxxp://imcrack.ad-jump.com/ | |
hxxp://free.mytransitguide.com/anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/installError.jhtml&anxl=en-US&anxlv=1476834869133&anxrd=free.mytransitguide.com&anxrp=index.jhtml&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&errorCode=blockedCountry&errorType=browser&anxe=installErrorLanding&anxr=361991559 | 74.113.235.138 |
hxxp://fonts.googleapis.com/css?family=Maven Pro:700,900|Roboto:400,700,900 | 173.194.220.95 |
hxxp://crl.omniroot.com/PublicSureServerSV.crl | 93.184.220.20 |
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 212.30.134.169 |
hxxp://evsecure-ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBEqAG035RBv1sp8w++6zBg= | 23.63.139.27 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/asset1_3/1471015421274.png | 212.30.134.183 |
hxxp://fonts.gstatic.com/s/roboto/v15/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff | 173.194.113.216 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHiWTKIt8ymy | 216.58.209.78 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEEsY6Q+7vYaPyv66+coRxyE= | 23.63.139.27 |
hxxp://vassg142.ocsp.omniroot.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBTkLVLomfJQOu5CFIgPOR73ljBRHAQU+L36r3N3xscb+UtNEafRM6+vchECFEOZrYpYgDwxeWGj/HetMtWiXvU/ | 2.20.254.105 |
hxxp://fonts.gstatic.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff | 173.194.113.216 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | 23.63.139.27 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHUW2dw1OuXl | 216.58.209.78 |
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/jeremy.jacinto/background/1471015123308.png | 212.30.134.183 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCn5KPFJmjBe | 216.58.209.78 |
hxxp://ak.imgfarm.com/images/download/spokesperson/html5/audio/spokesperson.js | 212.30.134.183 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAFb1O5EN2Za | 216.58.209.78 |
hxxp://my.pcmaps.net/api/report?type=1&code=Windows 7 Ultimate Edition Service Pack 1 x86 (Build:7601) | Internet Explorer 9.0.8112.16421 | |
hxxp://ttdetect.staticimgfarm.com/prd/ttdetectUtil.js | |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDysFK5r8h11 | 216.58.209.78 |
hxxp://su.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSsjeGdqHvYWM4yo25qR2M70nK2oAQURk/B4IjafdN4m8huWS+w5PcdkOICEF5+ixQmE7FVqQByLDZZvTU= | 23.63.139.27 |
hxxp://mscrl.microsoft.com/pki/mscorp/crl/MSIT Machine Auth CA 2(1).crl | 93.184.221.200 |
extended-validation-ssl.verisign.com | 69.58.181.71 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBEqAG035RBv1sp8w++6zBg= HTTP/1.1
Cache-Control: max-age = 471678
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 28 Nov 2013 01:44:29 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: evsecure-ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1761
content-transfer-encoding: binary
Cache-Control: max-age=461826, public, no-transform, must-revalidate
Last-Modified: Mon, 17 Oct 2016 08:11:50 GMT
Expires: Mon, 24 Oct 2016 08:11:50 GMT
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0..........0..... .....0......0...0......l..T.#4...c.K.... *...20161017081150Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313...*.m7..o..|.........20161017081150Z....20161024081150Z0...*.H..............w......).J.kh..,.V.....G..........N......8...u...B.L^'....;-....S./.q.xN..d..1.qan........MS..W.u...q...4.......|a:...D]........s...U/....W.U...H.,.......5.9..k.5[..A.*.ey.k.G...2.C...........&....8.<....O.....o.;.._.2..8...A/5. ..6...s..bn%S.\.._x..."..|....0...0...0.......... .7.$.T.4.....u.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 40.."0...*.H.............0........./..C.n..RRd-G..mB...m.0Q..^f..A...av.9....?Q..(.j(..$..P..?[v....9. ...u....v..-<l....^.Z.C.f.V...$7............G.D.....@T{.....|...msV...{.q...2..y.............".u.d.p.%... U.I.0..0.x.-`..Yi....6.lw<....N.k\.....]s...O... 0....TH.cB.Q.Z...}...p.1....>2 ..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0 ..U....0...0.1.0...U....TGV-C-600...U......l..T.#4...c.K.... *.0...U.#..0.....e......0..C9...3130...*.H.................qL.....R.
<<< skipped >>>
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 20 Sep 2013 05:02:11 GMT
If-None-Match: "96d8890beb5ce1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 18 Aug 2016 00:36:25 GMT
Accept-Ranges: bytes
ETag: "43ea118de8f8d11:0"
Server: Microsoft-IIS/8.5
VTag: 791324526700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Tue, 18 Oct 2016 23:55:00 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..160817211657Z..161116093657Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......90... .....7......161115212657Z0...*.H.............j..~...,.Iq....f.0...?...w..0...%....|..".u.'..u.....K8B2T..5..qJ..5.;...5.....H....Ac=..MH...B.%....=.i....j.k....uU.......d.q.@.nJ.0.V..y.2..5..H....e.#)51o.kr]..L.VI..s....rk.mk&.-.'.N...6QK*Y2d.....f~C.T..D...Hd.....4.dX..zQ...3h/..........W....r..jz..HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Thu, 18 Aug 2016 00:36:25 GMT..Accept-Ranges: bytes..ETag: "43ea118de8f8d11:0"..Server: Microsoft-IIS/8.5..VTag: 791324526700000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 550..Cache-Control: max-age=900..Date: Tue, 18 Oct 2016 23:55:00 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..160817211657Z..161116093657Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......90... .....7......161115212657Z0...*.H.............j..~...,.Iq....f.0...?...w..0...%....|..".u.'..u.....K8B2T..5..qJ..5.;...5.....H....Ac=..MH...B.%....=.i....j.k....uU.......d.q.@.nJ.0.V..y.2..5..H....e.#)51o.kr]..L.VI..s....rk.mk&.-.'.N...6QK*Y2d.....f~C.T..D...Hd.....4.dX..zQ...3h/.......
<<< skipped >>>
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 01 Oct 2013 05:02:51 GMT
If-None-Match: "8071417b63bece1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Wed, 02 Dec 2015 18:30:06 GMT
Accept-Ranges: bytes
ETag: "0cb60772f2dd11:0"
Server: Microsoft-IIS/8.5
VTag: 279207026700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 530
Cache-Control: max-age=900
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0...0.....0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..151202080000Z..430418080000Z.A0?0...U.#..0.......p............<.J0... .....7.......0...U......90...*.H..............I...MYp.....yh..$3..F.D....Qe]....~...>.Ye.h...L.nQ..091.=.G..s.D.........g)...4.'........B....l#....c...e..U......Z .[.,.x..h:M~..mS./p..F......l.G.H<.".y.B.5.."\|.Hi`N=j.....;w.......o.*......C)....U..3Mt.}......X......H.....|d...s..`.8F.l.......R.C........
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 29 Oct 2013 05:02:50 GMT
If-None-Match: "b8b5df1d64d4ce1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 27 Sep 2016 05:00:38 GMT
Accept-Ranges: bytes
ETag: "773de167c18d21:0"
Server: Microsoft-IIS/8.5
VTag: 438422257000000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..160926163316Z..161226045316Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......a0... .....7......161225164316Z0...*.H.............&............G.$.-..dc.....7.m..N.`.U......^F.V....%ej..p4...>.[)0.......Z..v.../..b-.....v.A$......z.k.U....@S.._...I.........h*@6.)WM..u....I....ew.7...._.....Y...iFWaQ.}....X.........Y.!..J.j*............<L......L,...Y...c...:.WE..C..Q..|G....j<..z~6q......
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 808
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 09 Oct 2013 05:02:17 GMT
If-None-Match: "9c3f3dbaacc4ce1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 06 Sep 2016 05:01:54 GMT
Accept-Ranges: bytes
ETag: "6b18dc9fb7d21:0"
Server: Microsoft-IIS/8.5
VTag: 438846125700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 813
Cache-Control: max-age=900
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....microsoft1-0 ..U...$Microsoft Root Certificate Authority..160905204847Z..161205090847Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..%..*..S.Y..0... .....7.......0...U......00... .....7......161204205847Z0...*.H.............".....s..B#.bK..Hv...m,x..e.ec..j...y....6.e......Cp.....7G.0..AH..A.e......I...j....W.obU0.?.....Q.#.\.t..v.4E.......jF.Zm....u...P....88.....nC./.._2&.. .h....Q..z{wl.....?...M..'..s[..\M.t....J.Vb..,G..t....nk._...t.T.c[...kKW&D...#.."9.....X./.w.....%..0....K%.H...x.%..'..}.....P.3;.Y...pe z.!...:X..f..r..i1...F...0.......2.~x.n.R.E...' ..>.)...}GT...>...P.^..]....{..> 2..N.m....!..1gL..jl@...B..5.o....s..6...d..N.u...|%.q..-../.....(.Xm.X...r9...........[.DQ.......Y..;.. U.......xu-%*.-....~..$U.../...HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Tue, 06 Sep 2016 05:01:54 GMT..Accept-Ranges: bytes..ETag: "6b18dc9fb7d21:0"..Server: Microsoft-IIS/8.5..VTag: 438846125700000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 813..Cache-Control: max-age=900..Date: Tue, 18 Oct 2016 23:55:01 GMT..Connection: keep-alive..0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....microsoft1-0 ..U...$Microsoft Root Certificate Authority..160905204847Z..161205090847Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..%..*..S.Y..0... .....7.......0...U......00... .....7...
<<< skipped >>>
GET /api//send HTTP/1.1
Connection: Keep-Alive
Accept: */*
Referer: hXXp://VVV.facebook.com
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Server: 8A1KWS0VvVvS1KwfZEU2OjqEO2QytEYfHy7EYfqyGEXftyiEefQymEU2GyEV0ftyaEQfGyQEafHyGE227yYEtfayAjZE4fTyQVs2tjoVvfXyeE4fTytV12QjZEwfTy5Vk2PjvVG2qj3VlKYFoOuSHA3NPSPACNaSZAoOyS1ABA3NPS7AHNlKbAWN3S3A4NWSZAoORSvAvN7SMFQOlKsAsOaKMFkOASYA4NkS1A3OQKqFaOtKWFMOiK1KlAaN4SXAQNvSeAMOFSoFMOiKoFXNXSZAaN1KsFMO1K0FMOqSvAQNXSoF3O1KoFHOZEl2Hj0V020jij3VvfXyZEvfPyZEo20jvVvfXytE4fTyaVY2mjYV12TyfV7fOu
Server-Key: fFyOEKpU2AjNVS9DzLugb5hR6JxIdcnrTMvoClZ1WiBk40PH7GQateYqX3ws8m
Host: api.faceboolad.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 326
Content-Type: text/plain; charset=gb2312
Expires: -1
Server: Microsoft-IIS/8.5
Server-Key: 6yMPmIpEqY7aorGt42i1ezSCjWsVLNdb0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 18 Oct 2016 23:54:12 GMT
[CODE]6yMPmIpEqY7aorGt42i1ezSCjWsVLNdi7fM5M27F7fMB7fMt7fMB7fMM7fMF7fM5M27B727kM27q7275M27o7fMRMfMF7fMF7fMt7fMp7fMRMfM5M27B7275M27M7fMj7fMz7fMt7fMB7fMRMfMv72787fMD7fMo7fMj7fMM7fMB7fMRMfMkMfM57fMq7fMHMfMD7fMv727W7fMt7fMF7fMB7fMv727B7fM77fMo7fMRMfMv727F7fMM7fM87fM87fMRMfMF7fMF7fM87275M27e7J7b0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA[CODE]HTTP/1.1 200 OK..Cache-Control: no-cache..Pragma: no-cache..Content-Length: 326..Content-Type: text/plain; charset=gb2312..Expires: -1..Server: Microsoft-IIS/8.5..Server-Key: 6yMPmIpEqY7aorGt42i1ezSCjWsVLNdb0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:12 GMT..[CODE]6yMPmIpEqY7aorGt42i1ezSCjWsVLNdi7fM5M27F7fMB7fMt7fMB7fMM7fMF7fM5M27B727kM27q7275M27o7fMRMfMF7fMF7fMt7fMp7fMRMfM5M27B7275M27M7fMj7fMz7fMt7fMB7fMRMfMv72787fMD7fMo7fMj7fMM7fMB7fMRMfMkMfM57fMq7fMHMfMD7fMv727W7fMt7fMF7fMB7fMv727B7fM77fMo7fMRMfMv727F7fMM7fM87fM87fMRMfMF7fMF7fM87275M27e7J7b0lcvwO3FQ9KXhJDnUH5gTf8kuBZRxA[CODE]....
GET /api//send HTTP/1.1
Connection: Keep-Alive
Accept: */*
Referer: hXXp://VVV.facebook.com
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Server: cPFsBkrg15wgFs6cLKtGyG0ctS2szczKlsnczKfs7ciKnsrc0K2sUc4SosZgwKnsfcnKosWc7Kls7cKSzs2c2K0s5gLKjs9czSUGzGwgLKNsocBKFs7pFkf5D4XkAXQpbk05wpjk65zpYynXA4Hkr5upbkb5xpokL5A4ck15jpok85bplkYyM5Bpuku5jpBkL5A4VkF5Fp2kDXz4YyU5U4oyDXq45kn5jpqk15u4zy7Xo4WyBXD4wyAXApuk25npzpFkf5D4XkAXD4wyAX6p6kL5op1yUXFs9cBKFsWg1SfGogLKNs9cLKjs9cwS0Grg0SqGwguSFs6cLKLKjs9c1SqGBgLKNszcBKFsugzSUGWgASFs6cWKXE
Server-Key: Xs4cyKtZ5GpgkSRJaEmHPMVQCvhTeOdID9AFYx1LwBq8ljrb02ozfW7nu6UN3i
Host: api.faceboolad.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 326
Content-Type: text/plain; charset=gb2312
Expires: -1
Server: Microsoft-IIS/8.5
Server-Key: D6smHbt9nW4ajPMEBhUzrV0oZYf3LT85Cqw7v2RekGFJOpQXdlugINcxKSiy1A
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 18 Oct 2016 23:54:33 GMT
[CODE]D6smHbt9nW4ajPMEBhUzrV0oZYf3LT8mndnSntnBndn2ndnxDdn2ndnindnBndnSntnJntnRntnhntnSntnfndnendnBndnBndnxDdnWndnendnSntnJntnSntnindnxndnrndnxDdn2ndnendnbntnuDdnQndnfndnxndnindn2ndnendnandn7ndnRndnpndnQndnbntnzndnxDdnBndn2ndnbntn2ndnjndnfndnendnbntnBndnindnuDdnuDdnendnBndnBndngntnSntncDHn5Cqw7v2RekGFJOpQXdlugINcxKSiy1A[CODE]HTTP/1.1 200 OK..Cache-Control: no-cache..Pragma: no-cache..Content-Length: 326..Content-Type: text/plain; charset=gb2312..Expires: -1..Server: Microsoft-IIS/8.5..Server-Key: D6smHbt9nW4ajPMEBhUzrV0oZYf3LT85Cqw7v2RekGFJOpQXdlugINcxKSiy1A..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:33 GMT..[CODE]D6smHbt9nW4ajPMEBhUzrV0oZYf3LT8mndnSntnBndn2ndnxDdn2ndnindnBndnSntnJntnRntnhntnSntnfndnendnBndnBndnxDdnWndnendnSntnJntnSntnindnxndnrndnxDdn2ndnendnbntnuDdnQndnfndnxndnindn2ndnendnandn7ndnRndnpndnQndnbntnzndnxDdnBndn2ndnbntn2ndnjndnfndnendnbntnBndnindnuDdnuDdnendnBndnBndngntnSntncDHn5Cqw7v2RekGFJOpQXdlugINcxKSiy1A[CODE]....
GET /api//send HTTP/1.1
Connection: Keep-Alive
Accept: */*
Referer: hXXp://VVV.facebook.com
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Server: yCeMZGjKRKfticmyeM3F8tSM8FuybMzc0yjMzcQcSyAMzc0yBMjcdy8qXc4tfMzcQyzMXcbySMVcSyMqucjyjMBcKteMvcsHl9cCXKZ9RJdHu8fJsHS9Z9lGsHl8RJOKv9VGRKr9bGbKs8uJNHO9WGSKv92GiKl9iGNHF9sG2Kl9rGjK09oJ5KZ9lGlKv9ZGeKNHC9eGnK29oJjHs8HClHQ8oJfH89uG2KB9sGdHb8XJBHu8vJsH08RJoKX9vGmKu9iGQKN8HGicpyZMeMSFXtsqbFpycqicpyZMicbtRqQFXteM6cpyeMvcpyfqBF0tBqWFftlqicmyeMicryeMsFVtiqicmybMZMicltuqdFbtsqicmybMHh
Server-Key: cHy8MJ43FKt9qGEPhw1k5CTaOYgI7DxUpNisnoeRZf2WvVr0jBuXbQzSml6dAL
Host: api.faceboolad.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 326
Content-Type: text/plain; charset=gb2312
Expires: -1
Server: Microsoft-IIS/8.5
Server-Key: xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuW9epiLdnCj1HF24GElDk37XzTbacoOA
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 18 Oct 2016 23:54:53 GMT
[CODE]xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuWV9V2VdVCVZVDVZVMVZVDVZVTgZVCVZV2VdVxZZV3gdVlVdV2VdVgVZVEVZVCVZVCVZVMVZVpVZVEVZV2VdVxZZV2VdVTgZVhZZVzVZVMVZVDVZVEVZV5VdVXgZVlgZVgVZVhZZVTgZVDVZVEVZVjVZVBVZVzgZV5VZVlgZV5VdVwVZVMVZVCVZVDVZV5VdVDVZVYVZVgVZVEVZV5VdVCVZVTgZVXgZVXgZVEVZVCVZVCVZVpVdV2VdV4VZVW9epiLdnCj1HF24GElDk37XzTbacoOA[CODE]HTTP/1.1 200 OK..Cache-Control: no-cache..Pragma: no-cache..Content-Length: 326..Content-Type: text/plain; charset=gb2312..Expires: -1..Server: Microsoft-IIS/8.5..Server-Key: xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuW9epiLdnCj1HF24GElDk37XzTbacoOA..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:53 GMT..[CODE]xJhYgvKIQM5qVUwRP6frZm8NBtS0ysuWV9V2VdVCVZVDVZVMVZVDVZVTgZVCVZV2VdVxZZV3gdVlVdV2VdVgVZVEVZVCVZVCVZVMVZVpVZVEVZV2VdVxZZV2VdVTgZVhZZVzVZVMVZVDVZVEVZV5VdVXgZVlgZVgVZVhZZVTgZVDVZVEVZVjVZVBVZVzgZV5VZVlgZV5VdVwVZVMVZVCVZVDVZV5VdVDVZVYVZVgVZVEVZV5VdVCVZVTgZVXgZVXgZVEVZVCVZVCVZVpVdV2VdV4VZVW9epiLdnCj1HF24GElDk37XzTbacoOA[CODE]....
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 08:39:04 GMT
If-None-Match: "06a163dbd612a346836873636bdef55a96277740"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:55:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1518
Connection: keep-alive
Set-Cookie: __cfduid=d975481d0f654520f877d50caea5b10371476834902; expires=Wed, 18-Oct-17 23:55:02 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Tue, 18 Oct 2016 21:30:17 GMT
Expires: Sat, 22 Oct 2016 21:30:17 GMT
ETag: "257c1131a25b2609ecae361ba0598bd5f556df9a"
Cache-Control: max-age=10800,public,no-transform,must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 2f3feb3e61464008-SOF
0..........0..... .....0......0...0.......ue......$I1......dO..20161018213017Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K......../N.E.....20161018213017Z....20161022213017Z0...*.H...............O<....2.....D5n..d...z.Qjt.O..H..A?..{. cz>.....O.....JS.jrX..X.:...!........9{..........k..Z3'..^^.6......_.H...e.0ao8||C...X8..]...............2..4..>..v.:i\{.._.8K.3.1...............ekQU.....f....s...74....$....?#.%....d..H...../.o}.._MT8N.....G6..P....0...0...0..........H.i..E...\...I0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...160807000000Z..161115000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R1 - Signer 1.20.."0...*.H.............0.........ga..)..*.n/X..z.<.....E'..rB(Z\'1..,....g.e.{.}...4...8.sU....@...h.3D.C......i.LKu..7..uv.#...3hN....1.-..u[.........D../jS.....`....#.M.vm.:Pj~.t].Fq......B.M.NI~H`..L.n....2.W.....f_>5b. ....]......p.6.E. ..P..a....Y......W.......:....K.~..2%G......^0.........0..0...U...........0...U.%..0... .......0...U.......0.0...U.......ue......$I1......dO0...U.#..0...`{f.E....P/}..4....K0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H..............$..L...N.x4..FX.j.u.......;.0..>.C)9........z....n..k,....f...K....A...a..@...b.qZ....Z......4.L.i...=.C.....0(*....................1..R.B|..Zn..u.......=2H..^..63.......?!_s..b]J...._...o.B..P...H. .s7..s.~..P..@...S...l..9.....$.....3....P6.'.$.........
<<< skipped >>>
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 07:50:34 GMT
If-None-Match: "6b9ba9eca642c891cc02365fc6161341647bd9fc"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:55:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1518
Connection: keep-alive
Set-Cookie: __cfduid=d975481d0f654520f877d50caea5b10371476834902; expires=Wed, 18-Oct-17 23:55:02 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Tue, 18 Oct 2016 21:13:10 GMT
Expires: Sat, 22 Oct 2016 21:13:10 GMT
ETag: "1acc958039cac58f38ed73070a4ab877c9948adb"
Cache-Control: max-age=10800,public,no-transform,must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 2f3feb3eb15b4008-SOF
0..........0..... .....0......0...0.......ue......$I1......dO..20161018211310Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K........DN.BG....20161018211310Z....20161022211310Z0...*.H..............0C-}..Z.2..H.B(~......h9i. .Q..].D.^g~.nRi..O.y.V..v.....W.......:.."....X.oc....F...;..3....Ip.8d.Z.....]g......$.z.....G...sP./...E&....{*.%.$".L.R5G'.^i..|..8.K...G.)._......z.;4-..v.F. ..0...M..1u.e$...?...}...T..@.I.r...]..xm.f......b..M...*'l...........0...0...0..........H.i..E...\...I0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...160807000000Z..161115000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R1 - Signer 1.20.."0...*.H.............0.........ga..)..*.n/X..z.<.....E'..rB(Z\'1..,....g.e.{.}...4...8.sU....@...h.3D.C......i.LKu..7..uv.#...3hN....1.-..u[.........D../jS.....`....#.M.vm.:Pj~.t].Fq......B.M.NI~H`..L.n....2.W.....f_>5b. ....]......p.6.E. ..P..a....Y......W.......:....K.~..2%G......^0.........0..0...U...........0...U.%..0... .......0...U.......0.0...U.......ue......$I1......dO0...U.#..0...`{f.E....P/}..4....K0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H..............$..L...N.x4..FX.j.u.......;.0..>.C)9........z....n..k,....f...K....A...a..@...b.qZ....Z......4.L.i...=.C.....0(*....................1..R.B|..Zn..u.......=2H..^..63.......?!_s..b]J...._...o.B..P...H. .s7..s.~..P..@...S...l..9.....$.....3....P6.'.$...........
<<< skipped >>>
GET /rootr2/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm+IHV2ccHsBqBt5ZtJot39wZhi4CCwQAAAAAAURO8EpV HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 08:41:57 GMT
If-None-Match: "682f048b8d31cb3f1cc888edf96fec2777d7e64b"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:55:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1507
Connection: keep-alive
Set-Cookie: __cfduid=d975481d0f654520f877d50caea5b10371476834902; expires=Wed, 18-Oct-17 23:55:02 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Tue, 18 Oct 2016 22:49:23 GMT
Expires: Sat, 22 Oct 2016 22:49:23 GMT
ETag: "334916d0bb4c722abbed7a67dfa3cf398d236868"
Cache-Control: max-age=10800,public,no-transform,must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 2f3feb3f01714008-SOF
0..........0..... .....0......0...0...........1.IVp*.@N~.......20161018224923Z0n0l0D0... .........\.1n........U.:.yB......Wg...j..Y..-.............DN.JU....20161018224923Z....20161022224923Z0...*.H..............:c.!`4.&lo..P..c0.=..{, &.....s....f.. .B....../U...p2.A...=.qNq.4w.........U<...J=..t2.@kw0...f..........3.w..P?z0...L.K5z."..........B}1./.....6....Ez=.....K0.:R).Iiy.....".Z....D...C...@...QZbtPE.wZ...-Q.=....h........u.,.f..w0.Z...._.8.{..Vi}.m.a8Z..'....0...0...0..........H.j...N... .<i0...*.H........0L1 0...U....GlobalSign Root CA - R21.0...U....GlobalSign1.0...U....GlobalSign0...161007000000Z..170115000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign OCSP for Root R2 - Signer 1.10.."0...*.H.............0.........N.......B>.|..S...@.......C.a.C.........V...Cf|G.....,......|.b..K.T.x<L.K...6Q..zeh.....Zd.n...0km86...\...n..v..O.......9...)...|...#.....j.......%W..vH`..Z.=..1[.d.y...)..n.&3,Z...#..Q....A.&...i..r"0.!6.g._..7...&.]..4 .$........IG..sw.....c.J.../.7b.........0..0...U...........0...U.%..0... .......0...U.......0.0...U...........1.IVp*.@N~.....0...U.#..0......Wg...j..Y..-.....0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...*.H.............s2..o"..2]=~.=..K.D...{n......,hd.....~TKr.R...K..u.&....lx...^.G...n9.x..~..o.R..:...\I..c<.]I..Ps..uh...<.(..HnJT....m..o.f%..'4^.)...z.-...$s.iI......M....B..3y./..3. .]2.......v.-.l...,..r.k.{^.OW!.......b.k......_Px'....IF............m.(.~.:...r#t#[.3..
<<< skipped >>>
GET /images/vicinio/dsp-images/michael.lockwood/assetRebuttal_1/1470778641078.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 09 Aug 2016 21:37:20 GMT
ETag: "85a217-15af-539aa56665f89"
Accept-Ranges: bytes
Content-Length: 5551
Cache-Control: max-age=309362158
Expires: Fri, 07 Aug 2026 21:37:20 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
.PNG........IHDR...,...........^8...vIDATx...kl.e.._iKO@....P..B.-.r>...2.3....c...$....;...5a.w2fg>..YW..j\.E.......|XO...v9.C.li;{.z......P........L`...\.^.}_..D".........................2#.!C&W[..NT..H. ....e.......I..)Ie..dBH...P.h...Ky]NR......b.....N..-..tM..HMK.r...D.l.;..%%.!.2.-.#. ..,..]]....%..[w_CR\A......(%&..d.d.dKrLr.!1O...,...%.Q....k.H...^...j.\..S..X...q.B......P.c..h.'.L.i.}iq.-.c*.h..K?_T.B.....C)2)6.`2QRj2I...2..5W..q..h..l..p....W..T......t.J."...........&.$.&... ..Z.z.P.8Uj.I..l..t..R..5"VK. .U...c..%b...!T..5.....d.d.d.!$...suX-.9Sj.Bjw..r...X.....V...{VA...5p...4.p.!...4.d.."..&KL..,#....R...&.H..........U,...EZzO Ta....`.&..i%.."........g..j.:.z.5&kM..BB.Z..z...R.KE`.R..R..R.%.H.m...eia%...4OV.JV...%..`...._z.._.8p......O{{...}mmm......K..Mt-Jm6.<xpWss...v.......#.]..U.I M..&.)......]e.:VwV........f....|...m..]:.........G....:...5kk..p..={..5mk[j|..i.....a...B.|..]..Isd..X.*))i...?|..c.. (.a#.....w.{..;m.{.*......c.e.. U.^.Rp.l.........-[..{.......`xaj.y.....Z...i...ji8Z.e..,......i...F.=Uhll.`..o...._......64.Ib.8.D..wYIa....A...%....N..8{......wv..W.0...={.....y...qA..!K\..,.ta%...1r_.X...'..|..W|...............#...... ]..v'..e.j7.....k._#@.......tY......0C........(C..~.d..f,imme.. .hkk{[......"qD.Z...>V4ae.Q....s....;..W..?tvv......e..q...B...g.V..Se...d..x..).B....Y....T..&.#...........U..]..Fu]]]g.....S.g...E..X9j.=ta.{.s...R9..-k.z..........'..#r.....k.'..%.Ij......a..........$..t'......<)...#..v.2y..\y..:..=.W..w.j....'..B=......V.L.....*........ n..\..NV...a.bia.
<<< skipped >>>
GET /anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868192&anxrd=imcrack.ad-jump.com&anxrk=-&anxrm=referral&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=091394C9-D018-47FC-AB78-FA6F5E967ED3&anxe=backFill&anxr=1438916606 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: free.mytransitguide.com
Connection: Keep-Alive
Cookie: sessionData="ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="; anx="
HTTP/1.1 204 No Content
Date: Tue, 18 Oct 2016 23:54:28 GMT
Server: Apache-Coyote/1.1
Via: 1.1 VVV.mapsgalaxy.com
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
....
GET /installError.jhtml?errorType=browser&errorCode=blockedCountry HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: free.mytransitguide.com
Connection: Keep-Alive
Cookie: sessionData="ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="; anx="u=A21D5714-8440-42E1-A400-95A248EEA772&fv=1476834868192&lv=1476834868431&nv=3&t=-&v=-&p=-&si=-&sn=dubprdsndlbfe45.dub.jabodo.com&od=imcrack.ad-jump.com&op=-&ok=-&om=referral&ob=-&oc=-&os=-&w=1276&h=846&cd=24&f=10.0&g=-&xad=MyTransitGuide&xlang=en&xrp=^BNH^orgyyy^S18478^ua&xrt=S18478&xuer=1&xgc=false&xrco=BNH&xrca=orgyyy&xrcc=ua&xkw=Transit%
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:54:28 GMT
Server: Apache-Coyote/1.1
P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Language: en-UA
Set-Cookie: sessionData="eM8hGio79AhShEic3iyflDqBDEWs0qHfCkXaLgses0EowfzQMAz7Spf5cdb4uN yb9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlT5YmMQwFlCvR5hn6iYMaMPblvFok1L/uyROAZ4/H5ml2w0coDerWYSusuZsNWOS4Uw/YAb7w35L7Jn5kaZtkCgF5yP6Eh0f PwQ8lXGEDaf7r8WP7z4uyjeW3BC0l3kswI6qbLTs5/lcidHLJAKWvAMzBuHgzE5peSufxGV90jebaNwsedd32MQE6Ck2T7xP 91B2By gwEyvKWzDA/E2W Ojq92fB FumE956LuEhkV qiV/RoSReyMIYDxTSkY8/v1OpT7cPdbRSIod021Qb0mWGKtM0vyOHoxhBIQEEg Tgoa/QIH r21bW9EdgpgW05o5Cn3JjGhxk0LeAFUJ4j bX4RqCA0EGE/TaqQCWxS/6KurG7Uqdju1OxmZeNOU0x/4biAuF7mTNWiyc5MisutUv7d7pbIqRp182dUKo9Hn898aMj3DzSC7jYIVueiYNzm9DepmxqIcGnVdVfC1NWkT3JCtbm0NhR0894bR33UEjADKa4FkUpOmSiNZK tklb25Sa48J409tpDt0DsDPYsDEOyAQI52oGLmCJicWeRUZmv/Zz8U7UHNXXJbaQBjassYTEWh/jRICH5VbMv20BqiDkstX9eoE3WpJ2PL1qThTGGtNpdhTn8XXuP4pQ NQFTMS65B0WHK9Uh/IDfSGw=="; Version=1; Domain=.mytransitguide.com; Path=/
Set-Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en_UA; Path=/
Set-Cookie: anx="u=A21D5714-8440-42E1-A400-95A248EEA772&fv=1476834868192&lv=1476834869133&nv=4&t=-&v=-&p=-&si=-&sn=dubprdsndlbfe45.dub.jabodo.com&od=imcrack.ad-jump.com&op=-&ok=-&om=referral&ob=-&oc=-&os=-&w=1276&h=846&cd=24&f=10.0&g=-&xad=MyTransitGuide&xlang=en&xrp=^BNH^orgyyy^S18478^ua&xrt=S18478&xuer=1&xgc=false&xrco=BNH&xrca=orgyyy&xrcc=ua&xkw=Transit Guide&tbGuid=26D30FD4-B3DF-4784-895E-E537F71AD018&xh=8681&xi=MSNI&xtp=vhigh&xp=vicinio&xtt=template_new&xpp=^BNH^orgyyy^S18478^ua&xs=29954&xt=intdefault&xcid=4dff599246e047698ff2f0ebb1fd4041&xx=install&xracl=&xckoid=&xgds=&xmvte=&xit=&xmvtv=&xmvtt=&xckid=&xrm=&xrs=&xnt=&xft=&surveyUrl=&xct=&xiad=&xbkw=&xg=&xn=&xu="; Version=1; Domain=.mytransitguide.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:29 GMT; Path=/
Via: 1.1 VVV.mapsgalaxy.com
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
a..............2000.....z... .[y.....oHY$ER..=.%y....^K..]........l...C.]..... .....>..lg<I#...C.P.*...?..._....N^._...S6..>{.....cVi...u.x}............l....D^....__?...*.8....___7.7.Ax.~.f..a........M7v O.j.{3.'Q7.N{ooO..`.}..\v |.x{...../3... .L......../.].."...,......."a.(...O.N....<.8bH.......V..I.'q..v. l .......H..6.9a..........^.m..p.c....^<k.V.z.....n%..A.. &.7q.M...... V......ON.0.............,..$N.(2..a.1..Ox....:B...-.,2..........@.L...&.f..p.g..........s._...8u...7".zC.}.....A..M.. .zV.......N.]q..r...h.gKT."../...@.j...._.a.0..}.C....w9J..1Ng....U...g. ....$.p]$4.....fB.$z...K......2!..!..n......|.a.Fk$..V>H..>(.W......C...........C.......<.......g{T1e.N99..N}>..D.]~.,...x.Hv.2.S....ut.F.......:N3....E1.^ ..d.."`..}'....!...%MH.I6.k....... ..`j2;....d..q0I...$8?:?}y......*.I...a7v.`..X.....y<...........n...2.......vE4ucW.3...%..Zg~Fw...!.v.....'..9.O.m:....c.-... N.]..[$BL.....i.A...nk......j.....2o.nMD.%.)j8.h...(P..@.R.0Q.O...........Q....7..a.L.4.....u2....MxN.S.G.. 0.x.........0xJ..F...uF...>,.%I.......AF.u..DI] .s4.7Z..o..J........aV..._....g2..T.[....2..w.......!iO....y...Q......w.%....0R.Q.a0....6..&<......#..L......4sUQR......q....V.gD.Y.a.S0..qW..`.T..pc.m.......aU.G...u4.?P..w.1H.."|_I^h.d.......W....9(...5...s..X..@.{B.l...8....X6.....P.R.F{ -..9.......&..E.L3....d.......0E........ M....5.y.y...w.!.(Y.C...Z..dA.M....Sd.0,..E....Q.nq..kM..b..s....M.....@cq.X9.....)3y...z%...........,...>..Os..x..=.`hY......L.T|...U....v.3.`x.P#.M....a..i.........6M.
<<< skipped >>>
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: free.mytransitguide.com
Connection: Keep-Alive
Cookie: sessionData="eM8hGio79AhShEic3iyflDqBDEWs0qHfCkXaLgses0EowfzQMAz7Spf5cdb4uN yb9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlT5YmMQwFlCvR5hn6iYMaMPblvFok1L/uyROAZ4/H5ml2w0coDerWYSusuZsNWOS4Uw/YAb7w35L7Jn5kaZtkCgF5yP6Eh0f PwQ8lXGEDaf7r8WP7z4uyjeW3BC0l3kswI6qbLTs5/lcidHLJAKWvAMzBuHgzE5peSufxGV90jebaNwsedd32MQE6Ck2T7xP 91B2By gwEyvKWzDA/E2W Ojq92fB FumE956LuEhkV qiV/RoSReyMIYDxTSkY8/v1OpT7cPdbRSIod021Qb0mWGKtM0vyOHoxhBIQEEg Tgoa/QIH r21bW9EdgpgW05o5Cn3JjGhxk0LeAFUJ4j bX4RqCA0EGE/TaqQCWxS/6KurG7Uqdju1OxmZeNOU0x/4biAuF7mTNWiyc5MisutUv7d7pbIqRp182dUKo9Hn898aMj3DzSC7jYIVueiYNzm9DepmxqIcGnVdVfC1NWkT3JCtbm0NhR0894bR33UEjADKa4FkUpOmSiNZK tklb25Sa48J409tpDt0DsDPYsDEOyAQI52oGLmCJicWeRUZmv/Zz8U7UHNXXJbaQBjassYTEWh/jRICH5VbMv20BqiDkstX9eoE3WpJ2PL1qThTGGtNpdhTn8XXuP4pQ NQFTMS65B0WHK9Uh/IDfSGw=="; anx="u=A21D5714-8440-42E1-A400-95A248EEA772&fv=1476834868192&lv=1476834869174&nv=5&t=-&v=-&p=-&si=-&sn=dubprdsndlbfe45.dub.jabodo.com&od=imcrack.ad-jump.com&op=-&ok=-&om=referral&ob=-&oc=-&os=-&w=1276&h=846&cd=24&f=10.0&g=-&xad=MyTransitGuide&xlang=en&xrp=^BNH^orgyyy^S18478^ua&xrt=S18478&xuer=1&xgc=false&xrco=BNH&xrca=orgyyy&xrcc=ua&xkw=Transit Guide&tbGuid=26D30FD4-B3DF-4784-895E-E537F71AD018&xh=8681&xi=MSNI&xtp=vhigh&xp=vicinio&xtt=template_new&xpp=^BNH^orgyyy^S18478^ua&xs=29954&xt=intdefaul
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:54:28 GMT
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"894-1476801494000"
Last-Modified: Tue, 18 Oct 2016 14:38:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/x-icon
Via: 1.1 VVV.mapsgalaxy.com
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
a..............e7..c``.B... )..... ......@!....8..sC0........DX........~.......(u.._d.@..M?.Zv...DX...@.i...... ..b.....|......D@.....4.Q.G.[..0. ..:.b2.z.-@)..H8...T..._....."...&'.........l.........z..,........10.930....@v..P.H......i?..7O...4.~.....0..HTTP/1.1 200 OK..Date: Tue, 18 Oct 2016 23:54:28 GMT..Server: Apache-Coyote/1.1..Accept-Ranges: bytes..ETag: W/"894-1476801494000"..Last-Modified: Tue, 18 Oct 2016 14:38:14 GMT..Content-Encoding: gzip..Vary: Accept-Encoding..Content-Type: image/x-icon..Via: 1.1 VVV.mapsgalaxy.com..Keep-Alive: timeout=5, max=98..Connection: Keep-Alive..Transfer-Encoding: chunked..a..............e7..c``.B... )..... ......@!....8..sC0........DX........~.......(u.._d.@..M?.Zv...DX...@.i...... ..b.....|......D@.....4.Q.G.[..0. ..:.b2.z.-@)..H8...T..._....."...&'.........l.........z..,........10.930....@v..P.H......i?..7O...4.~.....0..
GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 16 Nov 2013 06:15:02 GMT
If-None-Match: "200da-5b6-4eb453c33260e"
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Date: Tue, 18 Oct 2016 23:55:00 GMT
Etag: "200c0-b1c-53e9a04540058"
Last-Modified: Tue, 11 Oct 2016 17:15:02 GMT
Server: ECS (arn/45CB)
X-Cache: HIT
Content-Length: 2844
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root..161011160654Z..170106160654Z0.._0....'k...120111220757Z0....'k...120111220847Z0....'.C..130130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140212185542Z0....'yr..150701184507Z0....'#...100303201301Z0....''q..100414175202Z0....'L...110224181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..101208175749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..110815145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...120111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....100216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..101208175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...111207220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...130123162633Z0....'....130904190524Z0....'....131024214319Z0....'....140129172435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...140709171930Z0....'/:..141119193302Z0....'J...150603184605Z0....'k...150603185020Z0....'k...150603185058Z0....'k...150603185131Z0....'k...120111220827Z0....'8...140716191203Z0....'....131219195909Z0....'....140219171545Z0....'k...151105070000Z0....'q...160126173
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEExA26X5iPrlelfWRXSV+Ys= HTTP/1.1
Cache-Control: max-age = 444549
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 11 Oct 2016 13:33:22 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=502817, public, no-transform, must-revalidate
Last-Modified: Mon, 17 Oct 2016 19:34:12 GMT
Expires: Mon, 24 Oct 2016 19:34:12 GMT
Date: Tue, 18 Oct 2016 23:55:04 GMT
Connection: keep-alive
0..........0..... .....0......0...0.......].[ .A.|1.rC_H.5F....20161017193412Z0s0q0I0... ...................F....0.yV......{&.K......&.......L@......zW.Et.......20161017193412Z....20161024193412Z0...*.H..............y}...^....'....?...<..hc.............$-...L..I.0...n<z._...x.qF....Y..x...-.......8.........g.e9..=..2....%.bX8S,s^.K#.C.-%..o...'d.......;f\ .*.....y .XS-..hr..G"G.....x.2G`............P}...>.SW q.}...8.VX..,!.n..O.w%...s..u(r......1.a<.!.&..9K..Co.{?.,0....0...0...0...........3..-......F....0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...160928000000Z..161227235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0..........0CTS.....D7.=.s/..|..P...mS.....,.,).?C..r8.H...]....R.&....#..}.[G8C.|P.Z...[........Y.m..5...#.{yp^d;..^.=c~}P5.....=0...U..."!j.1.(.Q...n....O3.-:.R.;..A...............}.......JN..1E....I..!.y.:u.Jw..S......8.s..P..d........ ..t.u......X.cM...N:."a ...........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-D-21700...*.H.............h.S...i..v...l.p,'JO....*.mGF`...(..MU|.vn.....*.^.2...
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEHoPQd8czRTcsmkpjuIsajU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: s2.symcb.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1761
content-transfer-encoding: binary
Cache-Control: max-age=382579, public, no-transform, must-revalidate
Last-Modified: Sun, 16 Oct 2016 10:07:20 GMT
Expires: Sun, 23 Oct 2016 10:07:20 GMT
Date: Tue, 18 Oct 2016 23:54:29 GMT
Connection: keep-alive
0..........0..... .....0......0...0......l..T.#4...c.K.... *...20161016100720Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..z.A......i)..,j5....20161016100720Z....20161023100720Z0...*.H.................6........(...UG..d.X0...Y^./.S.S]K.y....Q....]...UI..(8.f...!....gA...-...:.^cD.L.5)y...L....P....).rD...t........K..A\\.....\.%.N.....[CT}...,r2.mE8sC.<^6..X.#.:9*&..OY...=0.|......x...d*Kj.......dc.ZM....)..:...b... V5..K...j......t.......=p...xT........0...0...0.......... .7.$.T.4.....u.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 40.."0...*.H.............0........./..C.n..RRd-G..mB...m.0Q..^f..A...av.9....?Q..(.j(..$..P..?[v....9. ...u....v..-<l....^.Z.C.f.V...$7............G.D.....@T{.....|...msV...{.q...2..y.............".u.d.p.%... U.I.0..0.x.-`..Yi....6.lw<....N.k\.....]s...O... 0....TH.cB.Q.Z...}...p.1....>2 ..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0 ..U....0...0.1.0...U....TGV-C-600...U......l..T.#4...c.K.... *.0...U.#..0.....e......0..C9...3130...*.H.................qL.....R.
<<< skipped >>>
GET /images/anx/anemone-1.2.7.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: akz.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7k
Last-Modified: Mon, 08 Jul 2013 20:02:48 GMT
ETag: "774114-a236-874e8a00"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11189
Cache-Control: max-age=211838894
Expires: Thu, 06 Jul 2023 20:02:42 GMT
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
...........}mw.F..g.9..X.....eIN...n...u.I..I{......$...p(.....?......t.>."qf0....`0..a..r.%q.M.YV..|...H.e...W.RD....yt.W.MV/.z.F.2.....G.t9I .u.<..*..U..E........h]d...;.V..=Z....Y..._......IYM.........D.,ZfB@7}.....".....t.uJ=.........$.........U.....D.R.E......BK...:....,.......}O.z....LqX-@.M..q]..U..%.`Z&.%....._..l..S.:/.?....,.9F0u.N.Q.'.h...k(. ')V....[.....)..6..^.9............l*[.3...&.n2.hs..M...6...."....Ed7!..sN.*..0KU....>.BR.WY..KX.{.q..7....*b7...1...:.ey.h......2.C4..z...I......G"......Y..%M.J~'i1-.q.D.a..Q......T@7.."n8.@...-W.z..r&...5.....I......Vt.b .'qr..'....D.....|X..|.&E.i<U......i}.ZI.r...EB .f...Ti...2 ......</..UU......uqH._....k..Dj......>H....S...D...l.Ga.O...%..E........\.....vL..}.....t....S.$..&....f.b.Y.....".F..R?Z....X...r5......R....d..0.7..5.).X...,I..5.. .n..X@!h.Mw.T...l.*..N...:.26.!.=....-.[-J.5nQH.eV.k.{<......EM.4M.r...u........:.....#)'......x...U..G)...E.k....isbP.;..s[Mx..x...y.3P....0ThZ... .....m.pQF..v!..P..*0YV..."..E........|g.)P.. 8".#.....]....pK.'. .uBJ.am?..(......c......92.../%...........6...u.Q..".a>}]<#1.t.......R...^.$ b......n.?..7..8.{P.n....d...aS%...#...$.....f.`...F.W.%l5..U..T$U.Z..1.a.S.?..h...={.,z....{.r..Pa... .@{<.M.I=....Y..4]...P.[...r............F.u!..i.....?........R@._.O...{....w.....F.x......k.mO.....nt...[tM...........Y.;C.........&T....3...;..tG\..J.....H...".......,..f@H?...:!.. O.9.:>.~. ..`..aL..7.......L....8..K..k{8..e.I..Wv7....Ou.|>`"w...a.u{'..a...v...Qv..|.mm(3.... ..1L.....Qn.).T9L.~..]l
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio= HTTP/1.1
Cache-Control: max-age = 432038
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 11 Oct 2016 10:05:24 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: s2.symcb.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1761
content-transfer-encoding: binary
Cache-Control: max-age=554557, public, no-transform, must-revalidate
Last-Modified: Tue, 18 Oct 2016 09:53:44 GMT
Expires: Tue, 25 Oct 2016 09:53:44 GMT
Date: Tue, 18 Oct 2016 23:55:03 GMT
Connection: keep-alive
0..........0..... .....0......0...0......l..T.#4...c.K.... *...20161018095344Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..=x..vI`.a}.....*....20161018095344Z....20161025095344Z0...*.H................X.I...Z........K.?......oes..|:.n..(....pp.....z .p..o.x..EO.....K*c.ax.l....7..'.da0...Mz.F.l.6....ut..f<...R..Gi..k.y......*8)QU&.j....7.BP..8.^..4.%)..rH1...w.[^....S0.d.....3)....J...eJ\H..9......t............F..&.[.Vi..$.p:<.E.I..l.X.`.P...].h.2.3.....0...0...0.......... .7.$.T.4.....u.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 40.."0...*.H.............0........./..C.n..RRd-G..mB...m.0Q..^f..A...av.9....?Q..(.j(..$..P..?[v....9. ...u....v..-<l....^.Z.C.f.V...$7............G.D.....@T{.....|...msV...{.q...2..y.............".u.d.p.%... U.I.0..0.x.-`..Yi....6.lw<....N.k\.....]s...O... 0....TH.cB.Q.Z...}...p.1....>2 ..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0 ..U....0...0.1.0...U....TGV-C-600...U......l..T.#4...c.K.... *.0...U.#..0.....e......0..C9...3130...*.H.................qL....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Cache-Control: max-age = 547348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 19 Nov 2013 21:12:41 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=446579, public, no-transform, must-revalidate
Last-Modified: Mon, 17 Oct 2016 03:54:24 GMT
Expires: Mon, 24 Oct 2016 03:54:24 GMT
Date: Tue, 18 Oct 2016 23:55:00 GMT
Connection: keep-alive
0..........0..... .....0......0...0......75.<.2/.H....G%>*K^...20161017035424Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5..........^.3@..cL.1.......20161017035424Z....20161024035424Z0...*.H...............p...F..T.4..F...s..o.~.u..p)R7.=D.....a.<z......E..j.5.D.~.....A....A.......G....&.h..^9..'\.|...F: _.......7'o.g.^)..#...B..@I.z o..M(..#..q..../e..6.o.{.[.I....%%_ .g.c..bE........K.$..y/V..:O..j.:W.......B..R..a...^l..j;$.R.j.&....@..R..s..)/.hrL%...5...#0...0...0..........m.&..{.)K..8...I0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...160929000000Z..161228235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0..........&;AD.cf.......S..g$/.\......."...D..L.............k!.h.m......@U...T8...g..7\..3.C0.b....CR.....p...\Y..C.[`l....Q......G(.....{W. ....J].M`......y!<...3.@j.&....._/..j.c{.&v-Y....L....a]C....a...dd..*o..&.[.O#..>....Q.....F ..e....<.' =...m.@$.w{>.A.............0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........https://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-D-21
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= HTTP/1.1
Cache-Control: max-age = 363986
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 17 Nov 2013 16:06:48 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1452
content-transfer-encoding: binary
Cache-Control: max-age=372958, public, no-transform, must-revalidate
Last-Modified: Sun, 16 Oct 2016 07:29:50 GMT
Expires: Sun, 23 Oct 2016 07:29:50 GMT
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0..........0..... .....0......0...0.........Yt...........z.(...20161016072950Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..%...0a.. ...M|......20161016072950Z....20161023072950Z0...*.H.............MLu....<.....uHr.........Ad.h..k_....'b..J..2E...|.....F}.......Z...Pk.c.@....J.......^T....i.&A.gz_x..!..........s.H4F....c&h9i..o..C$.*.....Lr8.f..,..#....\.......~hdN..3.A.H.f.RbqT..M..Jb.I.'.....Yhk~..O~.)E.7}..E*..Z:.......~r.me.yJ.r...)`.ou.2.k.=0V......0...0...0..2.......@1Kyh.i.L....p..0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 40.."0...*.H.............0..........K...8..p...<.\"J6.A!../.nL...6.........!.),......9].N6Kz.WC..8.)z.by.z..[% #..^t.^...*..M....p..{AW..[...d.]p...VY..F..d....>wv.5...?......g>qJ...oF.jOW:.'n....4vK.....p..@.%......=..^..1.^..e^..w...g.......gM...H..m..P..t (..)B.....1,`..!&.Ry.=:.6-c..=w........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0 ..U....0...0.1.0...U....TGV-C-570...*.H............o....8qO..."....5.E.....S.k&.Bd...2T@=._..H...S%...m. ...Gd........#.Ty/r..GH/..].G....o5..J.v.$...."...R.><....Jl..z.....=^`8......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEDO099rCgtT22XaI8/R3kQY= HTTP/1.1
Cache-Control: max-age = 512217
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 19 Nov 2013 09:17:20 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 5
content-transfer-encoding: binary
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0....HTTP/1.1 200 OK..Server: nginx/1.4.7..Content-Type: application/ocsp-response..Content-Length: 5..content-transfer-encoding: binary..Date: Tue, 18 Oct 2016 23:55:01 GMT..Connection: keep-alive..0....>....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Cache-Control: max-age = 440358
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 18 Nov 2013 13:12:21 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1452
content-transfer-encoding: binary
Cache-Control: max-age=455940, public, no-transform, must-revalidate
Last-Modified: Mon, 17 Oct 2016 06:32:09 GMT
Expires: Mon, 24 Oct 2016 06:32:09 GMT
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0..........0..... .....0......0...0.........Yt...........z.(...20161017063209Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20161017063209Z....20161024063209Z0...*.H............. >7P.b..J.b.@...p. ..`m.G.H.p..vP....o..."...m<._......=.c"...._Y.6..e.]..#-......p.S....o..VZ|'b..l..6LIK.t..v..<.jL...s.N......~#(.=...z.4..J{C.k^C..2.J... .v....M*.....t....s.i....%,...O~..Yt.;.GM^....nx..&..$nqw6.rW.._]OH.,..en..D...sY..A.O\[o..T...6.h....0...0...0..2.......@1Kyh.i.L....p..0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...151124000000Z..161214235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 40.."0...*.H.............0..........K...8..p...<.\"J6.A!../.nL...6.........!.),......9].N6Kz.WC..8.)z.by.z..[% #..^t.^...*..M....p..{AW..[...d.]p...VY..F..d....>wv.5...?......g>qJ...oF.jOW:.'n....4vK.....p..@.%......=..^..1.^..e^..w...g.......gM...H..m..P..t (..)B.....1,`..!&.Ry.=:.6-c..=w........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0 ..U....0...0.1.0...U....TGV-C-570...*.H............o....8qO..."....5.E.....S.k&.Bd...2T@=._..H...S%...m. ...Gd........#.Ty/r..GH/..].G....o5..J.v.$...."...R.><....Jl..z.....=^`8......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURcFlNEwYJ+HSCrJfQBY9i+eaUCEEsY6Q+7vYaPyv66+coRxyE= HTTP/1.1
Cache-Control: max-age = 589790
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 20 Nov 2013 09:32:32 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 5
content-transfer-encoding: binary
Date: Tue, 18 Oct 2016 23:55:01 GMT
Connection: keep-alive
0....HTTP/1.1 200 OK..Server: nginx/1.4.7..Content-Type: application/ocsp-response..Content-Length: 5..content-transfer-encoding: binary..Date: Tue, 18 Oct 2016 23:55:01 GMT..Connection: keep-alive..0....>....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Cache-Control: max-age = 435806
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 11 Oct 2016 11:05:46 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=544650, public, no-transform, must-revalidate
Last-Modified: Tue, 18 Oct 2016 07:08:21 GMT
Expires: Tue, 25 Oct 2016 07:08:21 GMT
Date: Tue, 18 Oct 2016 23:55:04 GMT
Connection: keep-alive
0..........0..... .....0......0...0......75.<.2/.H....G%>*K^...20161018070821Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20161018070821Z....20161025070821Z0...*.H..............{Ij52|../.O....,..[x0X..YQ.>..o$#.~.w...c....<A....4...M.......\...pM.G..@9M..S.......-.s......J.....L[Z......)"..d...1c.Rb7l..i.....RW.5...<..5.:..)a......F...W]S|.......G....s}}.....w.-.pZ...2.u.R..h...]...4......D.**,?..T.#..\../Z...............u..m.FR...#0...0...0..........m.&..{.)K..8...I0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...160929000000Z..161228235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0..........&;AD.cf.......S..g$/.\......."...D..L.............k!.h.m......@U...T8...g..7\..3.C0.b....CR.....p...\Y..C.[`l....Q......G(.....{W. ....J].M`......y!<...3.@j.&....._/..j.c{.&v-Y....L....a]C....a...dd..*o..&.[.O#..>....Q.....F ..e....<.' =...m.@$.w{>.A.............0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........https://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TG
<<< skipped >>>
GET /images/vicinio/dsp-images/jeremy.jacinto/button1_1/1471019347967.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 12 Aug 2016 16:29:08 GMT
ETag: "98507e-6a72-539e261bf57cc"
Accept-Ranges: bytes
Content-Length: 27250
Cache-Control: max-age=309617885
Expires: Mon, 10 Aug 2026 16:29:08 GMT
Content-Type: image/gif
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
GIF89ah........I..J.....JN..M..I..1..L..K..J..G..H..O..E..F..B..2..3..0..1..4....I:..9..8..7..6..5..0..E..8..H..6..4..A..M..?..@..=..<..3..K..L..2..J..G..D..N..5..C..D..1..B..2..C..;..9..?..:..:..6..<..>..>..7..5..3..4..;..0..;..7..0..M..8..2../..H..5..L..=..5.....A..8..>..6..B..1..G..1..F..@.....G..4..:..I..9..K..9..?..N..3..<..J..B.....<.....F.....D..A........d..8..J..=.....?..K..@..E../.....J..3..3Wj...L.....7..b..5..C..p.P.....k:..2..F..E..6..7..G.....E.....0..H../..K..4........C........I.....>.....M..=.....C....[..z?..s..S..<....kD..B.....F..D..............;.....L.....;..E..@..>.....u..I..I..G..P.....C....l......4]yN........B.....T.\A..0.................M.....|.Kf.....>~.:afh..1n.J..............1..I...../..M..N..M..........\~.K.........N..G..0..0.....}.JH........2Ui!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:8B19039560A911E683C1C55997016247" xmpMM:DocumentID="xmp.did:8B19039660A911E683C1C55997016247"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8B19039360A911E683C1C55997016247" st
<<< skipped >>>
GET /images/vicinio/dsp-images/222010004/background999/1458663898223.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/installError.jhtml?errorType=browser&errorCode=blockedCountry
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 22 Mar 2016 16:24:59 GMT
ETag: "d60bc-264b0-52ea5a7985c6e"
Accept-Ranges: bytes
Content-Length: 156848
Cache-Control: max-age=297233021
Expires: Fri, 20 Mar 2026 16:24:59 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:29 GMT
Connection: keep-alive
.PNG........IHDR...T.........JL......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="xmp.did:08801174072068118C14B382F3F4B1D6" xmpMM:DocumentID="xmp.did:9B41C227E86D11E5AF6AF3244915D9CA" xmpMM:InstanceID="xmp.iid:9B41C226E86D11E5AF6AF3244915D9CA" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a3a90085-b1fa-4a83-9998-d427570c3d8e" stRef:documentID="adobe:docid:photoshop:be0e3ae9-2cdc-1179-a614-eb38104d91c4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..$...`uIDATx...i.-.u..V...=.......D.QL.'J....M.v"..c.2...b;B.#p.(...N....$V..v.I.,....AB1.....x .. .)...$.M.......:......w...D..w...T..{M....t..w.........;.y...D.....r..n....d9.F....g.....D...w....7..).J..y|...u|....;..>o...................O?.L].xs.|...A.}.n.......r...:e.......L...-...3..-..M...}...5......,W.|....`......2..'.3Z..p;.g.Vo].y]..f.s~....2...5.....Y.&.....7w.?.=1?..:..a^o@........,z.......>.g6..a......
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAisW18hq2CY HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 404 Not Found
Date: Tue, 18 Oct 2016 23:55:01 GMT
Content-Type: text/html; charset=UTF-8
Server: ocsp_responder
Content-Length: 1668
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//VVV.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//VVV.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}. </style>. <a href=//VVV.google.com/><span id=logo aria-label=Google></span></a>. <p><b>404.</b> <ins>Tha
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEAdrg7dKqon HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 404 Not Found
Date: Tue, 18 Oct 2016 23:55:02 GMT
Content-Type: text/html; charset=UTF-8
Server: ocsp_responder
Content-Length: 1668
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//VVV.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//VVV.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//VVV.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}. </style>. <a href=//VVV.google.com/><span id=logo aria-label=Google></span></a>. <p><b>404.</b> <ins>Tha
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAMwQYKxJVsR HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2016 23:08:58 GMT
Expires: Wed, 19 Oct 2016 23:08:58 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 261965
0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130203Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...0A..%[.....20161015130203Z....20161022130203Z0...*.H.............O._W..7...s.....f....hv.,.r....9......h..k...o..-..ogC..8..9....d.L....:.r.ba.xmCz]....@......f9.....YE.e..f...-..o......L.7jf...6z_.n8J.f....R...`d...,[..T.Y2..E....l..`dY..qn...~m..W..{oA4.........)..|j=...2n...$:L.H..i.s.]...i!K.GQ.gGeW..].r..&d.~.> .......
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHUW2dw1OuXl HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2016 19:15:17 GMT
Expires: Fri, 21 Oct 2016 19:15:17 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 103186
0..........0..... .....0......0...0......J......h.v....b..Z./..20161017070324Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..u...5:......20161017070324Z....20161024070324Z0...*.H.............h.....A.~..7.]Xr}oCv..p..W.p..~......z..>..9..J..]...J`x.......f}..w.-.hu.....~..... ..jO#....YO..^..C.f.5!.., V}....|...Hz. ..r....6'....8&.l5.....5q.Q..c...6b.s...#.3..U..w....I.(....8 ........r..*cf..7.K.....F=i......d...8@.[i.........U..>..N....Q....N.....
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBW8iC8YNRkC HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2016 23:45:56 GMT
Expires: Wed, 19 Oct 2016 23:45:56 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 259747
0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130256Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...../.5......20161015130256Z....20161022130256Z0...*.H..............fY..A...Ztd...{b......K.....v.j....-RLZ..q..w8...Dkk!.C[....g.Q.........c}=D'.............s....p|.1..._...M.}.....1I.bT;fd...6......2!.;sh"j.;...w._.IK.....w..&Q.y.w.._.....EDo........5.....N...x....V.!NI.B...=%O7.......'.Zr...k{%F..H=..F......T.z.W..G.......
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGZimYWX7CS+ HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2016 20:30:14 GMT
Expires: Fri, 21 Oct 2016 20:30:14 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 98689
0..........0..... .....0......0...0......J......h.v....b..Z./..20161017130113Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..fb....$.....20161017130113Z....20161024130113Z0...*.H.............{....Y%.C..Cj..."..Ei.dA..8....P..|d.N.5..............*Xx.hZa.K^.@n..pL.:iM... ...H..ANkC;0....J._.. .}....d'^.....k.T^..u..y..{.C`..j..~_..:.l.8...`.!...e.W.k.L.7.KQ..q....|1.t.(.3..S".N.L{.J....{J`..".u`._..R:*....Y.6Z.o.M .Z...*..L.AC.......0.^....uB)......
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAFb1O5EN2Za HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 18 Oct 2016 22:03:40 GMT
Expires: Sat, 22 Oct 2016 22:03:40 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 6683
0..........0..... .....0......0...0......J......h.v....b..Z./..20161018130354Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...[..D7fZ....20161018130354Z....20161025130354Z0...*.H............."9._...e7|.o..|s......!..z...KY.......9.........9ys..B.I.....D...).g.&Q4..~#...7....]......rY....L ..Hm2. !7.}..... 2..T.f........./p....Q03...!`.-U=1.v..;.c....l.:.......,E.....!.1.......qt$t...h .'.m.....H3......)..b...[.y......X...S..L.Jo.p.s.j.....c...HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Tue, 18 Oct 2016 22:03:40 GMT..Expires: Sat, 22 Oct 2016 22:03:40 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 6683..0..........0..... .....0......0...0......J......h.v....b..Z./..20161018130354Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...[..D7fZ....20161018130354Z....20161025130354Z0...*.H............."9._...e7|.o..|s......!..z...KY.......9.........9ys..B.I.....D...).g.&Q4..~#...7....]......rY....L ..Hm2. !7.}..... 2..T.f........./p....Q03...!`.-U=1.v..;.c....l.:.......,E.....!.1.......qt$t...h .'.m.....H3......)..b...[.y......X...S..L.Jo.p.s.j.....c.......
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCO1K2+o5D5i HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2016 23:23:18 GMT
Expires: Wed, 19 Oct 2016 23:23:18 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 261105
0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130233Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..#. o..>b....20161015130233Z....20161022130233Z0...*.H.............0U.Y.|....z...b.o......Mv-o..z....\]...-:....w....'.KX..5...|&.U..Y...*....b..m'.6..4.c.p.@<q.Y.q...O..9.a,.yT\.^Ea1...C.......J.....*g.c..);)..X..n?;D.3..o.m.1.3."....UF...D...*..?..'...K...Qf. .....a..H#r.g.....M......=u2."[.Yy.......VU.-X..v$.....S~o...HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 15 Oct 2016 23:23:18 GMT..Expires: Wed, 19 Oct 2016 23:23:18 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 261105..0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130233Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..#. o..>b....20161015130233Z....20161022130233Z0...*.H.............0U.Y.|....z...b.o......Mv-o..z....\]...-:....w....'.KX..5...|&.U..Y...*....b..m'.6..4.c.p.@<q.Y.q...O..9.a,.yT\.^Ea1...C.......J.....*g.c..);)..X..n?;D.3..o.m.1.3."....UF...D...*..?..'...K...Qf. .....a..H#r.g.....M......=u2."[.Yy.......VU.-X..v$.....S~o.......
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCENN6nuImvRO HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2016 23:06:59 GMT
Expires: Wed, 19 Oct 2016 23:06:59 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 262084
0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130247Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..CM.{...N....20161015130247Z....20161022130247Z0...*.H.............-....`!..xa...v...E...........%...n.....>.r...L0..F...A...G._..b.v.}............43...6......`X..Y...9....Dp0r.j.Jl....t.t3._L!$.h.{.."...)... P(`2..2.....o.....\..*.8...........N.......!.gK7&.....c.Y..tx.v2.\j..yI.j.u\6...$Py.]Y~./..........0...~.B{.....!O....
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCn5KPFJmjBe HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2016 23:13:53 GMT
Expires: Wed, 19 Oct 2016 23:13:53 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 261670
0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130030Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..).(.I.0^....20161015130030Z....20161022130030Z0...*.H.............3.3^....4..bk......2....L.y....4.$b..*.....ca.4Bv....U..E...[>c.....Rl..!.r....|.@.O. ...:....X.....}..8q"j,.........d....j.....9...,..2@..X<~.......q3^qK.H...1..W-.a<w...[..w...Z.}^...9..=..)..1.....P....}!h.2...q0.....^.bO&..O.......`..C35.e....(.u..K...HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Sat, 15 Oct 2016 23:13:53 GMT..Expires: Wed, 19 Oct 2016 23:13:53 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 261670..0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130030Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..).(.I.0^....20161015130030Z....20161022130030Z0...*.H.............3.3^....4..bk......2....L.y....4.$b..*.....ca.4Bv....U..E...[>c.....Rl..!.r....|.@.O. ...:....X.....}..8q"j,.........d....j.....9...,..2@..X<~.......q3^qK.H...1..W-.a<w...[..w...Z.}^...9..=..)..1.....P....}!h.2...q0.....^.bO&..O.......`..C35.e....(.u..K.......
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDysFK5r8h11 HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 18 Oct 2016 04:57:02 GMT
Expires: Sat, 22 Oct 2016 04:57:02 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 68281
0..........0..... .....0......0...0......J......h.v....b..Z./..20161017190157Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..<...k..u....20161017190157Z....20161024190157Z0...*.H..............N........'..#6..M...f.<.bMn......).;.u1...NE........Lt..k.\..z..jq..VR....MD9........'oI.....v....F.y.j.h.....ql..w..o.......R{..q..v0.VA.;..E....Lo...........7h#:....B`.|..._.-kj.k....A..........U.&jv.<....r...M?.........0y..r.U.e.#.].d..9'z.z.......K..sHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Tue, 18 Oct 2016 04:57:02 GMT..Expires: Sat, 22 Oct 2016 04:57:02 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 68281..0..........0..... .....0......0...0......J......h.v....b..Z./..20161017190157Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..<...k..u....20161017190157Z....20161024190157Z0...*.H..............N........'..#6..M...f.<.bMn......).;.u1...NE........Lt..k.\..z..jq..VR....MD9........'oI.....v....F.y.j.h.....ql..w..o.......R{..q..v0.VA.;..E....Lo...........7h#:....B`.|..._.-kj.k....A..........U.&jv.<....r...M?.........0y..r.U.e.#.].d..9'z.z.......K..s....
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHiWTKIt8ymy HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2016 23:13:26 GMT
Expires: Wed, 19 Oct 2016 23:13:26 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 261698
0..........0..... .....0......0...0......J......h.v....b..Z./..20161015130212Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..x.L.-.).....20161015130212Z....20161022130212Z0...*.H.............l.q&..5(.m./B..0.F..A.B...A....W.....s..p..)2......J"....y......5o...<8.Wz!v........w...$v.w..4 ....]....,7...m:..[...d3\2.8../M..2..S9..r...&.~b?T.......o$=D....x...x......$M...3..<.2}No5v:{p;.....<..g...*cv..>t..EfwDt......9K.V_.....4.M.?C'(C:g..]..,..B,....
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEQDmMy02FbF HTTP/1.1
Cache-Control: max-age = 345600
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2016 20:39:25 GMT
Expires: Fri, 21 Oct 2016 20:39:25 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 98139
0..........0..... .....0......0...0......J......h.v....b..Z./..20161017130117Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..D.....V.....20161017130117Z....20161024130117Z0...*.H.............m.e..?...M.q0l.O..x....r/...2.bxg..iS._..nI.......>......1...#.=X..~....Q...gx.!#...j..r......)J.z.._9...M.<..Ul......g...S.....r..W<.'..\..Lh.m....9.t.#....lC....=.........n..JCw..@.[...W....y...e.#.....0..B.!....z@.7 .&.K}}p.^....~.....T.%.`.TG.h.h...}.sHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Mon, 17 Oct 2016 20:39:25 GMT..Expires: Fri, 21 Oct 2016 20:39:25 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 98139..0..........0..... .....0......0...0......J......h.v....b..Z./..20161017130117Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..D.....V.....20161017130117Z....20161024130117Z0...*.H.............m.e..?...M.q0l.O..x....r/...2.bxg..iS._..nI.......>......1...#.=X..~....Q...gx.!#...j..r......)J.z.._9...M.<..Ul......g...S.....r..W<.'..\..Lh.m....9.t.#....lC....=.........n..JCw..@.[...W....y...e.#.....0..B.!....z@.7 .&.K}}p.^....~.....T.%.`.TG.h.h...}.s..
GET /prd/ttdetect.html?&op=g&cobrand=BNH&xdm_e=http://free.mytransitguide.com&xdm_c=default4346&xdm_p=1 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ttdetect.staticimgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 17 Aug 2016 14:30:23 GMT
ETag: "3f18a8-6b15-53a454e3f7ab3"
Accept-Ranges: bytes
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=26145807
Expires: Thu, 17 Aug 2017 14:37:55 GMT
Date: Tue, 18 Oct 2016 23:54:28 GMT
Content-Length: 10125
Connection: keep-alive
...........}iw.....w.....d.M...T...Mzb''v.{ Y.@..$*$.!..o.{c A.r...z.Z....{............Uc...O.....^.?3.{..7.......i..<....y..C~K..$J....t.EG.....~. ..y#.[@.9..;...'s...h9..8.[.."..7.<....uA..<...(I-..A.|...........|>.'O...1.%..Oy.L..oS..`..^.....4^z9..........s/.l*.O`m..!..v.og../.[........?9..>...C.[Ct..............N........(..P?...3}.,.L.-.v ..qf....<.....i8.../...i. .v.....W.N..2..f...O..e#..T.9,..y..).^'q(.B..P'..<$.I.K.{~..K....t.}...];../t= .......D.C;..S(kg.8........]r...^....*"V .\..:..G.7..........=X[.7...<.....z.n......h}8.|8zp..;c:f.....?..x.l4<{.at....^.Gq.>I.......@4.7]........|...8..P.,.....k..4.O...._{...g7p..._O...._.8^..]....=./|...u..[.E.....3..T.9....N.U.Y....t....2EA.5..8a...b{..\..v..\|Y.,.1..hC*^.5.....3XC...9P?.)!..Av..b*...M....U......ko...P...KM.Q{.eW..r.^_......x.iNF..g.Rm. 0..rq..f...dZ._.;...;.RY.DUk.9..q....0.z........s..j..hy.....W.)...He..~...<A."#W.....,..2.....e...5.........q.'..,.P.;...7.......[..........v....w....f..;?.......l..!aCj. .p........8.....s....V.`.........;Z.{Gt2.q..M...}...lz......9@.].,....S....m......@v.u........=..w.n......f..=W.....|..'.qB...t..B\.....ZKl.Z........ e{.,,......5N(!6M\..iw@Z..Cl..z........g..2h.1..|..M..!...@..g...4$.a.c...!....n...0X..L....-=u.6.%\.S..)....Rn|.|.z#.S...Z..o......E.lU..K........}m...ve...$I..s...v.....0^.T.6.....d>......I.#..F.T........8?.C..0...#l.6.$...9.v...Za(2e.r5.........:...)..z..j...yH(.].).......I.H%.I......d7T...."V..........=_r...GD9.,...4..g.....v..L@.L...\..e...\&..e.I....a..<.
<<< skipped >>>
GET /api/report?type=1&code=Windows 7 Ultimate Edition Service Pack 1 x86 (Build:7601) | Internet Explorer 9.0.8112.16421 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: my.pcmaps.net
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 18 Oct 2016 23:54:12 GMT
Content-Length: 15
{"status":true}HTTP/1.1 200 OK..Cache-Control: private..Content-Type: application/json; charset=utf-8..Server: Microsoft-IIS/8.5..X-AspNetMvc-Version: 5.2..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:12 GMT..Content-Length: 15..{"status":true}..
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBoenwTt2h3GcY8iVw== HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 06:16:22 GMT
If-None-Match: "4a49c69908e933f536cd8546fd48854f6c2b3f7b"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:55:03 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d4cbed9bdb999a8bea99b4cd2694be2661476834903; expires=Wed, 18-Oct-17 23:55:03 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Tue, 18 Oct 2016 22:11:50 GMT
Expires: Sat, 22 Oct 2016 22:11:50 GMT
ETag: "dc59b7ee5cbaaf39a02513301d77d712a983fcb4"
Cache-Control: public, max-age=339407
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 2f3feb3fe7da4056-SOF
0..........0..... .....0......0...0.......M........u....%...G..20161018221150Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|..........q."W....20161018221150Z....20161022221150Z0...*.H.............Y..42.........BY...S.?.7...t:......z._...-.".h (\x`.......,.....7..~3..og.Q..#.........y.t.....Wm..g..3.....@<;.~.5R.X..y.X......XN..-@... ..'.c..z.9V..V....2...]......[.j....... ]P..........h.3#...g.<.(.(.9.%.>.n.............~....d9n.Q.?.....<..f.E......e...K0..G0..C0.. ........f{o?...d...0...*.H........0f1.0...U....BE1.0...U....GlobalSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G20...160725033205Z..161025033205Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....2016072511411M0K..U...DGlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0.........C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/repository/0...U...........0...U.%..0... .......0...*.H..............TeQ...^5Y.is!...O..>DJ(.b..[C.D...KJ\.c;..X.;xV<....N..z>q..{>...0d...!K.........$f.....cD.U.....g"6.........1.I..T.@.1.D...4.L[..bB......Z...0...Tx.4NX....4...T.n.....A.H.R.`O.t../.".e
<<< skipped >>>
GET /?a=539528&c=1430992&m=32&s1=&s2=1494351 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://imcrack.ad-jump.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: lxudv.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: hXXp://free.mytransitguide.com/index.jhtml
Server: Microsoft-IIS/8.0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=vLmk2t0VnalhlyCgjgrxwxcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; path=/; HttpOnly
Set-Cookie: trk=PJb8yxhbiO4auCsDYltbpBcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; expires=Mon, 18-Oct-2021 23:54:21 GMT; path=/; HttpOnly
Set-Cookie: c38465=vLmk2t0VnaluOgGD2kGsP 2xndCvf0zA kpG/3/ABnwdFAkm5pFJoNMevdOkv9Ra; domain=.lxudv.com; expires=Fri, 18-Nov-2016 00:54:21 GMT; path=/; HttpOnly
Date: Tue, 18 Oct 2016 23:54:21 GMT
Content-Length: 159
<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://free.mytransitguide.com/index.jhtml">here</a>.</h2>..</body></html>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=utf-8..Location: hXXp://free.mytransitguide.com/index.jhtml..Server: Microsoft-IIS/8.0..p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"..Set-Cookie: sid=vLmk2t0VnalhlyCgjgrxwxcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; path=/; HttpOnly..Set-Cookie: trk=PJb8yxhbiO4auCsDYltbpBcUND3FXA7L3R9h DJxMuJtlofQ6ptVTQ==; domain=.lxudv.com; expires=Mon, 18-Oct-2021 23:54:21 GMT; path=/; HttpOnly..Set-Cookie: c38465=vLmk2t0VnaluOgGD2kGsP 2xndCvf0zA kpG/3/ABnwdFAkm5pFJoNMevdOkv9Ra; domain=.lxudv.com; expires=Fri, 18-Nov-2016 00:54:21 GMT; path=/; HttpOnly..Date: Tue, 18 Oct 2016 23:54:21 GMT..Content-Length: 159..<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://free.mytransitguide.com/index.jhtml">here</a>.</h2>..</body></html>....
<<< skipped >>>
GET /images/vicinio/dsp-images/jeremy.jacinto/asset1_3/1471015421274.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 12 Aug 2016 15:23:41 GMT
ETag: "67f289-2244-539e177aedfcc"
Accept-Ranges: bytes
Content-Length: 8772
Cache-Control: max-age=309598940
Expires: Mon, 10 Aug 2026 15:23:41 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
.PNG........IHDR.......N.....vf......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:BC00057560A011E6846DB5CE753C7B74" xmpMM:DocumentID="xmp.did:BC00057660A011E6846DB5CE753C7B74"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BC00057360A011E6846DB5CE753C7B74" stRef:documentID="xmp.did:BC00057460A011E6846DB5CE753C7B74"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..]...eu>........... j.`Bk1.Q.FK..)%....I4..j..-iE.kXt[.."`........ .@....h..,.........{g.t...s...{..o..M:...;w...}................D..(......g,A..i.x3......>R.?.;....] ..m. v.i..h...s..>Z..q.J.[{.....s....'.G.k...?.._....J!f{...v.....oj..d..z.t.E.9.... .9.S..F3.9&..B.G.,...'.......o....; ...P.a.(6...8.........kR..R)1M.)}..O....cKw.1.X.?t...ex..Mx...zO.__.J.y.E..,...#v.W...='.1...l.....(I......P{F.#.3..a.........e...............rO..!P1qi3.m/.q......'-...l....<1:..<...,.@A%..-..@.ZL.3m<v.~i....r%Xk. .......g..4V.....w...-.1..Q......._.yZ3......../.....^...G...
<<< skipped >>>
GET /images/vicinio/dsp-images/jeremy.jacinto/asset1_15/1471016865981.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 12 Aug 2016 15:47:46 GMT
ETag: "7ba137-145ae-539e1cdcd39fe"
Accept-Ranges: bytes
Content-Length: 83374
Cache-Control: max-age=309615403
Expires: Mon, 10 Aug 2026 15:47:46 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:FC8309A560A311E6BEADAEE121A9F7AD" xmpMM:DocumentID="xmp.did:FC8309A660A311E6BEADAEE121A9F7AD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FC8309A360A311E6BEADAEE121A9F7AD" stRef:documentID="xmp.did:FC8309A460A311E6BEADAEE121A9F7AD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>8.3.....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /images/download/spokesperson/html5/audio/spokesperson.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 10 Aug 2016 20:37:05 GMT
ETag: "8c0e4d-836b-539bd9cc03e40"
Accept-Ranges: bytes
Content-Length: 33643
Cache-Control: max-age=315290129
Expires: Sat, 08 Aug 2026 20:37:05 GMT
Content-Type: application/javascript
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
(function () {.. function isIE() {.. var myNav = navigator.userAgent.toLowerCase();.. return (myNav.indexOf('msie') != -1) ? parseInt(myNav.split('msie')[1]) : false;.. }.. var spokesperson_height;.. if (isIE() && isIE() < 9) {.. return;.. }.. else if (isIE()).. {.. var spokesperson_pos_bottom = "-4";.. spokesperson_height = "47";.. }.. var spDiv = document.createElement("div");.. spDiv.id = "wthvideo";.. var h264Fallback = document.createElement("h264Fallback");.. h264Fallback.id = "h264Fallback";.. var videoBox = document.createElement("video");.. videoBox.id = "videoBox";.. h264Fallback.appendChild(videoBox);.. spDiv.appendChild(h264Fallback);.. var wthbody = document.body || document.getElementsByTagName("body")[0];.. wthbody.appendChild(spDiv);..// Copyright 2015 Website Talking Heads..// JavaScript Document.. if (typeof(spokesperson_pathname) === 'undefined') {.. var spokesperson_pathname = "hXXp://imgfarm.com/images/download/spokesperson/html5/audio/files";.. }.. if (typeof(spokesperson_filename) === 'undefined') {.. var spokesperson_filename = "v3_spokesperson";.. }.. if (typeof(spokesperson_imgname) === 'undefined') {.. var spokesperson_imgname = "blank";.. }.. if (typeof(spokesperson_autoplay) === 'undefined') {.. var spokesperson_autoplay = "yes";.. }.. if (typeof(spokesperson_audioonly) === 'undefined') {.. var spokesperson_audioonly = "yes";..
<<< skipped >>>
GET /images/vicinio/dsp-images/jeremy.jacinto/background999/1471015850415.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 12 Aug 2016 15:30:51 GMT
ETag: "c23b03-11deb-539e1914596f0"
Accept-Ranges: bytes
Content-Length: 73195
Cache-Control: max-age=309599369
Expires: Mon, 10 Aug 2026 15:30:51 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
.PNG........IHDR.......;........ ....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:B5C5FA1560A111E6A80CCD989B9637E2" xmpMM:DocumentID="xmp.did:B5C5FA1660A111E6A80CCD989B9637E2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B5C5FA1360A111E6A80CCD989B9637E2" stRef:documentID="xmp.did:B5C5FA1460A111E6A80CCD989B9637E2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.,.....[IDATx.....uMV.........dhFA....0.@@@h.E........h4..C...h".@d&"B..D.....0.......nl.....>...O...kU.s...{.......}..].j.W.Z ...........x.&.......@H....... ..................i........4.......B.&.......@H....... ..................i...................wY_oqx=..z......z......O<.~..........>.....'..w............;.^...z......P..O...... .^.^_.9.>......w.^_|x}....47......<tB.....>..... 6......9.^....?..........>.........Z......z..q....{............!sZ..........k..g..zY..K6...V.......^?....>...../.........P9.H....A....*.....i.s.;.g.....z....W.5...~.0.......x.$Q......w.qx.
<<< skipped >>>
GET /images/vicinio/dsp-images/crx-tooltab-swap3/BNH.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 25 Mar 2016 20:59:54 GMT
ETag: "3fa382-381d-52ee5d8498564"
Accept-Ranges: bytes
Content-Length: 14365
Cache-Control: max-age=297523112
Expires: Mon, 23 Mar 2026 20:59:54 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
.PNG........IHDR... ...F.....45......tEXtSoftware.Adobe ImageReadyq.e<...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98512F760C206811822AC896686AF388" xmpMM:DocumentID="xmp.did:6A5DF37E9CF911E5B22EA406C34067A8" xmpMM:InstanceID="xmp.iid:6A5DF37D9CF911E5B22EA406C34067A8" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:94EA77E508206811822AC3D65860D978" stRef:documentID="xmp.did:98512F760C206811822AC896686AF388"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......4KIDATx....|..........z.l......m0..........=0y$....4.....i$.B..{!...S..i6.`p.M...n...}g..... .V ......A.w..;.3.7..s%.0@..A..A..q20g \.j.4..F6]...l.QS..A..A........M..... V..\@J..0.ae.~...kjjL.yy..l.L..^3).sV..$Af.5....kH......L...U.u1...n..'B........... .. ..n{.B!tuua.....}.M_cB$2B.$...eee....OX..y... ......\)i...iD..!.B........1.....A..Q......c.../...1.....'.....?>!<.af...Yh.....>..,..1L.h.......F..-.A..*.~?b...8.{Y.'R.| .$=.gH....%......../..\.9.....!B4M._.A.G....|>....j.R...A.Ga.J.9s&."....y/.[D9W&.V...
<<< skipped >>>
GET /PublicSureServerSV.crl HTTP/1.1
Cache-Control: max-age = 150326
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 20 Nov 2013 09:46:05 GMT
If-None-Match: "2b0037-c0d1-a6553140"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Tue, 18 Oct 2016 23:55:02 GMT
Etag: "4028c-511dc-53f2b845f2e20"
Expires: Fri, 28 Oct 2016 23:55:02 GMT
Last-Modified: Tue, 18 Oct 2016 22:50:20 GMT
Server: ECS (arn/46BA)
X-Cache: HIT
Content-Length: 332252
0....0.......0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybertrust Public SureServer SV CA..161018223231Z..161028223231Z0....0......... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I..101116165848Z0.........,U./...101116173007Z0.........,U.h...101116172944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0.........,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..101116195619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0.........-..4...110315204303Z0........../P....120206141831Z0..........I..@..120124180322Z0..........JP....110222182509Z0..........Jf/Y..120213142815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0..........YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu...120220131416Z0..........^..^..111007192320Z0..........`.w...120213144727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0..........hlG...120213145015Z0..........h.....120130140408Z0............j...120110213653Z0...........}....110406160143Z0............$...110401005006Z0................110401005536Z0............W...120308151704Z0.............h..120228141105Z0................110314145902Z0............`...110322142311Z0................110322142551Z0............lb..120110213802Z0.............0..130201130700Z0............OB..110321165802Z0.............o..110321172720Z0...........g.:..120221183148Z0...........Ud...110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSsjeGdqHvYWM4yo25qR2M70nK2oAQURk/B4IjafdN4m8huWS+w5PcdkOICEF5+ixQmE7FVqQByLDZZvTU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: su.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1603
content-transfer-encoding: binary
Cache-Control: max-age=506849, public, no-transform, must-revalidate
Last-Modified: Mon, 17 Oct 2016 20:36:49 GMT
Expires: Mon, 24 Oct 2016 20:36:49 GMT
Date: Tue, 18 Oct 2016 23:54:29 GMT
Connection: keep-alive
0..?......80..4.. .....0.....%0..!0........gd..}.....x.....3...20161017203649Z0s0q0I0... .............{.X.2.njGc;.r....FO....}.x..nY/........^~..&..U..r,6Y.5....20161017203649Z....20161024203649Z0...*.H.............-...P^.._...:..[7.C5...23.k...!.>.S.....X.........m....qV.>y..[.............c_......AE.e..J]..LQ.....X.^..9.W/..~.i.J.......-%l.. ._._.D.}{....!.....V(..3..jd4V...0.......w.r..~.........w..F.QE7S... OI........:?....<....*c.%/./.o......[......<............)...h0..d0..`0..H.......:q.......r6...).0...*.H........0{1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1,0*..U...#Symantec Class 3 EV SSL SGC CA - G20...160822000000Z..161120235959Z0=1;09..U...2Symantec Class 3 EV SSL SGC CA - G2 OCSP Responder0.."0...*.H.............0..........p.t..a....=$..t.t...}\.9,(.............#..._Zf{..h......-.g.S.i.p...{..z.L>e...H....n,E...{,U#..g......{.L.....x.....~..|.."...... ..^....`.....{.7..|.2:...Vm...bN|.,8..J..aRa..T.e..V.A....|..*$..........D....:......{8...5..2....t..H....'.(B.X/%J..1..r.A.........0...0... .....0......0"..U....0...0.1.0...U....TGV-D-17070...U.#..0...FO....}.x..nY/......0...U........gd..}.....x.....3.0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://VVV.symauth.com/cps0*.. .......0... hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0...*.H............._...<...ZU.'.e......P.......!Y'.J.X.h...\.Ts.9..s_{..@....`...h*hp..?...n..)r..O....j(.'d.fE......@e.......!.T}......8..q....b~G.e|....{~A.\bf.v.1uYP.k.-.^ ......~..;.....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSySC/85E/LNAiBe/rxiqbyloQ6UQQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8CEDY0nhjJnCZptlYubOWtcTI= HTTP/1.1
Cache-Control: max-age = 356574
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 10 Oct 2016 12:54:45 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1612
content-transfer-encoding: binary
Cache-Control: max-age=385155, public, no-transform, must-revalidate
Last-Modified: Sun, 16 Oct 2016 10:52:31 GMT
Expires: Sun, 23 Oct 2016 10:52:31 GMT
Date: Tue, 18 Oct 2016 23:55:03 GMT
Connection: keep-alive
0..H......A0..=.. .....0......0..*0......jwG.8s...r:ts.0.:.I...20161016105231Z0s0q0I0... .........H/..O.4..{.......:Q...l..`.....>.t c...Y...64....&i.V.l..q2....20161016105231Z....20161023105231Z0...*.H..............nc$'.$.i.. &..*J.z'.o6.T2|/1.7.h.....o...0...<.<L.o....$1..t..T..g..dt.!.F...t...9.u...j.5h?.ZB>CB.l.z.4C..........G...i9..:.. vn.tn....8.5C?g...o.!.<..G...:..6..t...&.....s......D)..*.b.cr.k.;F.....e.G."O....p../.%...{...SE.8.....Fb.....z....D.....m. ......q0..m0..i0..Q.......h`(V......*....R0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2008 thawte, Inc. - For authorized use only1$0"..U....thawte Primary Root CA - G30...151124000000Z..161214235959Z0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1503..U...,thawte Primary Root CA - G3 OCSP Responder 40.."0...*.H.............0....................Zs.8..W.D..c...H.....p.4I.........n..E...T.3...):w].s\`..t2........G.Gj|w).~i18J`....D....'t..e&q.Ga]>tw...0s.|I.R..!o.-.....G.. F-.s.......O..7_p9.:.............^..i..}.K..S3.1.9Z..N|w...u...Ay.*|%....y.nU..U.q.y.y. ....\.w.j........Cu{.!k............0..0...U.%..0... .......0... .....0......0...U.......0.0...U...........0 ..U....0...0.1.0...U....TGV-C-650...U......jwG.8s...r:ts.0.:.I.0...U.#..0....l..`.....>.t c...Y.0...*.H...............A...../W.....x.V.Km.H7Q.[..(..i..Y.........Ì....eI..j...|..O...k....X>r/{..\h.<..N.G...........Y.8..@i`..>..W...?..{...^G.)0S.>;..;4a#..)(.O{..
<<< skipped >>>
GET /css?family=Maven Pro:700,900|Roboto:400,700,900 HTTP/1.1
Accept: text/css
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Tue, 18 Oct 2016 23:54:28 GMT
Date: Tue, 18 Oct 2016 23:54:28 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
182..............Oo.0......74..c.....Q.S..e..R-.A.u.w.L.........}._.T.bS.....S..&........6...).g..`].6q-......&....Q..P..@...;...s&s..`......I.#q\....<.Q...X..Y.u.%\ r~...K]8..R@.PX..G.YU....L.f......j/.....~../M3..d...T._..?.X..K.8....rr...7..k....{...?..dFhb..o.a..........&.._.. ....U.wec,..2..........U./8......'.9[hO..o.X.`g...Q.V..H.Lm.>.7DhM}q...|..1....8a}O.......'-.I..B..............a....Xx........0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Tue, 18 Oct 2016 23:54:28 GMT..Date: Tue, 18 Oct 2016 23:54:28 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..182..............Oo.0......74..c.....Q.S..e..R-.A.u.w.L.........}._.T.bS.....S..&........6...).g..`].6q-......&....Q..P..@...;...s&s..`......I.#q\....<.Q...X..Y.u.%\ r~...K]8..R@.PX..G.YU....L.f......j/.....~../M3..d...T._..?.X..K.8....rr...7..k....{...?..dFhb..o.a..........&.._.. ....U.wec,..2..........U./8......'.9[hO..o.X.`g...Q.V..H.Lm.>.7DhM}q...|..1....8a}O.......'-.I..B..............a....Xx........0..
<<< skipped >>>
GET / HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: imcrack.ad-jump.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 10 Oct 2016 19:51:21 GMT
Accept-Ranges: bytes
ETag: "b9ac77ac2f23d21:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 18 Oct 2016 23:54:23 GMT
Content-Length: 103
<script>window.location.href='hXXp://VVV.adlcx.com/click.php?c=9&key=qz4n70dim7ol9955d9dq8457'</script>HTTP/1.1 200 OK..Content-Type: text/html..Last-Modified: Mon, 10 Oct 2016 19:51:21 GMT..Accept-Ranges: bytes..ETag: "b9ac77ac2f23d21:0"..Server: Microsoft-IIS/8.5..X-Powered-By: ASP.NET..Date: Tue, 18 Oct 2016 23:54:23 GMT..Content-Length: 103..<script>window.location.href='hXXp://VVV.adlcx.com/click.php?c=9&key=qz4n70dim7ol9955d9dq8457'</script>..
GET /images/vicinio/dsp-images/jeremy.jacinto/background/1471015123308.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 12 Aug 2016 15:18:44 GMT
ETag: "8721c4-530-539e165ed0c5d"
Accept-Ranges: bytes
Content-Length: 1328
Cache-Control: max-age=309613661
Expires: Mon, 10 Aug 2026 15:18:44 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
.PNG........IHDR.......A.....S.cY....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:C9177305609C11E69F659152BDA6B005" xmpMM:DocumentID="xmp.did:C9177306609C11E69F659152BDA6B005"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C9177303609C11E69F659152BDA6B005" stRef:documentID="xmp.did:C9177304609C11E69F659152BDA6B005"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>^.......IDATx..W[r. .C..P..C...P7K.._.L...1................"..7...$..l4....&.}#...*......O.....!u...*c.....^...W.m...Kb76.. .8.9 .....Ÿ..NU......$.......0VI~...\..Q*.....W..@.5...Ku....xZ.........-..9...Tv.h.Gz.J...a.~o.W.._.j.....8.Wx4.K7..8..F.....Z...A.:.....x.aPo.D.5.L@"N.......^.Y ...t.w...40W....T.......n....b*.\.....]W.2k.....9.~8......5.S..7...>w.n..C.:...._.z..^8..X.m...}.%...I[...(...0.[ez...X.`.B...Tt...W....|.vw..n....IEND.B`.....
<<< skipped >>>
GET /images/download/mapsgalaxy/checkbox-large.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 21 Sep 2015 13:37:13 GMT
ETag: "7a6825-5d6-52041faa34aad"
Accept-Ranges: bytes
Content-Length: 1494
Cache-Control: max-age=299315503
Expires: Thu, 18 Sep 2025 13:37:13 GMT
Content-Type: image/png
Date: Tue, 18 Oct 2016 23:54:28 GMT
Connection: keep-alive
.PNG........IHDR.......<......6......tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:18D531CE588611E5A10CFEFF4F01D22E" xmpMM:DocumentID="xmp.did:18D531CF588611E5A10CFEFF4F01D22E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:18D531CC588611E5A10CFEFF4F01D22E" stRef:documentID="xmp.did:18D531CD588611E5A10CFEFF4F01D22E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......HIDATx.b...e..`b....F. s6o.,!!A..w.....D1ZZZZFF.r..}.6...F..=j....F..=..!.._...-......H2.6'G[.C..Z{...f'..!..}....$ .......Y.Y...W..J.T.a.|.4.l..?_.`..?../..ID*x...t..o.)5:.r..O.....?.x..".;.N[.| .873W.j......Yr....'.R[^.....)....H..I.......K.X.{.V...W.P..._.&\*.../...Z.A....1.j...........My..=D.......s.A.rV.|<.2..Z..G........M......g?^... ...^A .T.l..`.....gb/.....{...\7...:..s#?... ..r7.a.....4....F.P.T....Bd....^k4K.....:K>n.n..#.$.4q..L...U...Q.......bcb]n0.._..Z&Z*p.....Xe.i.z.:._.EH.......M.Y.$Y6...1@.}..l.fn.H.|B.J.u.]`..`2G.........UO...Y.z...../`... rjt<.Q...V...
<<< skipped >>>
GET /images/download/symantec/nortonseal.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ak.imgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 16 Oct 2014 19:12:51 GMT
ETag: "b7e8b3-b51-5058f08e6247b"
Accept-Ranges: bytes
Content-Length: 2897
Cache-Control: max-age=263954565
Expires: Sun, 13 Oct 2024 19:12:51 GMT
Content-Type: image/gif
Date: Tue, 18 Oct 2016 23:54:29 GMT
Connection: keep-alive
GIF89a..X............................@@@.....................```..................000.....h .....J..................ppp.........PPP........Y.....,.................w.a...;............@1....dde........U223...999..............S...P@.....xa.|D..1..9.y.KKL..=.....T...0$.P=...............................................................................................................................!.......,......X.....[..............................................1! ....Y......M.....Z.......'.R.!....ZZ.[.......H3..[%...[.3Y.. ...,Y...81....JE......F...."..............k.3j.......o0jp....'.......,L.`.93...X~h......@...:sE..).YP...........jK(S.....A..A...K....h..]..EO.0.D.2p... Q...`.oB F.iQWL...6x..Y.. .."<.{.....s......B6...!.$........I.*36[3.....X.7Z}..............%...@...3_8VD...|.@....al......`..k.(, .)..,.....a...,t...C....A`.5.TR...y..|.e..K.....K....Y. .l..W %.%..{5..BU2Dr.5.i.....(...x..2.P.\s. G.`..X....0H/.I...9..0.i..PU..Lp.59.@E..e.#x.....#.....i.E..XX .m.....-p.f.....X..`6/m....a.....x`?..r......~.P..1...........H........9......... :....8@...$..E..)..Z.z%..B`ix..0.\.%...[,0.#.....-mP..[,jc.y&.........\...q...seJ..h0..
GET /pki/mscorp/crl/MSIT Machine Auth CA 2(1).crl HTTP/1.1
Cache-Control: max-age = 6793
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 18 Nov 2013 23:37:31 GMT
If-None-Match: "b61f5b26b7e4ce1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: mscrl.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=7129
Content-Type: application/pkix-crl
Date: Tue, 18 Oct 2016 23:55:00 GMT
Etag: "ad925b8a3c1d11:0"
Last-Modified: Wed, 08 Jun 2016 16:35:08 GMT
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Server: ECAcc (arn/46C8)
VTag: 279919325300000000
X-Cache: HIT
X-Powered-By: ASP.NET
Content-Length: 163018
0..|.0..{....0...*.H........0..1.0.....&...,d....com1.0.....&...,d....microsoft1.0.....&...,d....corp1.0.....&...,d....redmond1.0...U....MSIT Machine Auth CA 2..160608162453Z..160616164453Z0..z.0)....=.........130522112904Z0.0...U.......0).....3........130522112904Z0.0...U.......0)..M.\.........130522100146Z0.0...U.......0)....K.........130522100145Z0.0...U.......0)...........Z..130522100145Z0.0...U.......0).....j.....I..130522100145Z0.0...U.......0)....q.....q...130522094611Z0.0...U.......0).....C....q=..130522055646Z0.0...U.......0)..P.......j...130522055646Z0.0...U.......0)..c.......:...130522053344Z0.0...U.......0)..[..x....F0..130521142635Z0.0...U.......0)..[.......F...130521142635Z0.0...U.......0)..`.ii....9...130521142635Z0.0...U.......0)..`.X.....9...130521142635Z0.0...U.......0)..[.......F/..130521142143Z0.0...U.......0).....9....p...130520132837Z0.0...U.......0)..Q.4u....]...130520115050Z0.0...U.......0).....p....p...130520110806Z0.0...U.......0)...z......fQ..130520094526Z0.0...U.......0)..........e...130520094526Z0.0...U.......0)..........e...130520094526Z0.0...U.......0)... K.....p...130520094519Z0.0...U.......0)... H.....p...130520094519Z0.0...U.......0)...zF,....o...130520070955Z0.0...U.......0)..f..E....P...130518074816Z0.0...U.......0...\,jN....FD..130402211200Z0...../w....U...130328232900Z0...p.R.....G1..130226223400Z0....e......?...130220163500Z0....[......*...121221223500Z0...A......."...121206221900Z0...A......."...121206221900Z0...A......."...121206221800Z0...A..\...."...121206221700Z0...A.
<<< skipped >>>
GET /s/roboto/v15/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Accept: */*
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://free.mytransitguide.com
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: font/woff
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Thu, 06 Oct 2016 15:46:11 GMT
Expires: Fri, 06 Oct 2017 15:46:11 GMT
Last-Modified: Wed, 14 Jan 2015 22:46:39 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 18572
X-XSS-Protection: 1; mode=block
Age: 1066097
Cache-Control: public, max-age=31536000
wOFF......H.......~.........................GPOS............B...GSUB...`...\.....&.ROS/2.......U...`....cmap...........8..!Zcvt .......Z...Z...=fpgm.......=......c.gasp...X............glyf...d..6...a.:. .hdmx..BX...d........head..B....6...6....hhea..B........$.]..hmtx..C....G...v..8.loca..E\........Le3qmaxp..G.... ... ....name..G8.........D-/post..G........ .m.dprep..G..........w83x.....dG.....Zq.b.v2Z .m.6.b.N......o..F..^t....U...#i.&.z....5I[.w...k.....2.{.9._.#..f.Y%........_v..Wj...$'...`..6....'8.z ......^.W.....h'..^.....]...3..}...}.?.}..p....gx;{......R...Vp?...^Gw..t..............l..a...v.N.Y.hW........:P..P..#..QJW..4V.5A.5E'.T..3t...........@..#}.O..>...B_.{.....~..-.B-.b..J..j.Q..T.5..,....qGtn...(j..).oR.v......e1.`E:........a2L.*.bu:.jt.<...........!|...'0..f.l..sa.....X..`1..U...@6../.. ...[..N....H.q..{......:.*t.5.. .....A..d.f.`.6..~..r]a..v.R..qz.>.#.:wF..c..T..Q4..B2.I=....J.$vM:.~._a.L...B..]oE.l.. .2a2...`~.s......G...."X......'.]..C&L.'`>,...........}..p.a..-c..V2.......W..W.^....y....~.i0..X... .2a.]...Sms........X..`1...*X.k .......S.l.D.........9H\eX..:......jeAtG.. ..|.b9:.....O..bN.Fn...iz.V...............'_.0g.?......a[b........./WJ..].2|.......\..:....._.50.#.m.>.;q.!......Vg...4..b..f2..E..c...0$4....Ld.4AVk9...{.U.h..i......f......o.!3....F......$K....l......2$.(..W..f....-..........V1...."d...........?...L...5.8 I|.......h...g/.....s.V.?)B.".h.....!......u.....J..2..Y.z...Z......#K.r....=......o}.ZK.?1.\.._...$....y.=y....T..9)x.....*..ti..Q....&........y....m.5.
<<< skipped >>>
POST /mirrorCookies.jhtml HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: mytransitguide.dl.myway.com
Content-Length: 2844
Connection: Keep-Alive
Cache-Control: no-cache
sessionData=,,-1,false,1,"ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh+SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx+RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh+VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH+GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye+ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="&language=,,-1,false,1,en&partnerId=,,-1,false,1,^BNH^orgyyy^S18478^ua&installDate=,,-1,false,1,2016101902&ttabFirstInstall=,,-1,false,1,true&coId=,,-1,false,1,4dff599246e047698ff2f0e
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:54:29 GMT
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: hXXp://free.mytransitguide.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Max-Age: 1000
X-XSS-Protection: 0
P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: sessionData="ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: language=en; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: partnerId=^BNH^orgyyy^S18478^ua; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: installDate=2016101902; Version=1; Domain=mytransitguide.dl.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: ttabFirstInstall=true; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: coId=4dff599246e047698ff2f0ebb1fd4041; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: npsSurveyUrl=""; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: toolbarId=499A6693-B752-4D80-A711-A1A68D9D06CA; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: partnerSubId=""; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: dlput=S18478; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: installType=MSNI; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: successUrl="hXXp://free.mytransitguide.com/installComplete.jhtml"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: chromeShowToolbar=nowhere; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: ChromeExtensionCopies=stubby; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: newTabURL="hXXp://hp.myway.com/mytransitguide/s18478/index.html?n=780BD6C7&"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: newTabCache=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: newTabBubbleURL="hXXp://free.mytransitguide.com/chromeInstruct.jhtml?tabView=bubble"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: newTabInstructURL="hXXp://free.mytransitguide.com/chromeInstruct.jhtml?tabView=instruct"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: newTabSuccessURL="hXXp://free.mytransitguide.com/chromeInstruct.jhtml?tabView=success"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: dynamicKeyword="Transit Guide"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: dynamicImageUrl="hXXp://ak.imgfarm.com/images/vicinio/cobrands/BNH/MyTransitGuide_1465240174340.png"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: pixelUrl="hXXp://free.mytransitguide.com/install_pixels.jhtml?partner=^BNH^orgyyy^S18478^ua&coId=4dff599246e047698ff2f0ebb1fd4041&tbGuid=[TBUID]"; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: defaultSearchOption=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: defaultSearch=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: homePageOption=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: homePage=false; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: countryCode=UA; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: cakeId=""; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: campaign=orgyyy; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: cobrand=BNH; Version=1; Domain=.myway.com; Max-Age=2592000; Expires=Thu, 17-Nov-2016 23:54:29 GMT; Path=/
Set-Cookie: anx="xracl=&xckoid=&xgds=&lv=1476834869119&xad=&xmvte=&xit=&xlang=&xmvtv=&xmvtt=&xckid=&xrm=&xrp=&xrs=&xrt=&xnt=&xft=&nv=1&fv=1476834869119&xuer=&ob=-&oc=-&od=free.mytransitguide.com&xgc=&sn=dubprdsndlbfe46.dub.jabodo.com&ok=-&om=referral&xrco=&xrca=&op=index.jhtml&xrcc=&os=-&surveyUrl=&xkw=&g=-&xct=&xiad=&xbkw=&tbGuid=&xg=&xh=&xi=&xtp=&xn=&xp=&xtt=&xpp=&xs=&xt=&xu=&xcid="; Version=1; Domain=.myway.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:29 GMT; Path=/
Via: 1.1 VVV.mapsgalaxy.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Set-Cookie: ltm-1d=rd119o00000000000000000000ffff0a904c36o80; expires=Wed, 19-Oct-2016 23:54:29 GMT; path=/
a..............53..-.A..0...Rr.....im.B.....W..0...>4s..2.....I...w.3..<.a.&....TqP.....]..x.7...KX.....0..&ok=-&om=referral&xrco=&xrca=&op=index.jhtml&xrcc=&os=-&surveyUrl=&xkw=&g=-&xct=&xiad=&xbkw=&tbGuid=&xg=&xh=&xi=&xtp=&xn=&xp=&xtt=&xpp=&xs=&xt=&xu=&xcid="; Version=1; Domain=.myway.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:29 GMT; Path=/..Via: 1.1 VVV.mapsgalaxy.com..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Transfer-Encoding: chunked..Set-Cookie: ltm-1d=rd119o00000000000000000000ffff0a904c36o80; expires=Wed, 19-Oct-2016 23:54:29 GMT; path=/..a..............53..-.A..0...Rr.....im.B.....W..0...>4s..2.....I...w.3..<.a.&....TqP.....]..x.7...KX.....0..
<<< skipped >>>
GET /index.jhtml HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://imcrack.ad-jump.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: free.mytransitguide.com
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:54:27 GMT
Server: Apache-Coyote/1.1
P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Language: en-UA
Set-Cookie: userSegment=""; Domain=.mytransitguide.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sessionData="ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="; Version=1; Domain=.mytransitguide.com; Path=/
Set-Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en_UA; Path=/
Set-Cookie: anx="xracl=&xckoid=&xgds=&lv=1476834868192&xad=MyTransitGuide&xmvte=&xit=&xlang=en&xmvtv=&xmvtt=&xckid=&xrm=&xrp=^BNH^orgyyy^S18478^ua&xrs=&xrt=S18478&xnt=&xft=&nv=1&fv=1476834868192&xuer=1&ob=-&oc=-&od=imcrack.ad-jump.com&xgc=false&sn=dubprdsndlbfe45.dub.jabodo.com&ok=-&om=referral&xrco=BNH&xrca=orgyyy&op=-&xrcc=ua&os=-&surveyUrl=&xkw=Transit Guide&g=-&xct=&xiad=&xbkw=&tbGuid=499A6693-B752-4D80-A711-A1A68D9D06CA&xg=&xh=8681&xi=MSNI&xtp=vhigh&xn=&xp=vicinio&xtt=template_new&xpp=^BNH^orgyyy^S18478^ua&xs=29954&xt=intdefault&xu=&xcid=4dff599246e047698ff2f0ebb1fd4041"; Version=1; Domain=.mytransitguide.com; Max-Age=7776000; Expires=Mon, 16-Jan-2017 23:54:28 GMT; Path=/
Via: 1.1 VVV.mapsgalaxy.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Set-Cookie: ltm-1d=rd119o00000000000000000000ffff0a904c35o80; expires=Wed, 19-Oct-2016 23:54:29 GMT; path=/
1a88.............}kw.8.......`8....z.m7;....;N..;.=.dt(...H............|.r....N.$..B.P(..@.....? .gU.g..W.V..!..`2..........?D..P.eJ.....#.....{...w.....*....w....,{...ye...?..~......i.....$a.F.o.j...-.*M......M.f........[......r..l..o..US....$qK.t....8....=7..4LG..........X.......6....zq.X.@..i........A.YX.r..,.v..h...t..n.....\;.n....c...8.R......m..7..QN.q...,..b..k.4.z.'..Rbo.....&Ho..........q.A2..)rNC.C.Z^...y@.......xI.?o......b..N..C......N...(...d#./..J.>.w..?.h..'.....J.g.M...^.#.H..Eq.P.N....w....P..DB.....0...........j}...........]{../......z...;98.....$...o....=.^..k/......O....K...M.?.q......nO.u......x..w./.x.l..Q..p...IE.4:.n.x.K.z#.v.|.Bv2.I.... .......L...,...p.%W....3.M.8.,..q4.9.....].'!.n#.7.I.....N..k.../'... ..gW.....4...}n.......M.w?yq..GA............A.......D....U.kU.?........8m{.).....3.... H@.z......K..Q..xf}...[ ...&r..T.....Au..2.....z. ...%....c.....p....9...(...h..5Xj/k<P$2...........-,..P;..!.j.2rU..L`..A..X.?.i.'..P.8q.q?.)E..$..Zm..A...9).....1.P.......yVmg..u..0.X...".p....%.z.~X..P.q|. .4.....S.=...K^{..}1(.k}.0~.b...=2F.K.....].6K..k}..LD.x..9~.....&...7....RW..1...._....8v3....=.................,{........[............6.....G!.!...]N........sB..M%..!...jL.5....5...@...=....z...x. ...7j...6.Q~.C.......$#...&...).|......@.3.....YkQ}..A.iU....b.$..Q..S_.........j'...2.8S...f.x...N.. .$...<.d[4......i.....e8.;.2...f\...D.K..;ZI...M.Xb....Wo*..\.[..I.$......t..b...l......I?......,V..`4..~r...@.>./.?.3.b....&~...1RF..B#%.6@.....}..U}F.Y....Q.9........2.A.UQ..T....*...)
<<< skipped >>>
GET /anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/index.jhtml&anxl=en-US&anxlv=1476834868242&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1169750588 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: free.mytransitguide.com
Connection: Keep-Alive
Cookie: sessionData="ifzeaV4XzhTIIeOeWwSNahnBw6dSDKP8C2nEtqpT1ILtHWNzQX4YyEB4XmbLrzPyxuQWljAedxSdh SiFsGi4LGhfh7z/HNGBwEkpESkquX5J8v4vQNQAIBJnfgkI3VAQtV6ozG1viMkSj3AVWIG8dtuhUxvRPquFjBN6d2u9OsS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYHqIJ8RUlF9k66cs0Cudhqn1CkA32taL4rpJdpiySBUlvW9etXDGC22DDTnPABoMzhUzA5zYEiITJy3zZ6S4md60Lrx0UlU16ZniRYz4x3T1VwEMrx8/f6hx2NkYJjTM5v6pXjQj/QeARDu9CfbCDfl4AEJlv14SkQJQDfVh8qUp/Iu2IlD//lgQDgAOkh0vPRtvHbda1hznOcJJw3JbhOXy0sMln5W6O5hXZl9RXQjHGrLGExFof40SAh VWzL9tAaog5LLV/XqBN1qSdjy9akRSODBIDogIMu91os6B5adyRlXiVmibgRZS6wZ11RQJsUU4CJKrHg5owacn2FncLAgsdLrq9oLZCllv3nY9VsntaebcLAk6p/JMo8QRSLPdSotynKgh71oiQb57SH GYAMApZs3qEtb6wEv0UT3wF/DrCm59AUS8c1VCgfnDDvmye ArJym6sxiMQN6VEo/8qa1QbahfocVl5ms7eVnYovhVlsny3sopR1uozldCkwA8T1nyFmvQh2wxZq2WPf1vL/2TGic1omZaqz7A7SG0LPg=="; anx="u=A21D5714-8440-42E1-A400-95A248EEA772&fv=1476834868192&lv=1476834868431&nv=3&t=-&v=-&p=-&si=-&s
HTTP/1.1 204 No Content
Date: Tue, 18 Oct 2016 23:54:28 GMT
Server: Apache-Coyote/1.1
Via: 1.1 VVV.mapsgalaxy.com
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
HTTP/1.1 204 No Content..Date: Tue, 18 Oct 2016 23:54:28 GMT..Server: Apache-Coyote/1.1..Via: 1.1 VVV.mapsgalaxy.com..Content-Length: 0..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive......
GET /anemone.jhtml?anxuu=A21D5714-8440-42E1-A400-95A248EEA772&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dubprdsndlbfe45.dub.jabodo.com&anxu=http://free.mytransitguide.com/installError.jhtml&anxl=en-US&anxlv=1476834869133&anxrd=free.mytransitguide.com&anxrp=index.jhtml&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&errorCode=blockedCountry&errorType=browser&anxe=installErrorLanding&anxr=361991559 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://free.mytransitguide.com/installError.jhtml?errorType=browser&errorCode=blockedCountry
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: free.mytransitguide.com
Connection: Keep-Alive
Cookie: sessionData="eM8hGio79AhShEic3iyflDqBDEWs0qHfCkXaLgses0EowfzQMAz7Spf5cdb4uN yb9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlT5YmMQwFlCvR5hn6iYMaMPblvFok1L/uyROAZ4/H5ml2w0coDerWYSusuZsNWOS4Uw/YAb7w35L7Jn5kaZtkCgF5yP6Eh0f PwQ8lXGEDaf7r8WP7z4uyjeW3BC0l3kswI6qbLTs5/lcidHLJAKWvAMzBuHgzE5peSufxGV90jebaNwsedd32MQE6Ck2T7xP 91B2By gwEyvKWzDA/E2W Ojq92fB FumE956LuEhkV qiV/RoSReyMIYDxTSkY8/v1OpT7cPdbRSIod021Qb0mWGKtM0vyOHoxhBIQEEg Tgoa/QIH r21bW9EdgpgW05o5Cn3JjGhxk0LeAFUJ4j bX4RqCA0EGE/TaqQCWxS/6KurG7Uqdju1OxmZeNOU0x/4biAuF7mTNWiyc5MisutUv7d7pbIqRp182dUKo9Hn898aMj3DzSC7jYIVueiYNzm9DepmxqIcGnVdVfC1NWkT3JCtbm0NhR0894bR33UEjADKa4FkUpOmSiNZK tklb25Sa48J409tpDt0DsDPYsDEOyAQI52oGLmCJicWeRUZmv/Zz8U7UHNXXJbaQBjassYTEWh/jRIC
HTTP/1.1 204 No Content
Date: Tue, 18 Oct 2016 23:54:28 GMT
Server: Apache-Coyote/1.1
Via: 1.1 VVV.mapsgalaxy.com
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
HTTP/1.1 204 No Content..Date: Tue, 18 Oct 2016 23:54:28 GMT..Server: Apache-Coyote/1.1..Via: 1.1 VVV.mapsgalaxy.com..Content-Length: 0..Keep-Alive: timeout=5, max=98..Connection: Keep-Alive..
GET /prd/ttdetectUtil.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ttdetect.staticimgfarm.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 17 Aug 2016 14:30:22 GMT
ETag: "3f18a9-53ea-53a454e3136a3"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=26145773
Expires: Thu, 17 Aug 2017 14:37:21 GMT
Date: Tue, 18 Oct 2016 23:54:28 GMT
Content-Length: 7730
Connection: keep-alive
...........\{s.F.....5...pD...........?..d.(.....D.4.ZRH.g....0.A)....J...3.......(.......vk.....l........7.c/.\{..b.%....;aC.w.wW...N.i.....\o!..7/^%...C^..2/.......A&W...VU_S.C~u..'..p..l.&`y.....Q..d........5.[l...}.?r..i .........c....A..a...........O..`....".......Gb..x,<.&...?...c.z../j.....(.:p....X./.J.w4.}.v...w.......m9....\.....W...1U&..'..2._.IL...!..@.....^....0Gw...s.A..Kv..:.m..5...6.E..O.>...gS...8.....S....*K...Uqi..V.[...0....j!.y.q_...#......O..@F../.....B1.)....Mg....."a}$o>.L..b\..}.OQ.AS6eu.fc..6".r..#..q.JmE02....k.l.'..0[.j.X......j.G.bh`.-"...q.P$m{,.....A/...zG#7.{.......[$=1...g.............mZ....sW..Q....B6.C...ra*..........mh...............nf.=...ZF..4)"..u.!.0T.}lU.L.YN5N{.8Y..... .4.T..3..x..A.[..:...O...C{....=&.w#...kT.........).....u.^.G............J.....o.rN/....{x.e.......pv6...Nzq..np..Qxq....~.... U.T....a..CC.....=...R...>....cF...dA`.'PxA.....A.wH62e......H7..~q.....Z...4..T*.J...|..7..`...Q.....).=....QC..Xi6.q.._..Pj.J..$.K..eZO.v.e.u/....Y....rY.`P-..6........n.f.,..^.= .M...5.*3..\....5.....ze.....>.Ty.N.. .$.4....i...GB....)p......[.XM....-...v...".6..ls...... .U.....TX.......DH6?.mz1..fw..............8S..3/L.b.]O..?..............'...l...O....l[dk..]..-*....".......[{.....i..t.5......A....... ..bj....m.Nz.B......H}.....".L..(..;........6)..S.I..l..2.4.b.......X.J..9e..o.G...Wl.xg.\%.55..k..V....W.\.Q...1.3@M..1.......!J..k..........C`...6=.9....!.@.?*......".3.X..$.;..^#@...v....9Y........,......L...W...2A3.....0>..`.._p.rz6.m..GOKM^d..@..=...*..6..
<<< skipped >>>
GET /s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff HTTP/1.1
Accept: */*
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://free.mytransitguide.com
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: font/woff
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Wed, 05 Oct 2016 21:44:05 GMT
Expires: Thu, 05 Oct 2017 21:44:05 GMT
Last-Modified: Wed, 14 Jan 2015 22:47:37 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 18520
X-XSS-Protection: 1; mode=block
Age: 1131023
Cache-Control: public, max-age=31536000
wOFF......HX................................GDEF.......@...L.0..GPOS...............IGSUB.......\.....&.ROS/2.......V...`....cmap...T.......8..!Zcvt .......L...L$A..fpgm...H...;....g.\.gasp................glyf......6r..b&....hdmx..B....d........head..Bh...6...6.F..hhea..B........$...}hmtx..B....E...v.ZQ.loca..E.........:.!.maxp..F.... ... ....name..F..........o,.post..G........ .m.dprep..G.........t...x......P..............@.C.e....N..4.{.qt...r.q.................#x....p#L.......si...m.:..m..m.6..m....\....v..xVm.....T.....g..".*..............[..f8.....'d..o.b.....-...x@...K....Gc..k...$..w}.T7.y]....Q....eu.]qw.........2X..\R....ujR..3wW...k.IK$......o.......9_....-..'....d!;..G......d....X.1..Ld....,f3...c1.Y.Z...-D.C,qlg..H{^mv;.6.-B...CN|4....k.Z..|...gR.^..?4....AxIO.?..]{)D$J..$..cJ|.V;@................AZe/..r.).....A~...R..O;..(.FZ..F..F|......z1......l<um.v...-..-..m...&..S.....R.&..#.].....)..N.'|.w......}I._....e.....% .Xv.M........7;.....%Y$.........v.w...2J.G... .d.,.]Ke.,...RV..jY#ke.l.h..X..x.. [e.l..;$..-./m?_.q...,....JO(..b..];..2_..BY$.Z..V~.}.....d.v.Ek]....U.V..Y .......E2R....4............]...$...U.Z..ZY'.dQ.E.û%N...)..&=E.../d.,...H..7...d.,.....-..û%N<a..B....x......;e-.....v.t6....b.....J..}.~?.".}.Q./Dmo;......`.?.D..;V...........m.-..~...(.)..u.......,.....G.~....V......`..OX4X&. ..............v.Vj..s.S..}W....6..).l.<'....:..;.`..Z....v.$.m...[@...`{......wPjGl...i.a... ....~?X.4C.,..]...v0....'=..;....y<T..........w~....P.z.....k&.O..~...:...X79w.........7..>..;VC.?
<<< skipped >>>
GET /MFUwUzBRME8wTTAJBgUrDgMCGgUABBTkLVLomfJQOu5CFIgPOR73ljBRHAQU+L36r3N3xscb+UtNEafRM6+vchECFEOZrYpYgDwxeWGj/HetMtWiXvU/ HTTP/1.1
Cache-Control: max-age = 339923
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:41:21 GMT
If-None-Match: "c06e9a4e33eec9dd813b8faff15397229f914d2a"
User-Agent: Microsoft-CryptoAPI/6.1
Host: vassg142.ocsp.omniroot.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1746
Last-Modified: Tue, 18 Oct 2016 23:39:37 GMT
ETag: "ad53c6a6b1b3444f6b77a37ebef2d7484963ffca"
Cache-Control: public, no-transform, must-revalidate, max-age=339881
Expires: Sat, 22 Oct 2016 22:19:44 GMT
Date: Tue, 18 Oct 2016 23:55:03 GMT
Connection: keep-alive
0..........0..... .....0......0...0......\r...Ev.C..*....omJ...20161018233937Z0w0u0M0... .........-R...P:.B...9...0Q.......sw....KM...3..r...C...X.<1ya..w.2..^.?....20161018233937Z....20161022233937Z0...*.H.............>b.}.DN.|.......=.x...!...L5. _.<.. :....ZI.k)RLB......j._L....\.vi.t..'.-......B,.....!i..J...M...@..R...wv.HO..2....f.y?....#..7..3...`..-c..u..2O.....i.A.H1.....3..u...'J.=....|nfj..6y..........\...{.O.De.'....~...}.nl..O........&.Xx#.......?..Ujc_Q.W......0...0...0...........1....n.SsnC.K.]I.w90...*.H........0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cybertrust1.0,..U...%Verizon Akamai SureServer CA G14-SHA20...160407064154Z..170407064154Z0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cybertrust1%0#..U....vassg142-OCSP Responder 20160.."0...*.H.............0.........w.;..Eu..'f.c^....Qe.O...U.....d.\?.....S.r'g.d..ES.NA.t....<.....#?.."...*Pm.<..s........v...<....8......A@.....7h...r$.T..8=......\....>......z=t3?(.....i.>t.^.....]7.9..j.E. ....{.$w..Y,...hf..6......L._9,.....i...S...)/.."^.K.O...bb^....V....'p...'V..........H0..D0... .....0......0L..U. .E0C0A.. .....>..0402.. ........&hXXps://secure.omniroot.com/repository0~.. ........r0p06.. .....0..*hXXps://cacert.a.omniroot.com/vassg142.crt06.. .....0..*hXXps://cacert.a.omniroot.com/vassg142.der0...U...........0...U.%..0... .......0...U.#..0.......sw....KM...3..r.0...U......\r...Ev.C..*....omJ.0...*.H.............l/0j.Z.z.......n-..
<<< skipped >>>
GET /click.php?c=9&key=qz4n70dim7ol9955d9dq8457 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://imcrack.ad-jump.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.adlcx.com
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 18 Oct 2016 23:54:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.22
Set-Cookie: IMT1476834867338=FmQjHNSenT91Chmd0gil8Q==1utnwaBcjG6ua2Jx283vHQ==; expires=Thu, 20-Oct-2016 05:54:27 GMT; Max-Age=108000; path=/; domain=VVV.adlcx.com
Location: hXXp://lxudv.com/?a=539528&c=1430992&m=32&s1=&s2=1494351
0..HTTP/1.1 302 Moved Temporarily..Server: nginx..Date: Tue, 18 Oct 2016 23:54:27 GMT..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.6.22..Set-Cookie: IMT1476834867338=FmQjHNSenT91Chmd0gil8Q==1utnwaBcjG6ua2Jx283vHQ==; expires=Thu, 20-Oct-2016 05:54:27 GMT; Max-Age=108000; path=/; domain=VVV.adlcx.com..Location: hXXp://lxudv.com/?a=539528&c=1430992&m=32&s1=&s2=1494351..0..
GET /s/roboto/v15/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Accept: */*
Referer: hXXp://free.mytransitguide.com/index.jhtml
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://free.mytransitguide.com
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: font/woff
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Thu, 06 Oct 2016 00:37:34 GMT
Expires: Fri, 06 Oct 2017 00:37:34 GMT
Last-Modified: Wed, 14 Jan 2015 22:48:06 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 18568
X-XSS-Protection: 1; mode=block
Age: 1120614
Cache-Control: public, max-age=31536000
wOFF......H.......~.........................GDEF.......@...L.0..GPOS...........N....GSUB.......\.....&.ROS/2...,...U...`....cmap...........8..!Zcvt ...,...B...B.N$.fpgm...p...>....S.W.gasp................glyf......6...a..`.Mhdmx..Bd...d........head..B....6...6....hhea..C........$.&..hmtx..C ...G...v..A.loca..Eh........Q.8.maxp..G(... ... ....name..GH..........,.post..G........ .m.dprep..G..........6~.x......P..............@.C.e....N..4.{.qt...r.q.................#x......].../....W...l..m..m..m..=U[...R.....[...wn...I)TI...T.T%}..{.V..i..-..U.Nm.Gn!3b..w....}..[6..F_D.%.@.Kb.t.I..=.. NRng...,p.9..=N2'..g....S....qZ..9..>.@F.3.......7.A........."..W2. ?b..9....T.~...M....U:eT&eS....G.UB.T^.TQUTM5T[.5IS4U..\ .R..Zk.V..^..Q..C;.K.u@'tR.tZ.tQ.tYWtU.t[..,.s.{.\..{.SrQ#P.=W.Ln;../..jm.........[..6_n.V.. .....0.%.K*,/..z..XI|.."..$.Fl.l..A5..$....#2....m...[...|...>.>..J.../...7P).O...Yo.....5Uc."._..O.=......4......m.w..\B...%.........._|.5.k*..YY..s6;.%..s......F..7...-..X:e#...QQ{.bP.JBE....g.{..0..dr..r.W.JX..a...[..0...p...{.N.)8....\. p..Q.:...p...!)...r.#..W.m.u..X.`}....@.........>.../.J3.IGtO...*.j...&).s.RBQ....P.*.h..o.L..p...8...4.$...Aq(..a4...p.N.i.PE{..p......n.. ..d...>2......`?.Rs..Aq(....*.V..h4.q8.'......\..p... i9* ...$.W...T....K.ho....a..v]...y...X..=..B.UH../..eX).._.s..xe.....'.W....F.>d.l....l)..l{.d..<.[..m...wV.~...v...O..o..m."...>......s.2..[.0.".....e........],......@..h].,d..%!k(.$_g..S......{.E....lz.j...B%..uh......s;b.x..6O....@z$.,d..^..w#..8r...RG.[.......%
<<< skipped >>>
GET /AddTrustExternalCARoot.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 19 Nov 2013 13:17:06 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.comodoca.com
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:55:01 GMT
Content-Type: application/x-pkcs7-crl
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly
Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT
ETag: W/"5806650e-22a"
X-CCACDN-Mirror-ID: rmdccacrl3
Cache-Control: public, max-age=14400
CF-Cache-Status: HIT
Expires: Wed, 19 Oct 2016 03:55:01 GMT
Server: cloudflare-nginx
CF-RAY: 2f3feb3351384050-SOF
25a..0..V0..>...0...*.H........0o1.0...U....SE1.0...U....AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root..161018180814Z..161022180814Z0i0!..S{vVO)...iC.".,y..151214155830Z0!..F....L...e.n.B.d..151214155830Z0!..:...u....t........151214155830Z.00.0...U.#..0......z4.&...&T....$.T.0...U........0...*.H...................83^pX...C..=...;!kY....k...Zy...5.....:..o.Mk.R....._......\.\od..D=...yF.)...M%......A5<5..x.8..$...?.X...}...........$$..l.N.;.S..|i.{......6.9@.......W.V..X..P..:.c..;..'N."Cbf!=f[.K.DR.go..~..;.....)g9..*.c..B.7.@.|o.......r...J..;....b..E...{. 3..0..HTTP/1.1 200 OK..Date: Tue, 18 Oct 2016 23:55:01 GMT..Content-Type: application/x-pkcs7-crl..Transfer-Encoding: chunked..Connection: keep-alive..Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly..Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT..ETag: W/"5806650e-22a"..X-CCACDN-Mirror-ID: rmdccacrl3..Cache-Control: public, max-age=14400..CF-Cache-Status: HIT..Expires: Wed, 19 Oct 2016 03:55:01 GMT..Server: cloudflare-nginx..CF-RAY: 2f3feb3351384050-SOF..25a..0..V0..>...0...*.H........0o1.0...U....SE1.0...U....AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root..161018180814Z..161022180814Z0i0!..S{vVO)...iC.".,y..151214155830Z0!..F....L...e.n.B.d..151214155830Z0!..:...u....t........151214155830Z.00.0...U.#..0......z4.&...&T....$.T.0...U........0...*.H...................83^pX...C..=
<<< skipped >>>
GET /UTN-DATACorpSGC.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 19 Nov 2013 13:17:06 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.comodoca.com
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2016 23:55:01 GMT
Content-Type: application/x-pkcs7-crl
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly
Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT
ETag: W/"5806650e-22e"
X-CCACDN-Mirror-ID: rmdccacrl6
Cache-Control: public, max-age=14400
CF-Cache-Status: HIT
Expires: Wed, 19 Oct 2016 03:55:01 GMT
Server: cloudflare-nginx
CF-RAY: 2f3feb3792c84050-SOF
239..0..50......0...*.H........0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U....The USERTRUST Network1!0...U....hXXp://VVV.usertrust.com1.0...U....UTN - DATACorp SGC..161018180814Z..161022180814Z0#0!....^{.j.......^....161004055749Z.00.0...U.#..0...S2........].N...E..O0...U........0...*.H...............-_.:...9.~....Xt.@...= CV....}[..T.,3..[*yw......i..7..p.[....y3W...2_|i.q.7.''}_~....2(A...K.jC.....(fP........?.L...z.h].*. .|......Eg..Dh~.( M....m-. .1'.H... 3@.......$.C../rq.....}<K....>Q...*_..a.`H....\.s..v.Q....0..mR.......H.H.3..........OB.......0..HTTP/1.1 200 OK..Date: Tue, 18 Oct 2016 23:55:01 GMT..Content-Type: application/x-pkcs7-crl..Transfer-Encoding: chunked..Connection: keep-alive..Set-Cookie: __cfduid=d5c8d350cc5e5705136a7a7bcb673f6e71476834901; expires=Wed, 18-Oct-17 23:55:01 GMT; path=/; domain=.comodoca.com; HttpOnly..Last-Modified: Tue, 18 Oct 2016 18:08:14 GMT..ETag: W/"5806650e-22e"..X-CCACDN-Mirror-ID: rmdccacrl6..Cache-Control: public, max-age=14400..CF-Cache-Status: HIT..Expires: Wed, 19 Oct 2016 03:55:01 GMT..Server: cloudflare-nginx..CF-RAY: 2f3feb3792c84050-SOF..239..0..50......0...*.H........0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U....The USERTRUST Network1!0...U....http://VVV.usertrust.com1.0...U....UTN - DATACorp SGC..161018180814Z..161022180814Z0#0!....^{.j.......^....161004055749Z.00.0...U.#..0...S2........].N...E..O0...U........0...*.H...............-_.:...9.~....Xt.@...= CV....}[..T.,3..[*yw......i..7..p.[....y3W...2_|i.q.7.''}_~...
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRVuMwyhZnBGWkFKlkeoNe9zdlbSwQUK5o1rgEYODDhcHoF4BF2o869kBQCEBbfOFWwaAAL65vNdl55UHU= HTTP/1.1
Cache-Control: max-age = 360742
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 10 Oct 2016 14:02:11 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: tg.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1451
content-transfer-encoding: binary
Cache-Control: max-age=408357, public, no-transform, must-revalidate
Last-Modified: Sun, 16 Oct 2016 17:17:47 GMT
Expires: Sun, 23 Oct 2016 17:17:47 GMT
Date: Tue, 18 Oct 2016 23:55:03 GMT
Connection: keep-alive
0..........0..... .....0......0...0......|.....Q.......Uh..z...20161016171747Z0s0q0I0... ........U..2....i.*Y......[K.. .5...80.pz...v.........8U.h.....v^yPu....20161016171747Z....20161023171747Z0...*.H..............._..5..7..T....g.:`.........*....P.C..9t1......1....w.|.....kbl......"=.B)...w...h%.V8J.M. d.y..*......!8q2......?\"#...f.3.,..&..9.......!..).`...B.......*...z.F...O.]....3 .fQ.e.........sF...T.......d.YT...}X....}..p...k...:..Q|...O.E..f\.H.?.L.Z....|......0...0...0..........e......L.B......0...*.H........0C1.0...U....US1.0...U....thawte, Inc.1.0...U....thawte SHA256 SSL CA0...160829000000Z..161127235959Z0O1.0...U....US1.0...U....thawte, Inc.1)0'..U... thawte SHA256 SSL OCSP Responder0.."0...*.H.............0................#.....]......F#...Q...b:k.._n.X..!a.;<..a.......c....|.OsP..f..p.2r"2c&...8.:>vq.........2P..U....r..2.."N.!.gN....8.Y......D2.zF......Ln...Z..J..)..B{.1.p#|...e...$.A{...n.B.....o......L1...g...].......$cpYK.vC.D=.N..F2..j...=.....Yi.......u..r...........0..0... .....0......0"..U....0...0.1.0...U....TGV-D-17700...U.#..0... .5...80.pz...v.....0...U......|.....Q.......Uh..z.0...U.......0.0...U.%..0... .......0...U...........0...*.H.............C..7...X}.(.w9 9..*9.0x^Q.h....o. ..J...B.dc.6.%a_^?Z...8V.....O.aMh..I...1u.......v.VE7..h....t.o.m.=......U.@.V..'......v....4.......!.xV.es.....\......eM...C.|....$..I...-.. ...n.c*......Tz..6T..gU..XQ.^....P.LB..H....y.o}.i...I.......5...j!.g.D's........
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2988:
!Require Windows
!Require Windows
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
ttNt_Nt.Nt
ttNt_Nt.Nt
:Language:%u!
:Language:%u!
Sorry, this program requires Microsoft Windows 2000 or later.
Sorry, this program requires Microsoft Windows 2000 or later.
COMCTL32.dll
COMCTL32.dll
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
MSVCRT.dll
MSVCRT.dll
_acmdln
_acmdln
Enhanced SFX for 7-Ziptrue
Enhanced SFX for 7-Ziptrue
X%cX%c
X%cX%c
7zSfxString%d
7zSfxString%d
0xx
0xx
"%s".
"%s".
Could not overwrite file "%s".
Could not overwrite file "%s".
Could not create file "%s".
Could not create file "%s".
0xX.
0xX.
7-Zip: Internal error, code 0xX.
7-Zip: Internal error, code 0xX.
7-Zip: Internal error, code %u.
7-Zip: Internal error, code %u.
7-Zip: Unsupported method.
7-Zip: Unsupported method.
Error during execution "%s".
Error during execution "%s".
"setup.exe".
"setup.exe".
Could not find "setup.exe".
Could not find "setup.exe".
Could not find command for "%s".
Could not find command for "%s".
) "%s".
) "%s".
Could not delete file or folder "%s".
Could not delete file or folder "%s".
Could not create folder "%s".
Could not create folder "%s".
Error in line %d of configuration data:
Error in line %d of configuration data:
Could not open archive file "%s".
Could not open archive file "%s".
1.4.1 [x86] build 2100 (2011-04-28)
1.4.1 [x86] build 2100 (2011-04-28)
9.20 (2010-12-18)
9.20 (2010-12-18)
Supported methods and filters:
Supported methods and filters:
@7zSfxFolderd
@7zSfxFolderd
7ZSfxx.cmd
7ZSfxx.cmd
setup.exe
setup.exe
7ZipSfx.x
7ZipSfx.x
@ (%u%s)
@ (%u%s)
SFTP module for FileZilla based on PuTTY's psftp component
SFTP module for FileZilla based on PuTTY's psftp component
FZSFTP
FZSFTP
dllhost.exe_2248:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t$(SSh
t$(SSh
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
advapi32.dll
advapi32.dll
shlwapi.dll
shlwapi.dll
ntdll.dll
ntdll.dll
user32.dll
user32.dll
Kernel32.dll
Kernel32.dll
ole32.dll
ole32.dll
shell32.dll
shell32.dll
crypt32.dll
crypt32.dll
wininet.dll
wininet.dll
psapi.dll
psapi.dll
RegOpenKeyA
RegOpenKeyA
RegCloseKey
RegCloseKey
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
@.reloc
@.reloc
.FGy#
.FGy#
8_Eu.QP
8_Eu.QP
] ;_ }9
] ;_ }9
.6.78.9:;
.6.78.9:;
B.CDEFGH
B.CDEFGH
large file support is disabled
large file support is disabled
unknown operation
unknown operation
SQL logic error or missing database
SQL logic error or missing database
rekey
rekey
hexrekey
hexrekey
hexkey
hexkey
foreign_keys
foreign_keys
foreign_key_list
foreign_key_list
foreign_key_check
foreign_key_check
defer_foreign_keys
defer_foreign_keys
sqlite_compileoption_get
sqlite_compileoption_get
sqlite_compileoption_used
sqlite_compileoption_used
sqlite_crypt
sqlite_crypt
sqlite_log
sqlite_log
sqlite_source_id
sqlite_source_id
sqlite_version
sqlite_version
sqlite_attach
sqlite_attach
sqlite_detach
sqlite_detach
sqlite_stat4
sqlite_stat4
sqlite_stat3
sqlite_stat3
sqlite_stat1
sqlite_stat1
sqlite_rename_parent
sqlite_rename_parent
sqlite_rename_trigger
sqlite_rename_trigger
sqlite_rename_table
sqlite_rename_table
FOREIGN KEY
FOREIGN KEY
GetProcessHeap
GetProcessHeap
RowKey
RowKey
3.9.2
3.9.2
SQLite format 3
SQLite format 3
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
@failed to allocate %u bytes of memory
@failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
failed memory resize %u to %u bytes
922337203685477580
922337203685477580
Adelayed %dms for lock/sharing conflict at line %d
Adelayed %dms for lock/sharing conflict at line %d
sqlite_user
sqlite_user
misuse at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
cannot open file at line %d of [%.10s]
SQLITE_
SQLITE_
os_win.c:%d: (%lu) %s(%s) - %s
os_win.c:%d: (%lu) %s(%s) - %s
%s%c%s
%s%c%s
%s(%d)
%s(%d)
FOREIGN KEY constraint failed
FOREIGN KEY constraint failed
%s prohibited in %s
%s prohibited in %s
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
too many SQL variables
too many SQL variables
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many columns in %s
too many columns in %s
%s OR name=%Q
%s OR name=%Q
type='trigger' AND (%s)
type='trigger' AND (%s)
table %s may not be altered
table %s may not be altered
sqlite_
sqlite_
%s cannot use variables
%s cannot use variables
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
duplicate column name: %s
duplicate column name: %s
too many columns on %s
too many columns on %s
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE %s=%Q
sqlite_stat%d
sqlite_stat%d
cannot modify %s because it is a view
cannot modify %s because it is a view
table %s may not be modified
table %s may not be modified
foreign key mismatch - "%w" referencing "%w"
foreign key mismatch - "%w" referencing "%w"
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
no such index: %s
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
no such vfs: %s
no such vfs: %s
%s mode not allowed: %s
%s mode not allowed: %s
no such %s mode: %s
no such %s mode: %s
FROM '%q'.'%q%s' AS x
FROM '%q'.'%q%s' AS x
,%s(x.'c%d%q')
,%s(x.'c%d%q')
,%s(?)
,%s(?)
unknown tokenizer: %s
unknown tokenizer: %s
unrecognized matchinfo request: %c
unrecognized matchinfo request: %c
>reserved fts5 column name: %s
>reserved fts5 column name: %s
unrecognized column option: %s
unrecognized column option: %s
unindexed
unindexed
-near %d
-near %d
-col {%d
-col {%d
-col %d
-col %d
, %d)
, %d)
%s%s%z%s
%s%s%z%s
no such tokenizer: %s
no such tokenizer: %s
hex literal too big: %s
hex literal too big: %s
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
a JOIN clause is required before %s
a JOIN clause is required before %s
duplicate WITH table name: %s
duplicate WITH table name: %s
error during initialization: %s
error during initialization: %s
no entry point [%s] in shared library [%s]
no entry point [%s] in shared library [%s]
sqlite3_
sqlite3_
unable to open shared library [%s]
unable to open shared library [%s]
%s.%s
%s.%s
sqlite3_extension_init
sqlite3_extension_init
USE TEMP B-TREE FOR %s
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s:%d
%s:%d
recursive reference in a subquery: %s
recursive reference in a subquery: %s
multiple recursive references: %s
multiple recursive references: %s
table %s has %d values for %d columns
table %s has %d values for %d columns
circular reference: %s
circular reference: %s
multiple references to recursive table: %s
multiple references to recursive table: %s
SCAN TABLE %s%s%s
SCAN TABLE %s%s%s
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
vtable constructor failed: %s
vtable constructor failed: %s
vtable constructor called recursively: %s
vtable constructor called recursively: %s
no such module: %s
no such module: %s
%s.xBestIndex() malfunction
%s.xBestIndex() malfunction
prefix length out of range: %d
prefix length out of range: %d
%s-shm
%s-shm
unable to use function %s in the requested context
unable to use function %s in the requested context
CREATE TABLE %Q.%s(%s)
CREATE TABLE %Q.%s(%s)
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
sqlite_master
sqlite_master
sqlite_temp_master
sqlite_temp_master
default value of column [%s] is not constant
default value of column [%s] is not constant
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
%s.rowid
%s.rowid
no such collation sequence: %s
no such collation sequence: %s
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
column%d
column%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
too many arguments on %s() - max %d
too many arguments on %s() - max %d
json_%s() needs an odd number of arguments
json_%s() needs an odd number of arguments
parse error in rank function: %s
parse error in rank function: %s
%s: %s
%s: %s
%s: %s.%s
%s: %s.%s
%s: %s.%s.%s
%s: %s.%s.%s
misuse of aliased aggregate %s
misuse of aliased aggregate %s
not authorized to use function: %s
not authorized to use function: %s
the "." operator
the "." operator
too many terms in %s BY clause
too many terms in %s BY clause
%.*s"%w"%s
%.*s"%w"%s
%s%.*s"%w"
%s%.*s"%w"
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
automatic extension loading failed: %s
automatic extension loading failed: %s
illegal first argument to %s
illegal first argument to %s
%s {%s}
%s {%s}
d-d-d d:d:d
d-d-d d:d:d
d:d:d
d:d:d
d-d-d
d-d-d
view %s is circularly defined
view %s is circularly defined
recursive aggregate queries not supported
recursive aggregate queries not supported
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
zeroblob(%d)
zeroblob(%d)
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
ANY(%s)
ANY(%s)
VIRTUAL TABLE INDEX %d:%s
VIRTUAL TABLE INDEX %d:%s
USING INTEGER PRIMARY KEY (rowid%s?)
USING INTEGER PRIMARY KEY (rowid%s?)
INDEX %s
INDEX %s
COVERING INDEX %s
COVERING INDEX %s
PRIMARY KEY
PRIMARY KEY
AS %s
AS %s
TABLE %s
TABLE %s
SUBQUERY %d
SUBQUERY %d
, T.c%d
, T.c%d
%Q.'%q_%s'
%Q.'%q_%s'
parse error in "%s"
parse error in "%s"
reserved fts5 table name: %s
reserved fts5 table name: %s
no such column: %s
no such column: %s
{%ssegid=%d h=%d pgno=%d}
{%ssegid=%d h=%d pgno=%d}
{id=%d leaves=%d..%d}
{id=%d leaves=%d..%d}
{lvl=%d nMerge=%d nSeg=%d
{lvl=%d nMerge=%d nSeg=%d
%d(%lld)
%d(%lld)
porter
porter
?API call with %s database connection pointer
?API call with %s database connection pointer
cannot limit WAL size: %s
cannot limit WAL size: %s
2nd reference to page %d
2nd reference to page %d
invalid page number %d
invalid page number %d
automatic index on %s(%s)
automatic index on %s(%s)
database corruption at line %d of [%.10s]
database corruption at line %d of [%.10s]
recovered %d frames from WAL file %s
recovered %d frames from WAL file %s
bind on a busy prepared statement: [%s]
bind on a busy prepared statement: [%s]
%z - %s
%z - %s
malformed database schema (%s)
malformed database schema (%s)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
failed to get page %d
failed to get page %d
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
recovered %d pages from %s
recovered %d pages from %s
unknown database: %s
unknown database: %s
Fragmentation of %d bytes reported as %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Multiple uses for byte %u of page %d
Multiple uses for byte %u of page %d
Offset %d out of range %d..%d
Offset %d out of range %d..%d
On page %d at right child:
On page %d at right child:
On tree page %d cell %d:
On tree page %d cell %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
btreeInitPage() returns error code %d
btreeInitPage() returns error code %d
Page %d:
Page %d:
Pointer map page %d is referenced
Pointer map page %d is referenced
Page %d is never used
Page %d is never used
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
at most %d tables in a join
at most %d tables in a join
unknown database %s
unknown database %s
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
MJ delete: %s
MJ delete: %s
-mjX9X
-mjX9X
MJ collide: %s
MJ collide: %s
%s-mjXXXXXX9XXz
%s-mjXXXXXX9XXz
database %s is locked
database %s is locked
cannot detach database %s
cannot detach database %s
no such database: %s
no such database: %s
database schema is locked: %s
database schema is locked: %s
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
cannot VACUUM - SQL statements in progress
cannot VACUUM - SQL statements in progress
SELECT %s WHERE rowid = ?
SELECT %s WHERE rowid = ?
INSERT INTO %Q.'%q_content' VALUES(%s)
INSERT INTO %Q.'%q_content' VALUES(%s)
SELECT %s WHERE rowid=?
SELECT %s WHERE rowid=?
SELECT %s FROM %s AS T
SELECT %s FROM %s AS T
REPLACE INTO %Q.'%q_content' VALUES(%s)
REPLACE INTO %Q.'%q_content' VALUES(%s)
SELECT %s FROM %s T WHERE T.%Q=?
SELECT %s FROM %s T WHERE T.%Q=?
SELECT %s FROM %s T WHERE T.%Q = ? ORDER BY T.%Q DESC
SELECT %s FROM %s T WHERE T.%Q = ? ORDER BY T.%Q DESC
SELECT %s FROM %s T WHERE T.%Q >= ? AND T.%Q
SELECT %s FROM %s T WHERE T.%Q >= ? AND T.%Q
CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
CREATE TABLE %Q.'%q_content'(%s)
CREATE TABLE %Q.'%q_content'(%s)
%z, 'c%d%q'
%z, 'c%d%q'
docid INTEGER PRIMARY KEY
docid INTEGER PRIMARY KEY
ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';
ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';
fts5: error creating shadow table %q_%s: %s
fts5: error creating shadow table %q_%s: %s
CREATE TABLE %Q.'%q_%q'(%s)%s
CREATE TABLE %Q.'%q_%q'(%s)%s
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
unsupported file format
unsupported file format
no such trigger: %S
no such trigger: %S
no such table column: %s.%s
no such table column: %s.%s
malformed MATCH expression: [%s]
malformed MATCH expression: [%s]
FTS expression tree is too large (maximum depth %d)
FTS expression tree is too large (maximum depth %d)
statement aborts at %d: [%s] %s
statement aborts at %d: [%s] %s
abort at %d in [%s]: %s
abort at %d in [%s]: %s
%s constraint failed
%s constraint failed
%s constraint failed: %s
%s constraint failed: %s
database table is locked: %s
database table is locked: %s
cannot change %s wal mode from within a transaction
cannot change %s wal mode from within a transaction
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot release savepoint - SQL statements in progress
cannot release savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
sqlite_sequence
sqlite_sequence
there is already an index named %s
there is already an index named %s
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
no such index: %S
no such index: %S
unable to identify the object to be reindexed
unable to identify the object to be reindexed
unsupported encoding: %s
unsupported encoding: %s
NULL value in %s.%s
NULL value in %s.%s
*** in database %s ***
*** in database %s ***
no such table: %s
no such table: %s
%s.%s.%s
%s.%s.%s
'%s' is not a function
'%s' is not a function
too many references to "%s": max 65535
too many references to "%s": max 65535
sqlite_sq_%p
sqlite_sq_%p
expected %d columns for '%s' but got %d
expected %d columns for '%s' but got %d
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot open value of type %s
cannot open value of type %s
cannot open %s column for writing
cannot open %s column for writing
no such column: "%s"
no such column: "%s"
cannot open view: %s
cannot open view: %s
cannot open table without rowid: %s
cannot open table without rowid: %s
cannot open virtual table: %s
cannot open virtual table: %s
indexed
indexed
foreign key
foreign key
EXECUTE %s%s SUBQUERY %d
EXECUTE %s%s SUBQUERY %d
there is already another table or index with this name: %s
there is already another table or index with this name: %s
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
view %s may not be altered
view %s may not be altered
sqlite_altertab_%s
sqlite_altertab_%s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
expressions prohibited in PRIMARY KEY and UNIQUE constraints
expressions prohibited in PRIMARY KEY and UNIQUE constraints
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
index %s already exists
index %s already exists
there is already a table named %s
there is already a table named %s
virtual tables may not be indexed
virtual tables may not be indexed
views may not be indexed
views may not be indexed
table %s may not be indexed
table %s may not be indexed
cannot create a TEMP index on non-TEMP table "%s"
cannot create a TEMP index on non-TEMP table "%s"
PRAGMA %Q.page_size
PRAGMA %Q.page_size
SELECT 1 FROM %Q.sqlite_master WHERE tbl_name='%q_stat'
SELECT 1 FROM %Q.sqlite_master WHERE tbl_name='%q_stat'
%s_segments
%s_segments
SELECT stat FROM %Q.sqlite_stat1 WHERE tbl = '%q_rowid'
SELECT stat FROM %Q.sqlite_stat1 WHERE tbl = '%q_rowid'
CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
invalid fts5 file format (found %d, expected %d) - run 'rebuild'
invalid fts5 file format (found %d, expected %d) - run 'rebuild'
wrong number of arguments to function %s
wrong number of arguments to function %s
segid, term, pgno, PRIMARY KEY(segid, term)
segid, term, pgno, PRIMARY KEY(segid, term)
id INTEGER PRIMARY KEY, block BLOB
id INTEGER PRIMARY KEY, block BLOB
%s_data
%s_data
SELECT segid, term, (pgno>>1), (pgno&1) FROM %Q.'%q_idx' WHERE segid=%d
SELECT segid, term, (pgno>>1), (pgno&1) FROM %Q.'%q_idx' WHERE segid=%d
SELECT rowid, rank FROM %Q.%Q ORDER BY %s(%s%s%s) %s
SELECT rowid, rank FROM %Q.%Q ORDER BY %s(%s%s%s) %s
no such function: %s
no such function: %s
SELECT %s
SELECT %s
SELECT count(*) FROM %Q.'%q_%s'
SELECT count(*) FROM %Q.'%q_%s'
no such fts5 table: %s.%s
no such fts5 table: %s.%s
SELECT pw=sqlite_crypt(?1,pw), isAdmin FROM "%w".sqlite_user WHERE uname=?2
SELECT pw=sqlite_crypt(?1,pw), isAdmin FROM "%w".sqlite_user WHERE uname=?2
INSERT INTO sqlite_user(uname,isAdmin,pw) VALUES(%Q,%d,sqlite_crypt(?1,NULL))
INSERT INTO sqlite_user(uname,isAdmin,pw) VALUES(%Q,%d,sqlite_crypt(?1,NULL))
CREATE TABLE sqlite_user(
CREATE TABLE sqlite_user(
uname TEXT PRIMARY KEY,
uname TEXT PRIMARY KEY,
UPDATE sqlite_user SET isAdmin=%d, pw=sqlite_crypt(?1,NULL) WHERE uname=%Q
UPDATE sqlite_user SET isAdmin=%d, pw=sqlite_crypt(?1,NULL) WHERE uname=%Q
DELETE FROM sqlite_user WHERE uname=%Q
DELETE FROM sqlite_user WHERE uname=%Q
unable to open database: %s
unable to open database: %s
Invalid key value
Invalid key value
database %s is already in use
database %s is already in use
too many attached databases - max %d
too many attached databases - max %d
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
table "%s" has more than one primary key
table "%s" has more than one primary key
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE %s %.*s
CREATE %s %.*s
PRIMARY KEY missing on table %s
PRIMARY KEY missing on table %s
%d %d %d %d
%d %d %d %d
k PRIMARY KEY, v
k PRIMARY KEY, v
id INTEGER PRIMARY KEY, sz BLOB
id INTEGER PRIMARY KEY, sz BLOB
, c%d
, c%d
id INTEGER PRIMARY KEY
id INTEGER PRIMARY KEY
misuse of aggregate: %s()
misuse of aggregate: %s()
SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
SELECT %s ORDER BY rowid %s
SELECT %s ORDER BY rowid %s
%s: table does not support scanning
%s: table does not support scanning
cannot %s contentless fts5 table: %s
cannot %s contentless fts5 table: %s
%d values for %d columns
%d values for %d columns
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
table %S has no column named %s
table %S has no column named %s
-- TRIGGER %s
-- TRIGGER %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
table %s may not be dropped
table %s may not be dropped
sqlite_stat
sqlite_stat
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)
CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)
missing %s parameter in fts4 constructor
missing %s parameter in fts4 constructor
error parsing prefix parameter: %s
error parsing prefix parameter: %s
unrecognized order: %s
unrecognized order: %s
unrecognized matchinfo: %s
unrecognized matchinfo: %s
unrecognized parameter: %s
unrecognized parameter: %s
notindexed
notindexed
%s, %s
%s, %s
CREATE TABLE x(%s
CREATE TABLE x(%s
CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
%z, %Q HIDDEN, %s HIDDEN)
%z, %Q HIDDEN, %s HIDDEN)
%z%s%Q
%z%s%Q
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
%S#[k
%S#[k
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
KERNEL32.dll
KERNEL32.dll
GetCPInfo
GetCPInfo
sqlite3.dll
sqlite3.dll
sqlite3_aggregate_context
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes
sqlite3_clear_bindings
sqlite3_clear_bindings
sqlite3_close
sqlite3_close
sqlite3_close_v2
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_type
sqlite3_column_value
sqlite3_column_value
sqlite3_commit_hook
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete
sqlite3_complete16
sqlite3_complete16
sqlite3_config
sqlite3_config
sqlite3_context_db_handle
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_count
sqlite3_db_config
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errmsg16
sqlite3_errstr
sqlite3_errstr
sqlite3_exec
sqlite3_exec
sqlite3_expired
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_file_control
sqlite3_finalize
sqlite3_finalize
sqlite3_free
sqlite3_free
sqlite3_free_table
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_get_table
sqlite3_global_recover
sqlite3_global_recover
sqlite3_initialize
sqlite3_initialize
sqlite3_interrupt
sqlite3_interrupt
sqlite3_key
sqlite3_key
sqlite3_key_v2
sqlite3_key_v2
sqlite3_last_insert_rowid
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion
sqlite3_libversion_number
sqlite3_libversion_number
sqlite3_limit
sqlite3_limit
sqlite3_load_extension
sqlite3_load_extension
sqlite3_log
sqlite3_log
sqlite3_malloc
sqlite3_malloc
sqlite3_malloc64
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mprintf
sqlite3_msize
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_next_stmt
sqlite3_open
sqlite3_open
sqlite3_open16
sqlite3_open16
sqlite3_open_v2
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_end
sqlite3_os_init
sqlite3_os_init
sqlite3_overload_function
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_profile
sqlite3_progress_handler
sqlite3_progress_handler
sqlite3_randomness
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc
sqlite3_realloc64
sqlite3_realloc64
sqlite3_rekey
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_release_memory
sqlite3_reset
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_null
sqlite3_result_subtype
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_shutdown
sqlite3_sleep
sqlite3_sleep
sqlite3_snprintf
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sourceid
sqlite3_sql
sqlite3_sql
sqlite3_status
sqlite3_status
sqlite3_status64
sqlite3_status64
sqlite3_step
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_stmt_status
sqlite3_strglob
sqlite3_strglob
sqlite3_stricmp
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_total_changes
sqlite3_trace
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_uri_parameter
sqlite3_user_add
sqlite3_user_add
sqlite3_user_authenticate
sqlite3_user_authenticate
sqlite3_user_change
sqlite3_user_change
sqlite3_user_data
sqlite3_user_data
sqlite3_user_delete
sqlite3_user_delete
sqlite3_value_blob
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_numeric_type
sqlite3_value_subtype
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_text16le
sqlite3_value_type
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug
sqlite3_win32_write_debug
zcÃ
zcÃ
2,292}: ;
2,292}: ;
7074787
7074787
)0:0&171
)0:0&171
? ?$?(?,?
? ?$?(?,?
2 2.272^2
2 2.272^2
6(7,7074709
6(7,7074709
8Å’8-:2:o:t:
8Å’8-:2:o:t:
6(7,70747|7
6(7,70747|7
0 0$0(0,0004080
0 0$0(0,0004080
Software\\Microsoft\\Windows\\CurrentVersion\\Run
Software\\Microsoft\\Windows\\CurrentVersion\\Run
\\.\PhysicalDrive0000000-000000-000000-000000-000000
\\.\PhysicalDrive0000000-000000-000000-000000-000000
@Windows 10
@Windows 10
Windows Server Technical Preview
Windows Server Technical Preview
Windows Vista
Windows Vista
Windows Server 2008
Windows Server 2008
Windows 7
Windows 7
Windows Server 2008 R2
Windows Server 2008 R2
Windows 8
Windows 8
Windows Server 2012
Windows Server 2012
Windows 8.1
Windows 8.1
Windows Server 2012 R2
Windows Server 2012 R2
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows Server 2003 R2
Windows Server 2003 R2
Windows Storage Server 2003
Windows Storage Server 2003
Windows Home Server
Windows Home Server
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003
Windows 98
Windows 98
Web Server Edition
Web Server Edition
{"code":"{Code}","type":{type},"ver":"{Ver}","browser":"{Browser}","user":"{User}","pass":"{Pass}","cookies":"{Cookies}","aid":{Aid},"utype":{uType}}
{"code":"{Code}","type":{type},"ver":"{Ver}","browser":"{Browser}","user":"{User}","pass":"{Pass}","cookies":"{Cookies}","aid":{Aid},"utype":{uType}}
{Pass}
{Pass}
hXXp://api.faceboolad.com/api//send
hXXp://api.faceboolad.com/api//send
WinHttp.WinHttpRequest.5.1
WinHttp.WinHttpRequest.5.1
hXXp://VVV.facebook.com
hXXp://VVV.facebook.com
Server-Key
Server-Key
Chrome
Chrome
Firefox
Firefox
facebook.com
facebook.com
select name,encrypted_value from cookies where host_key = '.facebook.com'
select name,encrypted_value from cookies where host_key = '.facebook.com'
\Local\Google\Chrome\User Data
\Local\Google\Chrome\User Data
\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies
\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies
\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies
\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies
\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies
\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies
hXXps://VVV.facebook.com/
hXXps://VVV.facebook.com/
select name,value from moz_cookies where host = '.facebook.com'
select name,value from moz_cookies where host = '.facebook.com'
\Roaming\Mozilla\Firefox\Profiles
\Roaming\Mozilla\Firefox\Profiles
\cookies.sqlite
\cookies.sqlite
Login Data
Login Data
select username_value, password_value, signon_realm from logins
select username_value, password_value, signon_realm from logins
hXXp://api.faceboolad.com/api//GetTask?code=
hXXp://api.faceboolad.com/api//GetTask?code=
[ImageUrl]
[ImageUrl]
Dalvik/2.1.0 (Linux; U; Android 6.0.1; MI NOTE LTE MIUI/6.8.11)
Dalvik/2.1.0 (Linux; U; Android 6.0.1; MI NOTE LTE MIUI/6.8.11)
twitter.com
twitter.com
select name,encrypted_value from cookies where host_key = '.twitter.com'
select name,encrypted_value from cookies where host_key = '.twitter.com'
hXXps://VVV.twitter.com/
hXXps://VVV.twitter.com/
select name,value from moz_cookies where host = '.twitter.com'
select name,value from moz_cookies where host = '.twitter.com'
hXXps://m.facebook.com/
hXXps://m.facebook.com/
hXXps://m.facebook.com/settings/email/
hXXps://m.facebook.com/settings/email/
hXXps://VVV.facebook.com/settings
hXXps://VVV.facebook.com/settings
VBScript.RegExp
VBScript.RegExp
hXXps://m.facebook.com/composer/mbasic/?av={c_user}&refid=8
hXXps://m.facebook.com/composer/mbasic/?av={c_user}&refid=8
fb_dtsg={fb_dtsg}&charset_test=€,´,€,´,æ°´,Ãâ€,Ä&privacyx={privacyx}&target={c_user}&c_src=feed&cwevent=composer_entry&referrer=feed&ctype=inline&cver=amber&rst_icv=&xc_message=&view_privacy=
fb_dtsg={fb_dtsg}&charset_test=€,´,€,´,æ°´,Ãâ€,Ä&privacyx={privacyx}&target={c_user}&c_src=feed&cwevent=composer_entry&referrer=feed&ctype=inline&cver=amber&rst_icv=&xc_message=&view_privacy=
hXXps://m.facebook.com/home.php
hXXps://m.facebook.com/home.php
hXXps://m.facebook.com
hXXps://m.facebook.com
text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
application/x-www-form-urlencoded
application/x-www-form-urlencoded
hXXps://m.facebook.com/composer/mbasic/?av={c_user}&refid=7&ref=wizard
hXXps://m.facebook.com/composer/mbasic/?av={c_user}&refid=7&ref=wizard
fb_dtsg={fb_dtsg}&charset_test=€,´,€,´,æ°´,Ãâ€,Ä&privacyx={privacyx}&target={c_user}&c_src=feed&cwevent=composer_entry&referrer=feed&ctype=inline&cver=amber&rst_icv=&xc_message={text}&view_post=å‘布
fb_dtsg={fb_dtsg}&charset_test=€,´,€,´,æ°´,Ãâ€,Ä&privacyx={privacyx}&target={c_user}&c_src=feed&cwevent=composer_entry&referrer=feed&ctype=inline&cver=amber&rst_icv=&xc_message={text}&view_post=å‘布
hXXps://m.facebook.com/home.php?ref=wizard&_rdr
hXXps://m.facebook.com/home.php?ref=wizard&_rdr
hXXps://m.facebook.com/composer/mbasic/?csid=94c178a8-8774-424a-8c53-9994984e3fba&incparms[0]=xc_message&av={c_user}
hXXps://m.facebook.com/composer/mbasic/?csid=94c178a8-8774-424a-8c53-9994984e3fba&incparms[0]=xc_message&av={c_user}
------WebKitFormBoundarydDyitWHTKuC21cBZ
------WebKitFormBoundarydDyitWHTKuC21cBZ
€,´,€,´,æ°´,Ãâ€,Ä
€,´,€,´,æ°´,Ãâ€,Ä
94c178a8-8774-424a-8c53-9994984e3fba
94c178a8-8774-424a-8c53-9994984e3fba
web_m_touch
web_m_touch
å‘布
å‘布
Content-Disposition: form-data; name="file0"; filename="test.jpg"
Content-Disposition: form-data; name="file0"; filename="test.jpg"
hXXps://m.facebook.com/composer/mbasic/?mnt_query&csid=94c178a8-8774-424a-8c53-9994984e3fba
hXXps://m.facebook.com/composer/mbasic/?mnt_query&csid=94c178a8-8774-424a-8c53-9994984e3fba
multipart/form-data; boundary=----WebKitFormBoundarydDyitWHTKuC21cBZ
multipart/form-data; boundary=----WebKitFormBoundarydDyitWHTKuC21cBZ
hXXps://m.facebook.com/home.php?stype=phs&sk=live&gfid=
hXXps://m.facebook.com/home.php?stype=phs&sk=live&gfid=
hXXps://mobile.twitter.com/settings
hXXps://mobile.twitter.com/settings
hXXps://api.twitter.com/1.1/users/lookup.json?include_blocking=true&include_blocked_by=true&include_can_dm=true&include_followed_by=true&include_mute_edge=true&screen_name=
hXXps://api.twitter.com/1.1/users/lookup.json?include_blocking=true&include_blocked_by=true&include_can_dm=true&include_followed_by=true&include_mute_edge=true&screen_name=
Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs=1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs=1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
hXXps://api.twitter.com/1.1/friendships/create.json
hXXps://api.twitter.com/1.1/friendships/create.json
hXXps://api.twitter.com/1.1/statuses/update.json
hXXps://api.twitter.com/1.1/statuses/update.json
&media_type=image/jpeg
&media_type=image/jpeg
hXXps://upload.twitter.com/i/media/upload.json?command=INIT&total_bytes=
hXXps://upload.twitter.com/i/media/upload.json?command=INIT&total_bytes=
hXXps://mobile.twitter.com/compose/tweet
hXXps://mobile.twitter.com/compose/tweet
hXXps://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=
hXXps://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=
multipart/form-data; boundary=----WebKitFormBoundaryUbnK77J90KHiGB65
multipart/form-data; boundary=----WebKitFormBoundaryUbnK77J90KHiGB65
hXXps://mobile.twitter.com
hXXps://mobile.twitter.com
------WebKitFormBoundaryUbnK77J90KHiGB65
------WebKitFormBoundaryUbnK77J90KHiGB65
------WebKitFormBoundaryUbnK77J90KHiGB65--
------WebKitFormBoundaryUbnK77J90KHiGB65--
hXXps://upload.twitter.com/i/media/upload.json?command=FINALIZE&media_id=
hXXps://upload.twitter.com/i/media/upload.json?command=FINALIZE&media_id=
select count(*) from sqlite_master where type='table' and tbl_name='
select count(*) from sqlite_master where type='table' and tbl_name='
select tbl_name from sqlite_master where type='table' and tbl_name'sqlite_sequence'
select tbl_name from sqlite_master where type='table' and tbl_name'sqlite_sequence'
Adodb.Stream
Adodb.Stream
function URlEncode(temp){return(encodeURIComponent(temp));}
function URlEncode(temp){return(encodeURIComponent(temp));}
function URlDecode(temp){return(decodeURIComponent(temp));}
function URlDecode(temp){return(decodeURIComponent(temp));}
function Utf8Decode(temp){return(URlDecode(decodeURI(temp)));}
function Utf8Decode(temp){return(URlDecode(decodeURI(temp)));}
URlDecode
URlDecode
URlEncode
URlEncode
%d&&'
%d&&'
123456789
123456789
00003333
00003333
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
F%*.*f
F%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
comdlg32.dll
comdlg32.dll
GDI32.dll
GDI32.dll
OLEAUT32.dll
OLEAUT32.dll
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
WINMM.dll
WINMM.dll
WINSPOOL.DRV
WINSPOOL.DRV
WS2_32.dll
WS2_32.dll
WinExec
WinExec
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
GetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
ShellExecuteA
ShellExecuteA
GetKeyState
GetKeyState
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
.PAVCException@@
.PAVCException@@
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
.PAVCFileException@@
.PAVCFileException@@
: %d]
: %d]
(*.*)|*.*||
(*.*)|*.*||
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
windows
windows
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
out.prn
out.prn
(*.prn)|*.prn|
(*.prn)|*.prn|
%d.%d
%d.%d
%d/%d
%d/%d
1.6.9
1.6.9
unsupported zlib version
unsupported zlib version
png_read_image: unsupported transformation
png_read_image: unsupported transformation
%d / %d
%d / %d
Bogus message code %d
Bogus message code %d
libpng error: %s
libpng error: %s
libpng warning: %s
libpng warning: %s
1.1.3
1.1.3
bad keyword
bad keyword
libpng does not support gamma background rgb_to_gray
libpng does not support gamma background rgb_to_gray
Palette is NULL in indexed image
Palette is NULL in indexed image
(%d-%d):
(%d-%d):
%ld%c
%ld%c
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\dllhost.exe
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
SQLite
SQLite
SQLite3 Database Library
SQLite3 Database Library
3.9.2.1
3.9.2.1
SQLite3
SQLite3
(*.*)
(*.*)
svchost.exe_2244:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
f9z.vk
f9z.vk
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
user32.dll
user32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
EnumDesktopWindows
EnumDesktopWindows
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
RegCreateKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyA
RegCloseKey
RegCloseKey
RegEnumKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteKeyA
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEACC.dll
OLEACC.dll
OLEAUT32.dll
OLEAUT32.dll
GetCPInfo
GetCPInfo
Software\Microsoft\Windows\CurrentVersion\Uninstall\MyTransitGuideTooltab Uninstall Internet Explorer
Software\Microsoft\Windows\CurrentVersion\Uninstall\MyTransitGuideTooltab Uninstall Internet Explorer
Click On Web Ads : {0} !
Click On Web Ads : {0} !
\chrome.exeSOFTWARE\Wow6432Node\SetupCompany
\chrome.exeSOFTWARE\Wow6432Node\SetupCompany
Windows 10
Windows 10
Windows Server Technical Preview
Windows Server Technical Preview
Windows Vista
Windows Vista
Windows Server 2008
Windows Server 2008
Windows 7
Windows 7
Windows Server 2008 R2
Windows Server 2008 R2
Windows 8
Windows 8
Windows Server 2012
Windows Server 2012
Windows 8.1
Windows 8.1
Windows Server 2012 R2
Windows Server 2012 R2
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows Server 2003 R2
Windows Server 2003 R2
Windows Storage Server 2003
Windows Storage Server 2003
Windows Home Server
Windows Home Server
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003
Windows 98
Windows 98
Web Server Edition
Web Server Edition
\Internet Explorer\iexplore.exe
\Internet Explorer\iexplore.exe
Scripting.FileSystemObject
Scripting.FileSystemObject
AlwaysShowMenus
AlwaysShowMenus
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
DisplayVersionSOFTWARE\Mozilla\Mozilla Firefox\
DisplayVersionSOFTWARE\Mozilla\Mozilla Firefox\
SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\
SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\
PathToExe
PathToExe
Software\\Microsoft\\Windows\\CurrentVersion\\Run
Software\\Microsoft\\Windows\\CurrentVersion\\Run
hXXp://my.pcmaps.net/api/report?type={type}&code={code}
hXXp://my.pcmaps.net/api/report?type={type}&code={code}
WinHttp.WinHttpRequest.5.1
WinHttp.WinHttpRequest.5.1
iexplore.exe
iexplore.exe
hXXp://imcrack.ad-jump.com
hXXp://imcrack.ad-jump.com
document.getElementById('HPChkbxImg').click();
document.getElementById('HPChkbxImg').click();
document.getElementById('download_btn1').click();
document.getElementById('download_btn1').click();
IExplore Url : {0} !
IExplore Url : {0} !
&7{00020400-0000-0000-C000-000000000046}
&7{00020400-0000-0000-C000-000000000046}
Sleep : FindIExploreSetupWindowsHandle......
Sleep : FindIExploreSetupWindowsHandle......
FindIExploreSetupWindowsHandle TimeOut !
FindIExploreSetupWindowsHandle TimeOut !
hXXp://my.pcmaps.net/list.txt
hXXp://my.pcmaps.net/list.txt
shlwapi.dll
shlwapi.dll
kernel32.dll
kernel32.dll
advapi32.dll
advapi32.dll
ntdll.dll
ntdll.dll
Kernel32.dll
Kernel32.dll
shell32.dll
shell32.dll
User32.dll
User32.dll
OLEACC.DLL
OLEACC.DLL
program internal error number is %d.
program internal error number is %d.
:"%s"
:"%s"
:"%s".
:"%s".
zcÃ
zcÃ
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\Tmp\svchost.exe
334788??
334788??
"!"''* ..593=
"!"''* ..593=
!''',,,033=
!''',,,033=
"""'(*,,934=
"""'(*,,934=
"&(*-.103
"&(*-.103
"""'*-,5
"""'*-,5
22//444\
22//444\
&&&&())-/-//39:9
&&&&())-/-//39:9
&&&)))-//3/49
&&&)))-//3/49
!&&*)()))///4:
!&&*)()))///4:
&*)()/))/32
&*)()/))/32
$&&&&)/-//3/9
$&&&&)/-//3/9
!$!&)))00//44:
!$!&)))00//44:
!$&&()))-/222
!$&&()))-/222
$&&&()/)02:
$&&&()/)02:
,$&&))))-/2
,$&&))))-/2
#''. 7777
#''. 7777
,&&(&)))
,&&(&)))
FileZilla FTP Client
FileZilla FTP Client
3.22.1
3.22.1
FileZilla_3.22.1_win32-setup.exe
FileZilla_3.22.1_win32-setup.exe
iexplore.exe_3496:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
iexplore.exe_3544:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
SearchProtocolHost.exe_4036:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
MSSHooks.dll
MSSHooks.dll
IMM32.dll
IMM32.dll
SHLWAPI.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSLogin
SrchDSSPortManager
SrchDSSPortManager
SrchPHHttp
SrchPHHttp
SrchIndexerQuery
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerClient
SrchIndexerSchema
SrchIndexerSchema
Msidle.dll
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
0xx=
0xx=
%s(%d)
%s(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%s"
tagname="%s"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%s"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
SHELL32.dll
PROPSYS.dll
PROPSYS.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
SearchProtocolHost.pdb
2 2(20282|2
2 2(20282|2
4%5S5
4%5S5
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
https
https
kernel32.dll
kernel32.dll
msTracer.dll
msTracer.dll
msfte.dll
msfte.dll
lX-X-X-XX-XXXXXX
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
tquery.dll
tquery.dll
%s\%s
%s\%s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
0xx%p%S%d
0xx%p%S%d
advapi32.dll
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
%S(%d)
%S(%d)
tagname="%S"
tagname="%S"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
SearchProtocolHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610
SearchFilterHost.exe_4092:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
IMM32.dll
IMM32.dll
MSSHooks.dll
MSSHooks.dll
mscoree.dll
mscoree.dll
SHLWAPI.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
SearchFilterHost.pdb
SearchFilterHost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
name="Microsoft.Windows.Search.MSSFH"
3 3(30383|3
3 3(30383|3
kernel32.dll
kernel32.dll
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
tquery.dll
tquery.dll
advapi32.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
0xx%p%S%d
0xx%p%S%d
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
0xx=
0xx=
%S(%d)
%S(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%S"
tagname="%S"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
%s\%s
%s\%s
winhttp.dll
winhttp.dll
Microsoft Windows Search Filter Host
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
SearchFilterHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610