Susp_Dropper (Kaspersky), Gen:Variant.Adware.Symmi.50568 (B) (Emsisoft), Gen:Variant.Adware.Symmi.50568 (AdAware), Trojan.Win32.IEDummy.FD, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 41ab28e172436934a4761ab4915846d5
SHA1: 0cddf60521906bd5cf55a5ce3080528231a274df
SHA256: ed1d01b7e5edde6bcc38e30d9388849c861ac2c01349148d4f353308bba8d539
SSDeep: 6144:L RiARI5cpt5zbX/UUyQZI4Jj8ncv2pyjJbrP8:L 7RBzTM5Vm8c Qjxg
Size: 275456 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PECompactV2X, PECompactv20, UPolyXv05_v6
Company: no certificate found
Created at: 2015-04-28 03:40:10
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
41ab28e17243693:1380
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process 41ab28e17243693:1380 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\drivers\etc\hosts.ics (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\DMCABadgeHelper.min[1].js (505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\dmca_protected_sml_120l[1].png (2 bytes)
%System%\drivers\etc\hosts (5 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\anti[1].txt (747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\ajax-loader[1].gif (3966 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\11[1].png (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\VINACF[1].HTML (1260 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@ssl.bing[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rambler[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@money.ca.msn[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@msnportal.112.2o7[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@kaspersky[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.msn[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@aaa[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bing[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@twitter[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@auto.search.msn[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@microsoft[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@c.msn[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@abmr[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hit.gemius[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@c.bing[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pass.yandex[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@atdmt[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@kaspersky.122.2o7[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@c.ca.msn[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adnxs[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hm.baidu[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adgear[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@c.atdmt[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[3].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@msn[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.bing[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tns-counter[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (0 bytes)
Registry activity
The process 41ab28e17243693:1380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 EF 27 19 B9 17 48 B7 81 78 8B A3 9A EE BE A5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://bit.ly/1MBMSIF"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11003" = "Launch Internet Explorer Browser"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 3796 bytes in size. The following strings are added to the hosts file listed below:
81.19.186.195 | congdonggame.net |
81.19.186.195 | congdonggame.com |
81.19.186.195 | congdonggame.org |
81.19.186.195 | autogame.biz |
81.19.186.195 | thuthuatgame.com |
81.19.186.195 | likecf.com |
81.19.186.195 | skinlienminh.com |
81.19.186.195 | lolvietnam.com |
81.19.186.195 | giangho.net |
81.19.186.195 | lienminhvietnam.net |
81.19.186.195 | langphim.com |
81.19.186.195 | truyenhay.com |
81.19.186.195 | www.congdonggame.net |
81.19.186.195 | www.congdonggame.com |
81.19.186.195 | www.congdonggame.org |
81.19.186.195 | www.autogame.biz |
81.19.186.195 | www.thuthuatgame.com |
81.19.186.195 | www.likecf.com |
81.19.186.195 | www.skinlienminh.com |
81.19.186.195 | www.lolvietnam.com |
81.19.186.195 | www.giangho.net |
81.19.186.195 | www.lienminhvietnam.net |
81.19.186.195 | www.langphim.com |
81.19.186.195 | www.truyenhay.com |
81.19.186.195 | auto.congdonggame.net |
81.19.186.195 | auto.congdonggame.com |
81.19.186.195 | auto.congdonggame.org |
81.19.186.195 | auto.giangho.net |
81.19.186.195 | www.chuyengame.com |
81.19.186.195 | chuyengame.com |
81.19.186.195 | downloadmodskinlol.blogspot.com |
81.19.186.195 | www.gamelienminh.com |
81.19.186.195 | gamelienminh.com |
81.19.186.195 | www.guidegame.vn |
81.19.186.195 | guidegame.vn |
81.19.186.195 | hacklienminh2013-garena.blogspot.com |
81.19.186.195 | www.hoigame.net |
81.19.186.195 | hoigame.net |
81.19.186.195 | www.lolvietnam.com |
81.19.186.195 | lolvietnam.com |
81.19.186.195 | www.mapskins.com |
81.19.186.195 | mapskins.com |
81.19.186.195 | www.modlienminh.com |
81.19.186.195 | modlienminh.com |
81.19.186.195 | www.modlmht.com |
81.19.186.195 | modlmht.com |
81.19.186.195 | modskinlienminh.blogspot.com |
81.19.186.195 | www.modskinlienminh.com |
81.19.186.195 | modskinlienminh.com |
81.19.186.195 | www.modskinlm.com |
81.19.186.195 | modskinlm.com |
81.19.186.195 | www.modskinlm.ga |
81.19.186.195 | modskinlm.ga |
81.19.186.195 | www.modskinlmht.com |
81.19.186.195 | modskinlmht.com |
81.19.186.195 | www.modskinlmht.org |
81.19.186.195 | modskinlmht.org |
81.19.186.195 | www.modskinlol.com |
81.19.186.195 | modskinlol.com |
81.19.186.195 | www.modskinlol.net |
81.19.186.195 | modskinlol.net |
81.19.186.195 | www.modskinlol.info |
81.19.186.195 | modskinlol.info |
81.19.186.195 | www.modskinlol.org |
81.19.186.195 | modskinlol.org |
81.19.186.195 | www.modskinlol.wevina.vn |
81.19.186.195 | modskinlol.wevina.vn |
81.19.186.195 | www.modskinlol2015.com |
81.19.186.195 | modskinlol2015.com |
81.19.186.195 | www.modskinvn.com |
81.19.186.195 | modskinvn.com |
81.19.186.195 | modslienminh.blogspot.com |
81.19.186.195 | modslol.over-blog.com |
81.19.186.195 | www.modslol.tk |
81.19.186.195 | modslol.tk |
81.19.186.195 | www.modskinlol.tk |
81.19.186.195 | modskinlol.tk |
81.19.186.195 | www.skinslol.com |
81.19.186.195 | skinslol.com |
81.19.186.195 | tailienminhhuyenthoai.blogspot.com |
81.19.186.195 | www.taiskinlol.com |
81.19.186.195 | taiskinlol.com |
81.19.186.195 | www.thanhmaiblog.com |
81.19.186.195 | thanhmaiblog.com |
81.19.186.195 | www.modskinslol.vn |
81.19.186.195 | modskinslol.vn |
81.19.186.195 | www.modskinfiles.com |
81.19.186.195 | modskinfiles.com |
81.19.186.195 | modlol2015.blogspot.com |
81.19.186.195 | www.hacktrangphuc.com |
81.19.186.195 | hacktrangphuc.com |
81.19.186.195 | lol.congdonggame.net |
81.19.186.195 | plus.autogame.biz |
81.19.186.195 | autogame.biz |
81.19.186.195 | www.autogame.biz |
81.19.186.195 | kichhoatgame.googlecode.com |
81.19.186.195 | tinhyeulagithe.googlecode.com |
81.19.186.195 | fo3vnss.googlecode.com |
81.19.186.195 | hack-game.net |
81.19.186.195 | www.hack-game.net |
81.19.186.195 | www.truykich.org |
81.19.186.195 | truykich.org |
81.19.186.195 | lol.congdonggame.biz |
81.19.186.195 | congdonggame.biz |
81.19.186.195 | plus.congdonggame.net |
81.19.186.195 | giangho.info |
81.19.186.195 | www.giangho.info |
81.19.186.195 | file.darkcoder.org |
81.19.186.195 | darkcoder.org |
81.19.186.195 | hackcsovn.com |
81.19.186.195 | www.hackcsovn.com |
81.19.186.195 | www.gamesupport.vn |
81.19.186.195 | gamesupport.vn |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%System%\drivers\etc\hosts.ics (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\DMCABadgeHelper.min[1].js (505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\dmca_protected_sml_120l[1].png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\anti[1].txt (747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\ajax-loader[1].gif (3966 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\11[1].png (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\VINACF[1].HTML (1260 bytes) - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: MS
Product Name: Project1
Product Version: 1.00
Legal Copyright:
Legal Trademarks:
Original Filename: VINACFPRO.EXE
Internal Name: VINACFPRO
File Version: 1.00
File Description:
Comments:
Language: English (United States)
Company Name: MSProduct Name: Project1Product Version: 1.00Legal Copyright: Legal Trademarks: Original Filename: VINACFPRO.EXEInternal Name: VINACFPROFile Version: 1.00File Description: Comments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 1671168 | 265728 | 5.54462 | 7f8d52290e4cd59b18d20a675e3d5477 |
.rsrc | 1675264 | 12288 | 8704 | 4.82712 | 279a10b1f2d640ee28b92157c8d9f82d |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://119.81.52.54/wp-includes/js/wp-emoji-release.min.js | |
hxxp://googleadapis.l.google.com/css?family=Droid Sans:regular,700 | |
hxxp://119.81.52.54/wp-content/themes/sahifa/style.css | |
hxxp://119.81.52.54/wp-content/themes/sahifa/css/ilightbox/dark-skin/skin.css | |
hxxp://119.81.52.54/wp-includes/js/jquery/jquery.js | |
hxxp://119.81.52.54/wp-content/themes/sahifa/fonts/BebasNeue/BebasNeue-webfont.eot? | |
hxxp://119.81.52.54/wp-content/themes/sahifa/fonts/fontawesome/fontawesome-webfont.eot? | |
hxxp://gstaticadssl.l.google.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM.eot | |
hxxp://119.81.52.54/wp-content/themes/sahifa/fonts/tiefont/fontello.eot?14434071 | |
hxxp://119.81.52.54/wp-content/themes/sahifa/fonts/tiefont/fontello.svg?14434071 | |
hxxp://119.81.52.54/wp-includes/js/jquery/jquery-migrate.min.js | |
hxxp://119.81.52.54/wp-content/themes/sahifa/js/html5.js | |
hxxp://119.81.52.54/wp-content/themes/sahifa/js/selectivizr-min.js | |
hxxp://119.81.52.54/wp-content/themes/sahifa/images/patterns/body-bg32.png | |
hxxp://119.81.52.54/wp-content/themes/sahifa/images/home.png | |
hxxp://photos-ugc.l.googleusercontent.com/-KeOVqKDJ_FI/U6El6dSg1kI/AAAAAAAAAWw/HYf_f9E48S4/s1600/OS.png | |
hxxp://67.202.94.94/swidget/fapcfcomz.png | |
hxxp://adcash.com/a/display.php?r=428475 | |
hxxp://119.81.52.54/wp-content/themes/sahifa/images/stripe.png | |
hxxp://173.192.200.70/small/00/23.png | |
hxxp://adcash.com/a/display.php?r=428475&runauction=1&crr=17b4a792355f11147d67 wnfy9zdyB3f4dmP sSYlVWea865aaf1d1831d50f15f&cbrandom=0.96737650282128 | |
hxxp://star.c10r.facebook.com/plugins/likebox.php?href=https://www.facebook.com/vinacfpro&width=300&height=250&colorscheme=light&show_faces=true&header=false&stream=false&show_border=false | |
hxxp://adcash.com/script/java.php?option=rotateur&r=438612 | |
hxxp://adcash.com/script/java.php?option=rotateur&r=438609 | |
hxxp://cloud.cashtrafic.info/ban/236180/141423_300x250_iLivid_DB-4S-FolderDL_ru.gif | 141.101.118.183 |
hxxp://adcash.com/ban/236180/2026221_300x250_iLivid_DB-Megabyte.gif | |
hxxp://adcash.com/script/java.php?option=rotateur&r=438611 | |
hxxp://adcash.com/images/spacer.gif | |
hxxp://adcash.com/images/slidein.png | |
hxxp://adcash.com/images/slide_deploy.png | |
hxxp://adcash.com/images/slide_close.png | |
hxxp://adcash.com/images/slide_fold.png | |
hxxp://cloud.cashtrafic.info/ban/992077/200313_jZip_728x90_DB-RoundedBlue.gif | 141.101.118.183 |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.4.1/jquery.min.js | |
hxxp://119.81.52.54/wp-content/themes/sahifa/js/tie-scripts.js | |
hxxp://119.81.52.54/wp-content/themes/sahifa/js/ilightbox.packed.js | |
hxxp://119.81.52.54/wp-content/themes/sahifa/js/search.js | |
hxxp://vinacf.com/wp-content/themes/sahifa/js/selectivizr-min.js | |
hxxp://vinacf.com/wp-content/themes/sahifa/fonts/tiefont/fontello.svg?14434071 | |
hxxp://vinacf.com/wp-content/themes/sahifa/images/patterns/body-bg32.png | |
hxxp://vinacf.com/wp-content/themes/sahifa/images/home.png | |
hxxp://vinacf.com/wp-includes/js/jquery/jquery.js | |
hxxp://vinacf.com/wp-content/themes/sahifa/fonts/BebasNeue/BebasNeue-webfont.eot? | |
hxxp://www.adcash.com/a/display.php?r=428475&runauction=1&crr=17b4a792355f11147d67 wnfy9zdyB3f4dmP sSYlVWea865aaf1d1831d50f15f&cbrandom=0.96737650282128 | |
hxxp://widgets.amung.us/small/00/23.png | |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js | 216.58.209.170 |
hxxp://vinacf.com/wp-content/themes/sahifa/fonts/tiefont/fontello.eot?14434071 | |
hxxp://vinacf.com/wp-content/themes/sahifa/js/search.js | |
hxxp://www.adcash.com/a/display.php?r=428475 | |
hxxp://vinacf.com/wp-content/themes/sahifa/images/stripe.png | |
hxxp://3.bp.blogspot.com/-KeOVqKDJ_FI/U6El6dSg1kI/AAAAAAAAAWw/HYf_f9E48S4/s1600/OS.png | 216.58.209.161 |
hxxp://www.adcash.com/ban/236180/2026221_300x250_iLivid_DB-Megabyte.gif | |
hxxp://vinacf.com/wp-content/themes/sahifa/css/ilightbox/dark-skin/skin.css | |
hxxp://whos.amung.us/swidget/fapcfcomz.png | |
hxxp://www.adcash.com/script/java.php?option=rotateur&r=438609 | |
hxxp://vinacf.com/wp-content/themes/sahifa/style.css | |
hxxp://vinacf.com/wp-includes/js/jquery/jquery-migrate.min.js | |
hxxp://www.adcash.com/script/java.php?option=rotateur&r=438612 | |
hxxp://vinacf.com/wp-content/themes/sahifa/js/ilightbox.packed.js | |
hxxp://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM.eot | 216.58.209.163 |
hxxp://www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/vinacfpro&width=300&height=250&colorscheme=light&show_faces=true&header=false&stream=false&show_border=false | 31.13.93.3 |
hxxp://www.adcash.com/script/java.php?option=rotateur&r=438611 | |
hxxp://vinacf.com/wp-content/themes/sahifa/js/html5.js | |
hxxp://vinacf.com/wp-content/themes/sahifa/fonts/fontawesome/fontawesome-webfont.eot? | |
hxxp://vinacf.com/wp-includes/js/wp-emoji-release.min.js | |
hxxp://fonts.googleapis.com/css?family=Droid Sans:regular,700 | 64.233.164.95 |
hxxp://vinacf.com/wp-content/themes/sahifa/js/tie-scripts.js | |
2.bp.blogspot.com | 216.58.209.161 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /a/display.php?r=428475 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-RevProc-1: a8ec481510bfe6cd3a9a746afe7461c5 = ok
27b..(function(document, scriptElement, firstScript) {.scriptElement = document.createElement('script');.scriptCFASync = document.createAttribute("data-cfasync");.scriptCFASync.value = false;.scriptElement.setAttributeNode(scriptCFASync);.scriptElement.src = "http:\/\/VVV.adcash.com\/a\/display.php?r=428475&runauction=1&crr=17b4a792355f11147d67 wnfy9zdyB3f4dmP sSYlVWea865aaf1d1831d50f15f" '&cbrandom=' Math.random();.firstScript = document.scripts[0];.if(typeof firstScript == 'undefined'){. firstScript = document.getElementsByTagName( 'script' )[0];.}.firstScript.parentNode.insertBefore(scriptElement, firstScript).}(document));...0..HTTP/1.1 200 OK..Server: openresty..Date: Wed, 17 Jun 2015 22:24:36 GMT..Content-Type: application/javascript..Transfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encoding..X-RevProc-1: a8ec481510bfe6cd3a9a746afe7461c5 = ok..27b..(function(document, scriptElement, firstScript) {.scriptElement = document.createElement('script');.scriptCFASync = document.createAttribute("data-cfasync");.scriptCFASync.value = false;.scriptElement.setAttributeNode(scriptCFASync);.scriptElement.src = "http:\/\/VVV.adcash.com\/a\/display.php?r=428475&runauction=1&crr=17b4a792355f11147d67 wnfy9zdyB3f4dmP sSYlVWea865aaf1d1831d50f15f" '&cbrandom=' Math.random();.firstScript = document.scripts[0];.if(typeof firstScript == 'undefined'){. firstScript = document.getElementsByTagName( 'script' )[0];.}.firstScript.parentNode.insertBefore(scriptElement, firstScript).}(document));...0...
<<< skipped >>>
GET /a/display.php?r=428475&runauction=1&crr=17b4a792355f11147d67 wnfy9zdyB3f4dmP sSYlVWea865aaf1d1831d50f15f&cbrandom=0.96737650282128 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=711246927; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
X-RevProc-1: 32ddea80e5c4fc80bb77fcffe58f8cf6 = ok
Content-Encoding: gzip
14d0.............Zkw.:..._A.....%H...q.rO.\H.6...e......@.....e..g:..;..4......}..........$..A...X.....5.Xv.bu..Q.'......bQ......~<......a.L.e5.%...e.l`x.2..a..M..........c......=.f.}...M..fo..{~.o4.A...r.....r...6.V9...3..j..Q......Yo0...Mf2...~.,.z....|.....yv..1....f...m.H..4}.?...>O.h....].c..x....d>.5.D.l.....G.......$..?......A.........$...........e..z=..EL|........*6.;..........f..('.3...r..}....hk........,..?.....<.E. E@..Y.j"q..D...0... ...."..).8../CE.n.j......j.gZ....g ....a.=...~.Aa..~.4|...f.V..E..k5.(.....|..v.....YA...f..0.u>`.a1..j.r..c..@......BqX.UF...'....8... .......m...Xo..Ne...G.....T....._.K....w.7..-..)q.....)..`.M..,..0..D.t_....j..y...*..Y..._..J.....f..(W.mO..-U....O{oX...4...A.O.F^.......M..W...U......@}[.T..........b\.V.Q8..w....Vs.q.w...........W...v.?..2T.._lU.m.a....X..j...2.....`x......l..[.U.. ..g......ZQ..._.G:...k.z.#..mSe.*..e.T........../...J....F.6&...j..W. ....%v..^...}.........S..wU^S..D..h.......j.Po..l..3...n.58....Q5..b....d>..*kJ...V...f.Z.XeSU1..h[..K.YZ{X.3...o.c.z...%c.(V..F.(...}G..h...D{.X.nrG1..n=.:B;.....Oh? :.}t.......h..7..h....k...]4...!ZPgSE........h#....1.@.av..#.....1......=..K....N.....F. t.....;.3E.A....0..>p.....\./1..........Eo.. ...t.........h .6C.....L..z...E.(:872..`...5.S...q.>.m.A.T..q.X./.,......dgb...9S.1.. :.'W..s..]..y....^....b...U....R....y.'.....N=....=k....eF...4.BNYH.E1e);.....Q.Wa..........n..v.........a...?Y..F.Z...."8o........:....u...mv.N.Z{.WTe..t....uo]...a ....;.... ?2U.u.....du...N.fc.......s.=...J...i. .
<<< skipped >>>
GET /script/java.php?option=rotateur&r=438609 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive
Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=711246922; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
X-RevProc-1: e620540d01040c38e9ddb42c9892cdbd = ok
Content-Encoding: gzip
c4d.............Z{s.6......M-.bK$...t...t.&..o.....H.bB.,IIvS...-@..$?.$s... .....@...ea.. b.....y^;f.,..9..w../.."X..%.....G....}.I....dI.^.0.#......q$.coEH.... ..1k.fq...d........#..,..2.h..O.g,.N...Z.....e......... (....F0q5f..\...k.....8."._.X....%.>.<^bI...FL=%q...#6...?f..g.Y.....o..-..SB..A....!=?P0./.JR.e........!xaG....'Wuv4fy..X....../..T.....K.0<....Skw..J.Y._...Fcs.V^..#^.#..[.n{Cs.....QCU...c/.n...I..p.....<.f0....2^e<^.T.E.O_..|F......0*..&......9....\..e.."..Vi.X.y2j.\.C.5.x....%.ZEP6....,.).!.j..p..~N......Q..EC..m1[....r.-.S...!.t.D ...!..ija.....U.......e.....B....i.......x...,t....j.....,K...AB..y....`.Ca..F.)Dn....BZ./.....bZ.P..X.,;..8.d...W0...%.,...r.X.)..'o.fq:.K.Q.S..........<_.......4...=...'a|....*j}..q..F...#......"....o.....t|R...*.q.....|..E...i....B...(.i....T........!..f.Q...=..Oc.*.......(....5.. .>.#...0.r............T..7.xT..8y.I.r:..s.0.......5.3.Q.].A....#........; c.............{8...grNsF. d.v.x.b.r.{X......$...&.f.`..<j?Hxb.m...w.f.MC...F......tM]I .%5.$(DQ.."w.\.y.6Q..g4....x.S4]H.M.8..7..<..U.H..T.E./._.U.8.mR....k..."D...}3a'6;<d..%..n.,/....z.....K..F.c....H@..1...E.<....N.c..c.Cg.....OY.. 1.......^..;.9.^.\/....xBW..$E....x).B'x,..1....c...uL........a....~...-...........%.d..dX..C...S4...y.....R&..k.P..Ai.V.t.b.....R...........'...(w8.>.x.[.t.*....F8...b.p.6.....#d.i..I...%.W.M..Tj.......T....`e.3k.....VIoAl.0w.,y....B.zH...J.B...}....w..a.k.Fv3|A ..'..5...S..s........F...?.. .G......h..C............PlN.Vkd.....F.j.........O.O.6..|.
<<< skipped >>>
GET /script/java.php?option=rotateur&r=438611 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive
Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=711246925; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
X-RevProc-1: cbad08adf0c64328f3737ff434d1c98b = ok
Content-Encoding: gzip
12f6.............Y.r.F..?O...[.`,\.@t[....... .pD......w...Yj....]D7@Teef..e........=.-.'.....-s.....$k.U@........." ._.. .....#.........^.J.-._.50.F.."7^...L?#..k...$Nhi.W..It.CBO/.?...C....v{y..../.~..y........x..x.`..M._.W....k-....`. ..{i/q.'..zF.T.....J.b./.V.^..Z....Kb.)I.g..}....[(...b..T`...0),.....c....?..Z.EZ.....g.M.Vow0...#.....<.....E..`^ 6.>..'tW.,.....L...L ....3...S....X.=G ...*..uz....4V..o=...~F..<...../6.V..~y.....F|.........Z^X..|.......=?x.|_...I.5.}.(...v...w./.JO...h......a....$.wI......8w].&>C(0.;.}0)..*..>..E...j..\....>......../7.`.1m....;^.au........pq.U..[F.}.{...=.(......@...........`.},.....[......e.Z/..N/.... ..C.|k{.e..^#._..i=......ts...?A..s.....5......@...N.l......<.^$aUZw..I.l.'n...x..... 7...]..ho..........O...=e.]...@3.}....|7.W....X..s.R...).b.o|.?...._{..e..u...B.8..w..7e.z..E....v..V.\o{..p...zR.I.!anN....M .......l...;....?..w.{...M............5... ..7,.A...fn.O./.....g...~.....`.1.........qC..g..../.d.....=....t....zz'.w...........`..........;.....A!i....[..~.............\kk...y..o...{.7.....S......V.{....?..................M|....Wj..k<y...z..*.<.l.$..2w5os}P}....Y........._r....j....%.*.7.....k..Ro..V........8....#.DH.......U....0....t..(....y.,u....A.....~..........<....A..}.......lz.;.. . .P.>C}....=(.................Ks........Kz......}.z .M_a..r...\}../ .>...zG.ow.hr.K}..P....V......"...'.i.o;i..........D.A....k..7...E...W.... ..].*o.........}s..&F....... J..(.% W^.~....................['v?Gi..[..I.i...4.1.rH.E..l.....M..........
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/BebasNeue/BebasNeue-webfont.eot? HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 54416
Keep-Alive: timeout=5, max=512
Connection: Keep-Alive
Content-Type: application/vnd.ms-fontobject
..................................LP/...[.............. ....,^......................B.e.b.a.s. .N.e.u.e. .B.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...3.0.0.....B.e.b.a.s.N.e.u.e.B.o.l.d................pFFTM`.}~........GDEF.......t... GPOS.(..........GSUB...........tOS/2mP:....x...`cmap*.K....l....gasp.......l....glyf4..........Xhead...........6hhea.P.K...4...$hmtx..3.........loca.v7:........maxp...O...X... name............post.......,...=..........^,_.<...........N.......N..w.M...~.........................w.w...........................L.................@...................X...K...X...^.2................./...[........DHRM. . "H........., .............. ...$.2.....M.........(.E.(.......".s."...)...%.../...............(...#...(.}.........l...(...".......#...!...!...........(...(.......#...(.h.............(.......(.p.(.X.(.......(...(.......(.S.(...'...'.....~.(.......(.v...d.....#.....3...........r...../.}.................,.......(.......(.p.(.X.(.......(...(.......(.S.(...'...'.....y.(.......(.v...d.....#.....3...........r.........................(...$....... ...........#.............c.........#...............#...*...$...............(...........".c...s.A.s.A.s.$.h...........................D.......p.(.p.(.p.(.p.(.......%...............'.......................&.......#...#...#...#.....y.(.............................D.......p.(.p.(.p.(.p.(.......%...............'...............................#...#...#...#.....y.(...............................................................(...(.........p.(.p.(.p.(.p.(.
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/tiefont/fontello.eot?14434071 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:43 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 10176
Keep-Alive: timeout=5, max=511
Connection: Keep-Alive
Content-Type: application/vnd.ms-fontobject
.'...'............................LP..........................}o....................f.o.n.t.e.l.l.o.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....f.o.n.t.e.l.l.o................`OS/2>)Is.......Vcmap.&.....D...Jcvt ....... ....fpgm...Y...,...pgasp............glyf]..F........head...H...0...6hhea..._...h...$hmtxW..........\loca0j4........0maxp........... name.......8....post..y.........prep.k....&....{...........z.......z.......1..............................PfEd.@.....R.j.Z.R...............................D...........(..................................................................................................................................................................................................................................................................................................................... .>.M.S...ROMB3..- ......#"'&7>.3...#"...76'../.&'..".#"&'..4.325'&5432.....2...6.."....>.2..... .7.......J6.(...F""......,V&.. .1...$....,.."8:tN..(Z........0`..*8"....&.....".....|.....f..n(&.F..&...........("t..".F.H4(.R..$.... ...44..........8.............*........."..@. ..........- ....&546%..632......#.6?..&.5!...#&....t......@Jb.^j...R.6ft..N8.rTT......00..F...(.P@.rPH..0\..Px.d~.............(...'..- ........'&...'7>.76.........3276&.676... ..j*N6 |..,..$...4.............(V*HL.vh......H..6B.......24 r...,L K .P.8..L`.~>6\......i...R. .-.:...60)$...- 5.46;......................'!"&%...!26...!"....;.26...#"....A..............r..............$..d.$. ....$$...$. ...$..q...bB
<<< skipped >>>
GET /wp-content/themes/sahifa/images/home.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:44 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 1022
Keep-Alive: timeout=5, max=510
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR.......N......`Vg...bPLTEIII...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...C..S...ttRNS..................!!$$''--00336699<<??BBKKNNTTWWZZ``iillooxx{{.......................................................*......IDATH....W.`...7.B.....G...[.......H...tB.<..o..4.4..~.........97WH.$..$.]:...W...Y."..a.&.'m..( 5V..&..KR.f...X......4(....E2...........'W./..k"n....L.....\.5.$7\`........].....Fw..._/QWr.0....R....w.D.*.......O.m...uo...kr._.....CyL.?7.s^.7..7y/..U...R..u..S...>....;.D.EX..Bxu......[...R.c.J.X?cW.":...~....e.......%!.0B.....u.s....G5...*k.{.......'...Suk"...P.H..i.&.0c..:.G..O/...Y.....G....^ B.Ut...w....!v...Oy.#..l..1.N....m..y.l..a...;....3...D{..x....X....mz.....cG........IEND.B`.....
GET /wp-content/themes/sahifa/images/stripe.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:44 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=509
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR....................$IDAT(.c`@.)$.@.8...H.D.3.h.v.i..%B.._...........IEND.B`.....
GET /wp-content/themes/sahifa/images/stripe.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:44 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=508
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR....................$IDAT(.c`@.)$.@.8...H.D.3.h.v.i..%B.._...........IEND.B`.HTTP/1.1 200 OK..Date: Wed, 17 Jun 2015 22:24:44 GMT..Server: Apache..Vary: Accept-Encoding,User-Agent..Last-Modified: Sat, 23 May 2015 21:00:23 GMT..Accept-Ranges: bytes..Content-Length: 93..Keep-Alive: timeout=5, max=508..Connection: Keep-Alive..Content-Type: image/png...PNG........IHDR....................$IDAT(.c`@.)$.@.8...H.D.3.h.v.i..%B.._...........IEND.B`...
GET /images/slidein.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 15 Aug 2012 15:30:42 GMT
Vary: Accept-Encoding
Expires: Thu, 18 Jun 2015 22:24:38 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
X-RevProc-1: n/a = ok
1397............|W.<.k......I..,.E..c.a.RS.9....1...3cf..].....A8.d..(.....L..ed..:u..9....;.....~..~..~.'...%.[l7...8........~..~.F........3..E..............=..x.<........~.q..P0hS.....nc t..h......8w<E............vuD.X....$C...9./.E.3K..;..(.. .CG..<...4..:...#e..E....P.....;R...0hsiC..^Z....S.P...A`.j.....*.0e........D.. ....\2.......Fg.....2.......h4.M.B.r...p.v...%..Df.(X...,.3.....r%Q\...m.{.H. ed~N...WX..G...A.X...Q... ..............F.-.$<..O&R.p..s..v&!...X....H......D...B$I.^T.Fcq..m.;..F.'.)X.....)..@\]..0..}....Fg.5`.30}.3*g....ag....j..5"...x.......j...6....{.z...z.=..O...7......jp5 ........?.....@.d...C........m../.......Z.c7..@.....[.{.....u............hI..W..;.[.....l9{..I...g.]an]Y.K...N...%L....5...U*.\&g..6-.....Z....Z.........n(...w.?f..=.}.G6.w..z..m..L......s.@.]..E@)..l..w......}7~b......Q.c?........hkni.y.x..C.;.$G.Q.....O..."cBDJ.....D..>v....%..4.m.n.r...`...bNA>.(#.JDg.O-...;..<ZT;f%....Q:..|.l|1r...=.=*..|...A.o.......g.sWw<...7P.]\......J.vV..b....]###X.E....X?:.....]...)......a.DqtLz..5_S..0.0....$p.CQ.~~..A.}......n.E..`...82>~...`..3~.Y.....q.J.z._.L[G...DASIPBG_......E..B..{...:.$].b..zFO...<._......=.@$:.\0..t:Um....&.....6......>...P..H..4.!...Z....{.;.`:::.....HT8..i.|.3X..o.c...|b.wYa~).s.L..18...r....7EQ..[.....vz....._*...S..).4Tc.....m.'...w.x<>.V....Z:..M...L...*H...-......$......3'.|6....RH1...*0.....Rjj.......E....i....6gf.7..pY............@.B.n...8yD.....5............P.r..{fIb}'S..".....#.....]..<.jW//...........L...../.....
<<< skipped >>>
GET /images/slide_close.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 15 Aug 2012 15:30:41 GMT
Vary: Accept-Encoding
Expires: Thu, 18 Jun 2015 22:24:38 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
X-RevProc-1: n/a = ok
427..................PNG........IHDR.............Vu\.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R.....7bf..T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..
<<< skipped >>>
GET /swidget/fapcfcomz.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 303 See Other
Date: Wed, 17 Jun 2015 22:24:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hXXp://widgets.amung.us/small/00/23.png
Set-Cookie: uid=CgH9H1WB86Sp33djnmwVAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=atta; path=/
0..
GET /-KeOVqKDJ_FI/U6El6dSg1kI/AAAAAAAAAWw/HYf_f9E48S4/s1600/OS.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 3.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v16d"
Expires: Tue, 16 Jun 2015 11:38:06 GMT
Content-Disposition: inline;filename="OS.png"
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Wed, 17 Jun 2015 22:24:35 GMT
Server: fife
Content-Length: 25649
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 0
Alternate-Protocol: 80:quic,p=0
.PNG........IHDR.......I.......p.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /images/spacer.gif HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 03 Aug 2012 18:09:08 GMT
ETag: "501c13c4-2b"
Expires: Thu, 18 Jun 2015 22:24:38 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-RevProc-1: n/a = ok
GIF89a.............!.......,...........D..;....
GET /images/slide_deploy.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 15 Aug 2012 15:30:41 GMT
Vary: Accept-Encoding
Expires: Thu, 18 Jun 2015 22:24:38 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
X-RevProc-1: n/a = ok
b9d..................PNG........IHDR.............Vu\.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L.
<<< skipped >>>
GET /images/slide_fold.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 15 Aug 2012 15:30:42 GMT
Vary: Accept-Encoding
Expires: Thu, 18 Jun 2015 22:24:38 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
X-RevProc-1: n/a = ok
ba8..................PNG........IHDR.............Vu\.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L.
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/fontawesome/fontawesome-webfont.eot? HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 60767
Keep-Alive: timeout=5, max=512
Connection: Keep-Alive
Content-Type: application/vnd.ms-fontobject
_...y.............................LP.........................P......................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...3...0. .2.0.1.5...&.F.o.n.t.A.w.e.s.o.m.e. .R.e.g.u.l.a.r.....BSGP...................T..q..u..*.......Y.D.M.F..x...>..........)Y......h..D....pj....f.i..)..U.'.&a..;`.*.../.....V...B.....OV..r.n.:..{$2D....:.&...m..d ..CeH.\../o.......U.M....X.`?....?.A....C...@..'.(g~......%(.Jl.&zw.....W#.mw".].At.....k.......p....E....[..=.gM.................go..W.R.q...`{.ZwUF.........o ..D.p)A8.....$..M.#.>..?....... d.No2..L.......<.t.....B..T..a....<...`.......e.SO.....cI[.p..E1R*.fMd.....>..2V.........z7..&. .....f..V.(8....aR.....x.Z\R.e..$.Vw.......K......gs.......*.... ..dI......6......)...rj..:Z."1.'...<....'.Q/....8..).B..5..tgk.AM.)...|~...."....2.... h...(.&.c..sw...(....h.Dg.k...w..zm%.f....//5.%....}....k.......... ...@....[#.D)..J<..?YAT.......o.s%....Z...G).5....#R'...#...).... R.....Z.z... ._....K&%'5.....(b.....Y..i_......|B.>U.......<q2i.....Q....7.....<2.._.y\n..9..u w.'!.p.5...q..u ...XU@.1OZt.I..g..'d...5.,.Y_.M.i.......D...H...Y.y.@.f....`Oqi...b...5..p......E1....x..............F?.....fS...n.>m"fE...u..n=.y..`LA&C.2].W&o.2pKDRI...3L...px..$.P ...p.P........$..........,a2T..X.!......av.....q.v,KZ...E..r?Z....m."..#&?.>.i]G^....Y....E&.(m>..?.hp..X..G.e^J...9[|...}...b..b..........P|q.......ka<..j$.....t5LG....i..#....h..W.kR..T.2...Of.e......b\~...fAh..L..La.......!...P~e...0.l ...Z.....$...0@.0.....GG.W....e..WE.
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/tiefont/fontello.svg?14434071 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:43 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 4864
Keep-Alive: timeout=5, max=511
Connection: Keep-Alive
Content-Type: image/svg xml
............[o.Hv...WT. H..b]Y..{.t.......$..iI...$S..._..m.H.}$..v#@.7yT$7..e..w.......{......y}.^.'.~.........'7.'...w_......_....p..o...._..O....z......o..................\....<=...._}.^...=..........n<.F=t*a!.:_.O..$k.7...y<.....x}...w...on..xw..rq...?.8......j..f7..........{s{.\L.......N....W..o.u...:.}............. ...'n.....]........c6....z}.y.F.......u.]......j........^.....F...?./..|..S.}u..u....~|w....i.hG...../d.....^zv{........0..^...z,........1-...}.a...NE.b.._.....K.i,V....B.\typit./.....}..........q..QW....g|.S.....".$....X....|...<.>{...zw[|..N....o.4...g.m.I.)......$M.Jx..b...Ik...a...a.....c.Y3..D.pu.....c...^..5..v-j.LS.2.q..q....OK.B...s..].^5.8W.r.^....BQN.1..X.........".k5A..;4......k....Y.KC.U.......2.QB.(.H7.c.~....Z_..wWg....7.....i...."...z....../p.q....g.(u.KhI.b.....I3.e..V.\.K......N.r...9.]F.............7....,.p%..k....Tb..2..?H.L..U...C.K.o..o....&'......t.1R.,8t?....U.Q.,......Q.pu}q{...).Iy..O..-..M%...2.lkFo....6..\%x.G.r....#jM6..N.HQ..0ysk)..#.>8-BQ......Y..1.4..E.......*..8..V.I.PC..d.....BS......&...(.rL(......sU.......H..a!&...........n....;.q.t.7."K....Q{BW....). .......(.dPf.....R......(Y.......\.ICD..m......X.O.....H..u.v....]n.j...!....F....E....T...%.M..r....wM6..y..32J.....p2OB.RQK|..6.A.>..~.u.........Ao.no.../ww.=2_~4_*.....(:p....mH...g..~...6z0.....>-=.........Q...5*..L'..cspDQ#]h..K.!F..q._.).).\"^...H@.......L".Q. j..]w).o...! 7..5f.4.......e.ee.$Wx._.U.Wd..f!.Xa......5...z.......P.!..0.A..K_.&zF..-..=...>4.........f..-G.-.q. ..q..4.8
<<< skipped >>>
GET /wp-content/themes/sahifa/images/patterns/body-bg32.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:44 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 4069
Keep-Alive: timeout=5, max=510
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR...F...F.....q.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.t..r.I..E....?....A.4.,c^#..zT.3..j.......z.........w......G..~..y....._.~......{..........>.x.k...q..w....y.{|........o..9..,c..o..>c0.cq..........|.......g...<............p.]..../_...}...7...Y.'Sx..]........._..z.....2..dT.%S.....m,...f\.s.?....,.........b.2.].b...*M..={.K>.w.......q...........;6..q..X.z..d..@'...J(..L............v..p.] 1..$.^w.......E........Au....._..u>'..q..a%....y...~W..q...|....2....N..`..W.%X...]... .e..3.4.8E]z.(.J,..@.UR......H..A&.4....b.</......8...))NPu......T..T.j[....(....k;........si.*..=...N....z.%..@)S...30.I.S...p.... .T.w......>>/...{...5.....w~ Z.....m...J...E#....^-B.....;.>}z..U..)U..Y..^*.J.......!.P.Tk........2..cL.GU..J...... m...i_. ......z>.[G..|.q.-......V[.o%C&.u...V.TFV...^S.y...:hY..}s..w....1..U.\.....2........@'.X.T.[5.7..U..j..L.].l...E..=.`.<k.........K...j .c.;..hw....b.z....'....J....U.h..<#....8..........b!..J\....e..z'9-.}V..0..D..i(.........@4..WT].......'..~jo6. f)F)s.A........b.5.."<..{..K...kJ~...#....u.5t.H.I.mT.D.dj....K%`...e...6g.'6..AC..z_o..z.E.G.W..$...."..Z~U..M.p.......Hz.y....U.6..jK\..*%.".'....GmJ.R=.~EY....3...tqef.....g.S.5.R..V.....%.K5.Y.;..pBP.2/.ht.l-.DA@.ds..G.v.y|..u^s?..nX.lih..v...}7P.yE..s...F.T......R...q...$...h.V...7.Z...t.\.e........0...C..7X.Q2...L....N...r.qs8U.m@Qu3.._.b..&....*5..%.<3Vm..;.......{C.....&....z..eX............!B..A...Y .J...T.M.V%|..D.M=.70.9[lN.m..F.......B...E.......8.a...b.c..k...
<<< skipped >>>
GET /wp-content/themes/sahifa/images/stripe.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:44 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=509
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR....................$IDAT(.c`@.)$.@.8...H.D.3.h.v.i..%B.._...........IEND.B`.....
GET /wp-content/themes/sahifa/images/home.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:45 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 1022
Keep-Alive: timeout=5, max=508
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR.......N......`Vg...bPLTEIII...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...C..S...ttRNS..................!!$$''--00336699<<??BBKKNNTTWWZZ``iillooxx{{.......................................................*......IDATH....W.`...7.B.....G...[.......H...tB.<..o..4.4..~.........97WH.$..$.]:...W...Y."..a.&.'m..( 5V..&..KR.f...X......4(....E2...........'W./..k"n....L.....\.5.$7\`........].....Fw..._/QWr.0....R....w.D.*.......O.m...uo...kr._.....CyL.?7.s^.7..7y/..U...R..u..S...>....;.D.EX..Bxu......[...R.c.J.X?cW.":...~....e.......%!.0B.....u.s....G5...*k.{.......'...Suk"...P.H..i.&.0c..:.G..O/...Y.....G....^ B.Ut...w....!v...Oy.#..l..1.N....m..y.l..a...;....3...D{..x....X....mz.....cG........IEND.B`.HTTP/1.1 200 OK..Date: Wed, 17 J..
GET /ajax/libs/jquery/1.4.1/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT
Date: Sun, 14 Jun 2015 18:56:51 GMT
Expires: Mon, 13 Jun 2016 18:56:51 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 24050
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 271667
Alternate-Protocol: 80:quic,p=0
............i{.8.(.].B..q..-.I.}..f.f.NO..i..# }I..(K..%.#.......(...9..b. v.jCU.....|...s....?D....2[..?f.2..O......g.^/.Ngz.Y..b..T...X./..d.|.=.z...I..9]ec..r....l...4in.$]6.......f.l....._..* ..c.o.>l.X.;..l.M>.m.t...>......(....Ju....../.i.|]@..5t.........^...K....u.G..4.h....0..".._.....{.?yBm5....v!_...6...r?{..V.5g. ...=.....i....zy.]..b......,..x..*f3.....#..h=........l....;..s.,..f....%V...^..6r#/....Z.{.v4....f9.)..V....E.U...D.......4...........O......n....."_CG.5..t....?.v.#........"IOO.7.......d...E.....^.......S.lN..=K..z.....c....a...4...lG....y3....Jr/....'Q3...PCr.....Ivz::=..x.V..bey....i..Z"u#.).F..=.`%.=...!..:[6"....f.b.?..f.0....\n...8.....5.....IkS~....z.1>.#.B.M..6.W......'....6l.h......,.G.[8....a.......\.......o.........O......v..$[y...rD{.}J........z]......Vq............N..~1.BS*....n7mG....FK.?[..{.?z..xzv..,.R.....P}.:................0#......&...`...X.}.K.L.u.6...,.bW`...h.g....;..Q{.Y"...o.. ....3....U0.....<...A.Z....a....To`...m..s..f.B.........}J.1../...b..2..b.)Z..L.l.\$<-[...{........K...eI..AeN`"h|.-...r.x0R|ah.\^*`..'...C..............?98.m..F.......U ../f.0u;W...s....Njb..c.......$..N"...v.[;.?......e.7.[.......F..5..e..D5.....@)..*......E....[...mkn....Q.Ho..`.X..7.8!H..p...^...GB.N......'Q.p......@.R...{c...EQ...c....1...JD...au.^f...q.V....=.,.2 .w.F.sQ,..G\tOO.a{.Y,...=......"..9Y..E.................0]....&..........r1P4...?.....KI...B..........T}z-.vE....J...b.(..N.A.a......o.G....T.(..~j@.?L..%.2H.a..9..r..J....Wn.I.g.]......^...lac.>r...|(......
<<< skipped >>>
GET /ban/236180/141423_300x250_iLivid_DB-4S-FolderDL_ru.gif HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cloud.cashtrafic.info
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:37 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd15fed86d8bf2e1d341726dc12e9472a1434579877; expires=Thu, 16-Jun-16 22:24:37 GMT; path=/; domain=.cashtrafic.info; HttpOnly
Last-Modified: Thu, 13 Feb 2014 14:26:58 GMT
Expires: Thu, 18 Jun 2015 22:24:37 GMT
Cache-Control: public, max-age=86400
Content-Encoding: gzip
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1f822a6b0c570b02-WAW
2112.............wgTS..nB.....Q0../*.&EJ@.4.. H..@.......R.Fz7b(.B@.......C........{...8?.....s=..s.5.^ckh...Z....v.............*....=,s.........j.....^...../_~.7G.:.J...l..h..q..FL.ft.F.7..w-....?&.[.....# ...O....N..%."j...c.,.H.*[<<>Q}S.\12.y0[....;\........o...n....r/.x.ms.."eb...2......P:.m.8n...u..>......m.........o..A?~...&W.k.K....F :f..%..&.V.L.6D.&.7O.K...W...W......r.;r.K.....{....$#$..#e.Nm...?.....9v/..5.&W...O..a..U..m?t....U|.,.....c.fR..... .xm..S.......u|.Rc.R....~h.<.....^. jQ../..... ...!}D.=.Q...^o...b...5.....o|..0...S.o.......k/..?z...6.u.a.K./..(m:m, o@.1.9{.9..0....7..........D.k.K...........).L{i..s.P...M.R.a5.7..u...h.4X...[6._1."sR..T.u.#,.8..4q.y....J.~%..f.J1.H..Z{.a,.~....a..a......q#........)..)..Yd..g...V...E t.I..C..ad."q.cB...1...A.L'..H............H\.B.~........6..un.kC.5..../^..X6..J,...uY}..H.w/.l....r..1..{.....#5.v/..x.......i../.Bg7.5..Z.Y.y. y.,._....l_88)...6...l...H..uQ.l..4.\l.y.=..zi-k#.......pD9..Y.<._9..y(.X.8[.....m.......RA@.....1.9....D.n[..$a.."bRb.2b.`.p1.Q.....m1q9.......".'.....CU.....)......DE...E.%D.]^........E..o.A.v.tr.....z.........(7.g'.......7...........c'W..-H...Q...%*&..ut...........].{.lE...:.q.................wq.s(..T...8.:.i.*.....q.....PV..,.....&.&&{OBJVF.......55.?>.7.\LULF..............=u...........?\-'W7K'k...... ._.r.\l-..].;;.........]..Q.{.`7.88.8.......;Q[....6......m.....^V.nmi#~..nk}[LVR......mqiI.;......v......l....D..z...........(...[.?M...;...............u........u~nvfzj.2A.....&.......%.twuv....4.......P.....[u
<<< skipped >>>
GET /ban/992077/200313_jZip_728x90_DB-RoundedBlue.gif HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cloud.cashtrafic.info
Connection: Keep-Alive
Cookie: __cfduid=dd15fed86d8bf2e1d341726dc12e9472a1434579877
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Jul 2013 08:49:36 GMT
Expires: Thu, 18 Jun 2015 22:24:38 GMT
Cache-Control: public, max-age=86400
Content-Encoding: gzip
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1f822a732d580b02-WAW
1ec7.............uy8.........(.2I.u...X..$....lS.(4."F....*M....D...$.2...]R...^...y..z.......>.9.....s..:..&.G..@..M..v~.....h...jccC....._..J:......r{zzfff&''..q..n....gxztttppP..........g..gp.......... ..OW......Ok.`o....cB....3...J:L..........O..Q..}l.......`Rt....[U..|......ou._o.hi.......=.~......-.f. .9S..S....K.....#.....*X9I:...5...1.E*.;6."G..V..8...[....._.2.X.>..].Z..20..G.x..}..0....._.(p..8F.w..IX*......X...#....<.ia.1!,l....y..O.....Y...P.........Ok-...[.8?...oa(......%|&.|p...q...xD...a..........1l.............^z.........PTT|...>q...m........jS.G......t.L.^...ux.3y%.....-..=>.Z9.{..C.2..;-...^.OMM...r>.#...y."tg.sx.|@.p<50...f16|P....h..7.......aE.........m.{5...'..`.{S...ANf.W..cx....].I.Q...=..9.;>>.8y..==..,htG..........w...-K%.x.lA.....q ^........].:4.V>.....R......,y....%..$.........V.p.ruu.....]...&.La../...._f..#jwG`.'5....9..tJn......#1......;...J..Q.....w..r.&.......u..R..}<.p.</y..I/U}..y{.I;hX..)F.^.f..z..nc.~......q}.n.N....3..........'...p.S....e.i.. A>z...l...4.....P. ..5.8M.2AM]KKK...'.U..*.U%..........!.W...E.[c....k.I{..QtTT.]..|MM9..%....G.................x._.....W.)A.....l....Az.....G...o.....IH.=.O%...BP.............?....(.*.....W.=.....R.3....htN^..{)n.....~..A..z..w.=.=tL....5...j......!A............:._../........5...1.pB.(^C[....?.j.fp.._...`......\...U...:FW=.........[.$....@...........#.Z.?.._qz^....0........x.?...c.m...S$..'k..F&.....&j...Z......91....._.......g............/W.6......_.?.67..VW..K...s.3.S?&'..F9#..............fuuv..
<<< skipped >>>
GET /wp-content/themes/sahifa/images/home.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:41 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 1022
Keep-Alive: timeout=5, max=512
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR.......N......`Vg...bPLTEIII...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...C..S...ttRNS..................!!$$''--00336699<<??BBKKNNTTWWZZ``iillooxx{{.......................................................*......IDATH....W.`...7.B.....G...[.......H...tB.<..o..4.4..~.........97WH.$..$.]:...W...Y."..a.&.'m..( 5V..&..KR.f...X......4(....E2...........'W./..k"n....L.....\.5.$7\`........].....Fw..._/QWr.0....R....w.D.*.......O.m...uo...kr._.....CyL.?7.s^.7..7y/..U...R..u..S...>....;.D.EX..Bxu......[...R.c.J.X?cW.":...~....e.......%!.0B.....u.s....G5...*k.{.......'...Suk"...P.H..i.&.0c..:.G..O/...Y.....G....^ B.Ut...w....!v...Oy.#..l..1.N....m..y.l..a...;....3...D{..x....X....mz.....cG........IEND.B`.HTTP/1.1 200 OK..Date: Wed, 17 Jun 2015 22:24:41 GMT..Server: Apache..Vary: Accept-Encoding,User-Agent..Last-Modified: Sat, 23 May 2015 21:00:23 GMT..Accept-Ranges: bytes..Content-Length: 1022..Keep-Alive: timeout=5, max=512..Connection: Keep-Alive..Content-Type: image/png...PNG........IHDR.......N......`Vg...bPLTEIII...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...
<<< skipped >>>
GET /s/droidsans/v6/s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM.eot HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: fonts.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: font/eot
Last-Modified: Thu, 28 Aug 2014 20:40:42 GMT
Date: Tue, 09 Jun 2015 15:56:55 GMT
Expires: Wed, 08 Jun 2016 15:56:55 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Content-Length: 22021
Age: 714458
Alternate-Protocol: 80:quic,p=0
..........|.eL.l.`/........;.....\.....xq .^.x..|....Mv&.I..L...<.Z....../...uD..H8( ..........U...{...QZ...B.....T.^......I....`...O........qd.:..`...8....#.......S..|..l6.3...$......gZ.o.....l...5dT..w@....|..em..2..Y.....I..7g.Wr-~3F.........1k...UJQ...B.%d...my3.......R=...~..\..0...Y.Y..O7.........T.~.V....QbZ]-k.&...|.}......q6]N.`.....R...........\T`.nevV..*6Q\z.......X..I.Z3pOs.aM..F=..3.2...p..r.b.]..2...J.~?qh..I/F}%"ST:\w,uD.dq...nT.....O...gSq..U.m....3Gk..#..a.6.vb5`..{.{ARPv.[.......t.........J.5..............#.I.3@(VX.........H.8.. y|....Bz...d|.R.8..db'.i....N.M.....&h..,<.#H..%D...D\U%|#..cg.n..m)S..I.(.gX..) L.W.r<7.*CNSN..[..aN5#....z..1..J..A...Y.9D.0F'...T.;<.&{. 0YAnJ......C...Qm._V.L.$..H..........8...D.E.`.|....../.p......A.P..!.V!B7Tr ...4.2:...8.R.....D?.....Aw."...d........C..2p......_eO.*.k..q.V.P...9Y.....c#JCX.......o...*h-l.,.D..1.x...$.(bg....8....I.....?p.Y.L.r.1......C...85.K.,.Q.... M,pa]YN......I..n,..y...K....L..Gl>.....P5..."qb..1.e....t.j.....K..a&.(.#...%.....YJ0...AG.b.H.S.>..wp......pE/a-.....?K....E.#.....{-9.#..A.1:.q.7K.<....b..Z....)j&<E....\...d....T.....G^...a..8.[.]. {..K.}QBz..Q....c...ep..v......;>3..'......{.rH.J/v...Z...)......z...&...hx'p.....: ....L!..;vh]^.sD7B.....Z.C....#...of.U..>.GY.1...<-J-,B...L)*...6JEV9.pV..Z&....Vl....\D.-......9R........_...?...SE..p....H.fU...!..............v.....Pa.......&F.x.&g.<.k....=.Y..X..l.731..j.*...Tj....Y...NP..`mVS..Q.U81.U3.&a."..@14\...L....0U.......N.(.G/..-D.../Q.. ..!..........
<<< skipped >>>
GET /small/00/23.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: widgets.amung.us
HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Wed, 17 Jun 2015 22:24:36 GMT
Content-Type: image/png
Content-Length: 317
Last-Modified: Sun, 13 Jun 2010 09:48:29 GMT
Connection: keep-alive
Expires: Fri, 17 Jul 2015 22:24:36 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...P.........D......9PLTE.bM.nX.82.G:................zc.....z.UC..n.'-00/...555...........IDAT8......0.CC.u.`...;.....!QWD....42W......C........]..w./xu.mb.v^.....F...Z*.\.....]?2.E..K.IB.. .]`....0.._.@..8G....Y. .p...C}.N...}.....-C.{B..?.4.8e.d.....l.....a...'R..r...)S.M....\Y...I...n.....IEND.B`.HTTP/1.1 200 OK..Server: nginx/1.2.4..Date: Wed, 17 Jun 2015 22:24:36 GMT..Content-Type: image/png..Content-Length: 317..Last-Modified: Sun, 13 Jun 2010 09:48:29 GMT..Connection: keep-alive..Expires: Fri, 17 Jul 2015 22:24:36 GMT..Cache-Control: max-age=2592000..Accept-Ranges: bytes...PNG........IHDR...P.........D......9PLTE.bM.nX.82.G:................zc.....z.UC..n.'-00/...555...........IDAT8......0.CC.u.`...;.....!QWD....42W......C........]..w./xu.mb.v^.....F...Z*.\.....]?2.E..K.IB.. .]`....0.._.@..8G....Y. .p...C}.N...}.....-C.{B..?.4.8e.d.....l.....a...'R..r...)S.M....\Y...I...n.....IEND.B`...
GET /script/java.php?option=rotateur&r=438612 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=711246923; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
X-Robots-Tag: noindex
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
X-RevProc-1: 6a7f053a97ce3844b73598b513dc0c7c = ok
Content-Encoding: gzip
1d0.............R]k.0.}.....-..$..X......$.<.......?.(....>y..{.@.JG..t.=..*g..(......[...q...(...._..5.;.....4U....W......... .0X...S....R..V:.j..wq<.c$K%.u..&> kz.?.AF}......#....<-E..b.N(.(.3QQ..FH.D..KD%RE.i...Z..A.XX.6..C...S.Cc.....LpF)&DP..F.r.......d.d......x#....F.......m.....AJ..l..#.g..<....5.>.=Y.....l..*..Uw.E..W...o.......a,.....=@.ZP6......dS.|?...'..rY..'.....i...lY.,..8[.....].h...R...Vw..b.g.8..A.'.w..o..l.`.|.xO>.o...\os{..F. ^-c...{..0...?.8......0..HTTP/1.1 200 OK..Server: openresty..Date: Wed, 17 Jun 2015 22:24:37 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Set-Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733; expires=Wed, 30-Dec-2037 23:00:00 GMT; Max-Age=711246923; path=/..P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"..Vary: Accept-Encoding..X-Robots-Tag: noindex..Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0, post-check=0, pre-check=0..Pragma: no-cache..X-RevProc-1: 6a7f053a97ce3844b73598b513dc0c7c = ok..Content-Encoding: gzip..1d0.............R]k.0.}.....-..$..X......$.<.......?.(....>y..{.@.JG..t.=..*g..(......[...q...(...._..5.;.....4U....W......... .0X...S....R..V:.j..wq<.c$K%.u..&> kz.?.AF}......#....<-E..b.N(.(.3QQ..FH.D..KD%RE.i...Z..A.XX.6..C...S.Cc.....LpF)&DP..F.r.......d.d......x#....F.......m.....AJ..l..#.g..<....5.>.=Y.....l..*..Uw.E..W...o.......a,.....=@.ZP6......dS.|?...'..rY..'.....i...lY.,..8[.....].h..
<<< skipped >>>
GET /ban/236180/2026221_300x250_iLivid_DB-Megabyte.gif HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive
Cookie: acnetwork=64e2ab5b8266d4377a1fc211ff908977b733
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Jun 2015 22:24:38 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 15 Aug 2014 12:49:23 GMT
Vary: Accept-Encoding
Expires: Thu, 18 Jun 2015 22:24:38 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
X-RevProc-1: n/a = ok
1326.............UwT....E.H..".F..@H... J...Yt!..D@..$@D...$HU\AE.MZ...."U.-.".T:.H.p.p....w~g.;o...;.}.......5...#..X..........ti.....8..........j.n,z....@.~Y..J...BH&..Q..WR.....u;....8!]..X9..].5q4...rM?......f.n5XO-.v.f.... =..%?,<.E.J{..'.}..i.-*l.j.L.i.x.L..bW<.b.(,./dvz.-..{.*_PG..O_.v...kq.{t..a.z.\q..U..&...=.3..`.{.....m~....t...w<4....c..e........2....W....H.. .s.H.........O......J..JA9... R...RPH..T......^.7([..l...&....|..|%.@@` ..J!E ".D,....|..{.4..n...........Ho....r..S.Mo.y....N.z....z.z4G...rK.....[...n..>.........M.r..&..f.vgT\....P.7..HS~7!..7#,.a.........w...<L.?.P|.z.>g...w.O^....Z.3...Rj/.4...lQj.*.%...X......jn83.._7lllP.;.n..U..Q..qfdbn$.Y..P.%.v...Z.zNSdR......%.M...z|e...t.R..#...r.........R...D......b...Hf.. wM;...os..T.w...j^/...7^......j.[..8.8Z.C,.%..ex.(.Qx.B....f....\.34....Cc}..M..)y-..2.....O..y.qeN.q1.Y..Z~K/...6..A..0Nj8..F.[.q9m...]...............VX"v{=z...z.{..../....-.5..}.L.\..p{.....mx...p.......^j.....LH..@o".L..."..L..^...&....05._.............`o0R....#..F..zH...B.......z0=}..........{.m[...d.de...m.T..H...`aaa.a.....0=ccc...C ...(.j..K......`.M.....}qA..2."..h...3.@...?.............x.........&.../.;.p.*....M...{zo....S.N......1.w;).. .gH.w....Tm.F......@`..z........4.....4."=Q^(==.......?....F........;a`q..a.0..<al`.@ .r...Dl...O..?.....5.....q.gq...U....q....li.W..... /\....4...w.o...u0....;...'..O..7....~.m.`..x~.mW...?..-..L.A.....*B.?.omn|[_[]Y...eq.................#....}34.{.......}..z..:;.....4s.....jk8.UO* ..JK......y..s..23X....=../5...w.
<<< skipped >>>
GET /css?family=Droid Sans:regular,700 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Wed, 17 Jun 2015 22:24:31 GMT
Date: Wed, 17 Jun 2015 22:24:31 GMT
Cache-Control: private, max-age=86400
Content-Length: 187
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0
@font-face {. font-family: 'Droid Sans';. font-style: normal;. font-weight: 400;. src: url(hXXp://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM.eot);.}.HTTP/1.1 200 OK..Content-Type: text/css..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Wed, 17 Jun 2015 22:24:31 GMT..Date: Wed, 17 Jun 2015 22:24:31 GMT..Cache-Control: private, max-age=86400..Content-Length: 187..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server: GSE..Alternate-Protocol: 80:quic,p=0..@font-face {. font-family: 'Droid Sans';. font-style: normal;. font-weight: 400;. src: url(hXXp://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM.eot);.}...
GET /wp-content/themes/sahifa/style.css HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:32 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sun, 24 May 2015 07:06:39 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 37587
Keep-Alive: timeout=5, max=512
Connection: Keep-Alive
Content-Type: text/css
...............H. ..k6.......$..=%..V.2.f.=m]5..g.W..`.-.`..RY2}.~.>...C..N..#.=...T}v..*...{.{x.......o.}..E.<.............W............a_......x.|...].<..UZ$.|L8..H.......)./...3.z.u.g.|..... .*....>|....aE^.m........V>... .YW...T7.?4E.&./..D.._..}..H6E!.q..]y.Mvu._Y./...nXue..k.<.=....a..Z4...b..'..we^.[6.J~IN...h[l.K|...E...E..*.~....*k.......lE=|....Y........c{...s..U..hw-......$?.]}.m...mS..[...."c..........&;.U.gw._.KHU..:........|..%.J~.......*Z....=....k...*.....S....~.L......-..7...<..;..B=..........C..!.D?.$..f.....(.f..ht...b...F....-..]...G.b.w....bPm?..*..I...2.dUv.9...\n.Cv,Og....(..rSo.u....%...y#...TO.N.e.}.:6C...^h..].O....)..|3>..f...>v.]v(..g......2.rl..N^4eV]'l7n.c&..e.Fm..;X.M.[.tv2.p.....B.{[6..b.5....1.r.......Dz..Mzs..uv.fU...c...uu..m&7T}l..`O............^.'...:Vu.Nc....U......}.........r.-.>...tr.`v....r. :C.....d.es..u.?.LU..^.M.1...............h....O.?3.......,..... dE..9d..=....(.0.U.18........#...k..........3.j..sW...p..Qof*Sk2....d.`.-...$.B..=..u.KO&f...{x_..rf.<.,i$.HJ...q.F{>.e$.`.n......[........7O..YU....a.N5.M.b...`....*;......5.H.....G.#3K.?.............e........s....d..?.p...z;b....'...".....y.E.M1*....w...k.n..m.VP..<.....LT0*....f._..k. Fw% .1.|.H.%e...#.^..!*.]6.....f.B.zf...n=.@.[.B..d.C....Oj......n.-...Cz.....GJ.....x.&...Fl.....g?..ax.(...rV.......-...5LZ..>d...u{F.'..4...L...T.OL.c,....2.V.%.n.y...........1..oN....C..t3......".(.....Z.]..?......M.{w.*~-....?.[Ppn:......S].}..O.te.U#A....(PU8-.....e.S0..0.BVB.L0...V...!..@6
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/BebasNeue/BebasNeue-webfont.eot? HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:33 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 54416
Keep-Alive: timeout=5, max=511
Connection: Keep-Alive
Content-Type: application/vnd.ms-fontobject
..................................LP/...[.............. ....,^......................B.e.b.a.s. .N.e.u.e. .B.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...3.0.0.....B.e.b.a.s.N.e.u.e.B.o.l.d................pFFTM`.}~........GDEF.......t... GPOS.(..........GSUB...........tOS/2mP:....x...`cmap*.K....l....gasp.......l....glyf4..........Xhead...........6hhea.P.K...4...$hmtx..3.........loca.v7:........maxp...O...X... name............post.......,...=..........^,_.<...........N.......N..w.M...~.........................w.w...........................L.................@...................X...K...X...^.2................./...[........DHRM. . "H........., .............. ...$.2.....M.........(.E.(.......".s."...)...%.../...............(...#...(.}.........l...(...".......#...!...!...........(...(.......#...(.h.............(.......(.p.(.X.(.......(...(.......(.S.(...'...'.....~.(.......(.v...d.....#.....3...........r...../.}.................,.......(.......(.p.(.X.(.......(...(.......(.S.(...'...'.....y.(.......(.v...d.....#.....3...........r.........................(...$....... ...........#.............c.........#...............#...*...$...............(...........".c...s.A.s.A.s.$.h...........................D.......p.(.p.(.p.(.p.(.......%...............'.......................&.......#...#...#...#.....y.(.............................D.......p.(.p.(.p.(.p.(.......%...............'...............................#...#...#...#.....y.(...............................................................(...(.........p.(.p.(.p.(.p.(.
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/tiefont/fontello.eot?14434071 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 10176
Keep-Alive: timeout=5, max=510
Connection: Keep-Alive
Content-Type: application/vnd.ms-fontobject
.'...'............................LP..........................}o....................f.o.n.t.e.l.l.o.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....f.o.n.t.e.l.l.o................`OS/2>)Is.......Vcmap.&.....D...Jcvt ....... ....fpgm...Y...,...pgasp............glyf]..F........head...H...0...6hhea..._...h...$hmtxW..........\loca0j4........0maxp........... name.......8....post..y.........prep.k....&....{...........z.......z.......1..............................PfEd.@.....R.j.Z.R...............................D...........(..................................................................................................................................................................................................................................................................................................................... .>.M.S...ROMB3..- ......#"'&7>.3...#"...76'../.&'..".#"&'..4.325'&5432.....2...6.."....>.2..... .7.......J6.(...F""......,V&.. .1...$....,.."8:tN..(Z........0`..*8"....&.....".....|.....f..n(&.F..&...........("t..".F.H4(.R..$.... ...44..........8.............*........."..@. ..........- ....&546%..632......#.6?..&.5!...#&....t......@Jb.^j...R.6ft..N8.rTT......00..F...(.P@.rPH..0\..Px.d~.............(...'..- ........'&...'7>.76.........3276&.676... ..j*N6 |..,..$...4.............(V*HL.vh......H..6B.......24 r...,L K .P.8..L`.~>6\......i...R. .-.:...60)$...- 5.46;......................'!"&%...!26...!"....;.26...#"....A..............r..............$..d.$. ....$$...$. ...$..q...bB
<<< skipped >>>
GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Tue, 23 Jul 2013 22:28:26 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 3068
Keep-Alive: timeout=5, max=509
Connection: Keep-Alive
Content-Type: application/javascript
...........Yms.6..~3..h6g.....{.He4n.4..iS......LB.m.P.P.k....@R.....LD..b........Qp....!8.3...6....4......h.O...~.,{.J.r. ..w2....@...A....ui.6...7..)...<.........r..?...".....`t|L..=.Q.(e.g..,.......h.u.c...F.b........n&.q?q-s..h].%ld..XGw0{||$...&.....p......_..p.{.u..'.......n[.8....)../...7".Q*...?h...>P..........N.#\n.g.......d...(.v...6.4Q..[f.o..v...n)....dI.}......_iu $....<..h.<~.N..5.....[.t..Be{....SY.........p....p...D..S?..r.1..|.....]..-..... .Zs....J......s...IXG.('.....|...v.|(s}k.\....J..._.r]....=..w1>...[..p...c..o$3..de..V.[.mxQ.fYg*..W.S...(.,.s2.GdlY...!..S....J.g...0?{....gC..k8....f*|Z.....A&U....H ..Ta*@..U...nZ-.4..*.ZW........OVZ.T....~...Z......D.H....~sL...C...eC...0P{..7:2.k- .D.../v...[....<..;u'. n .Y.[...._>...6]......^..D..=..!.......>Q..........A......XD.y.F2.....3..Rx$9....*.b~|...`).,..{....^s....`...'..%... ..'(.$P.H...A.t.q...{..k......Q.V.d~|..'&.Ej.]..KV.io]..)B.....9\.hTU...t.ex..Z.T..9.}.wf}..x..)...].......Nu.wc.......4...m... ..x.Sn..{]...3..F3.!p.q......jU#...@..m.l.3.S....d...`....j..N.p...!.=..!.4Q...UJ0).#.$..\.K..e..j .&.i_..,...BLN.......en...K..a...z..j.G....tz.5........h....`T...x.-.c.............._....?q...o.>..}...Hi.[W/2.d...;.en..a....^|..=`......9%_....~..^R.y.3...v_.C5.&..T.HC.......&.(Pn~(x.=....h...H.....[V.g0......J.......3KF........o/....A&X....k.k...'.k.v[.........V.../`IPp.`.c.y&.v.2..}..t. .sz.p...s<.N>. "...=2.N..........G~....l.f.T...ce..P....A.....Z..@R_..E...Q..a.b.....c.....u...H.w6.....$....|..VVPW].a.7..
<<< skipped >>>
GET /wp-content/themes/sahifa/js/selectivizr-min.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:35 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 2437
Keep-Alive: timeout=5, max=508
Connection: Keep-Alive
Content-Type: application/javascript
............ks.:........X..v`...J..^h.$....;.-'N.;.N..s......>..t2..y.Us..C.h.......!.vC..x..k.#.'..K.,.....T..^..,OCw.s7..6.E..K.."]gZ.....T.BO..0.H0.d. ...lc.%1^.}}.N1'.T..4....M.=...%i.g......P')..T..5.M...QD..N.`..D.....Z.....D..{.g...:.....DOh.fs[...... .... .>...~.J...R.g..@.....t]...V .#.......(..-yz.cQ.9...."t......}.. 9x<......@...`'.t....b......v......%../.Yv.....M..M..k{U.i..l5.......n.....'#H_.<t..V..D.\d9..'...p.}.....IQ...D].Y.-^..3..C..[..2..*-...2.<...9$.......LF.....;u......QD*....fK..E...V.]...@jy...U..*.......U.%...>....d..!..........8..)h`K.pVS...hbKn..C..........9......Qy...9Q...nC...]......$......oSj.......m....~c.49O...@...W...y......Y.@f..X.l...7z..0_.:......'....1q.. .$-../.j......A......J.*`.a..........W.(...72;o.)...F...o....s.FP......J'....1.v.{...Z.....~....P.........Rm...B.U..7....?j.K.d........,..#...5.m....Q.].......A.m3.`......6E..e..)|/.h.h.l3...H".k$.N@%<....;.,.k...B..AX.o... 5.."..(....\.I......N{..cy..#.vJ.BG.H.U.....]...../.7EXV.Y..U....5..;...C. M:..L.kY.............^.....<H..O!...J....e.}.....uF.4..vf.r.$F..z.{...#..E.<..Boj...y...X.6FI....b..S..y...M6...1..IP5.QK...k"..@G}.s.S.0B.._....G.:....U..9..cn.....-..C#.U....~...`@...vD.....V....i.Z..{.^..Z...v.#..x.(..Bc#.....p.y...{~r2.!^.&.]o*..v..}....My.n\9.....)v.".\...f........ ...M#.t_.j ..".j........yasX.`..#......O.........L./.f..q...LE`....9..E.....r...R.<k.N..d..G_a..D..j..h......B<..2.Lv.ed...Q.........G....%.....6.......~..Z......dp..F...7..U.7]...$.......hY.q......$....y...........
<<< skipped >>>
GET /wp-content/themes/sahifa/images/home.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:36 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 1022
Keep-Alive: timeout=5, max=507
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR.......N......`Vg...bPLTEIII...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...C..S...ttRNS..................!!$$''--00336699<<??BBKKNNTTWWZZ``iillooxx{{.......................................................*......IDATH....W.`...7.B.....G...[.......H...tB.<..o..4.4..~.........97WH.$..$.]:...W...Y."..a.&.'m..( 5V..&..KR.f...X......4(....E2...........'W./..k"n....L.....\.5.$7\`........].....Fw..._/QWr.0....R....w.D.*.......O.m...uo...kr._.....CyL.?7.s^.7..7y/..U...R..u..S...>....;.D.EX..Bxu......[...R.c.J.X?cW.":...~....e.......%!.0B.....u.s....G5...*k.{.......'...Suk"...P.H..i.&.0c..:.G..O/...Y.....G....^ B.Ut...w....!v...Oy.#..l..1.N....m..y.l..a...;....3...D{..x....X....mz.....cG........IEND.B`.HTTP/1.1 200 OK..Date: Wed, 17 Jun 2015 22:24:36 GMT..Server: Apache..Vary: Accept-Encoding,User-Agent..Last-Modified: Sat, 23 May 2015 21:00:23 GMT..Accept-Ranges: bytes..Content-Length: 1022..Keep-Alive: timeout=5, max=507..Connection: Keep-Alive..Content-Type: image/png...PNG........IHDR.......N......`Vg...bPLTEIII...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...III...
<<< skipped >>>
GET /wp-content/themes/sahifa/js/tie-scripts.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 20775
Keep-Alive: timeout=5, max=506
Connection: Keep-Alive
Content-Type: application/javascript
............kw.8. ......4..&-H.....L....r.....=5}..<|I.M.J...,..~#...$%;.......r.$....x!....uR<8q.....r.E....t...4_:.....|.._....E^./.".2....k^...]..VIa..iZ.G.....~..........z...5..A./....,.0K.#......h.7....YU.3...`..M:u..A.Y...R...... .~-........'..ZM.h^.8eV..a...mPX.".~...ub..i..c..N-.....z5.\...f..mf......J........[5O...0T...-.}.....9,BC.......9..7YP.@.."..7 ..h5....#...@$.....7>V.."._..P.g.'{..E~W6*..l.....M.$.C....K.. .*....az..c ...w..Q<5..8...};.......I.NN.2@b?_W.....Bg@....W...<......h..."5...A)..n..\KR..s$...4.U.....f..g..8.:.bU..<~..........]/({S$.......9..h..,/.#..H.u...AV&c..o.x..;t..uc..U.k...~....;G...g....qY...8)......*.e9..Eim6].R..]....X......(.#...;`...Kg`G5..p.b..`p.&..."..,...^..r..9&n.6;.p..uF.......'...a...U(...Grn.M ...B3..9:..[ .}...>?;...r......@.....Z..,..U.YvG_m.Y5....s.f..).v.......Z...={j..i..9....C.!'.@..>.8JM..........n.B..@...~_%..|... A.D.`...a.B.....ZUP0.R@...Y@...=.......Rx......i...fK..ut.Z.......%......$.E......i2=......C..r.......NMDV.J.Z..........v.Q.$<6...Y...R~)Vppn.......[;zo.....P%h....S......._. [..e.W...;..F.|.5 ..@O..|....7M...V..f. .%7I."....[@U.D.....X.7..\....yx1.Y@..5..[.....Q..0..|.....^2..E......).......*.M..y...%..2].U.<..y...t.e..at.\S)..Y99. "..1/ ..g`Z.....p..'.UNs..-..UP...........=.5...2A....X^...7D!U.gU."....j ....:...(.....y..q...f...n....X.m.@.2....|..r.........UO...`.ov....}.?.v..r......6....d'..</...g...V..'A...Z.?.,..]...........FM~g.K...>.:u..E.:..2.Hw..........y.bI-O..j.-Kk-.C......E.5G.Tg\.(.......|.:.....o...
<<< skipped >>>
GET /wp-content/themes/sahifa/js/search.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:40 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 3635
Keep-Alive: timeout=5, max=505
Connection: Keep-Alive
Content-Type: application/javascript
............ko...........$$S.].$.........k......\.<S.@R~......I.%9.h..$.....{v.p...& ..eD..?{.....xQ....E.>.!.c......[./...zF.p...zBXu%.../[...|..i.V.\..........I..@.O...Y.&......=q..l.7@......6...F#...w..#....c.t.F5...:.IRq...0...WYA.eE8K..........$'5.'.,...5......,.NV...j..._Kr.n9..........u..z.....MT..D.R.f]...y...gGq......C6._S...8l..LP...-B.N..!.....Q.8...&4..ii..~..D^.T.3...&..P..E..'/.U,......@...3#.:.'8.dK^...E.3..:. ........p*..;3j;.A...UU.MM.._..&.oY........T.q..d.'?.2.4U..uS&.r........"..../r`.A-.wY..(.yq.\.....<........m78I.[.....OI.......C.O...3.}..u...~.f.*g...,..].6..`.y...2&.......H...;..g.X.&.$A../..h...!...U...),......5z.sRy..../=[....R2........R.....y.4.r......*....t.6S.O..o....\t...*......q..P....N9u..S.........1\....\...e./......."..A.8e....0...Yr.*.'D.....I.)..k.......5 c.O..3..@O.jF.....%.._.$%......<.8.`.....|./.2.......(....=../....z.....W\2.\......9.....E.....Y.!=Y....2.`..r.|.0T8.y...:l9nw)z......`..l..`.$6.....Z..6.~.K?x< ?Ky..Fn.n[....k...gy.R..x. .W....E.......F..(...Gr.d...I....A.~4...H..W.Q.........X...IHh..k...T=.0f..Xz#.p...f."E...a....C...t.8..........o...0..f...xY/.9. .5_.........m....z......P...b<....q./..>VJx..rh6eQ.b..Y......z.....G.L.;.k.E6g......!.....9.!..W2.q..s..B.Gg.[...K'.ye..&...b....."..9@#...T./<..*4.....UGQ....>#}...T....B..}U....C- .xI..$9?4;.r......0...8..Z.R...v .A....4=).c.u..!..J....c.d<.Yq.3.....2n...!.$a......5..u.V<.L.&.7.0..c].-....w.&(~*..k.d.....H.......GS.L:..t.h...GG.O...J.U.|.a..x...1D...C@.&"^Ml..\]. !......`i.....
<<< skipped >>>
GET /plugins/likebox.php?href=hXXps://VVV.facebook.com/vinacfpro&width=300&height=250&colorscheme=light&show_faces=true&header=false&stream=false&show_border=false HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/likebox.php?href=https://VVV.facebook.com/vinacfpro&width=300&height=250&colorscheme=light&show_faces=true&header=false&stream=false&show_border=false
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge,chrome=1
Content-Type: text/html
X-FB-Debug: GgKCikBkR1elnc/oPEIuDYI 69Y048gF/4NYEWAu8l076KabvWVp8o pOIL3O8Cx93P6V srgHc5QWWjlWfO7w==
Date: Wed, 17 Jun 2015 22:24:36 GMT
Connection: keep-alive
Content-Length: 0
HTTP/1.1 302 Found..Location: hXXps://VVV.facebook.com/plugins/likebox.php?href=https://VVV.facebook.com/vinacfpro&width=300&height=250&colorscheme=light&show_faces=true&header=false&stream=false&show_border=false..X-Content-Type-Options: nosniff..X-UA-Compatible: IE=edge,chrome=1..Content-Type: text/html..X-FB-Debug: GgKCikBkR1elnc/oPEIuDYI 69Y048gF/4NYEWAu8l076KabvWVp8o pOIL3O8Cx93P6V srgHc5QWWjlWfO7w==..Date: Wed, 17 Jun 2015 22:24:36 GMT..Connection: keep-alive..Content-Length: 0..
GET /wp-includes/js/wp-emoji-release.min.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:31 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Mon, 11 May 2015 09:59:01 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 4284
Keep-Alive: timeout=5, max=511
Connection: Keep-Alive
Content-Type: application/javascript
..........u..r.8....S8.-.,.2....WWOz*.}.........C[.,i$*IO.W.y.y.}...]~L;.l.. ........WWg...k-......B..F6W.....<..f...b......>.....B...".?...9....n.....T...ki....Y...,..^.j..|j.Z..5....@E....`........j#Q=......j..jC..^...f..:.&....P......&....\.w......W......H*3\...~_I.UU%..p....&.&/...-..l..W.I=J..........OH.I..........n}....LK.G.I8.........:.j.m.$...:./..i8..$.#9.n...>.E...h.-.U..h.m.6.V.V..........."..M.".*..J......]W.at_mo>.F...i...| ..*~.P-.MD....9k.y.0.-.|..V......j.....3J...^..j....z..o..."....Hom.....nd........<.T2.j>..~.............j!...>.;.d8{...m.aG.=.Y..o-..i..Y.m%hO.o....r.\.z.\W...h9.s..t...p...hj`...T=.A4h.|#...Q..Zuu....>."..zY.O...K]...,..|..X.......W..).~.Rkk....kY..._.v.0|.c.mz...JG?W..:...U.. ...Y..k..f..G]..f.{...Lq.uuT..)ugU..j..y...^.._T....p..../.c..C.....W..|co...tm..'......^.?\......ek.}..^Vl.....^...SOp....7Xl.kY[.n...l.....|.\..:.p..............z.yk=OEIi].0..E.....UP.......h..E:)/....$......"H.4;...N..u.<.Y......r.ym.....{N.S....l....P...v.:.F...^.nT.......vP./....cWD..o.4....u.@.Y.{..at.e...u..d.}....W..C....@Z..|%X.....;c-....m7..q..n...:...J..k...tus..[E._c.k.9........................g..@......Z."0...a8l.{:...].....\..s[)..........M....=|X..A....m..P?V.....}..6.n../..Y...z...r~}x8u..Ax1.:....6....vB..>..l....d...........\|.u;......^.j.....]...S.....R.........7.....c;..Qw.>E....h_o..uF......U.\O...q...#..u.. (\..`.J|....H......L.@...T..o|..LX.>....j$n.....d....{.g.... ...?s/{.^.....{.....h..5...=!..CP...PR`k..).6ak..61.4......Lr.......;c6=V...1.3N
<<< skipped >>>
GET /wp-content/themes/sahifa/css/ilightbox/dark-skin/skin.css HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:32 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 1319
Keep-Alive: timeout=5, max=510
Connection: Keep-Alive
Content-Type: text/css
...........Y.o.8..n...>.....BZ.4.=...>.........`dL?....lc.....j.i..g......sLp...}..3b...c......I.7O..E......?...8;=;..<......{A....\.w0./k..!.....[.....;!....I.?z......P0ry.1.......).....`.R.....%..3..8M.@.aq.I.s|.......^._.s.;_]..c.aHO.......1.x.3.i...r.^..d.....nC.e....G... 7....*NS.2^.t.!q...g&....q.....d.UGM!A..uRK.:.T..f...0........A....20.n(._.9'D.A..6........`.....|'l...C.V<.t..<k......y...........0"(V:..n0...2_.M......$..^....~.k....b....M%....L....e..|T.....{t......K%GD..{O...(.G-J.. ...j..L..Q#...d.....X.,......I......z'.S..y.....5.n..IX/l.B..C..z.`!R..v.....S..7#0.s. .e._.J.....ts...a...uW.z@.t..);..FX........_Xp..H...e5....g..?7q.....dB..P..l.u....K"U..g.O..;.^V...*..N.(.^D.*.'[.4.SR."...oV..R#.9..$..C_.....G5.'@U.. 8B..N.=L...5..E'....MI..z.m6..a..d.v.........V.....B.!._...9Re..S.M..(..!.!c..$>N.6c..=..8..;.81i<;.....W3.k...#.Yj.i.\?....Ss.Z...J.cu.yF....p......L.0'..[1*i$.V%....@......\.4.7G...._..._U.U......w..%...U....{.Q..f....`..v..Mw.C~.....w.>J!&yg.>.t<R/y...u..}R.M.?...3P...m.8.....{.1..;.ET..*d...0|.7M.8).....}Y.ve.Z..{..._...U..M..............4..._.{{H.h.............. .......}.zg..E.....^:wXu.$r...$.rh$.l...v3ox.A&.d......3C.P.....F..z..dH..7...|s........up..Q!..@....Kki..j@.h....B..e...../......4.R]..Nu`;.%...^...}...Sf%.. ..._.n.S....QG....W.7..c.\.......).......@...<L.y.......
<<< skipped >>>
GET /wp-includes/js/jquery/jquery.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:32 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Mon, 11 May 2015 09:59:01 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 33287
Keep-Alive: timeout=5, max=509
Connection: Keep-Alive
Content-Type: application/javascript
............yw.../....".G..%Jl..'.!<....x.....h/L.$N"..d...o...*....s.[....E.P..k...y....w....m....^..O.,8yqq.........Vw.<..VKu..2.Q..[|..6..., .......t.w....D....J..l.E..q]..'.U~7/NO.|.....f....Q..W...X...j.\.a.P.4...2K..nV.'.....f..........m..Irr?[...~....)...M...,O....._...............'.Mg[U...ds.E.............2KvjL....TM...(....i.tP.h...^.6..D]..4.~{..n.Z.....A.y...yj.U.........*....A-.._.W....^}............|.V..l.=;W.....^...o..|2S.................-G..z...0a....p.h....].[m.......=O...d7./.n..f.<. l..{Y2...n....Uv....|.....2..s.t....G....jeX...$..T.ULi$.b3)8k.......14......#..)....y5/*=."..a.T.z..-)Y.E.n.%Wi;.S..._....l.D.KI.4.zyO..q.......G.........g...X....Ay..;...)Oq.2....,.&].....v.k........2.....h..G.~....]......Fz_.c.%0..A...]....?.....Q;..8....!.b....Pc:.v".....N.4.....f..Q.?.......H.%........R.TW.....a'...7.~f.5..{.B.$...hF.Md.N.....r:@E.[.D.E.. @........h2.G.R.~&.(....S......l)sM7.5.S5..A.. ....O.%....... N...Mw...4d4..u..i.....j..\..p.J5.hR...D.MB.<.W..........A......X......>%(.y..m./..1.\...Me../...x.Z.....]..C..$ZD......S.._3Q.}K...4J.(..q.yz.Dt........ofYK...RT.l.l..g.U.....X..W...Q..y.y...II.k..U.pig.[J.......qF..'..*/...l..;}*[.m..A$..?=.\..L...{...-P^v.....o.^....~...*S..{.[./."@.4....!..I2[X.7-o..;Y..M.[_Z.8.z^....Dg...x:....Q9...N.o.J......l......0.....L.....l3[...J....u....E.,.9p...$.@..G..W.........P......|.Mk....juo..Ll5....%.}H.=...2.{...cwf..N.',.`|Y....9./.k2,.|..-F...tS$7.bNH5.........d.Q.P..c............u..|..r.....qn.... .....A.B.....AlP.Ly[.....l/..DF...........]M.
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/fontawesome/fontawesome-webfont.eot? HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:33 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 60767
Keep-Alive: timeout=5, max=508
Connection: Keep-Alive
Content-Type: application/vnd.ms-fontobject
_...y.............................LP.........................P......................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...3...0. .2.0.1.5...&.F.o.n.t.A.w.e.s.o.m.e. .R.e.g.u.l.a.r.....BSGP...................T..q..u..*.......Y.D.M.F..x...>..........)Y......h..D....pj....f.i..)..U.'.&a..;`.*.../.....V...B.....OV..r.n.:..{$2D....:.&...m..d ..CeH.\../o.......U.M....X.`?....?.A....C...@..'.(g~......%(.Jl.&zw.....W#.mw".].At.....k.......p....E....[..=.gM.................go..W.R.q...`{.ZwUF.........o ..D.p)A8.....$..M.#.>..?....... d.No2..L.......<.t.....B..T..a....<...`.......e.SO.....cI[.p..E1R*.fMd.....>..2V.........z7..&. .....f..V.(8....aR.....x.Z\R.e..$.Vw.......K......gs.......*.... ..dI......6......)...rj..:Z."1.'...<....'.Q/....8..).B..5..tgk.AM.)...|~...."....2.... h...(.&.c..sw...(....h.Dg.k...w..zm%.f....//5.%....}....k.......... ...@....[#.D)..J<..?YAT.......o.s%....Z...G).5....#R'...#...).... R.....Z.z... ._....K&%'5.....(b.....Y..i_......|B.>U.......<q2i.....Q....7.....<2.._.y\n..9..u w.'!.p.5...q..u ...XU@.1OZt.I..g..'d...5.,.Y_.M.i.......D...H...Y.y.@.f....`Oqi...b...5..p......E1....x..............F?.....fS...n.>m"fE...u..n=.y..`LA&C.2].W&o.2pKDRI...3L...px..$.P ...p.P........$..........,a2T..X.!......av.....q.v,KZ...E..r?Z....m."..#&?.>.i]G^....Y....E&.(m>..?.hp..X..G.e^J...9[|...}...b..b..........P|q.......ka<..j$.....t5LG....i..#....h..W.kR..T.2...Of.e......b\~...fAh..L..La.......!...P~e...0.l ...Z.....$...0@.0.....GG.W....e..WE.
<<< skipped >>>
GET /wp-content/themes/sahifa/fonts/tiefont/fontello.svg?14434071 HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 4864
Keep-Alive: timeout=5, max=507
Connection: Keep-Alive
Content-Type: image/svg xml
............[o.Hv...WT. H..b]Y..{.t.......$..iI...$S..._..m.H.}$..v#@.7yT$7..e..w.......{......y}.^.'.~.........'7.'...w_......_....p..o...._..O....z......o..................\....<=...._}.^...=..........n<.F=t*a!.:_.O..$k.7...y<.....x}...w...on..xw..rq...?.8......j..f7..........{s{.\L.......N....W..o.u...:.}............. ...'n.....]........c6....z}.y.F.......u.]......j........^.....F...?./..|..S.}u..u....~|w....i.hG...../d.....^zv{........0..^...z,........1-...}.a...NE.b.._.....K.i,V....B.\typit./.....}..........q..QW....g|.S.....".$....X....|...<.>{...zw[|..N....o.4...g.m.I.)......$M.Jx..b...Ik...a...a.....c.Y3..D.pu.....c...^..5..v-j.LS.2.q..q....OK.B...s..].^5.8W.r.^....BQN.1..X.........".k5A..;4......k....Y.KC.U.......2.QB.(.H7.c.~....Z_..wWg....7.....i...."...z....../p.q....g.(u.KhI.b.....I3.e..V.\.K......N.r...9.]F.............7....,.p%..k....Tb..2..?H.L..U...C.K.o..o....&'......t.1R.,8t?....U.Q.,......Q.pu}q{...).Iy..O..-..M%...2.lkFo....6..\%x.G.r....#jM6..N.HQ..0ysk)..#.>8-BQ......Y..1.4..E.......*..8..V.I.PC..d.....BS......&...(.rL(......sU.......H..a!&...........n....;.q.t.7."K....Q{BW....). .......(.dPf.....R......(Y.......\.ICD..m......X.O.....H..u.v....]n.j...!....F....E....T...%.M..r....wM6..y..32J.....p2OB.RQK|..6.A.>..~.u.........Ao.no.../ww.=2_~4_*.....(:p....mH...g..~...6z0.....>-=.........Q...5*..L'..cspDQ#]h..K.!F..q._.).).\"^...H@.......L".Q. j..]w).o...! 7..5f.4.......e.ee.$Wx._.U.Wd..f!.Xa......5...z.......P.!..0.A..K_.&zF..-..=...>4.........f..-G.-.q. ..q..4.8
<<< skipped >>>
GET /wp-content/themes/sahifa/js/html5.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:35 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 1220
Keep-Alive: timeout=5, max=506
Connection: Keep-Alive
Content-Type: application/javascript
...........Vmo.6..._A.C"....k?.QS4[..m1 ..!K...$&..Q.W....Q/........;......8......{.nJ.F.....K..k.S.@...>..j..Z..8............_.=C........~SLW`..%jtk..Qim...E!l...h,.uo}Q.J.h.kt.x...bVh.P...i..a.....F.pj.O.W\...8$.l...{...GZ|...p.i.....s4.4k....2..F!.....@$..Ec7....t./...d..pc..\...H..^.Bf ....a..Z.C.4.....<.M.u...7..U.K.5.....aL.f..:.I.mG..?.w;?..].Z.."..put ...nE..d./.=....p... .5.BNo..e..W..V...x..<.......K..6|...{$..Uo...P..NNf..x....*..A..:.....).\...<...m.L%.a...z...<L..$.s...^.0..^K.x...... ....D.....S...9.......8.PT...I..:y.].../T..<..q0.....`.C.i2.....X.$'...'..T....`....gk8........U...D.5ix..6.P.t..R.......=..vpyk..5..K..B...C....../ZW.yw[.,.......-...-...g......=.DT.?..^.....O..%.......wPHR....$.....Xz6r..,K......2N[..... W..5...:.?[...tz.."7@7N...W.o..B...E].F{...eb.r.e.p;x(.]....].. _.....iQ.N...N..K'.....r.Z......5...N.65U.hF...t.,M.3....l...E.l.?(.g.ke.CN.Up.\,I...B.?"..../........P.X@..........V~.)q..l..'.....J.~Z..F./f..}...H.._2[.....W0.Z......F...J...Zk./...Fc.BH.tq.....y....D....Ir...N.l._C.z..rO$.e...c.........AA....#.....N...=..C....0...L..,..n.9.i.......\...Fi&...(....)..F.B{.B.U....@Uh.*...U.....n-\.......4..j..47......0......fI2;'..?... ....@.........[.t.H......R4d....m...Z.......
<<< skipped >>>
GET /wp-content/themes/sahifa/images/patterns/body-bg32.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:35 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 4069
Keep-Alive: timeout=5, max=505
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR...F...F.....q.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.t..r.I..E....?....A.4.,c^#..zT.3..j.......z.........w......G..~..y....._.~......{..........>.x.k...q..w....y.{|........o..9..,c..o..>c0.cq..........|.......g...<............p.]..../_...}...7...Y.'Sx..]........._..z.....2..dT.%S.....m,...f\.s.?....,.........b.2.].b...*M..={.K>.w.......q...........;6..q..X.z..d..@'...J(..L............v..p.] 1..$.^w.......E........Au....._..u>'..q..a%....y...~W..q...|....2....N..`..W.%X...]... .e..3.4.8E]z.(.J,..@.UR......H..A&.4....b.</......8...))NPu......T..T.j[....(....k;........si.*..=...N....z.%..@)S...30.I.S...p.... .T.w......>>/...{...5.....w~ Z.....m...J...E#....^-B.....;.>}z..U..)U..Y..^*.J.......!.P.Tk........2..cL.GU..J...... m...i_. ......z>.[G..|.q.-......V[.o%C&.u...V.TFV...^S.y...:hY..}s..w....1..U.\.....2........@'.X.T.[5.7..U..j..L.].l...E..=.`.<k.........K...j .c.;..hw....b.z....'....J....U.h..<#....8..........b!..J\....e..z'9-.}V..0..D..i(.........@4..WT].......'..~jo6. f)F)s.A........b.5.."<..{..K...kJ~...#....u.5t.H.I.mT.D.dj....K%`...e...6g.'6..AC..z_o..z.E.G.W..$...."..Z~U..M.p.......Hz.y....U.6..jK\..*%.".'....GmJ.R=.~EY....3...tqef.....g.S.5.R..V.....%.K5.Y.;..pBP.2/.ht.l-.DA@.ds..G.v.y|..u^s?..nX.lih..v...}7P.yE..s...F.T......R...q...$...h.V...7.Z...t.\.e........0...C..7X.Q2...L....N...r.qs8U.m@Qu3.._.b..&....*5..%.<3Vm..;.......{C.....&....z..eX............!B..A...Y .J...T.M.V%|..D.M=.70.9[lN.m..F.......B...E.......8.a...b.c..k...
<<< skipped >>>
GET /wp-content/themes/sahifa/images/stripe.png HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:36 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=504
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR....................$IDAT(.c`@.)$.@.8...H.D.3.h.v.i..%B.._...........IEND.B`.HTTP/1.1 200 OK..Date: Wed, 17 Jun 2015 22:24:36 GMT..Server: Apache..Vary: Accept-Encoding,User-Agent..Last-Modified: Sat, 23 May 2015 21:00:23 GMT..Accept-Ranges: bytes..Content-Length: 93..Keep-Alive: timeout=5, max=504..Connection: Keep-Alive..Content-Type: image/png...PNG........IHDR....................$IDAT(.c`@.)$.@.8...H.D.3.h.v.i..%B.._...........IEND.B`.....
GET /wp-content/themes/sahifa/js/ilightbox.packed.js HTTP/1.1
Accept: */*
Referer: hXXp://vinacf.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vinacf.com
Connection: Keep-Alive
Cookie: __test
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2015 22:24:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Sat, 23 May 2015 21:00:23 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 23364
Keep-Alive: timeout=5, max=503
Connection: Keep-Alive
Content-Type: application/javascript
...........}y[.H....).:MKA......k .@X..f..........{~.J.lHw...<.M7V..:u.lu.....?.....i4zT.G.fk.=xPr.Yt7.N'.A...N.)..;m..(..L..........d..M.).....Fc*.(.i.y..<.N......`(v.*&Y...5.9.A.. ;-.~4.xHI.e[...atg...lk.......i?@...........'.M.=.i.M.#.mD.Uu|m....a..y....kZ...y....8........=..h....5..;.9..T.P..Y..k .j..a.."m._..H...x0..^.W.. ..p..W...3....z.;%....z..I......:.{.5.W..WW.......{.....P.2.....8h.MU7PF....p...Y..4....d.....>.....<...|.....s~F...KVE.....j.N...m..P.....4.T.:.`.....a..u..d..w....G..."...^.Pi.%..iz.o.,.8pU........3.u.lz.{..."...f6G......Y...[..V..!.......4..mK..?.......&".i.."ji.[......Y.iOv.......v..EV]..M.oZ=...O.!.#....W.....%.P._.l9V..Z.WW.&...i.;......^.9....Z."..#M......V...Z.Y.0.o..hI.$.....,.......2EY.....H..A.....%,Y.^..\.P.........F......h...5.:.....k.X]E..f..!.&....,.f.fu...k..4..k.k.Z....F.....s......`........M.....3L.<.9k%.A.P.|......"......7.FTL.\....Q..7T..'.....4.:H"...Q.C..z^v...v....}f..b..........3~.................z...4s4..Z....^.......R.<.[.i.?|......D......!..~...~.8..:.y.?.....RU..S....!.m...S. ..(\......p..."\~.pE.3.p..3......F..d.....QoM........:.F`.:R.)...y.(.....f&..O..X.bA#....5|....t.of.QK.DIT...bS..........g...t".4."..VW..F........./..a.?.o...Z......o..eC.:.ih......E......kyC.j...f.k\...-....i~.......&IL.W......eV...>??...2....DlE!B`D..._.}.?;..._:....'.prE..O|...F....o..lc.X..r....19.K._.K..r..Gn..3m2....j.\..`.d...t..'..%...o6R..\...3.).Cz..`.w...*..#....S.A.|z.z=r}...i.KhR..M..(...\ .O....k<t../.f j..O1....sf..,..$p<E..:u4..C.33R7U.~.D.(>..
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1380:
.text
.text
`.rsrc
`.rsrc
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
6|!6z!6w"6u"5u"5u"5s$5nO(3[ 2N.1B1083/14/ 5/(5/&6/&6/&6/&6/&6/&6/&6/&6/&6/&5/'4/*3//106/1>-2I*3U&4b$5m"6u 6{
6|!6z!6w"6u"5u"5u"5s$5nO(3[ 2N.1B1083/14/ 5/(5/&6/&6/&6/&6/&6/&6/&6/&6/&6/&5/'4/*3//106/1>-2I*3U&4b$5m"6u 6{
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
6{!6x"5u"5r#5q"5r"5r"5r$5nO(3[ 2N.1B1083/14/ 5/(5/&5/&5/)4/ 301109.1C 2O(3\%4g#5o"5t"5u"5u"5t"5u"5u"5s#5o%4g(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
6{!6x"5u"5r#5q"5r"5r"5r$5nO(3[ 2N.1B1083/14/ 5/(5/&5/&5/)4/ 301109.1C 2O(3\%4g#5o"5t"5u"5u"5t"5u"5u"5s#5o%4g(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
!6y%4i(3[*3S 2Q*3S(3[O"5u
!6y%4i(3[*3S 2Q*3S(3[O"5u
#5qO&4e$5n
#5qO&4e$5n
$5k(3^(3]O 6{
$5k(3^(3]O 6{
"6u'3_*2R 2O)3VO
"6u'3_*2R 2O)3VO
O 2O/1>2034/ 5/(6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&@@@@@@@@@@@@
O 2O/1>2034/ 5/(6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&@@@@@@@@@@@@
$5l'4a(3]'3_O#5p
$5l'4a(3]'3_O#5p
#5p&4d'4`O"6u
#5p&4d'4`O"6u
!6xO(3\(3Z&4c"5u
!6xO(3\(3Z&4c"5u
#5pOO#5p
#5pOO#5p
!6xO(3\(3[&4d!6x
!6xO(3\(3[&4d!6x
%4h)3Y 2Q 2P)3XO
%4h)3Y 2Q 2P)3XO
6{%4i)3Y,2K/1B01
6{%4i)3Y,2K/1B01
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P-1F/1>00:00:/1>-1F 2P(3\O$5m#5p#5q#5p$5n$5n#5p"5s!6w 6{
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P-1F/1>00:00:/1>-1F 2P(3\O$5m#5p#5q#5p$5n$5n#5p"5s!6w 6{
WWW.VINACF.COM
WWW.VINACF.COM
Project1.ucAsyncDLHost
Project1.ucAsyncDLHost
Project1.ucAsyncDLStripe
Project1.ucAsyncDLStripe
ieframe.dll
ieframe.dll
WebBrowser
WebBrowser
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
A%System%\ieframe.oca
A%System%\ieframe.oca
wininet.dll
wininet.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
FindCloseUrlCache
DeleteUrlCacheEntryA
DeleteUrlCacheEntryA
urlmon
urlmon
URLDownloadToFileA
URLDownloadToFileA
user32.dll
user32.dll
ClearWeb
ClearWeb
shell32.dll
shell32.dll
ShellExecuteA
ShellExecuteA
kernel32.dll
kernel32.dll
PSAPI.DLL
PSAPI.DLL
ntdll.dll
ntdll.dll
msvbvm60.dll
msvbvm60.dll
%System%\msvbvm60.dll\3
%System%\msvbvm60.dll\3
LIB.dll
LIB.dll
advapi32.dll
advapi32.dll
GetAsyncKeyState
GetAsyncKeyState
GetWindowsDirectoryA
GetWindowsDirectoryA
VBA6.DLL
VBA6.DLL
RegCreateKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetCtlKeyForURL
GetCtlKeyForURL
GetCtlKeyForLocalFileName
GetCtlKeyForLocalFileName
DownloadStripeByURL
DownloadStripeByURL
MSVBVM60.DLL
MSVBVM60.DLL
.rsrc
.rsrc
.reloc
.reloc
.lS\d~"
.lS\d~"
.tTP\
.tTP\
%fJ>0
%fJ>0
".oCh
".oCh
`.data
`.data
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
InternetOpenUrlA
InternetOpenUrlA
`.rdata
`.rdata
@.data
@.data
@.reloc
@.reloc
^}•D}
^}•D}
KERNEL32.dll
KERNEL32.dll
SHELL32.dll
SHELL32.dll
GetCPInfo
GetCPInfo
%WinDir%\SYSTEM32\miniads.exe
%WinDir%\SYSTEM32\miniads.exe
%WinDir%\SYSTEM32\shellfile.dl
%WinDir%\SYSTEM32\shellfile.dl
%WinDir%\SYSTEM32\dllshell.dll
%WinDir%\SYSTEM32\dllshell.dll
miniads.exe
miniads.exe
HGWC.exe
HGWC.exe
crossfire.dat
crossfire.dat
%WinDir%\SYSTEM32\miniads2.exe
%WinDir%\SYSTEM32\miniads2.exe
miniads2.exe
miniads2.exe
msvcrt.dll
msvcrt.dll
Kernel32.dll
Kernel32.dll
WebBrowser1
WebBrowser1
AWebBrowser1
AWebBrowser1
`C:\Windows\System32\ieframe.oca
`C:\Windows\System32\ieframe.oca
4*5054585
4*5054585
0004080
0004080
.data
.data
ATL.DLL
ATL.DLL
ADVAPI32.dll
ADVAPI32.dll
SHLWAPI.dll
SHLWAPI.dll
ole32.dll
ole32.dll
GDI32.dll
GDI32.dll
USER32.dll
USER32.dll
DUser.dll
DUser.dll
DUI70.dll
DUI70.dll
0%D[$
0%D[$
H$l%%u;
H$l%%u;
autoplay.pdb
autoplay.pdb
_amsg_exit
_amsg_exit
GetProcessHeap
GetProcessHeap
RegCreateKeyExW
RegCreateKeyExW
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
ShellExecuteExW
ShellExecuteExW
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
AUTOPLAY.dll
AUTOPLAY.dll
Can't find ordinal import.
Can't find ordinal import.
keybd_event
keybd_event
MSVCRT.dll
MSVCRT.dll
U: %d ]
U: %d ]
06 / 03 / 2015
06 / 03 / 2015
vdk.dll
vdk.dll
avifil32.dll
avifil32.dll
VINACF.DAT
VINACF.DAT
[ ]|[ - ]
[ ]|[ - ]
CrossHair
CrossHair
OFF|KEY: R|X1|X2|MAX
OFF|KEY: R|X1|X2|MAX
OFF|KEY: F
OFF|KEY: F
OFF|KEY: B
OFF|KEY: B
FAPCFLIB.DLL
FAPCFLIB.DLL
FAPCF.DLL
FAPCF.DLL
00????00????000
00????00????000
CShell.dll
CShell.dll
d3dx9_29.dll
d3dx9_29.dll
5]5#696>6D6K6P6U6Z6`6g6l6q6v6|6
5]5#696>6D6K6P6U6Z6`6g6l6q6v6|6
Object.dll
Object.dll
d3d9.dll
d3d9.dll
hXXp:///
hXXp:///
Nisual Studio\VB98\C2.EXE
Nisual Studio\VB98\C2.EXE
Nisual Studio\VB98\C2.EXE.Man
Nisual Studio\VB98\C2.EXE.Man
Nisual Studio\VB98\C2.EXE.Manifes
Nisual Studio\VB98\C2.EXE.Manifes
Q*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
Q*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
REZ\NationMsz\SA_MSG_DEFINE.msz
REZ\NationMsz\SA_MSG_DEFINE.msz
REZ\NationMsz\SPAIN_MSG_DEFINE.msz
REZ\NationMsz\SPAIN_MSG_DEFINE.msz
REZ\NationMsz\EU_MSG_DEFINE.msz
REZ\NationMsz\EU_MSG_DEFINE.msz
REZ\NationMsz\ID_MSG_DEFINE.msz
REZ\NationMsz\ID_MSG_DEFINE.msz
REZ\NationMsz\US_MSG_DEFINE.msz
REZ\NationMsz\US_MSG_DEFINE.msz
REZ\NationMsz\PHILLIPPINES_MSG_DEFINE.msz
REZ\NationMsz\PHILLIPPINES_MSG_DEFINE.msz
REZ\NationMsz\RU_MSG_DEFINE.msz
REZ\NationMsz\RU_MSG_DEFINE.msz
REZ\NationMsz\VIETNAM_MSG_DEFINE.msz
REZ\NationMsz\VIETNAM_MSG_DEFINE.msz
REZ\NationMsz\KOREA_MSG_DEFINE.msz
REZ\NationMsz\KOREA_MSG_DEFINE.msz
REZ\NationMsz\SEA_MSG_DEFINE.msz
REZ\NationMsz\SEA_MSG_DEFINE.msz
hXXp://cfpro0009.googlecode.com/svn/trunk/
hXXp://cfpro0009.googlecode.com/svn/trunk/
anti.txt
anti.txt
VINACF.HTML
VINACF.HTML
hXXp://bit.ly/1MBMSIF
hXXp://bit.ly/1MBMSIF
font:'Courier New', Courier, monospace;background-color: #000;background-image: url(5000320727_636b010314.jpg);background-repeat: no-repeat;}
font:'Courier New', Courier, monospace;background-color: #000;background-image: url(5000320727_636b010314.jpg);background-repeat: no-repeat;}
.keyclick1 {color: maroon;font-size: 40px;}
.keyclick1 {color: maroon;font-size: 40px;}
.keyclick1:hover {text-decoration: none;color: blue;background: yellow;}
.keyclick1:hover {text-decoration: none;color: blue;background: yellow;}
.keyword {font-size: 8px;}
.keyword {font-size: 8px;}
.box{position:fixed;top:-200px;left:30%;right:30%;background-color: #000;color:#7f7f7f;padding:20px;
.box{position:fixed;top:-200px;left:30%;right:30%;background-color: #000;color:#7f7f7f;padding:20px;
a.activator{width:153px;height:150px;position:absolute;top:0px;right:0px;background: url(clickme.png) no-repeat top right;z-index:1;cursor:pointer;}
a.activator{width:153px;height:150px;position:absolute;top:0px;right:0px;background: url(clickme.png) no-repeat top right;z-index:1;cursor:pointer;}
.overlay{background:transparent url(overlay.png) repeat top left;position:fixed;top:0px;bottom:0px;left:0px;right:0px;z-index:100;}
.overlay{background:transparent url(overlay.png) repeat top left;position:fixed;top:0px;bottom:0px;left:0px;right:0px;z-index:100;}
border:2px solid #ccc;-moz-border-radius: 20px;-webkit-border-radius:20px;-khtml-border-radius:20px;-moz-box-shadow: 0 1px 5px #333;-webkit-box-shadow: 0 1px 5px #333;z-index:101;}
border:2px solid #ccc;-moz-border-radius: 20px;-webkit-border-radius:20px;-khtml-border-radius:20px;-moz-box-shadow: 0 1px 5px #333;-webkit-box-shadow: 0 1px 5px #333;z-index:101;}
document.onselectstart=new Function ('return false')
document.onselectstart=new Function ('return false')
.box h1{border-bottom: 1px dashed #7F7F7F;margin:-20px -20px 0px -20px;padding:10px;background-color:#FF0;color: #000;-moz-border-radius:20px 20px 0px 0px;-webkit-border-top-left-radius: 20px;-webkit-border-top-right-radius: 20px;-khtml-border-top-left-radius: 20px;-khtml-border-top-right-radius: 20px;}
.box h1{border-bottom: 1px dashed #7F7F7F;margin:-20px -20px 0px -20px;padding:10px;background-color:#FF0;color: #000;-moz-border-radius:20px 20px 0px 0px;-webkit-border-top-left-radius: 20px;-webkit-border-top-right-radius: 20px;-khtml-border-top-left-radius: 20px;-khtml-border-top-right-radius: 20px;}
a.boxclose{float:right;width:26px;height:26px;background:transparent url(cancel.png) repeat top left;margin-top:-30px;margin-right:-30px;cursor:pointer;}
a.boxclose{float:right;width:26px;height:26px;background:transparent url(cancel.png) repeat top left;margin-top:-30px;margin-right:-30px;cursor:pointer;}
.drop { position: absolute; width: 3; filter: flipV(), flipH(); font-size: 40; color: blue }
.drop { position: absolute; width: 3; filter: flipV(), flipH(); font-size: 40; color: blue }
if (window.sidebar){
if (window.sidebar){
CVN.SYS
CVN.SYS
Document.onmousedown = disableselect
Document.onmousedown = disableselect
Document.onclick = reEnable}
Document.onclick = reEnable}
if (document.all){return false;}}
if (document.all){return false;}}
if(document.layers||(document.getElementById&&!document.all)){
if(document.layers||(document.getElementById&&!document.all)){
if (e.which==2||e.which==3){
if (e.which==2||e.which==3){
if (document.layers){
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=nrcNS;
document.onmousedown=nrcNS;
}else{document.onmouseup=nrcNS;document.oncontextmenu=nrcIE;}
}else{document.onmouseup=nrcNS;document.oncontextmenu=nrcIE;}
document.oncontextmenu=new Function('return false');
document.oncontextmenu=new Function('return false');
var minutes = Math.floor(time / 60);
var minutes = Math.floor(time / 60);
FVN.SYS
FVN.SYS
minutes = Math.floor(time / 60);
minutes = Math.floor(time / 60);
function stime(){document.getElementById('STATUS').innerHTML = 'T? ??NG K
function stime(){document.getElementById('STATUS').innerHTML = 'T? ??NG K
if(jgt == 0|document.getElementById('KICHHOAT').innerHTML=='100%')
if(jgt == 0|document.getElementById('KICHHOAT').innerHTML=='100%')
clearInterval(timing);document.getElementById('STATUS').innerHTML='K
clearInterval(timing);document.getElementById('STATUS').innerHTML='K
document.getElementById('KICHHOAT').innerHTML='100%';}
document.getElementById('KICHHOAT').innerHTML='100%';}
\system32\RunDll32.exe
\system32\RunDll32.exe
a.exe
a.exe
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
vdk.exe
vdk.exe
Aegis.exe
Aegis.exe
XTrap.xt
XTrap.xt
crossfire.exe
crossfire.exe
IEXPLORE.EXE
IEXPLORE.EXE
runads.exe
runads.exe
cfpro.exe
cfpro.exe
REZ\REZOK.EXE
REZ\REZOK.EXE
DDRAW.DLL
DDRAW.DLL
VN.SYS
VN.SYS
hXXp://cfpro0009.googlecode.com/svn/trunk/VINACF.HTML
hXXp://cfpro0009.googlecode.com/svn/trunk/VINACF.HTML
hXXp://cfpro0009.googlecode.com/svn/trunk/anti.txt
hXXp://cfpro0009.googlecode.com/svn/trunk/anti.txt
MiniObject.dat
MiniObject.dat
hXXp://dlprotest.googlecode.com/svn/trunk/
hXXp://dlprotest.googlecode.com/svn/trunk/
hXXp://zsmodz.googlecode.com/svn/trunk/
hXXp://zsmodz.googlecode.com/svn/trunk/
patcher_cf2.exe
patcher_cf2.exe
\runads.exe
\runads.exe
\miniads.exe
\miniads.exe
\miniads2.exe
\miniads2.exe
WEBPOP
WEBPOP
hXXp://VVV.hackcf.biz/VINACF/p/active-success.html
hXXp://VVV.hackcf.biz/VINACF/p/active-success.html
\System32\drivers\etc\hosts.ics
\System32\drivers\etc\hosts.ics
0123456789
0123456789
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
%System%\RunDll32.exe
%System%\RunDll32.exe
adf.ly
adf.ly
InternetExplorer.Application
InternetExplorer.Application
LocationURL
LocationURL
sh.st
sh.st
adf.ly/ad/locked
adf.ly/ad/locked
Windows Internet Explorer
Windows Internet Explorer
Web Browser
Web Browser
iexplore.exe - Application Error
iexplore.exe - Application Error
WScript.Shell
WScript.Shell
WindowStyle
WindowStyle
\Mozilla Firefox
\Mozilla Firefox
\Google Chrome
\Google Chrome
Win32s on Windows 3.1
Win32s on Windows 3.1
Windows NT
Windows NT
Windows NT 3.5
Windows NT 3.5
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows Server 2003
Windows Server 2003
Windows Vista/Server 2008
Windows Vista/Server 2008
Windows 7/Server 2008 R2
Windows 7/Server 2008 R2
Windows 8
Windows 8
Windows 95
Windows 95
Windows Me
Windows Me
Windows 98
Windows 98
Unable to identify your version of Windows.
Unable to identify your version of Windows.
We already have a Download with that URL in the List
We already have a Download with that URL in the List
.ucAsyncDLStripe
.ucAsyncDLStripe
VB.Timer
VB.Timer
HGWC.EXE
HGWC.EXE
N*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
N*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
FAPCF.COM
FAPCF.COM
C:\UsersP
C:\UsersP
@*\AG:\ADS\LOAD\Project1.vbp
@*\AG:\ADS\LOAD\Project1.vbp
C:\Windows\System32\miniads2.exe
C:\Windows\System32\miniads2.exe
C:\Windows\System32\miniads.exe
C:\Windows\System32\miniads.exe
C:\Windows\System32\runads.exe
C:\Windows\System32\runads.exe
C:\Windows\System32\dllshell.dll
C:\Windows\System32\dllshell.dll
explorer.exe
explorer.exe
myads.exe
myads.exe
@*\AG:\ADS\Project1.vbp
@*\AG:\ADS\Project1.vbp
hXXp://asdsadsadsad.googlecode.com/svn/trunk/newrent.txt
hXXp://asdsadsadsad.googlecode.com/svn/trunk/newrent.txt
Message from webpage
Message from webpage
@*\AG:\ADS\shorte.st\Project1.vbp
@*\AG:\ADS\shorte.st\Project1.vbp
hXXps://asdsadsadsad.googlecode.com/svn/trunk/sh.txt
hXXps://asdsadsadsad.googlecode.com/svn/trunk/sh.txt
@*\AG:\ADS\Shell\Project1.vbp
@*\AG:\ADS\Shell\Project1.vbp
shell32.dll,-3
shell32.dll,-3
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
%systemroot%\system32\DeviceCenter.dll,-1
%systemroot%\system32\DeviceCenter.dll,-1
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices
7e1fe788-0747-4e00-895b-c3461b1ddd97
7e1fe788-0747-4e00-895b-c3461b1ddd97
comctl32.dll
comctl32.dll
mshelp://windows/?id=
mshelp://windows/?id=
ShellExecuteParams
ShellExecuteParams
ShellExecuteVerb
ShellExecuteVerb
ShellExecute
ShellExecute
]d3d9.dll
]d3d9.dll
VINACFPRO.EXE
VINACFPRO.EXE
%original file name%.exe_1380_rwx_00401000_00198000:
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
6|!6z!6w"6u"5u"5u"5s$5nO(3[ 2N.1B1083/14/ 5/(5/&6/&6/&6/&6/&6/&6/&6/&6/&6/&5/'4/*3//106/1>-2I*3U&4b$5m"6u 6{
6|!6z!6w"6u"5u"5u"5s$5nO(3[ 2N.1B1083/14/ 5/(5/&6/&6/&6/&6/&6/&6/&6/&6/&6/&5/'4/*3//106/1>-2I*3U&4b$5m"6u 6{
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
6{!6x"5u"5r#5q"5r"5r"5r$5nO(3[ 2N.1B1083/14/ 5/(5/&5/&5/)4/ 301109.1C 2O(3\%4g#5o"5t"5u"5u"5t"5u"5u"5s#5o%4g(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
6{!6x"5u"5r#5q"5r"5r"5r$5nO(3[ 2N.1B1083/14/ 5/(5/&5/&5/)4/ 301109.1C 2O(3\%4g#5o"5t"5u"5u"5t"5u"5u"5s#5o%4g(3\ 2P.1E01=00:00:/1>-1F 2P(3\O$5n"5r"5s"5r#5q"5r"5u!6x 6{
!6y%4i(3[*3S 2Q*3S(3[O"5u
!6y%4i(3[*3S 2Q*3S(3[O"5u
#5qO&4e$5n
#5qO&4e$5n
$5k(3^(3]O 6{
$5k(3^(3]O 6{
"6u'3_*2R 2O)3VO
"6u'3_*2R 2O)3VO
O 2O/1>2034/ 5/(6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&@@@@@@@@@@@@
O 2O/1>2034/ 5/(6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&6/&@@@@@@@@@@@@
$5l'4a(3]'3_O#5p
$5l'4a(3]'3_O#5p
#5p&4d'4`O"6u
#5p&4d'4`O"6u
!6xO(3\(3Z&4c"5u
!6xO(3\(3Z&4c"5u
#5pOO#5p
#5pOO#5p
!6xO(3\(3[&4d!6x
!6xO(3\(3[&4d!6x
%4h)3Y 2Q 2P)3XO
%4h)3Y 2Q 2P)3XO
6{%4i)3Y,2K/1B01
6{%4i)3Y,2K/1B01
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P-1F/1>00:00:/1>-1F 2P(3\O$5m#5p#5q#5p$5n$5n#5p"5s!6w 6{
6|!6z!6w"6u"5u"5u"5s#5oO(3\ 2P-1F/1>00:00:/1>-1F 2P(3\O$5m#5p#5q#5p$5n$5n#5p"5s!6w 6{
WWW.VINACF.COM
WWW.VINACF.COM
Project1.ucAsyncDLHost
Project1.ucAsyncDLHost
Project1.ucAsyncDLStripe
Project1.ucAsyncDLStripe
ieframe.dll
ieframe.dll
WebBrowser
WebBrowser
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
A%System%\ieframe.oca
A%System%\ieframe.oca
wininet.dll
wininet.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
FindCloseUrlCache
DeleteUrlCacheEntryA
DeleteUrlCacheEntryA
urlmon
urlmon
URLDownloadToFileA
URLDownloadToFileA
user32.dll
user32.dll
ClearWeb
ClearWeb
shell32.dll
shell32.dll
ShellExecuteA
ShellExecuteA
kernel32.dll
kernel32.dll
PSAPI.DLL
PSAPI.DLL
ntdll.dll
ntdll.dll
msvbvm60.dll
msvbvm60.dll
%System%\msvbvm60.dll\3
%System%\msvbvm60.dll\3
LIB.dll
LIB.dll
advapi32.dll
advapi32.dll
GetAsyncKeyState
GetAsyncKeyState
GetWindowsDirectoryA
GetWindowsDirectoryA
VBA6.DLL
VBA6.DLL
RegCreateKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetCtlKeyForURL
GetCtlKeyForURL
GetCtlKeyForLocalFileName
GetCtlKeyForLocalFileName
DownloadStripeByURL
DownloadStripeByURL
MSVBVM60.DLL
MSVBVM60.DLL
.text
.text
.rsrc
.rsrc
.reloc
.reloc
.lS\d~"
.lS\d~"
.tTP\
.tTP\
%fJ>0
%fJ>0
".oCh
".oCh
`.data
`.data
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
InternetOpenUrlA
InternetOpenUrlA
`.rdata
`.rdata
@.data
@.data
@.reloc
@.reloc
^}•D}
^}•D}
KERNEL32.dll
KERNEL32.dll
SHELL32.dll
SHELL32.dll
GetCPInfo
GetCPInfo
%WinDir%\SYSTEM32\miniads.exe
%WinDir%\SYSTEM32\miniads.exe
%WinDir%\SYSTEM32\shellfile.dl
%WinDir%\SYSTEM32\shellfile.dl
%WinDir%\SYSTEM32\dllshell.dll
%WinDir%\SYSTEM32\dllshell.dll
miniads.exe
miniads.exe
HGWC.exe
HGWC.exe
crossfire.dat
crossfire.dat
%WinDir%\SYSTEM32\miniads2.exe
%WinDir%\SYSTEM32\miniads2.exe
miniads2.exe
miniads2.exe
msvcrt.dll
msvcrt.dll
Kernel32.dll
Kernel32.dll
WebBrowser1
WebBrowser1
AWebBrowser1
AWebBrowser1
`C:\Windows\System32\ieframe.oca
`C:\Windows\System32\ieframe.oca
4*5054585
4*5054585
0004080
0004080
.data
.data
ATL.DLL
ATL.DLL
ADVAPI32.dll
ADVAPI32.dll
SHLWAPI.dll
SHLWAPI.dll
ole32.dll
ole32.dll
GDI32.dll
GDI32.dll
USER32.dll
USER32.dll
DUser.dll
DUser.dll
DUI70.dll
DUI70.dll
0%D[$
0%D[$
H$l%%u;
H$l%%u;
autoplay.pdb
autoplay.pdb
_amsg_exit
_amsg_exit
GetProcessHeap
GetProcessHeap
RegCreateKeyExW
RegCreateKeyExW
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
ShellExecuteExW
ShellExecuteExW
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
AUTOPLAY.dll
AUTOPLAY.dll
Can't find ordinal import.
Can't find ordinal import.
keybd_event
keybd_event
MSVCRT.dll
MSVCRT.dll
U: %d ]
U: %d ]
06 / 03 / 2015
06 / 03 / 2015
vdk.dll
vdk.dll
avifil32.dll
avifil32.dll
VINACF.DAT
VINACF.DAT
[ ]|[ - ]
[ ]|[ - ]
CrossHair
CrossHair
OFF|KEY: R|X1|X2|MAX
OFF|KEY: R|X1|X2|MAX
OFF|KEY: F
OFF|KEY: F
OFF|KEY: B
OFF|KEY: B
FAPCFLIB.DLL
FAPCFLIB.DLL
FAPCF.DLL
FAPCF.DLL
00????00????000
00????00????000
CShell.dll
CShell.dll
d3dx9_29.dll
d3dx9_29.dll
5]5#696>6D6K6P6U6Z6`6g6l6q6v6|6
5]5#696>6D6K6P6U6Z6`6g6l6q6v6|6
Object.dll
Object.dll
d3d9.dll
d3d9.dll
hXXp:///
hXXp:///
Nisual Studio\VB98\C2.EXE
Nisual Studio\VB98\C2.EXE
Nisual Studio\VB98\C2.EXE.Man
Nisual Studio\VB98\C2.EXE.Man
Nisual Studio\VB98\C2.EXE.Manifes
Nisual Studio\VB98\C2.EXE.Manifes
Q*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
Q*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
REZ\NationMsz\SA_MSG_DEFINE.msz
REZ\NationMsz\SA_MSG_DEFINE.msz
REZ\NationMsz\SPAIN_MSG_DEFINE.msz
REZ\NationMsz\SPAIN_MSG_DEFINE.msz
REZ\NationMsz\EU_MSG_DEFINE.msz
REZ\NationMsz\EU_MSG_DEFINE.msz
REZ\NationMsz\ID_MSG_DEFINE.msz
REZ\NationMsz\ID_MSG_DEFINE.msz
REZ\NationMsz\US_MSG_DEFINE.msz
REZ\NationMsz\US_MSG_DEFINE.msz
REZ\NationMsz\PHILLIPPINES_MSG_DEFINE.msz
REZ\NationMsz\PHILLIPPINES_MSG_DEFINE.msz
REZ\NationMsz\RU_MSG_DEFINE.msz
REZ\NationMsz\RU_MSG_DEFINE.msz
REZ\NationMsz\VIETNAM_MSG_DEFINE.msz
REZ\NationMsz\VIETNAM_MSG_DEFINE.msz
REZ\NationMsz\KOREA_MSG_DEFINE.msz
REZ\NationMsz\KOREA_MSG_DEFINE.msz
REZ\NationMsz\SEA_MSG_DEFINE.msz
REZ\NationMsz\SEA_MSG_DEFINE.msz
hXXp://cfpro0009.googlecode.com/svn/trunk/
hXXp://cfpro0009.googlecode.com/svn/trunk/
anti.txt
anti.txt
VINACF.HTML
VINACF.HTML
hXXp://bit.ly/1MBMSIF
hXXp://bit.ly/1MBMSIF
font:'Courier New', Courier, monospace;background-color: #000;background-image: url(5000320727_636b010314.jpg);background-repeat: no-repeat;}
font:'Courier New', Courier, monospace;background-color: #000;background-image: url(5000320727_636b010314.jpg);background-repeat: no-repeat;}
.keyclick1 {color: maroon;font-size: 40px;}
.keyclick1 {color: maroon;font-size: 40px;}
.keyclick1:hover {text-decoration: none;color: blue;background: yellow;}
.keyclick1:hover {text-decoration: none;color: blue;background: yellow;}
.keyword {font-size: 8px;}
.keyword {font-size: 8px;}
.box{position:fixed;top:-200px;left:30%;right:30%;background-color: #000;color:#7f7f7f;padding:20px;
.box{position:fixed;top:-200px;left:30%;right:30%;background-color: #000;color:#7f7f7f;padding:20px;
a.activator{width:153px;height:150px;position:absolute;top:0px;right:0px;background: url(clickme.png) no-repeat top right;z-index:1;cursor:pointer;}
a.activator{width:153px;height:150px;position:absolute;top:0px;right:0px;background: url(clickme.png) no-repeat top right;z-index:1;cursor:pointer;}
.overlay{background:transparent url(overlay.png) repeat top left;position:fixed;top:0px;bottom:0px;left:0px;right:0px;z-index:100;}
.overlay{background:transparent url(overlay.png) repeat top left;position:fixed;top:0px;bottom:0px;left:0px;right:0px;z-index:100;}
border:2px solid #ccc;-moz-border-radius: 20px;-webkit-border-radius:20px;-khtml-border-radius:20px;-moz-box-shadow: 0 1px 5px #333;-webkit-box-shadow: 0 1px 5px #333;z-index:101;}
border:2px solid #ccc;-moz-border-radius: 20px;-webkit-border-radius:20px;-khtml-border-radius:20px;-moz-box-shadow: 0 1px 5px #333;-webkit-box-shadow: 0 1px 5px #333;z-index:101;}
document.onselectstart=new Function ('return false')
document.onselectstart=new Function ('return false')
.box h1{border-bottom: 1px dashed #7F7F7F;margin:-20px -20px 0px -20px;padding:10px;background-color:#FF0;color: #000;-moz-border-radius:20px 20px 0px 0px;-webkit-border-top-left-radius: 20px;-webkit-border-top-right-radius: 20px;-khtml-border-top-left-radius: 20px;-khtml-border-top-right-radius: 20px;}
.box h1{border-bottom: 1px dashed #7F7F7F;margin:-20px -20px 0px -20px;padding:10px;background-color:#FF0;color: #000;-moz-border-radius:20px 20px 0px 0px;-webkit-border-top-left-radius: 20px;-webkit-border-top-right-radius: 20px;-khtml-border-top-left-radius: 20px;-khtml-border-top-right-radius: 20px;}
a.boxclose{float:right;width:26px;height:26px;background:transparent url(cancel.png) repeat top left;margin-top:-30px;margin-right:-30px;cursor:pointer;}
a.boxclose{float:right;width:26px;height:26px;background:transparent url(cancel.png) repeat top left;margin-top:-30px;margin-right:-30px;cursor:pointer;}
.drop { position: absolute; width: 3; filter: flipV(), flipH(); font-size: 40; color: blue }
.drop { position: absolute; width: 3; filter: flipV(), flipH(); font-size: 40; color: blue }
if (window.sidebar){
if (window.sidebar){
CVN.SYS
CVN.SYS
Document.onmousedown = disableselect
Document.onmousedown = disableselect
Document.onclick = reEnable}
Document.onclick = reEnable}
if (document.all){return false;}}
if (document.all){return false;}}
if(document.layers||(document.getElementById&&!document.all)){
if(document.layers||(document.getElementById&&!document.all)){
if (e.which==2||e.which==3){
if (e.which==2||e.which==3){
if (document.layers){
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=nrcNS;
document.onmousedown=nrcNS;
}else{document.onmouseup=nrcNS;document.oncontextmenu=nrcIE;}
}else{document.onmouseup=nrcNS;document.oncontextmenu=nrcIE;}
document.oncontextmenu=new Function('return false');
document.oncontextmenu=new Function('return false');
var minutes = Math.floor(time / 60);
var minutes = Math.floor(time / 60);
FVN.SYS
FVN.SYS
minutes = Math.floor(time / 60);
minutes = Math.floor(time / 60);
function stime(){document.getElementById('STATUS').innerHTML = 'T? ??NG K
function stime(){document.getElementById('STATUS').innerHTML = 'T? ??NG K
if(jgt == 0|document.getElementById('KICHHOAT').innerHTML=='100%')
if(jgt == 0|document.getElementById('KICHHOAT').innerHTML=='100%')
clearInterval(timing);document.getElementById('STATUS').innerHTML='K
clearInterval(timing);document.getElementById('STATUS').innerHTML='K
document.getElementById('KICHHOAT').innerHTML='100%';}
document.getElementById('KICHHOAT').innerHTML='100%';}
\system32\RunDll32.exe
\system32\RunDll32.exe
a.exe
a.exe
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
vdk.exe
vdk.exe
Aegis.exe
Aegis.exe
XTrap.xt
XTrap.xt
crossfire.exe
crossfire.exe
IEXPLORE.EXE
IEXPLORE.EXE
runads.exe
runads.exe
cfpro.exe
cfpro.exe
REZ\REZOK.EXE
REZ\REZOK.EXE
DDRAW.DLL
DDRAW.DLL
VN.SYS
VN.SYS
hXXp://cfpro0009.googlecode.com/svn/trunk/VINACF.HTML
hXXp://cfpro0009.googlecode.com/svn/trunk/VINACF.HTML
hXXp://cfpro0009.googlecode.com/svn/trunk/anti.txt
hXXp://cfpro0009.googlecode.com/svn/trunk/anti.txt
MiniObject.dat
MiniObject.dat
hXXp://dlprotest.googlecode.com/svn/trunk/
hXXp://dlprotest.googlecode.com/svn/trunk/
hXXp://zsmodz.googlecode.com/svn/trunk/
hXXp://zsmodz.googlecode.com/svn/trunk/
patcher_cf2.exe
patcher_cf2.exe
\runads.exe
\runads.exe
\miniads.exe
\miniads.exe
\miniads2.exe
\miniads2.exe
WEBPOP
WEBPOP
hXXp://VVV.hackcf.biz/VINACF/p/active-success.html
hXXp://VVV.hackcf.biz/VINACF/p/active-success.html
\System32\drivers\etc\hosts.ics
\System32\drivers\etc\hosts.ics
0123456789
0123456789
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
%System%\RunDll32.exe
%System%\RunDll32.exe
adf.ly
adf.ly
InternetExplorer.Application
InternetExplorer.Application
LocationURL
LocationURL
sh.st
sh.st
adf.ly/ad/locked
adf.ly/ad/locked
Windows Internet Explorer
Windows Internet Explorer
Web Browser
Web Browser
iexplore.exe - Application Error
iexplore.exe - Application Error
WScript.Shell
WScript.Shell
WindowStyle
WindowStyle
\Mozilla Firefox
\Mozilla Firefox
\Google Chrome
\Google Chrome
Win32s on Windows 3.1
Win32s on Windows 3.1
Windows NT
Windows NT
Windows NT 3.5
Windows NT 3.5
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows Server 2003
Windows Server 2003
Windows Vista/Server 2008
Windows Vista/Server 2008
Windows 7/Server 2008 R2
Windows 7/Server 2008 R2
Windows 8
Windows 8
Windows 95
Windows 95
Windows Me
Windows Me
Windows 98
Windows 98
Unable to identify your version of Windows.
Unable to identify your version of Windows.
We already have a Download with that URL in the List
We already have a Download with that URL in the List
.ucAsyncDLStripe
.ucAsyncDLStripe
VB.Timer
VB.Timer
HGWC.EXE
HGWC.EXE
N*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
N*\A%Documents and Settings%\Admin\Desktop\VINACF MOD - CHONG MOD v24\Project1.vbp
FAPCF.COM
FAPCF.COM
C:\UsersP
C:\UsersP
@*\AG:\ADS\LOAD\Project1.vbp
@*\AG:\ADS\LOAD\Project1.vbp
C:\Windows\System32\miniads2.exe
C:\Windows\System32\miniads2.exe
C:\Windows\System32\miniads.exe
C:\Windows\System32\miniads.exe
C:\Windows\System32\runads.exe
C:\Windows\System32\runads.exe
C:\Windows\System32\dllshell.dll
C:\Windows\System32\dllshell.dll
explorer.exe
explorer.exe
myads.exe
myads.exe
@*\AG:\ADS\Project1.vbp
@*\AG:\ADS\Project1.vbp
hXXp://asdsadsadsad.googlecode.com/svn/trunk/newrent.txt
hXXp://asdsadsadsad.googlecode.com/svn/trunk/newrent.txt
Message from webpage
Message from webpage
@*\AG:\ADS\shorte.st\Project1.vbp
@*\AG:\ADS\shorte.st\Project1.vbp
hXXps://asdsadsadsad.googlecode.com/svn/trunk/sh.txt
hXXps://asdsadsadsad.googlecode.com/svn/trunk/sh.txt
@*\AG:\ADS\Shell\Project1.vbp
@*\AG:\ADS\Shell\Project1.vbp
shell32.dll,-3
shell32.dll,-3
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
%systemroot%\system32\DeviceCenter.dll,-1
%systemroot%\system32\DeviceCenter.dll,-1
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices
7e1fe788-0747-4e00-895b-c3461b1ddd97
7e1fe788-0747-4e00-895b-c3461b1ddd97
comctl32.dll
comctl32.dll
mshelp://windows/?id=
mshelp://windows/?id=
ShellExecuteParams
ShellExecuteParams
ShellExecuteVerb
ShellExecuteVerb
ShellExecute
ShellExecute
]d3d9.dll
]d3d9.dll
%original file name%.exe_1380_rwx_0059A000_00002000:
kernel32.dll
kernel32.dll
VINACFPRO.EXE
VINACFPRO.EXE
iexplore.exe_1940:
%?9-*09,*19}*09
%?9-*09,*19}*09
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
SHDOCVW.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
IE-X-X
rsabase.dll
rsabase.dll
System\CurrentControlSet\Control\Windows
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
dw15 -x -s %u
watson.microsoft.com
watson.microsoft.com
IEWatsonURL
IEWatsonURL
%s -h %u
%s -h %u
iedw.exe
iedw.exe
Iexplore.XPExceptionFilter
Iexplore.XPExceptionFilter
jscript.DLL
jscript.DLL
mshtml.dll
mshtml.dll
mlang.dll
mlang.dll
urlmon.dll
urlmon.dll
wininet.dll
wininet.dll
shdocvw.DLL
shdocvw.DLL
browseui.DLL
browseui.DLL
comctl32.DLL
comctl32.DLL
IEXPLORE.EXE
IEXPLORE.EXE
iexplore.pdb
iexplore.pdb
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
IExplorer.EXE
IExplorer.EXE
IIIIIB(II<.fg>
IIIIIB(II<.fg>
7?_____ZZSSH%
7?_____ZZSSH%
)z.UUUUUUUU
)z.UUUUUUUU
,....Qym
,....Qym
````2```
````2```
{.QLQIIIKGKGKGKGKGKG
{.QLQIIIKGKGKGKGKGKG
;33;33;0
;33;33;0
8888880
8888880
8887080
8887080
browseui.dll
browseui.dll
shdocvw.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
6.00.2900.5512 (xpsp.080413-2105)
Windows
Windows
Operating System
Operating System
6.00.2900.5512
6.00.2900.5512