Susp_Dropper (Kaspersky), Gen:Variant.Kazy.536908 (AdAware), Trojan.Win32.IEDummy.FD, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 4d9cc4700ef73b42d1599c5eb8548b64
SHA1: aca8ce6633798980ee5f2cb4b78e532eabf0c1c6
SHA256: 0fe36a6284061a5f5c8f7e2b3143299121e82c312f645f1ceead3c07d21dc0e3
SSDeep: 24576:W9wKYexOOg4R6Ss7H9LHbOqli8JUKbj4Xu/VaJ:hXeR6Se7dlikj4XSVo
Size: 915146 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-11-01 19:45:38
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:332
The Trojan injects its code into the following process(es):
9.9.exe:504
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process 9.9.exe:504 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EAFKB6GD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXYZKDE3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Desktop\Google Chrome.html (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WBE329MV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Desktop\Mozilla Firefox.html (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LURCTMJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXYZKDE3\cf[1].htm (747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EAFKB6GD\328[1].png (325 bytes)
The Trojan deletes the following file(s):
%System%\drivers\etc\hosts (0 bytes)
The process %original file name%.exe:332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\PRo\9.9.exe (2093 bytes)
C:\PRo\FapCF.dll (203 bytes)
The Trojan deletes the following file(s):
C:\PRo\__tmp_rar_sfx_access_check_1412640 (0 bytes)
Registry activity
The process 9.9.exe:504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB DD 26 A0 AA 13 87 16 8C E1 06 7F 23 B2 61 DD"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://trollface.biz"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process %original file name%.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 2B 52 E4 2F A7 2F 85 9D BC 0C CA 8C F2 0A 5E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\WinRAR SFX]
"C%%PRo" = "C:\PRo"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PRo]
"9.9.exe" = "9.9"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
MD5 | File path |
---|---|
611747b0c580ff22d80ff04f73c736a5 | c:\PRo\9.9.exe |
be89332b6aa5fbee026d926912e6b82d | c:\PRo\FapCF.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:332
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EAFKB6GD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXYZKDE3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Desktop\Google Chrome.html (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WBE329MV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Desktop\Mozilla Firefox.html (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LURCTMJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXYZKDE3\cf[1].htm (747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EAFKB6GD\328[1].png (325 bytes)
C:\PRo\9.9.exe (2093 bytes)
C:\PRo\FapCF.dll (203 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 165770 | 165888 | 4.65928 | 2ccda66720a3519c30d7d8548a42d267 |
.rdata | 172032 | 20403 | 20480 | 3.7353 | 0f9e4b68eb2898dcd48e6188943ac30e |
.data | 192512 | 136232 | 5632 | 2.4029 | 972e0edc997fcfeb40fbe103776deb2b |
.rsrc | 331776 | 17588 | 17920 | 3.33146 | 0729f4d2c384b627d8fa2bf6c7ce423a |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 3
fac8e5392443f745ea684d1717ecdcf2
42bdb0675bf04b8fcddaf43b9603387b
b7a9e80711043fec9f2cedbd5542146d
Network Activity
URLs
URL | IP |
---|---|
hxxp://static.adf.ly/static/css/adfly_4.css | 104.20.1.4 |
hxxp://static.adf.ly/static/js/b64.js | 104.20.1.4 |
hxxp://static.adf.ly/static/js/view42.js | 104.20.1.4 |
hxxp://static.adf.ly/static/image/logo_fb2.png | 104.20.1.4 |
hxxp://static.adf.ly/static/image/ahl6532.gif | 104.20.1.4 |
hxxp://static.adf.ly/static/image/d_top_bg.png | 104.20.1.4 |
hxxp://static.adf.ly/static/image/skip_ad/en_tran.png | 104.20.1.4 |
hxxp://www-google-analytics.l.google.com/ga.js | |
hxxp://star.c10r.facebook.com/plugins/like.php?href=https://www.facebook.com/x19ltd.adfly&width=150&fb_source=unshorten&layout=button_count&action=like&show_faces=false&share=true&height=21&appId=399141353502152 | |
hxxp://static.adf.ly/static/image/d_bottom_bg2.png | 104.20.1.4 |
hxxp://static.adf.ly/1market.php?p=xVZnHcUvikLHCbJuoYbG3ZNh09IyjLo6iAYHWdR0mhLmmIx65IIiiZwliJaHGaFizwaiCII56xImiLImsRIWnYBivocjnIQli1OWiYIuiRL3CcJvwhYmXIR7opbjmIFstJZXSdIi6wISiM91yEdjXNF4kodjSIIusJICnLNxlUYTXNJzjUaDCOI66IICiZIiswIinIBjyFbT3YR2vYY22Y9wsYITjMo4iEaTHZRj0NcTDNo4iQfDSNw1iIZTmOxihVcz2YgkidOzjNAlsJIDmN1jvJYjmIl6sIZCSdIi6wMiCIwxiIbiWO9iiMa2WcxilwXi2I9tzNIjjIo6iITimY8jiJfyQe== | 104.20.1.4 |
hxxp://trollface.biz/ | 184.168.224.167 |
hxxp://trollface.biz/vote | 184.168.224.167 |
hxxp://c.global-ssl.fastly.net/nr-476.min.js | |
hxxp://whos.amung.us/swidget/fapcfmodz.png | 67.202.94.86 |
hxxp://beacon.newrelic.com/1/92a411bc23?a=4058140,2334836&pl=1422596420199&v=476.c73f3a6&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&ap=8&fe=8922&dc=8922&f=[]&at=ThRFGw4aRB1GBEEJTUhL&jsonp=NREUM.setToken | |
hxxp://beacon.newrelic.com/1/92a411bc23?a=4058140,2334836&pl=1422596427839&v=476.c73f3a6&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&ap=11&fe=1047&dc=1047&f=[]&at=ThRRGw4aREw= | |
hxxp://widgets.amung.us/small/03/328.png | 173.192.200.70 |
hxxp://trollface.biz/css/style.css | 184.168.224.167 |
hxxp://173.194.204.95/ajax/libs/mootools/1.3.1/mootools-yui-compressed.js | |
hxxp://trollface.biz/UTM_Bebas.eot? | 184.168.224.167 |
hxxp://trollface.biz/images/search_icon.png | 184.168.224.167 |
hxxp://trollface.biz/images/tags.png | 184.168.224.167 |
hxxp://www-google-analytics.l.google.com/vi/q4pBFb3NCzk/0.jpg | |
hxxp://www-google-analytics.l.google.com/vi/poS0YGKNSTs/0.jpg | |
hxxp://trollface.biz/images/like.png | 184.168.224.167 |
hxxp://www-google-analytics.l.google.com/vi/RCCXZ8ErVag/0.jpg | |
hxxp://trollface.biz/upload/t/1056.png | 184.168.224.167 |
hxxp://trollface.biz/images/sprite_v12.png | 184.168.224.167 |
hxxp://www-google-analytics.l.google.com/vi/UrDxiYYriJc/0.jpg | |
hxxp://imgur.com/nfXqfv7.png | |
hxxp://trollface.biz/upload/t/1055.jpg | 184.168.224.167 |
hxxp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g | 109.105.53.5 |
hxxp://trollface.biz/upload/t/1054.jpg | 184.168.224.167 |
hxxp://trollface.biz/images/logo.png | 184.168.224.167 |
hxxp://trollface.biz/images/upload_icon.png | 184.168.224.167 |
hxxp://trollface.biz/images/buttons-white.png | 184.168.224.167 |
hxxp://static.adf.ly/callback/2c42e77dc5b92544853ce18160cf6a1c | 104.20.1.4 |
hxxp://trollface.biz/images/comment.png | 184.168.224.167 |
hxxp://trollface.biz/images/loved.png | 184.168.224.167 |
hxxp://trollface.biz/images/viewed.png | 184.168.224.167 |
hxxp://trollface.biz/images/google.png | 184.168.224.167 |
hxxp://widgets.amung.us/small.js | 173.192.200.70 |
hxxp://yllix.com/images/premium.png | 109.105.53.5 |
hxxp://yllix.com/show.php?vs=&ad=286387&f=300x250&a=956646&s=MDhiZTA0ODk4Y2VjOGU2MzBlOGVjODY2YmY4NDgwMjM=&u=586654&si=742431179&di=5811174&ci=16&cc=CA | 109.105.53.5 |
hxxp://anycast-americas.quantserve.com.akadns.net/quant.js | |
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.2&utms=1&utmn=433791101&utmhn=trollface.biz&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=New - Troll Face Funny&utmhid=1917424732&utmr=-&utmp=/vote&utmht=1422596434949&utmac=UA-29685024-1&utmcc=__utma=174148071.773612308.1422596435.1422596435.1422596435.1;+__utmz=174148071.1422596435.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=344341876&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ | |
hxxp://whos.amung.us/widget/usytk7tkcyx3.png | 67.202.94.86 |
hxxp://widgets.amung.us/classic/04/411.png | 173.192.200.70 |
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.2&utms=1&utmn=41005801&utmhn=yllix.com&utmcs=utf-8&utmsr=1024x768&utmvp=300x250&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Yllix media&utmhid=871299865&utmr=http://trollface.biz/vote&utmp=/banner_show.php?section=General&pub=586654&format=300x250&ga=g&utmht=1422596435168&utmac=UA-33725520-1&utmcc=__utma=211441629.611147151.1422596435.1422596435.1422596435.1;+__utmz=211441629.1422596435.1.1.utmcsr=trollface.biz|utmccn=(referral)|utmcmd=referral|utmcct=/vote;&utmjid=2118429030&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ | |
hxxp://t.dtscout.com/i/?l=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g | 69.4.231.30 |
hxxp://px-chg004.quantserve.com.akadns.net/pixel;r=631760284;a=p-EMbv-yy8jFpSp;fpan=1;fpa=P0-1475998630-1422596435355;ns=1;ce=1;cm=;je=1;sr=1024x768x32;enc=n;dst=1;et=1422596435355;tzo=-120;ref=http://trollface.biz/vote;url=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g;ogl= | |
hxxp://e332.g.akamaiedge.net/152media/tags/xbanner/xbanner.js?ap=1300 | |
hxxp://star.c10r.facebook.com/plugins/like.php?app_id=669034239861694&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f251c3fa86634de&domain=trollface.biz&origin=http%3A%2F%2Ftrollface.biz%2Ff33b7892863bd18&relation=parent.parent&href=http://www.facebook.com/trollface.biz&locale=en_US&sdk=joey&send=false&show_faces=true&width=290 | |
hxxp://east.i.simpli.fi/dpx.js?cid=21707&m=1&sifi_tuid=6329 | |
hxxp://whos.amung.us/pingjs/?k=psytrs8y6gmn&t=Yllix media&c=s&y=http://trollface.biz/vote&a=0&r=8601 | 67.202.94.86 |
hxxp://east.i.simpli.fi/p?cid=21707&cb=dpx_58114617._hp | |
hxxp://a.adk2x.com/imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r= | |
hxxp://widgets.amung.us/widtemplates/smalloutline.gif | 173.192.200.70 |
hxxp://east.i.simpli.fi/dpx?cid=21707&m=1&sifi_tuid=6329&cbri=1334375555843&referrer=http://trollface.biz/vote | |
hxxp://a.adk2x.com/ul_cb/imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r= | |
hxxp://a1189.g.akamai.net/tc.js | |
hxxp://pagead.l.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc | |
hxxp://pagead.l.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= | |
hxxp://central.um.simpli.fi/g_match?id=&google_gid=CAESENgPIAiUVi0jv3eljxknN3o&google_cver=1 | |
hxxp://dispaa.website/Track?pai=26d49ef3669c26f2&guj=300x250&fat=26d49ef3669c26f2 | |
hxxp://pagead.l.doubleclick.net/pixel?google_nid=simplifi&google_hm=A2BCADB89762CB54D84AB87B024B7D7F | |
hxxp://central.um.simpli.fi/g_match?id= | |
hxxp://lp.showres.pw/flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E= | |
hxxp://de.tynt.com/deb/v2?id=w!psytrs8y6gmn&r=trollface.biz/vote | 67.202.66.171 |
hxxp://ic.tynt.com/b/p?id=w!psytrs8y6gmn&ts=1422596436558&r=trollface.biz/vote&t=Yllix media | 67.202.66.206 |
hxxp://ds-any-world.ngd.ysm.yahoodns.net/pixel?id=2085077&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1 | |
hxxp://websource.website/flash/reset.css | 104.28.22.64 |
hxxp://websource.website/flash/jquery-ui.css | 104.28.22.64 |
hxxp://ds-any-world.ngd.ysm.yahoodns.net/cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1 | |
hxxp://central.um.simpli.fi/y_match?xid=OpUesktx0bnS1._7RUN1UBwx | |
hxxp://websource.website/flash/core.css | 104.28.22.64 |
hxxp://websource.website/flash/ie_fix.css | 104.28.22.64 |
hxxp://websource.website/flash/html5shiv.js | 104.28.22.64 |
hxxp://blogspot.l.googleusercontent.com/2014/08/b-red-releases-flaming-hot-new-track.html | |
hxxp://www.google.com/uds/css/gsearch.css | 74.125.226.52 |
hxxp://blogspot.l.googleusercontent.com/-220e_g7edhs/VMsXtforiJI/AAAAAAAEZzg/Ru02XyZTxSs/s0/22.jpg | |
hxxp://dart.l.doubleclick.net/adj/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;abr=!ie;sz=728x90;ord=[timestamp]? | |
hxxp://pagead.l.doubleclick.net/pagead/js/google_top_exp.js | |
hxxp://blogger.l.google.com/img/icon18_wrench_allbkg.png | |
hxxp://blogspot.l.googleusercontent.com/-2VhpOMtGi9M/VKq5K-uegYI/AAAAAAAEOzE/LGnSu074gr0/s1600/00.png | |
hxxp://dart.l.doubleclick.net/adi/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;sz=728x90;ord=[timestamp]? | |
hxxp://blogspot.l.googleusercontent.com/-B9TeChMS3A8/VLWjCCx4RMI/AAAAAAAESvc/KYmzd1Dl5gc/s1600/1.jpg | |
hxxp://blogspot.l.googleusercontent.com/-ao95uV_Um5c/VMQRVLaoNQI/AAAAAAAEXeY/pI6fjZbMjl8/s1600/0.png | |
hxxp://blogspot.l.googleusercontent.com/-o3bkrf-qs0A/VKqAyof5pQI/AAAAAAAEOsw/vJqd_lEwam4/s1600/unnamed.gif | |
hxxp://blogspot.l.googleusercontent.com/-mcc90_3G694/VK1JjzkAFCI/AAAAAAAEPqg/OyqPpsMg5Gk/s1600/00.jpg | |
hxxp://lekkigardens.com/img/200x300.gif | 67.20.76.118 |
hxxp://blogspot.l.googleusercontent.com/-h3JUlSgQ-_0/VK1KLDMRMgI/AAAAAAAEPqs/TR8XRbZvbY8/s1600/00.jpg | |
hxxp://blogspot.l.googleusercontent.com/-pzssax7ig_o/VMQQY1VHBhI/AAAAAAAEXeM/f381QtL8lmc/s1600/1.jpg | |
hxxp://www.mcomm.ca/callertunes/lindaikeji/ads/banner_160.gif | 64.71.39.1 |
hxxp://blogspot.l.googleusercontent.com/-tgynBCYivZk/VMgdZOklr4I/AAAAAAAEY-k/qplcX1nppmc/s1600/a.jpg | |
hxxp://blogger.l.google.com/img/logo-16.png | |
hxxp://blogspot.l.googleusercontent.com/-nerBEGrWuFk/U7B9Sg0IJBI/AAAAAAADFto/lO0wova5fhs/s1600/LoLavita+Hair+%26+Beauty+2.jpg | |
hxxp://static-uk.addynamo.net/ad/js/deliverAds.js | |
hxxp://blogspot.l.googleusercontent.com/-I7qMNrH15Bg/VLk-QT3KL4I/AAAAAAAEUGs/7Yx5LDt8E7U/s1600/2.jpg | |
hxxp://blogspot.l.googleusercontent.com/-vm21KdojIls/VMQP8OWvjNI/AAAAAAAEXeA/8wj2VMb764k/s1600/unnamed.gif | |
hxxp://blogspot.l.googleusercontent.com/-lYQ_6IJ9-1k/VJvzDQLQ5ZI/AAAAAAAEKxk/dRnS1Y_bqZs/s1600/0.jpg | |
hxxp://blogspot.l.googleusercontent.com/-A-xhStXKSRc/U2Ib-ESdJbI/AAAAAAAC1Tc/LfWTAWidGB0/s1600/2.gif | |
hxxp://blogspot.l.googleusercontent.com/_ukqwa9IFmR4/TRw5oR3LM0I/AAAAAAAAAB8/1s_TvrzEhZQ/S220/26392_1104606111494_1717008926_185805_7177542_n.jpg | |
hxxp://pagead.l.doubleclick.net/pagead/js/lidar.js | |
hxxp://pagead.l.doubleclick.net/pagead/blank.html | |
hxxp://dart.l.doubleclick.net/viewad/3774000/NG_W5_D_VD15_26012015_728x90.jpg | |
hxxp://adf.ly/1market.php?p=xVZnHcUvikLHCbJuoYbG3ZNh09IyjLo6iAYHWdR0mhLmmIx65IIiiZwliJaHGaFizwaiCII56xImiLImsRIWnYBivocjnIQli1OWiYIuiRL3CcJvwhYmXIR7opbjmIFstJZXSdIi6wISiM91yEdjXNF4kodjSIIusJICnLNxlUYTXNJzjUaDCOI66IICiZIiswIinIBjyFbT3YR2vYY22Y9wsYITjMo4iEaTHZRj0NcTDNo4iQfDSNw1iIZTmOxihVcz2YgkidOzjNAlsJIDmN1jvJYjmIl6sIZCSdIi6wMiCIwxiIbiWO9iiMa2WcxilwXi2I9tzNIjjIo6iITimY8jiJfyQe== | |
hxxp://1.bp.blogspot.com/-nerBEGrWuFk/U7B9Sg0IJBI/AAAAAAADFto/lO0wova5fhs/s1600/LoLavita+Hair+%26+Beauty+2.jpg | 74.125.226.42 |
hxxp://www.google-analytics.com/ga.js | 74.125.226.32 |
hxxp://4.bp.blogspot.com/-o3bkrf-qs0A/VKqAyof5pQI/AAAAAAAEOsw/vJqd_lEwam4/s1600/unnamed.gif | 74.125.226.44 |
hxxp://ajax.googleapis.com/ajax/libs/mootools/1.3.1/mootools-yui-compressed.js | |
hxxp://i.imgur.com/nfXqfv7.png | 23.235.40.193 |
hxxp://ads.yahoo.com/cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1 | 98.138.49.42 |
hxxp://ad.doubleclick.net/adi/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;sz=728x90;ord=[timestamp]? | 74.125.226.59 |
hxxp://img1.blogblog.com/img/icon18_wrench_allbkg.png | 173.194.204.191 |
hxxp://img.youtube.com/vi/RCCXZ8ErVag/0.jpg | 74.125.226.37 |
hxxp://i.simpli.fi/p?cid=21707&cb=dpx_58114617._hp | 184.173.188.162 |
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&pl=1422596427839&v=476.c73f3a6&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&ap=11&fe=1047&dc=1047&f=[]&at=ThRRGw4aREw= | 50.31.164.172 |
hxxp://3.bp.blogspot.com/-ao95uV_Um5c/VMQRVLaoNQI/AAAAAAAEXeY/pI6fjZbMjl8/s1600/0.png | 74.125.226.42 |
hxxp://ad.doubleclick.net/adj/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;abr=!ie;sz=728x90;ord=[timestamp]? | 74.125.226.59 |
hxxp://152media.adk2x.com/imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r= | 1.97.192.21 |
hxxp://lindaikeji.blogspot.com/2014/08/b-red-releases-flaming-hot-new-track.html | 74.125.226.42 |
hxxp://i.simpli.fi/dpx?cid=21707&m=1&sifi_tuid=6329&cbri=1334375555843&referrer=http://trollface.biz/vote | 184.173.188.162 |
hxxp://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc | 74.125.226.57 |
hxxp://pagead2.googlesyndication.com/pagead/js/lidar.js | 74.125.226.57 |
hxxp://1.bp.blogspot.com/-pzssax7ig_o/VMQQY1VHBhI/AAAAAAAEXeM/f381QtL8lmc/s1600/1.jpg | 74.125.226.42 |
hxxp://i.simpli.fi/dpx.js?cid=21707&m=1&sifi_tuid=6329 | 184.173.188.162 |
hxxp://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A2BCADB89762CB54D84AB87B024B7D7F | 74.125.226.57 |
hxxp://cdn.tynt.com/tc.js | 184.84.243.208 |
hxxp://static.addynamo.net/ad/js/deliverAds.js | 82.113.155.124 |
hxxp://js-agent.newrelic.com/nr-476.min.js | 23.235.40.175 |
hxxp://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= | 74.125.226.57 |
hxxp://img.youtube.com/vi/q4pBFb3NCzk/0.jpg | 74.125.226.37 |
hxxp://2.bp.blogspot.com/-vm21KdojIls/VMQP8OWvjNI/AAAAAAAEXeA/8wj2VMb764k/s1600/unnamed.gif | 74.125.226.42 |
hxxp://3.bp.blogspot.com/-lYQ_6IJ9-1k/VJvzDQLQ5ZI/AAAAAAAEKxk/dRnS1Y_bqZs/s1600/0.jpg | 74.125.226.42 |
hxxp://4.bp.blogspot.com/-tgynBCYivZk/VMgdZOklr4I/AAAAAAAEY-k/qplcX1nppmc/s1600/a.jpg | 74.125.226.44 |
hxxp://pixel.quantserve.com/pixel;r=631760284;a=p-EMbv-yy8jFpSp;fpan=1;fpa=P0-1475998630-1422596435355;ns=1;ce=1;cm=;je=1;sr=1024x768x32;enc=n;dst=1;et=1422596435355;tzo=-120;ref=http://trollface.biz/vote;url=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g;ogl= | 72.5.205.26 |
hxxp://2.bp.blogspot.com/-2VhpOMtGi9M/VKq5K-uegYI/AAAAAAAEOzE/LGnSu074gr0/s1600/00.png | 74.125.226.42 |
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.2&utms=1&utmn=433791101&utmhn=trollface.biz&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=New - Troll Face Funny&utmhid=1917424732&utmr=-&utmp=/vote&utmht=1422596434949&utmac=UA-29685024-1&utmcc=__utma=174148071.773612308.1422596435.1422596435.1422596435.1;+__utmz=174148071.1422596435.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=344341876&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ | 74.125.226.32 |
hxxp://2.bp.blogspot.com/-A-xhStXKSRc/U2Ib-ESdJbI/AAAAAAAC1Tc/LfWTAWidGB0/s1600/2.gif | 74.125.226.42 |
hxxp://adf.ly/callback/2c42e77dc5b92544853ce18160cf6a1c | |
hxxp://4.bp.blogspot.com/-B9TeChMS3A8/VLWjCCx4RMI/AAAAAAAESvc/KYmzd1Dl5gc/s1600/1.jpg | 74.125.226.44 |
hxxp://www.facebook.com/plugins/like.php?href=https://www.facebook.com/x19ltd.adfly&width=150&fb_source=unshorten&layout=button_count&action=like&show_faces=false&share=true&height=21&appId=399141353502152 | 31.13.74.1 |
hxxp://s0.2mdn.net/viewad/3774000/NG_W5_D_VD15_26012015_728x90.jpg | 74.125.226.60 |
hxxp://um.simpli.fi/g_match?id=&google_gid=CAESENgPIAiUVi0jv3eljxknN3o&google_cver=1 | 108.168.159.136 |
hxxp://3.bp.blogspot.com/-I7qMNrH15Bg/VLk-QT3KL4I/AAAAAAAEUGs/7Yx5LDt8E7U/s1600/2.jpg | 74.125.226.42 |
hxxp://um.simpli.fi/y_match?xid=OpUesktx0bnS1._7RUN1UBwx | 108.168.159.136 |
hxxp://3.bp.blogspot.com/_ukqwa9IFmR4/TRw5oR3LM0I/AAAAAAAAAB8/1s_TvrzEhZQ/S220/26392_1104606111494_1717008926_185805_7177542_n.jpg | 74.125.226.42 |
hxxp://um.simpli.fi/g_match?id= | 108.168.159.136 |
hxxp://152media.adk2x.com/ul_cb/imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r= | 1.97.192.21 |
hxxp://edge.quantserve.com/quant.js | 64.94.107.44 |
hxxp://www.facebook.com/plugins/like.php?app_id=669034239861694&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f251c3fa86634de&domain=trollface.biz&origin=http%3A%2F%2Ftrollface.biz%2Ff33b7892863bd18&relation=parent.parent&href=http://www.facebook.com/trollface.biz&locale=en_US&sdk=joey&send=false&show_faces=true&width=290 | 31.13.74.1 |
hxxp://img.youtube.com/vi/UrDxiYYriJc/0.jpg | 74.125.226.37 |
hxxp://www.blogger.com/img/logo-16.png | 173.194.204.191 |
hxxp://googleads.g.doubleclick.net/pagead/blank.html | 74.125.226.58 |
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.2&utms=1&utmn=41005801&utmhn=yllix.com&utmcs=utf-8&utmsr=1024x768&utmvp=300x250&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Yllix media&utmhid=871299865&utmr=http://trollface.biz/vote&utmp=/banner_show.php?section=General&pub=586654&format=300x250&ga=g&utmht=1422596435168&utmac=UA-33725520-1&utmcc=__utma=211441629.611147151.1422596435.1422596435.1422596435.1;+__utmz=211441629.1422596435.1.1.utmcsr=trollface.biz|utmccn=(referral)|utmcmd=referral|utmcct=/vote;&utmjid=2118429030&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ | 74.125.226.32 |
hxxp://1.bp.blogspot.com/-h3JUlSgQ-_0/VK1KLDMRMgI/AAAAAAAEPqs/TR8XRbZvbY8/s1600/00.jpg | 74.125.226.42 |
hxxp://cdn.offersquared.com/152media/tags/xbanner/xbanner.js?ap=1300 | 96.7.201.120 |
hxxp://ads.yahoo.com/pixel?id=2085077&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1 | 98.138.49.42 |
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&pl=1422596420199&v=476.c73f3a6&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&ap=8&fe=8922&dc=8922&f=[]&at=ThRFGw4aRB1GBEEJTUhL&jsonp=NREUM.setToken | 50.31.164.172 |
hxxp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html | 74.125.226.44 |
hxxp://2.bp.blogspot.com/-220e_g7edhs/VMsXtforiJI/AAAAAAAEZzg/Ru02XyZTxSs/s0/22.jpg | 74.125.226.42 |
hxxp://img.youtube.com/vi/poS0YGKNSTs/0.jpg | 74.125.226.37 |
hxxp://3.bp.blogspot.com/-mcc90_3G694/VK1JjzkAFCI/AAAAAAAEPqg/OyqPpsMg5Gk/s1600/00.jpg | 74.125.226.42 |
hxxp://pagead2.googlesyndication.com/pagead/js/google_top_exp.js | 74.125.226.57 |
backup333.googlecode.com | 173.194.204.82 |
connect.facebook.net | 96.16.47.139 |
redirecting.ws | 69.65.52.68 |
accounts.google.com | 173.194.204.84 |
stats.g.doubleclick.net | 173.194.204.155 |
oauth.googleusercontent.com | 74.125.226.44 |
ssl.gstatic.com | 74.125.226.56 |
apis.google.com | 74.125.226.35 |
flesler-plugins.googlecode.com | 173.194.204.82 |
graph.facebook.com | 31.13.74.1 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /vi/q4pBFb3NCzk/0.jpg HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.youtube.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 01 Jan 1970 00:23:32 GMT
Date: Fri, 30 Jan 2015 10:53:08 GMT
Expires: Fri, 30 Jan 2015 16:53:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 29142
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=21600
Age: 0
Alternate-Protocol: 80:quic,p=0.02
......JFIF......................................................................................................................................................h....".........................................Z.........................!1.AQ.."aq..2BR....#br.......3ST.......$4Cs.ct.....D....eu..%&..................................B........................!..1."AQq.2a...R....#3r..BC..5bs.6S.................?.......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B.....D-.>v.......[....w.l.>o..*.......*. K..[.)f.........[. e..e...;H..f..U.V... s...1..'.....Z.s}.M..,..I.{?.#..2}...e..u.se..k.z|$...v.e.........g...7..;Xy...~.)D .......>..O^...#.j..-c.d.q....|...................z.6jW.....x..X....^....N..c. }.S.W...x~^.N<............k..Y'...o.N..c.*..ShW...xg..L..O....#.x.7Md=.M..?..=}I...{%_..y..w.............^...{.? d.d.....S.G.{-_........~.....M......_...k5.n.I.<..|.jv..#....T.V....~Z....dz..%...n.-.q..e....:...S.....9...e..=9...F.z$..3m..Y../..t.S.....[!X/...?...I...:.y90.._.....jE{...d)..6..>..'.%.......?........!L.......?....;..>.....hF..C...`-.._9....{~...K...5.._...Y.Bu..{.B....]>.$......r3!<.......(....<].P...O?{.qg.......Y....#:.....Y......8...e.Ft'...8...e.{.qg...`dgBx....<].Q..'.x....Ft'...8...e.{.qg......O.{.qg...>.....}........'.x....~N,.w.S.r4!;....<].V>.I..'...J....8....}...<O.L........Y.~.>.I..'.........N,.?e=..'v.Py...
<<< skipped >>>
GET /vi/UrDxiYYriJc/0.jpg HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.youtube.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 01 Jan 1970 00:23:41 GMT
Date: Fri, 30 Jan 2015 10:53:08 GMT
Expires: Fri, 30 Jan 2015 16:53:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 6473
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=21600
Age: 0
Alternate-Protocol: 80:quic,p=0.02
......JFIF..............................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc......h....".......................................F........................!.1a..AQ."2q#BRr........36T...Cb.....&.$45Ds.....................................................1!2.A............?...........................................................................................................................2.......-......2.......-......2.......-......2.......-......2......Z..\q.g @..B.....C........C..c..z%O8..'.Y..z,......g.........D.........f.5g5.....:8..g.ZQO.,.Vp.?.>.L.o......e...G......e...I.5....^q..,....)..`x....T....x.......P]....r.}l.io)~...1{V.....K-.K.}F...(/!.k..T.[|..~.T.'.Z.i...d..)~.).B../....c.w...OR.).M...(.>.V .C.4>.b..>.C.. .C.4>.b..>.C.. .C.4>.b..>.C.. .C.4>.b..>.C.. .C.4>.b..>.C..`....................WI......R.F...,@..Q.<<|.A....2.... -jX.>...w....M}.Q*.5M.I.|...<....../..7.[.U>}.j....V..M.l..s.. x2se.S.J...:).7....1..../..P.Q..5.ER....K3y.F.}.....G..\.......j<....c...8.I..8~..;.en..R.w~.........%.%......Y$..p....u........(){Mj...I......~,.9?....B.~g.........YH......"........................................2......RUUt.a.......eZ3.`..G...2.OO....._.!...R.L....[...{........T......?...........C...!gq?f......w...!..sS../.c].I....o.;Zo..O.VH .:..V:.B...b...V\...8.V.....!......;........M..c....[T.....f........FNJ.... ,......q=..............8..Tr.Tm=~u%.....q2.(...m.G...na....[e.B.!
<<< skipped >>>
GET /flash/reset.css HTTP/1.1
Accept: */*
Referer: hXXp://lp.showres.pw/flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: websource.website
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d21f0cd7a75f84a7363c8618f1a3423af1422615192; expires=Sat, 30-Jan-16 10:53:12 GMT; path=/; domain=.websource.website; HttpOnly
Last-Modified: Thu, 27 Nov 2014 14:50:39 GMT
Expires: Wed, 04 Feb 2015 10:53:12 GMT
Cache-Control: public, max-age=432000
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1fdb21aa0534-YYZ
Content-Encoding: gzip
253.............S...@...jW.9R...&/..B.3v...Kg..%......"$..i..>...on.RYww.....n. s..6..a.o........aYC.&z..'..#$........q..G.?....#..!.....))C..hm.$*\ 8.........8....X.`..P1d..E.jIq.:Y.S.......H....$ .z.B...T..Z...8.(Zap.......}J.:2.h..A...w......OX.X.K...7...SaX!....>CIS..q..'....:..........8.Op..i.X..M.e$.q0mgS!......#...(..~..<.mw..S.....X..Fv..am#....f,.uY'...f.`.....s..|..Of.}.x.M2...T}.61E^^..8oo}.0..T..~..k...s...]..Q/...5.sg>.....$......]..m;..6...\.p.f..... ......W..$.........%M...w.]...X..j...56..`..........T.....(n...`.ln.U.M...u.cy.rw.R>? ...)oek.O.{.\w%h.a.....<)T.v:.a(x"../l0........0......
GET /flash/ie_fix.css HTTP/1.1
Accept: */*
Referer: hXXp://lp.showres.pw/flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: websource.website
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:13 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dee59d189370362192e85a18db36fe86b1422615193; expires=Sat, 30-Jan-16 10:53:13 GMT; path=/; domain=.websource.website; HttpOnly
Last-Modified: Thu, 27 Nov 2014 14:50:25 GMT
Expires: Wed, 04 Feb 2015 10:53:13 GMT
Cache-Control: public, max-age=432000
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1fdc91b40534-YYZ
Content-Encoding: gzip
212.............Sa..@.. k.S=....r.rF.AM41z1.c....t..,..J....i..U..........q.m).L*L.j...4......s..L.P.9.*Q.m.Ed..g....hG.,7...b...g...(.G..4ZP%....LK......8O..p.:......L&.......{.u..-.'.[(!E.Y.H..Y..6l.%...4.m..\..,...l.......s.......Kr....fR{.....8dycv.....&.....&,...@..F;\X)5.....(....... /..D..R%.dW..T.r.e....B..C(..u..mf...7......C".. ..6.]...(.."..vXc......<Rb.!.GB..6....B'qW..z..Ii.....T.(..Z..q...v#.......U44.X%....).(Q.:U...=....\............D..[8fG..S....c.Bf9z.s.....m...V...u{s..z.7...a...4...[?..J1p.uW....R_]...e..U......0..
GET /-ao95uV_Um5c/VMQRVLaoNQI/AAAAAAAEXeY/pI6fjZbMjl8/s1600/0.png HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 3.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v45de7"
Expires: Sat, 31 Jan 2015 10:39:47 GMT
Content-Disposition: inline;filename="0.png"
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:39:47 GMT
Server: fife
Content-Length: 95589
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 807
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR.......,.............sBIT....|.d... .IDATx...Y.$[~..;...d...W_...n......../c........Bb@B......^..$..0#.B....@B...F @`.....lf........U..../c......Ddf.m.......8..o....._..._.U.G.4...V...1~......hd..."...|<...\.lk.h .MH:.n..............d.....|wP...z........n...u......CR......>.. 1.WJ.O ..rK ...aA......{....2....a...1TP...._.w.e.{...g....n7.X.g{.]/YY....y_hJ.!F...>.{..3...|m.$./..t..6]{.."$9... K..... ..2.9.....S-%.!...P.9....(.....')1@.....1xQ...,|. ..3,?c..,|I#K,?....i.6....A.xqv<.....^#.k.h8..F.P...v3.LH.X..C..r4..L.8.W..........~=...9$.......b.....fX@|...80$..2.).X........|.m.0d.....9....."g....s....C....Pd6.ChJ...<...P...!y.=...T...x.9.J2....t.$......j.b...s........3.L.1.k.....R*d....................rF.!...$.-C.e.;.....A.i....{..T 03.^.e9. 3.....zy..o.l..L...A:.o......D.:?....?}.,c5&}.z.x&J].....}W.'...N ..f:S...F3e..Y-.,V.|.P.3.L......D......Ir.J-T.:.S.XI$..2.?H*O...9.l....PS..m..g.i,...R......A@`."... I>. .U..:....1O.u:.i......CJd&.p'I. U..g.Z.h{. .... e.2X.Na8......L..}hJ..e..XG..,0".C....O.M5.....OT%2.....s..G9.Jma.I..LM..J;O=S....I..J..9...DN9..UF_...D.8.S.b...Sd9}.tqJ.=".bz.0o.G...n7....%U...g)..........9..`.R.j...bq.@......'..X...J}.).:.o... .39...b..9...Y....O.'....3rt....<..9........>q.i..!9...u"..L.I<.~.#....y.(._!..CF>l..I>.wD.H0.$2../.$..b..j.1>4%....f.S..Tg:...H.S...T."&. ..\.3..fD`F.CN.T.._R.%....' .*9Oz!...9;O......u*b...g...P..2Q....k.bN..zI..fJw.`.........i..i.`.Rr...).0V.r.*...SD...1AQ....$.......8...!........[.9e..BF.}..MF..:..$U....t....O.
<<< skipped >>>
GET /-I7qMNrH15Bg/VLk-QT3KL4I/AAAAAAAEUGs/7Yx5LDt8E7U/s1600/2.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 3.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v4506c"
Expires: Sat, 31 Jan 2015 10:39:47 GMT
Content-Disposition: inline;filename="2.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:39:47 GMT
Server: fife
Content-Length: 18814
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 807
Alternate-Protocol: 80:quic,p=0.02
......JFIF..............Exif..II*.......1.......2...;.......9...i.......H.......Google.Design X-pats............0220........~.......................,.......................ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9.................................desc...D...ybXYZ........bTRC........dmdd........gXYZ...h....gTRC........lumi...|....meas.......$bkpt........rXYZ........rTRC........tech........vued........wtpt...p....cprt.......7chad.......,desc........sRGB IEC61966-2-1 black scaled..................................................................................XYZ ......$.........curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%. .2.8.>.E.L.R.Y.`.g.n.u.|.........................................&./.8.A.K.T.].g.q.z...............................!.-.8.C.O.Z.f.r.~......................... .-.;.H.U.c.q.~....................... .:.I.X.g.w.....................'.7.H.Y.j.{................... .=.O.a.t...................2.F.Z.n.................%.:.O.d.y...............'.=.T.j...............".9.Q.i...............*.C.\.u.............&.@.Z.t...............I.d.............%.A.^.z...........&.C.a.~...........1.O.m...........&.E.d...........#.C.c...........'.I.j...........4.V.x.........&.I.l...........A.e...........@.e......... .E.k.........*.Q.w.........;.c.........*.R.{.........G.p.........@.j.........>.i...... . A l . . .!.!H!u!.!.!."'"U".".".#.#8#f#.#.#.$.$M$|$.$.%.%8%h%.%.%.
<<< skipped >>>
GET /-lYQ_6IJ9-1k/VJvzDQLQ5ZI/AAAAAAAEKxk/dRnS1Y_bqZs/s1600/0.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 3.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v42b1a"
Expires: Sat, 31 Jan 2015 09:28:19 GMT
Content-Disposition: inline;filename="0.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:39:47 GMT
Server: fife
Content-Length: 27133
X-XSS-Protection: 1; mode=block
Age: 808
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............xExif..II*.......1.......&...i...............Google............0220........d.......................X...............................................................................................................................................................X....".........................................d..........................!.1A.."Qa..2qu...#B..........%&Sbr...$356DRTUV....4C...Est..d.......ce....................................@......................!..1."AQ.2Raq........BS....3.#br..$CT...............?..\...P....~.Ey....^y.T.....,-..ql....EJZ.T..M.0Eo....7A..O..{.....~a.|./...&.%./W5z..n.....x....?.t......R...A8B...K4.....=?.....@..P.DS...%.....P.sY..g(?.)..W.W.n........^.@F.=....P..k......E?...c....;B..!..U.u.d..C..R.e).1,%J.0...;iV_Vb..H.n.,....:.....`..!..s9.... .J....B..P..D.....sf...g...d?..,~.uc..#......}.J..*O.S.]....*......CE..#..6L.q...P..E.......d....R.....&s..UO.:_.S.\.$'.U.w.......2K..o...F.............v..;T?....M}r8..D.g.%3........ p.7.?.-'.l..0.Q.../j=,y)......y.d....S.....!{..E[.i......0.Jo: ..Ud_.>..SL...)..Ay^....>..T.{n7!:...9d-.D..J....T...,A..."\.s...O......wjT...X.....o.:..n.....\....o6..U..x}:.8..{.. ..\.?.0..i.'..Y. .....7..G...TI.......^...&5".'.U..DtQ."..."0..F.0.W....(.....!.t.V...dH~..?2C..H.........F..Z.Ii.....$....,c,$.#..F!$.....y/$..^.w.i..V.l..]...c.^O.3.W......V.l..]..o....*.uJ.<....o.4.......0..?....h..'..D...r..y..F...p...#.h..N.P.*7.sRa(/..dG..T.....".E..".......'JEo......z,/3.n.x....LNK.M....Kju`)y..m...GE).EF...y/..7H..L....h..]bK..A.
<<< skipped >>>
GET /_ukqwa9IFmR4/TRw5oR3LM0I/AAAAAAAAAB8/1s_TvrzEhZQ/S220/26392_1104606111494_1717008926_185805_7177542_n.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 3.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v1f"
Expires: Sat, 31 Jan 2015 10:53:15 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="26392_1104606111494_1717008926_185805_7177542_n.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:53:15 GMT
Server: fife
Content-Length: 14470
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............*Exif..II*.......1...............Google.............................................................................................................................................................................................L.........................!..1."AQ..aq..#2....$3BRs.4brt......S........Cc..................................8........................!1.AQq."a.2....3B..#...r..$Rb.............?...... 7?...?......<..=.g..3.8.KIs............R.<.....K.|...E%.>g.p"...3.8.Is.......q.?3....>g.p"...3.8.K<..~g.)c.|...E%.>g.p".y.....R\..~g.)c.|...E'.y.?3.EAx...[V<.'.9.."...{.....eR..i<v$y.|.!cN.....KF......U.9..A......\...G.z.y..........X.P..A.....u..#...8......-8....KN.%.......p!=`P.|X...>U...C.D_.....O..y......W>.1........}.........X....C....*..d...RQT}cmH[..cc~...^K?...`....P.....:;..RDJ9!....t.~.#4....ag..O(.;N.E..a.J....n.Z:....@.`5n..Y.y.$*c5h....S.@.v..:_.u......xy.saun.kvG..A.Gh....7.....{S.........M$D..^......Dj&t...c......nln..mp/..k0.....8.z..=N...K.....!#.....l...uW..c...|...M...\.......h.....=V.b........S.k!_..Sbv:.....{.E.<@..&...q.......4Q...,dR.....1.....G.m..X.#.{.ca...s)..rj..".n.!.0...T..sa.]...k.....J"..tE....F.....k..k..j..$.}..'..F.<....)...B.......q....G...wcd..7..E......F.....7.....s&.......7.........a.X....l.n.._.N...k........?.|1d.*...<.....:.M.....Q......$....-.&x>%#^.JF].#6;Z../R...!#.....{...uP........?.oa..j..ki..i..>:...`R...F......m...>.."....f.m.......%..x..B......E....ocan...`Ix.,.....a...pg...91..l5....(b{...\
<<< skipped >>>
GET /ga.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:33:38 GMT
Expires: Fri, 30 Jan 2015 12:33:38 GMT
Last-Modified: Fri, 16 Jan 2015 00:55:08 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16151
Cache-Control: public, max-age=7200
Age: 1164
Alternate-Protocol: 80:quic,p=0.02
............yW...8.?..|{.....S..7.(m.....Ms.dY.iB....%.g..A..$...y.z..%..<mm.I~2...3....k9Z.2.}5....G.........dx.O:.Nz'...:.....I*b.v.o..q....Bh..z6..V.|.})...H..Q.Y....@.a4....'...`....3i..RC.%..0.Fz..J{.'C/...#O\BP]..^..../e..<1..p0...&.i......f{..zm..'&.w1...:...Y:...........p....`.n4....vz.W....|\c.-GX...:...5.y..".F:.. $....'..b2......k....:.....e.. t-{..^.^.....P....3........d..6.nM...."...^..|..1z......dq.t.}.....I46..Kb....1..A...t...q.N.7zt .P.a......o:0.>..$Y..x:=.$.....r./..0........n.%.vA.Ke.*....P/.....My..\..t...J(WW....,.A..<Q..........E..e.(.K.$......uBa ..1..yN.v..E....D=...:..[...>..zX.l^.._..z C..o.......Mk.............^\.G.I?.7.[...l.l=..@.......;...e./y,.cR.w`.d_...0.L/..F.q` j......y.5L....Zp*....#w0.%....]..:T..W...l.4.1U.,.W~.q0.=XO.z'..f.,/e..K..P".F.e..^..9..S...1..1..J.. .4....WW....K..I..x......\....@..c]...tj..3w$...cA... XD..F.a.......3...?..41.!.w}..T 8...vj..(.....q.P...........S^r.......A..X.e.K=J.5,o..0..Q.|=.v..l........j..';...B..$..-....$Z.R.L.OB.tL/:....t..g[..:A......i..4o[e8..3grr..SJI...2...\YW..j3.^J%.................x.?.6...){...o..V.c.........@hi.8.=..jR....]....x^.`.<..7........y1..8...YT...iLm}..Ye7T. X..d..T L Ui.....q}........#....elF.........m.6-..[./.-.x[{5 ....,.<....b.e..aK\].VWMZ....{.x(....O........p..[3I.@....4.)..x...Fk......4.Z.i p.7..`>.o.Z..O*<.c.....i.f...fk.g....J..a..y.....c_.X..%..4.Gz.M$....j5oe.0......$T~..}....0FtC].`-...Z.O..V.:Z..54o.4...oI...... .) ..6*...Y.1......B..-._..{r..1]F.....f..|8..u.OY...38..}5.c.`.. ....`.
<<< skipped >>>
GET /ga.js HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 16 Jan 2015 00:55:08 GMT; length=41118
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Date: Fri, 30 Jan 2015 10:33:38 GMT
Expires: Fri, 30 Jan 2015 12:33:38 GMT
Age: 1171
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.02
....
GET /r/__utm.gif?utmwv=5.6.2&utms=1&utmn=433791101&utmhn=trollface.biz&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=New - Troll Face Funny&utmhid=1917424732&utmr=-&utmp=/vote&utmht=1422596434949&utmac=UA-29685024-1&utmcc=__utma=174148071.773612308.1422596435.1422596435.1422596435.1;+__utmz=174148071.1422596435.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=344341876&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Location: hXXps://stats.g.doubleclick.net/collect?v=1&aip=1&t=dc&_r=2&tid=UA-29685024-1&cid=773612308.1422596435&jid=344341876&_v=5.6.2&z=433791101
Access-Control-Allow-Origin: *
Date: Fri, 30 Jan 2015 10:53:10 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: text/html; charset=UTF-8
Server: Golfe2
Content-Length: 366
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXps://stats.g.doubleclick.net/collect?v=1&aip=1&t=dc&_r=2&tid=UA-29685024-1&cid=773612308.1422596435&jid=344341876&_v=5.6.2&z=433791101">here</A>...</BODY></HTML>......
GET /r/__utm.gif?utmwv=5.6.2&utms=1&utmn=41005801&utmhn=yllix.com&utmcs=utf-8&utmsr=1024x768&utmvp=300x250&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Yllix media&utmhid=871299865&utmr=http://trollface.biz/vote&utmp=/banner_show.php?section=General&pub=586654&format=300x250&ga=g&utmht=1422596435168&utmac=UA-33725520-1&utmcc=__utma=211441629.611147151.1422596435.1422596435.1422596435.1;+__utmz=211441629.1422596435.1.1.utmcsr=trollface.biz|utmccn=(referral)|utmcmd=referral|utmcct=/vote;&utmjid=2118429030&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Fri, 30 Jan 2015 10:53:10 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....
GET /r/__utm.gif?utmwv=5.6.2&utms=1&utmn=1634483302&utmhn=lindaikeji.blogspot.ca&utmcs=utf-8&utmsr=1024x768&utmvp=788x467&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Welcome to Linda Ikeji's Blog&utmhid=552264825&utmr=http://adf.ly/ruqdu&utmp=/2014/08/b-red-releases-flaming-hot-new-track.html&utmht=1422596438964&utmac=UA-46375425-1&utmcc=__utma=54566198.153484566.1422596439.1422596439.1422596439.1;+__utmz=54566198.1422596439.1.1.utmcsr=adf.ly|utmccn=(referral)|utmcmd=referral|utmcct=/ruqdu;&utmjid=692092355&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Fri, 30 Jan 2015 10:53:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;..
GET /flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lp.showres.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.28
4f20.. .<!DOCTYPE html>.<html class="wf-adobeclean-n3-active wf-adobeclean-n4-active wf-adobeclean-i4-active wf-adobeclean-n7-active wf-active"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta charset="utf-8">.. <title>Install Flash Player</title>.. <link href="hXXp://websource.website/flash/reset.css" rel="stylesheet">. <link href="hXXp://websource.website/flash/jquery-ui.css" rel="stylesheet">. <link href="http://websource.website/flash/core.css" rel="stylesheet">.. <!--[if lt IE 9]>. <link href="hXXp://websource.website/flash/ie_fix.css" rel="stylesheet">. <![endif]-->.. . <style type="text/css">.Text{font-family:"adobe-clean",sans-serif;}</style>. .. <!--[if lt IE 9]>. <script src="http://websource.website/flash/html5shiv.js" type="text/javascript"></script>. <![endif]-->.....<script type="text/javascript">alert('Page can not be displayed!\n\nPlease Update Flash Player to the latest version!');</script><IFRAME src="hXXp://clddown.com/?a=20480&c=66710&s1=in-f" frameBorder=0 marginwidth=0 marginheight=0 scrolling=no width=100% height=0 scrolling=no ALLOWTRANSPARENCY="true"></IFRAME>. ......<style>......ui-dialog{ filter: none !important; }....</style>. ..
<<< skipped >>>
GET /2014/08/b-red-releases-flaming-hot-new-track.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: lindaikeji.blogspot.ca
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Fri, 30 Jan 2015 10:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 17154
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
...........}{_.J....."u...S ...i..Z[...........!.I....~...... ^.....0..f.....g[.7.N?l.=.o.\.......n=s.d..p...s2.e.. ..y.5Q..F.Q!o;]Q..j.%V.....b]...$..}Q......b./...:.4.. ...3....`o....>.TA.-.X^=32t.W.eI....'.Q.....e......D.....T.%^..h'W...B.|.....& .;......9...<.^_.m...*K]~...Z.g.....C.P..]...n......s.>Y.v..../g...g.g..........(. ....g.y...f.}...qa5.g....../lC..gu....b....zd5.%...' .......W.......V.^.V=..G..m.6..."MO..V.7.....u.FS=...[.q.p......z..-g..if..b......tl..Z.y.|E.GR.....X.....Y.l.!...@....F..1.L....gM.....Y7...u_..yK.0.*..6...cM.K.k...^...J......x.^N[..Z"u.. "...ok...aF8 ~.....rv\...xmW..^bu..I..)..._;..?..y.5(..U......... ....%G.....)...m.clB...l.8X..^\[]].CV...<......q,....Ja.W.5H.8....dPz6..?P..>f....*0t..C.m_........P.u.YD.........q^............Q.0..^......z.$...8F. (.j.[^...l....c..........8 .:..q..............}.......q^M&...J..~.....%<O.z...2......$P..-2.4..........]l_.l..7.....C:cU.).j..3#.5A.......4h2..2.C.z..f.f..}...2G.n...zP.rQ..b;.....Du....*j.\..r..r..j.yf.(|M.l..T3.....Iy.#.\m.....p.D.x... .3<.2?... .g.{....(>..P[w..@T......z.<.7.BtW.....:..C.[.n.....F...\..W.N....t...N.X.!....sh...\)...RE.....R*.ID}..}5:......-..:...&....ZE...3.mX...k..\.Vs.q.........2$d...K7:.r.("....0.. ........v.....$Y.5t.=..;.\.Xg.S2A.du.e.t......Iw..l..........c......g..../.......`.......it...He..g/......F.[.d3....ma..5.Ui....0....z=Hy....... .o9..y.$.m...j|..n..|....h.v...}%.....[....MPp$..:...,.....3.. .0U'..A...e.....a\....q^g......\....I..!^&...s.8..v.b.\..E...KjA.-...^.w.@.[B.... "P
<<< skipped >>>
GET /i/?l=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: t.dtscout.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
Set-Cookie: d=[]; expires=Wed, 29-Jan-2020 10:53:10 GMT; Max-Age=157680000; path=/; domain=dtscout.com
Expires: Fri, 30 Jan 2015 10:53:09 GMT
Cache-Control: no-cache
Content-Type: application/x-javascript
Set-Cookie: l=RQTnHlTLYpbAhQosvrZSAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dtscout.com; path=/
380..function _dtsq(e,t){var n=e.split("?");if(n.length<2)return false;var r=n[1].split("&");for(var i=0;i<r.length;i ){var s=r[i].split("=");if(s.length==2&&s[0]==t){return s[1]}}return false}function _dtsi(){a=document.createElement("a");a.href=window.location.href;_dts.host=a.hostname;if(typeof document.referrer!=="undefined"&&document.referrer.length>0){_dts.r=document.referrer;if(_dtsq(document.referrer,"q")){_dts.q=_dtsq(document.referrer,"q")}else if(_dtsq(document.referrer,"p")){_dts.q=_dtsq(document.referrer,"p")}else if(_dtsq(document.referrer,"text")){_dts.q=_dtsq(document.referrer,"text")}else{_dts.q=0}}else{_dts.r=0;_dts.q=0}}var _dts={};_dtsi();var n=document.createElement("script");n.type="text/javascript";n.defer=true;n.async=true;n.src="hXXp://i.simpli.fi/dpx.js?cid=21707&m=1&sifi_tuid=6329";var r=document.getElementsByTagName("script")[0];r.parentNode.insertBefore(n,r);..0..
GET /g_match?id=&google_gid=CAESENgPIAiUVi0jv3eljxknN3o&google_cver=1 HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: um.simpli.fi
Connection: Keep-Alive
Cookie: uid=uK28olTLYpd7uErYf31LAg==; uid_syncd=true
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 30 Jan 2015 10:53:12 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A2BCADB89762CB54D84AB87B024B7D7F
P3P: policyref="hXXp://VVV.simplifi.com/w3c/Policies.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
p3p: policyref="hXXp://VVV.simpli.fi/w3c/p3p.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
0......
GET /g_match?id= HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: um.simpli.fi
Cookie: uid=uK28olTLYpd7uErYf31LAg==; uid_syncd=true
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:12 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: policyref="hXXp://VVV.simplifi.com/w3c/Policies.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
p3p: policyref="hXXp://VVV.simpli.fi/w3c/p3p.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
0..HTTP/1.1 200 OK..Server: nginx..Date: Fri, 30 Jan 2015 10:53:12 GMT..Content-Type: text/plain; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..P3P: policyref="hXXp://VVV.simplifi.com/w3c/Policies.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"..Access-Control-Allow-Origin: *..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET, POST, OPTIONS..Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type..p3p: policyref="hXXp://VVV.simpli.fi/w3c/p3p.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"..0..t>....
GET /y_match?xid=OpUesktx0bnS1._7RUN1UBwx HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: um.simpli.fi
Connection: Keep-Alive
Cookie: uid=uK28olTLYpd7uErYf31LAg==; uid_syncd=true
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:13 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Fri, 30 Jan 2015 10:53:13 GMT..Content-Type: image/gif..Content-Length: 43..Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT..Connection: keep-alive..Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0..Pragma: no-cache..Expires: Thu, 01 Jan 1970 00:00:00 GMT..GIF89a.............!.......,...........L..;..
GET /1/92a411bc23?a=4058140,2334836&pl=1422596420199&v=476.c73f3a6&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&ap=8&fe=8922&dc=8922&f=[]&at=ThRFGw4aRB1GBEEJTUhL&jsonp=NREUM.setToken HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon-3.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=c9667d3371c3955d;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 25
NREUM.setToken({'stn':1})..
GET /imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://yllix.com/show.php?vs=&ad=286387&f=300x250&a=956646&s=MDhiZTA0ODk4Y2VjOGU2MzBlOGVjODY2YmY4NDgwMjM=&u=586654&si=742431179&di=5811174&ci=16&cc=CA
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 152media.adk2x.com
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.7
Date: Fri, 30 Jan 2015 10:53:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: tuuid=10a3a476-f689-4ad6-a8d2-212c3348e170; path=/; expires=Sun, 29-Jan-2017 10:53:11 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: hXXp://152media.adk2x.com/ul_cb/imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r=
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
....
GET /ul_cb/imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://yllix.com/show.php?vs=&ad=286387&f=300x250&a=956646&s=MDhiZTA0ODk4Y2VjOGU2MzBlOGVjODY2YmY4NDgwMjM=&u=586654&si=742431179&di=5811174&ci=16&cc=CA
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 152media.adk2x.com
Connection: Keep-Alive
Cookie: tuuid=10a3a476-f689-4ad6-a8d2-212c3348e170
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Fri, 30 Jan 2015 10:53:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: tuuid=10a3a476-f689-4ad6-a8d2-212c3348e170; path=/; expires=Sun, 29-Jan-2017 10:53:11 GMT
Set-Cookie: ih=!54524436,191857991; path=/; expires=Sun, 29-Jan-2017 10:53:12 GMT; domain=.adk2x.com
Set-Cookie: lcri5m=!55263156,1,191857991; path=/; expires=Sun, 29-Jan-2017 10:53:12 GMT; domain=.adk2x.com
Set-Cookie: lcai9h=!55442323,1,191857991; path=/; expires=Sun, 29-Jan-2017 10:53:12 GMT; domain=.adk2x.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Encoding: gzip
16a............e..r.0.E....Ew...X.#.....Z.8!D...H..........{N?.y6.......-C.V..3&=...(....Z..>.%....p..9.=Q.0....(d.#qS...Q......:).n@Y?...*.(..%k......../....'AX.... <..b...f.Q. ~..>.z%tJn..Y.....5r.:........9EE......../...fN)n..m.^..<<.!j........W6.ImC...b..&/ciQ..K.)U..:...f.....#A.......=x...'m..C....9.M..r.5c.=....}}....AQl..x.....c.......fAA._..:.].F...L.9......0..
GET /img/200x300.gif HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lekkigardens.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:14 GMT
Server: Apache
Last-Modified: Thu, 02 Oct 2014 14:23:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/gif
1faa..............g@S..7.N.Z..B..z..;.;....T5...w.Ho.;.zG@D@T..XPQ.....................3{2......QPt.....^.......~....d.D.}..nk.18..;1..<.a.sQ.ZSI..........r..o.......].V ,.K3.k...1..>W..Vy.w.sp~...../....^.lm...{.....O..m.775.6.......S.......g..t.....Zm..<.R<^.z.5._R.0.b...&..U..;W.:..$a..|..~.......*_...T~.zc.....d..pS]Ic.Mi....tRQ[j...3D.&Mq....g.#..r.....z..m =......?......s.77..|.t....d.. )5.. ...YxB..............y...=.............w?..PF..~Jfk....h..]..C...2.P..........%^Z.a.I.:ui.....$....]X_.{.s...?.].........v..Z.M.P.../}i.U.bq.:..I?.r.".......5.6....M5.pQ...#59nyz6.'.-1..O..Inhv.....p............;E^v..z.../.{/~..ot.y4.._<U.r.....j<R........|c|4....E/>.3..x...fX....xi./9........z..........i[.w'='.O....77.?......z..H.9.}.......ZY_''.6.....E.......2.........Hm.RO.........#G.##..G.=#...?.,.T.....&.......R..'..S=U......G.{~^Q.....YZGM.T.~....;>....s..R...g...%....%.~..}In.mi..n.-%.......%[cS..s.......@gW..P...m/.U..COx.^n.<6....@MwO/..`w.(.K.(.WE7..jh.....@?.Pgt.....R.*..[........_.A.W.P.U....@...f@.;ZV.#......$%$.e.....R.I.5..5I)qIy%i)%....?<W...<...t.7..3U....@.k....%..%..o_.TTT.O.RR.W%.C".C.#..Cx...-...`..P.....jtv...U..j...._......?D..:$...w-.9..........._.CB....f...C,#..........._...o..g....?..Z.t#..jP.}..\....C..Ty..H.y.))j.h..I.k..(h.HJ*Jjkhj*...H ..K*.w.........................................:....7_. ...V...VI3..94 .2 ...%..3 4 .3 ..i!....w.........j..{.qw....C...U....Kcd..e.u4...z..h...<.kW.........._.........:.?...../.W........_..?.|?......O.?...w|tx...vw...W./.
<<< skipped >>>
GET /static/image/ahl6532.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:02 GMT
Content-Type: image/gif
Content-Length: 3221
Connection: keep-alive
Cache-Control: public, max-age=604800
Cf-Bgj: imgq:85
Etag: "c9d-51b1c54e-616cf7bbbb5ed14c"
Expires: Fri, 06 Feb 2015 10:53:02 GMT
Last-Modified: Fri, 07 Jun 2013 11:34:38 GMT
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1b0d1f97f476053a-YYZ
GIF87a..:....GPL......rp3..$...{...1U2JJ-Qp.;a...........,..1...7h..y4.....-..qOQ7..3.......5Z.................4....=Q...p..Hg..Eh.*M......[..'%'..BUr...G............fm>.....F.....E..n......779...M]C..X...[e=>@Fq.....ijm.6[a}._x...Q........p.3O..8Pl......\.3W.>a.....Z......m.... ..6.#.......Fy...U......#.!..>=6) .8l`;.....!;/.B`|J@..,A0- .6W...7\{..R.0T./S.8^.7].;b.:a.... M.,O..Q.-P.*L.9`.)K...,......:.....u..uR...2./...2*.....**..............o..W....W]/............*./...(..........&.]....../............2....................v.....W...TG..%~..*\......#J.....C(....Q....(..I..I.......eG..L..I..M~}r..i.b.!.\...1...H.*].....P.JmZ..P..........`...A.G...L8..`..#...8.b`...^....2...WCx.@!...&.*n:...;g.&......9&.......r..}..C..(.{.2...0k........;...|..e7..w^p.Fh.9.(_..y..U..8r...2g.....I....../..............M..l......la.`...$..ZK....v....~.6..y.5..{J(...v.'_qR8.!xE....:...[U<...(.`..."...4..!z...Ao...F.-.`ao.h8....(...L6.$.Z.0..V.....0.@..x...1n...m<i..h....76.....P..NJ....q.....G.......g.....@`..Vh...e....c8....f.)..A..........yY.|.i...>.F.l,.@...`F.#8Z..."... .A..".j..m.!.g.}@..i.P\.O......Y...rKh..4.........P..v.R......D...k....[...F{..R.K..?@.........3.....p...L.C..me........."1..#P...(.|/.E...e.0,..R(........k$...>,A...o.%......jP0.._\6.... ..@ ...38pu..J........Z..).E.q..;..a.i.pb.-.k..wcpD....x......P....8pY.....F.....a.g...m..E.0...........N..@$.F...@..@..................f&.....[f.....D............*...M..D..a.|...$...w..z.........;...`........7...s.@o..;).....^..e8..`z....|../.a......E...a
<<< skipped >>>
GET /static/image/d_bottom_bg2.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:02 GMT
Content-Type: image/png
Content-Length: 112
Connection: keep-alive
Cache-Control: public, max-age=604800
Cf-Bgj: imgq:85
Etag: "b0d-542ac002-8de1d53435b0efc8"
Expires: Fri, 06 Feb 2015 10:53:02 GMT
Last-Modified: Tue, 30 Sep 2014 14:36:50 GMT
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1b0d1f98a495053a-YYZ
.PNG........IHDR............./?B....7IDAT.W..... ..B...9...&.E]."[.....|'...l.y63.j..vy~.g....(..G......IEND.B`...
GET /adj/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;abr=!ie;sz=728x90;ord=[timestamp]? HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ad.doubleclick.net
Connection: Keep-Alive
Cookie: id=223d076a6a0300d7||t=1422615192|et=730|cs=002213fd48556f693ae5c022f7
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Fri, 30 Jan 2015 10:53:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 31
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
...........Q..U..................
GET /Track?pai=26d49ef3669c26f2&guj=300x250&fat=26d49ef3669c26f2 HTTP/1.1
Accept: */*
Referer: hXXp://152media.adk2x.com/ul_cb/imp?p=41001717&size=300x250&ap=1300&ct=html&u=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g&r=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dispaa.website
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Fri, 30 Jan 2015 10:53:10 GMT
121..top.location.href='hXXp://lp.showres.pw/flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E=';..0..
GET /dpx.js?cid=21707&m=1&sifi_tuid=6329 HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.simpli.fi
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:11 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4500
Last-Modified: Tue, 04 Nov 2014 19:07:43 GMT
Connection: keep-alive
ETag: "545923ff-1194"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: uid=uK28olTLYpd7uErYf31LAg==; expires=Sun, 31-Jan-16 10:53:11 GMT; domain=simpli.fi; path=/
P3P: policyref="/w3c/p3p.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
Accept-Ranges: bytes
(function(win) {.. var hostname_as_int = parseInt((location.hostname || "local").substring(0,10), 36);.. if (typeof win['dpx_' hostname_as_int] != 'undefined') {. win['dpx_' hostname_as_int].run();. return;. }.. var dpx = {. sifi_pixel_url: '//i.simpli.fi/dpx?',. pixels_url: 'hXXp://i.simpli.fi/p?',. pixels: [],. matching_pixels: [],. protocol: (location.protocol == 'https:') ? 'https:' : "http:",. pixels_to_drop: [],. dropping_pixels: false,. rescue_pixel: null,. company_id: '',.. run: function() {. dpx.drop_pixels();. },.. drop_pixels: function() {. var sifi_pixels = dpx.get_sifi_pixels();. for (var i = sifi_pixels.length-1; i >= 0; i--) {. dpx.add_sifi_pixel(sifi_pixels[i]);. }. if (dpx.does_allow_matching() && !dpx.already_dropped_matching) {. dpx.get_matching_pixels();. } else {. dpx._drop_matching_pixels();. }. },.. get_sifi_pixels: function() {. var nodes = document.scripts || document.getElementsByTagName('script'),. pixels = [];. for (var i = nodes.length-1; i >= 0; i--) {. var node = nodes[i],. src = node.src || '';. if (src.indexOf('/dpx.js') > 0 && !node.getAttribute('data-sifi-parsed')) {. node.setAttribute('data-sifi-parsed', true);.
<<< skipped >>>
GET /p?cid=21707&cb=dpx_58114617._hp HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.simpli.fi
Connection: Keep-Alive
Cookie: uid=uK28olTLYpd7uErYf31LAg==
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
P3P: policyref="hXXp://VVV.simplifi.com/w3c/Policies.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
Set-Cookie: uid_syncd=true; path=/; expires=Mon, 02 Feb 2015 10:53:11 GMT; domain=.simpli.fi
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
304..dpx_58114617._hp({"pixels":["//adadvisor.net/adscores/g.pixel?sid=9201915418","//um.simpli.fi/pm_match?hXXp://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:$UID","//VVV.googleadservices.com/pagead/conversion/1026675585/?random={ { cacheBust } }&cv=7&fst={ { cacheBust } }&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON","//um.simpli.fi/ox_match","//um.simpli.fi/rb_match","//um.simpli.fi/cw_match","//um.simpli.fi/lj_match","//um.simpli.fi/an","//um.simpli.fi/fb_match","//ads.yahoo.com/pixel?id=2085077&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1","//cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc"]});..0......
<<< skipped >>>
GET /dpx?cid=21707&m=1&sifi_tuid=6329&cbri=1334375555843&referrer=http://trollface.biz/vote HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.simpli.fi
Connection: Keep-Alive
Cookie: uid=uK28olTLYpd7uErYf31LAg==; uid_syncd=true
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:11 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
GIF89a.............!.......,...........L..;..
GET /nr-476.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js-agent.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: IPGgWlaMkm7vqpwaNMM6LCVEcUway5aIDCMrISBYqdlzi/wlOHX6WHeJ1A1v5L/P
x-amz-request-id: 1FD492465421D709
Cache-Control: public, max-age=315360000
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Tue, 30 Sep 2014 18:19:08 GMT
ETag: "d131658362c40cedda15546bb81e9644"
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 18146
Accept-Ranges: bytes
Date: Fri, 30 Jan 2015 10:53:04 GMT
Via: 1.1 varnish
Age: 10496934
Connection: keep-alive
X-Served-By: cache-ord1724-ORD
X-Cache: HIT
X-Cache-Hits: 233659
X-Timer: S1422615184.623769999,VS0,VE0
Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l("bstAgg",[n,e,t,o]),m[n]||(m[n]={});var i=m[n][e];return i||(m[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,c(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?m[n]&&m[n][e]:m[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(m[r]),t[r].length&&(e=!0),delete m[r];return e?t:null}function a(n){return"object"!=typeof n?[]:c(n,function(n,e){return e})}function s(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),p[n]=e}function f(n,e,r){var o=p[e],i=p[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var c=n(1),l=n("handle"),d=n(2),m={},p={};e.exports={store:t,take:u,get:i,mark:s,measure:f},setTimeout(function(){d("bstAgg",function(){})},1e
<<< skipped >>>
GET /-220e_g7edhs/VMsXtforiJI/AAAAAAAEZzg/Ru02XyZTxSs/s0/22.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 2.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v46739"
Expires: Sat, 31 Jan 2015 05:36:19 GMT
Content-Disposition: inline;filename="22.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:03:42 GMT
Server: fife
Content-Length: 238316
X-XSS-Protection: 1; mode=block
Age: 2972
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
......JFIF..............Exif..II*.......1.......2...;.......9...i.......B.......Google.Olabode............0220........x...........`.............................................................................................................................................................................`..".........................................i............................!.."#13A2CQa.BRSq.....$TUbcrs.......4..........Dt....^u.....d.....&e.......................................R........................"...2..BRb...!r#1AQS....3CTq.......$a.4c.....EU..%Ds...5............?....7...IW.|....%%.W......@_.?..................@_.?.... /....I.U....Iv.....%v.....I..nl..)...f.iE...;.... Lm.....3S...O e..._.....Y$^y.@.s.P..3.;...$...s..Z.).q....W."(.........&^9.{.qC.....Mk.ei"?...{z.a..L..}G.......="xs .....q#..>_.B_......*../...II....W.U(%.2J../...IWK.}..:JL..]FJi~/...IY%...o.%%.tm.%/g.....U../...II.........}..:J.....|.):.......}..:J..2..W..JMZ...J>...O...V._~?.........G. /....V[.}...:JNZ.......}...:J..@_~?..... .".N.#XI.r.V..ut.fz'.?N.NS.;.....m.r..\..,e.L.)Eg'.>T..I..i...$..P..|...j}.(cp.H:.l.b......L.3...Y.C..HI-w.R...6..vH.......$.oG?W.(=."Et..{..HJ..{..Gq.....h.R...N....q..0o<.Yd.:.../...IWK.}..:JMJ..%.._.....VI~/...IIm....J~........./...II.W..A).<_~7.....}..:JM..oA){>_~7.....}..:JO.P.........t.o......%&.U..%.g.....U.._~?.................-.....%':..oCrQ..H.....U.......):...k.........Y.o.GH}l......N{...v{{Dc..t...^<.p{4.....!m..e!.,.............m..J.^.1..>TV..W....3.^r9...T...u.I........~.G.
<<< skipped >>>
GET /-A-xhStXKSRc/U2Ib-ESdJbI/AAAAAAAC1Tc/LfWTAWidGB0/s1600/2.gif HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 2.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v2d538"
Expires: Sat, 31 Jan 2015 09:38:22 GMT
Content-Disposition: inline;filename="2.gif"
Content-Type: image/gif
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:38:29 GMT
Server: fife
Content-Length: 66872
X-XSS-Protection: 1; mode=block
Age: 886
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
GIF87a....w..!..NETSCAPE2.0.....!...,...,.................zEDD........./dt..O....G .Ez.G..HF.&G.*v....hw.....#.......fI.'...Nl.E. B..O.(..i.....Ix.......({.gy....IA..P.##.'i..e.............L..e.....(..Hd...o^I.F...c.......h@.i........'f..M.8z.g/.....vK,$G(=.....f..*.J..8{....w....KLM..e.%1.H)..z.i..5H.8eV.2.......Ux..k.gb..T..|.X........y..Va..^]sz.....7..K.8E.UK....U'........O...7.([KR......w5b..,.Y.....8.....{.g(A.Hh.Y..'..:.j9"....ha.(/..q..!Z_b.....x../h.AvduyF..x/........wgdg.WC.vJ.<...L443.9.....w........w..x..yF..2YVX....6f.:0G.3.....,.Vb.zg.: .X....g8L....Zh..n..).Y).w..xc.ZD...wv{......;..x.U.....v..Q>;>....j).Y..I0Y9-w.U.....O....i...-uFh.....mnnk......kYg..O.(E.'..jH..P.(E...&&%........P..m.8~.7F..M.6D.......w..WI.:...4..........u.iGB.z*.....Q..m....G.....g..e..I..g..GQ.J..)..gPI$3..........Z........5.H......*\.......~..d....3j...... C....SE.(S.\..e.O-c..I.c..5s..9..L.@...pR...-."].t........1.2m..h........0PR...t.0.Z....6i7.Y....]......o[.}..a.F['&..k[...bC...........u...c.Nu....C......nQ...?q..6M..k.-...]#-.~.U..- ..u..(Q..N....Gw.m...'L2....E..5..bUU[.Y./....u...C.~m1[:......N.|..HcZ~...G6!.'.?Q0....F....8.. ....su..\t...O..."A-.T......^...v.g.l#..)x..i....}....4K....H.x....PD.x. `.<dS..<.........!0...J0a.!..B.;...I...R.Y.dRK->.....Z..<.T.I..........F..W...e..;E......%.n~..$p|PE..Q...>..s.r....h.].W.-........Y.hx.*h.h.......j...O8|....H.p`F<.........K<*..,b...R.Jar....=...Q..@..5.Qp.N..I.g..{(..2.........J...x.#....P...%......K.....6.Z.@!k..J/........l#....z....g...B.|
<<< skipped >>>
GET /plugins/like.php?href=https://VVV.facebook.com/x19ltd.adfly&width=150&fb_source=unshorten&layout=button_count&action=like&show_faces=false&share=true&height=21&appId=399141353502152 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/like.php?href=https://VVV.facebook.com/x19ltd.adfly&width=150&fb_source=unshorten&layout=button_count&action=like&show_faces=false&share=true&height=21&appId=399141353502152
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge,chrome=1
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-FB-Debug: yxUg97sCqTt770YHItfhN3eEajGUQBD09rd/C/ODe2wI8JyNvnWwRh4qKeFVg/460DkWY2weekfzSUty9LuOSg==
Date: Fri, 30 Jan 2015 10:53:02 GMT
Connection: keep-alive
Content-Length: 0
....
GET /plugins/like.php?app_id=669034239861694&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f251c3fa86634de&domain=trollface.biz&origin=http%3A%2F%2Ftrollface.biz%2Ff33b7892863bd18&relation=parent.parent&href=http://VVV.facebook.com/trollface.biz&locale=en_US&sdk=joey&send=false&show_faces=true&width=290 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/like.php?app_id=669034239861694&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f251c3fa86634de&domain=trollface.biz&origin=http%3A%2F%2Ftrollface.biz%2Ff33b7892863bd18&relation=parent.parent&href=http://VVV.facebook.com/trollface.biz&locale=en_US&sdk=joey&send=false&show_faces=true&width=290
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-FB-Debug: p gC28Ye8punk4bVBSEUlntdxqj8R990XnIfeTCle0TPQBDJa DXjgDdEHbgahBqKjeAMwsR0f28Dj7sWTawGw==
Date: Fri, 30 Jan 2015 10:53:11 GMT
Connection: keep-alive
Content-Length: 0
GET /vi/poS0YGKNSTs/0.jpg HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.youtube.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 01 Jan 1970 00:23:30 GMT
Date: Fri, 30 Jan 2015 10:35:52 GMT
Expires: Fri, 30 Jan 2015 16:35:52 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 11563
X-XSS-Protection: 1; mode=block
Age: 1036
Cache-Control: public, max-age=21600
Alternate-Protocol: 80:quic,p=0.02
......JFIF......................................................................................................................................................h...."........................................`.........................."2..#3BR...!1CSb.cs..$AFQqr.......%4.........5Dad.......6tu.....ET.................................-.......................2."3.B..1..#AQ..5Rb4............?.. ................N..>..P`._......ug........'.f.d.._Q.:[{....)..*........Sjy.uT...V....S[I$..r..A..-J.C37........P..T*vYt...Fs.M..k.......#B....WR..y......\..Uw..{Y:..~..~...wXV}MN...I...w......n.B9.w........M...]b.f^..)&.......mN....=.........R.....N..eZ.{~....&...Z..2G.2D./..&.5..R9]..p.......kNo...O.M....Ofk=4.f...ll....C..b...>K.....fHL.=O.*.}. H'{id...K.....i[....u.....(.St..{....S.2...LV.W.1..PV..P.n:.L>...{....c.%.b..s=.....................................Tx.....f.G.~Nxr..^..l.us.)2.....d...j..~<..I..Yu:......kb.....MjJ.x.V.g.F,j..9..M....L......L9[...f..G.$>i....sL... ........Z=...m..$..T7.M..$..[...}.....\..W..7k..f..p....U.m.9......i.N....z*to]U.4..2..X.7.XD.je................V.R..8c5.M~kP...*]U.SC.....?.&if.V..0..A...f...~jNk..[..g%[.....~jKg{.>(`..%Rm........6....Cs*.......l...$.{3....^.H.{R.2U/r=.ezj.X&...B...n{.d..Tc.m.........&....Q M.?.g....~.8......_...'.......................................6.N..........tx<...j....'.h..)..5...b.9..y<...bG.....=6.8..M....{p.7q.....QQ.z...e.zYKq...k...{s.....T..........f...&.v.#.dK...`vf ^.....cl.......6.O......6.K#g..yI.w\S>...nmS...]l...:....jn...=...
<<< skipped >>>
GET /vi/RCCXZ8ErVag/0.jpg HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.youtube.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 01 Jan 1970 00:23:41 GMT
Date: Fri, 30 Jan 2015 10:53:08 GMT
Expires: Fri, 30 Jan 2015 16:53:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 14209
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=21600
Age: 0
Alternate-Protocol: 80:quic,p=0.02
......JFIF......................................................................................................................................................h...."........................................V.........................."2B..#13R.!Cb..ASr....$Qcs...EDq....Tadt..........U....E................................/..........................".2BR..!1Qb...q................?..........................................................................................................................................................z...............$...?.^.#.&JwV.....'.?...sK...c.70...,.... ]I........m..e....W..=,..xK.t..b@..nG.9.l.U.q.....Q._.....;....FV..._b.................,`.....`...M..&....<8.x...i7._T....K..\yE..?.. N..~..C....A.WP.......r.@...RO(ug.....g..V.(....V.(uI<.0...Q<..F..;........h~'.....G...wA.....eO..8..........]_.,...JK...C..01@i.a.,;.....G.9.p.........'........3..,.{..~.2.iq....a......c....|. [.....#V.U0 <.b......7....Z.....<g..J).....O>/.SI.A.tSK..L. ......q.k.%Do..g.T...W..O}"zA.<Hbj...i.s.C.!..,............-..z*..._S.."...V...h...3.e....D....a.../...)...%..........v...4.k*j......X.q...w.....<......F,@..X.<..H....h?...F.0.*....j.F))...cF..2&..9.6.-r].. ?..Tb.yQ.....M.C3.]L.. ..O...8..y.#....vl.....Td\.2<....j..nJ../.9..1.....v...M.M;...........C...9..[.$::.6A.E.a"2...3..*3......;...s.&E.....=..1..nR%...c..Q.... )r...|[[..D..O...t..n.}2..kk%.....Oq......O...fab...2..d..6.!.......B......9...B.&N.n.*....NO|..!...5]7.....G....E...>...........4..M....G...n!7..$.I..
<<< skipped >>>
GET /nfXqfv7.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Last-Modified: Mon, 15 Dec 2014 21:41:24 GMT
ETag: "ec32d787d28bea03b02b2b08957d4ad0"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 11761
Accept-Ranges: bytes
Date: Fri, 30 Jan 2015 10:53:08 GMT
Age: 3935504
Connection: keep-alive
X-Served-By: cache-iad2131-IAD, cache-ord1729-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 53
X-Timer: S1422615188.762758,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR...d...S.....i..A..-.IDATx....xU...q.Bi.......i{K....!n$Hp.......qwwwwww%B........h)......g....;..f..Yk....7\f!E.5..}......4..;.~Vl.sU.n.....8..UHr...C.=...E.:x.q.K....~g.k..*.....j'...Y.NP...-k..[.NP....j]...."..!..q.[ **...1..H>.K..../.y...j.4L.B4|.9...c..%...c....H..em{.............."..~-QI9.....?...t)..V~V..a.......g.k..`i.|....y5..~..d....n...)UK.......\....).G./^.....D`.0.x...Yb..=7.`...........#.....6......?l6.O`XGQQ..........s' X`.b............>..tvu..Q?.!H..@.....K7-zrrr\)..x<......n2...P...@....I.._|)yD7.@,..>.)m.T..../`..E$''&....{<.....~..5t.....*e...9!......@.jZ./M{</..... 6&&...a...}..%....u..X.....2L...Q>.....~..."h......0M.*V..CLLLG}}...#...^......k.........n.8..u....s....l.0Q.....#.?.........^.g..~R...@X.9e.....w.......RL.....ga...*.O<....V0 .w....La.rH......G....YZ....`....]..)..zy...}...%.Y...2T...............[;p.).......S..G....h...y<....K.}.....w$tI...,..DuC. {..3I.b..t. .......H9s,=.(.O.H..i..1.?y....T.5..N ..e..V9"......W.L..6.0(.........,!{.S....URR.....?q..A.51i..).K...@L1.^s./....!w.a..M.|lN.....S.6....../%...J..l..... .....M......)-...)....P.j..{Xw.A_;.....5a ..g4......3..........}^...2'-.1N..N ..1.$..X...z..]L.W..`.e"..*~.*G..W\.%.}eeec....$.....[.E.Y.........=3...._....xo0<..$.kj.A.dLU.....E....%%...K......r3.`....aTA.F....Z..ZAq.F....7WZ.g....TK..x.).......t.....^.......u[M.0E....w.9.&..........AX...X.......J?.....v.=.lw...^.=.....;..g.._..{m.N.=s.{......l.....2.q....].%.Mz..Pn...h..|:..U.....S.y.l...LR...qwD...VUU}.?.#66v.a...O*..M.3).
<<< skipped >>>
GET /152media/tags/xbanner/xbanner.js?ap=1300 HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/show.php?vs=&ad=286387&f=300x250&a=956646&s=MDhiZTA0ODk4Y2VjOGU2MzBlOGVjODY2YmY4NDgwMjM=&u=586654&si=742431179&di=5811174&ci=16&cc=CA
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.offersquared.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: public, max-age=3600, s-maxage=3600
Content-Type: text/plain; charset=utf-8
Server: nginx
x-adk2: tags
Content-Length: 1840
Date: Fri, 30 Jan 2015 10:53:11 GMT
Connection: keep-alive
(function(adParams){function template(str){return function(obj){return str.replace(/({([^}] )})/g,function($0,$1,$2){return obj[$2]||""})}}function apply(obj,ex){ex=ex||{};for(var key in ex)if(ex.hasOwnProperty(key))obj[key]=ex[key];return obj}function qs(obj,remove){var q=[];remove=remove||{};for(var prop in obj)if(obj.hasOwnProperty(prop)&&!remove[prop])q.push(prop "=" encodeURIComponent(obj[prop]));return q.length?"?" q.join("&"):""}function toObject(parameters){var str=parameters.str;var defaults=.parameters.defaults;var result={},x;str.replace(/([^?=&] )(=([^&]*))?/g,function($0,$1,$2,$3){result[$1]=decodeURIComponent($3.replace(/\ /g," "))});if(defaults)for(x in defaults)if(defaults.hasOwnProperty(x)&&!result.hasOwnProperty(x))result[x]=defaults[x];return result}function buildUrl(adParams,ignore){var query;if(!adParams||!adParams.p)return null;query=toObject({str:"ap=1300"});adParams.ap="1300"||adParams.ap;adParams.ct="html";adParams.size=adParams.size||"";if(adParams.size==="")delete adParams.size;.if(window.top!==self){adParams.u=encodeURI(document.referrer);adParams.r=""}else{adParams.r=encodeURI(document.referrer);adParams.u=encodeURI(window.location.href)}for(var key in query)if(query.hasOwnProperty(key)&&!adParams.hasOwnProperty(key))adParams[key]=query[key];return"http" (adParams.secure?"s":"") "://" adParams.serverdomain ".adk2x.com/imp" qs(adParams,apply(ignore||{},{networkalias:1,serverdomain:1,secure:1,width:1,height:1}))}var size=(""||adParams.size&&adParams.size).split("x");.adParams.width=si
<<< skipped >>>
GET /static/css/adfly_4.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:52:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"980-542ac003-70fac4efd237108d"
Last-Modified: Tue, 30 Sep 2014 14:36:51 GMT
Cache-Control: public, max-age=604800
Expires: Fri, 06 Feb 2015 10:52:56 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1f72ff3c0fab-YYZ
Content-Encoding: gzip
2b2...............n.0.._%jT...5.....Z....Jh..X1.e..... ...Zm.\..f....k...f..-N....E.....2z...x.F.#...V.W\sJ.$[%m....#>0CA......f..,/a...7..Tw..Sq...@)..Fd.....S.j.G\.U.H...2j/iT*.../.._?..-....o6..U.-W.C.*...X.1".m-Fd..Y.....!.L...^......o"H..f.....Pfp..Y....i..=E...w..[....3d..........T.}Fz.P.?c.I.s... ...5.-R.Jn...k2..."[.,3....!,.X.G2..5.,/..L...M..t9.^.....S.rF.gW..*..b.P^..Tz.V_.!n..(]..N..t.J... ....|.rK.'....%.N(.;....4M..u..Z=........%k.Z......0o.\.>..w.@.....{~........p.......V...b-...K..4.8...!nw\_Z>Q.d..n.1..Pfr..`....Q2..K.Lk..... ...`f.[....R....i...2..*..^.....\...... v.%...yQ.!.TJ....W.ZnY.fz......{.E..W.7.Rq............0.M..^v/....U..g........]..a.v.."!.q..2#. ._0p........0......
GET /static/js/b64.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:52:56 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"dc0-533ef451-73228b2e988dd6e8"
Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT
Cache-Control: public, max-age=604800
Expires: Fri, 06 Feb 2015 10:52:56 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1f734f3e0fab-YYZ
Content-Encoding: gzip
46c...............r.D.......@...b[5...8...B.|..t:k...X.UwW....^.[.x....I...e[M;...W...?.....8a.....H.9..y.G.'.4...........)..>.J.}....JZ\L.q.!.%.....N(#!.n.pv.....2.f.%.hJ....Q..(.|.~..Kn.gp....R.r.$.GaE..C.Q.3...3.3....T...a...b..7..tN......&Sr-.t....8,.G.dL.y.S.Cd.......(......9....._y.F....."S.J..:.8.\t.sg.G..p?......].......:k.H.t....g...5........B....V.....o..G....<...g..........Q...........|?........>;9=;.x...K2.|.O.z5.#..7B.dv=...lw....W[_7m...kI.n....w[..[.tZ......U...\.l...G......0..........W.........P....m..s..k...0.....zx~2..Q..2...F.. ...1.......S.$P.8.y" .9*YF.6.i9.....>..I.....!.w.t..R..V.....@..wZxg....[......'O..._...;^...~J.g..7S.{.n=@...T[.H.[...e>....zN.....12...$T:({9>H%(....K.5..t...vg.........j.......p........<D6QA..l.......4.aK.z..TV...(..O.)..-c..zhn.@.#.6...z_...F..pw.......F..........|<.|.`........".9....*.].J.%..(.G...V.....s...#"dDXm..\Z...G].[>4.3....t5{....oE1M.zU.8R...\.QK.:I....~......\Sk....KX.....kx.j..l._.1.,...,.2... .:..wQq.j@U .q.=cS..gl...c....AFI.. .d...].....JN.........../..O..%/.O...T?..=..Z.o.o.).....^..`.v......L...M=....UI...Z.z.e......C...K.m.....%0......f.s......p./..........0......
<<< skipped >>>
GET /static/js/view42.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:52:56 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"1117c-5464bf02-ead1cc10d4a977c2"
Last-Modified: Thu, 13 Nov 2014 14:24:02 GMT
Cache-Control: public, max-age=604800
Expires: Fri, 06 Feb 2015 10:52:56 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1f73af3f0fab-YYZ
Content-Encoding: gzip
500a..............yW.K.>.U*A....t...w'$..(..............u]w%........^..N.p.=O5.::q../g.7..g.iR.?...... .")Z...J...7..5.3.l..7..'......gI...j....x....~.&)Z.I.....z........n...y...V.<z.&).-..|..z..O...........fj.jl%E.....>..5....X...n...p .jYu_`..Oj5.1>....N...~`..I..L..........._$.w.e.....GY...[..G......aR.Cl..lE._\....U. v;...l.u.X......o.g....S..K.u|V..B |....j9A..[N..<.......V...n...q.t.......p..p...?..?1..m.^..M..rO'n.1&.&.......G.i..K....?..6..#........C.....]*\....cb/...$n..OL..8....@....8l.....~......^....c....Fg....#{.x~n...l9x9...EX.p..p.n".5........%.....$:..0......}.....R.....F...t'...Efx)...K.Nu...$......c!E.z*w....t....:."......_....}_x.......R.N.xz.x.u...@.RO....2/..m......-...|I.....v.0.'....'Iu..z...*.u=a..:^.....C..@2...u.zQ...N.i..... .......~..........H...~W..8&....T.s...u........I,.$.\H.......o...6q.!.c. ..!h$.t...]m....1...c..~.....}.<SA^.D..'YT.g.&.A....$...x.!y.7{....u'.u..Z....xX..2...SP..'>...[y.u.4.R.t..X..t..`...'^.7:.<...C.....1.l..?....U.J....p.-c.....i..~..q.Qrw~..M......., .y.................\.1.[.<.....n.?H".G.....}.,'#.k.....T...}...)...A..u.6..a...w.D......... ...?I.,&....^X.#..fM......C..2.R.$X0........K...Q......'.6..WL....e).4...{a..ud.....P.<mA....Fn'.2...d..EX`..$-..........`.&...M..LN.,.n'#>..@G..b..."..c.LH.x~..o...f..A.h6........R.....N.% ..bz].,...........TH $MD.[.......L4...^.@.$...(.~.w4.W...4.X#........r........D....$........|...I.b........]....p.....n.....|...A.S....o.G.....<z...Sz.h...l........g...)e.!...%.....3..n...>.c.e.2..
<<< skipped >>>
GET /static/image/logo_fb2.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:02 GMT
Content-Type: image/png
Content-Length: 6243
Connection: keep-alive
Cache-Control: public, max-age=604800
Cf-Bgj: imgq:85
Etag: "188b-5116a59d-2f8f7edb8dce95ec"
Expires: Fri, 06 Feb 2015 10:53:02 GMT
Last-Modified: Sat, 09 Feb 2013 19:38:05 GMT
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1b0d1f979fab0fab-YYZ
.PNG........IHDR.......b.......G.....PLTE.V.s.o*p.-**.........*r.....R.l....,........;,v.-x..h."\......Rw..'Ns.....C%d.GIO...aT2..0}.....T..#r..c...(...$`..Y.(j.Jy..........b....h..6..th..#^......."s.#j.!l.......E|.-z.'n.:v.%b. t...%.y?..3......m..&f.,w.8{.].......K......'h.K..R..F.......I...(l.........C$b......p Z.............(k.6:B*i....$_.4j.........X......t.."\... -z.Rv~.[.z..#u......9..@.........'f.-y.... n.rto&i....#^...;)o.%`....uf;..W s...7.n.'t...X T.^....A...;r.-f...:...%p.'i...9...Q...g.-x....,c.:j.!..*w...1^.......B e.&e...^# !'v.>....T!`..V.B:,&g....$a..b.!a...!......l....Y.....T.....M#\.w...n."c....&w...1"d....._.%f..O.#)44p.,p.1b..X.)m....#]..].)x.VWZ.x.'r. o..y. q.#h.'_..[.!X."Z."[."Z."Z.!Y.)n.#^.'h.-{...y#_....D.....e_T(\./j.`..&b....%\.a.y.."......$[.,|.-|.!Z. y..z.0t. s.3z........v.d....IDATx....\T...7.8.... B....QS..A@..d.x......0..a..<>....&..........f.XxP.$..........=..v.k...~.3.......a.4...._k......n......].....?..WR...I%%................(..N....V.&...u.g..6Z..l...G&CR..(8...m/U.*W.u....(.P........./QOI.&..n.....R.....o..:G....hW.|.FS....0x..J.p;..}..D..x.p.)....c>$.....,..........a..@5>...O..Nqw..O.F.CJq.....[L..222.~..).g. ....X...D..P..N..m...G.2.-.....Ut'''O....UX....C......Z.<|...3b2b.......H..N.V.<l.0U..."..bTa.N...>G~..........t..........cH......H ..:.. .w.......,x...|......dk..l5.Y5..!.....:..ohh....zc.........K..5#!b..w.......X.2....Q.....7...u\ .^..v7-.4.y....Ee....l4E....`!8..*..cG|....{..6%f......)......$....ie.).c..t[.F.0.#.r.....7n4,...........`xo..[.
<<< skipped >>>
GET /static/image/d_top_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:02 GMT
Content-Type: image/png
Content-Length: 116
Connection: keep-alive
Cache-Control: public, max-age=604800
Cf-Bgj: imgq:85
Etag: "9c-51d450e3-8ab0ff4e53d010b5"
Expires: Fri, 06 Feb 2015 10:53:02 GMT
Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1b0d1f97ffac0fab-YYZ
.PNG........IHDR.......;.....5.w....;IDAT..c..Ifb.........4..a......j...!.E.......z.......O...u..k/..M.$....IEND.B`.....
GET /static/image/skip_ad/en_tran.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:02 GMT
Content-Type: image/png
Content-Length: 2171
Connection: keep-alive
Cache-Control: public, max-age=604800
Cf-Bgj: imgq:85
Etag: "13d4-51e829a4-3949693a3ed59e6e"
Expires: Fri, 06 Feb 2015 10:53:02 GMT
Last-Modified: Thu, 18 Jul 2013 17:45:08 GMT
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1b0d1f984fad0fab-YYZ
.PNG........IHDR.......)....."c[....BIDATx...].UU..=g.q...0.$.....L1...0.. ....(....T..,..""..y..1.^T.2g.......g{..@9...wO............s..k.........E1%).jH..o.........>sm..[..........;.....")."..........M.q..TH_o..`^.o...O...CYq.......X..`....0.v..M.cp..../.....$...XQ#........syqi........ `....F.........8.t.....7n...!....;...ze......7o V=sg.......C..o1e.Mm...me.>N.......51.G.O.:.l.... V.)~........Mn...pV29.....X..L..5...x... t...>x.?.............n.... .n.-..[F......e.xl......G...{....p$kDjtS.p|.-.7.....jDh...Y!.MO..............Wg.....I>....%.M..w.4..X..[g*.....@...... ...`.1X..l..=.2..[....h.......lv].(./.'....v..^yia{...O`.L........@...).7.*}...7..d).....>.P#.._.....tt....iZ..*.V6:R(_......2.\.A........W..t......g".)........[........J.....-.....M..p.....l..H..-_$eB[..w...,..}<2.."?lG3....`X.PcE..<.qhJ..c.V._..F...e....T5..d.'..`..!..q.f.M.....l! ....\.4.._.Hl...X.U..|J......>|kn..Md"a..5.-..U......X...c.".eK........X.E.......,!..[...b..a.|.....D....". .CX..(..P...1........:J....9./ZcE.Fb.Uw]..A8..phZ.8.a.!........ .o..l.A9z../."[.=:..../....~tM.....h....[..g.......a.p|dzt........mAk...r......s.?.......F........=U.....Jc#.;...*..t...b.........OY..P..]...aw.!...;.>q..... ........3.46.;......s...G.tl...8.a;.E....pt.8K>..|.....7`..r...L.....<....W..l...l.....F..X.` /.N.....(FH....6.n...m..i........L..]e..........a.F#Zd,....&.^..J...<..?h?..$.....l'.............[..X........./Jj7Z&.~.~...d........<....D.=.6K...&..6,./:....ba.9........K=Z...b.Lc.......(g..m...l.->..T._.c......
<<< skipped >>>
GET /pingjs/?k=psytrs8y6gmn&t=Yllix media&c=s&y=http://trollface.biz/vote&a=0&r=8601 HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: close
Set-Cookie: uid=CgH9JlTLYpeMCyhAdHc0Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=atta; path=/
Content-Encoding: gzip
37.............w.././.P.0..04V.Q/(.,)*..4K..S.1....../q#.....0..
GET /uds/css/gsearch.css HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=ORtcri62B5lLT0gmScQQOZ6PgyD0L3laixHZahqHHujeEZbaa73GuOw09MhpeE7DyzW_jWivMLXGgh3wMxHiWx0Kjhv3DmSsOiGxO6w6jeBD5Yuj6o5OaexIqwooJryu
HTTP/1.1 200 OK
Expires: Fri, 30 Jan 2015 10:53:14 GMT
Date: Fri, 30 Jan 2015 10:53:14 GMT
Cache-Control: public, max-age=0
Last-Modified: Mon, 10 Nov 2014 23:30:07 GMT
Content-Type: text/css
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
Transfer-Encoding: chunked
a..............802...=k...... ..ri..\>..rR..8..%....7.H...@....Z............T.....L.....8.....w.M.Zwl2....u..8{.]....b..e.oys..!{y....K..9..=....M....bo..go..my...d.U......u.5.&o...[.....&O..........[...h.....oO..EyG.vu[ve..am.w.2h.-[>...)v....,p_u......W..-t.n.MY=...M.W....6..)ou.....2...Di......E....3;...g....Dl..[.._y..u.../:....Y..\C..nz.|.|..E.6...*....W.=..{....tR.u..............m..;.?....s.-...7.p.t...n........u..@..;$vE,.W|......s@.\...g.=..E(..;..5x.`..f.`..../.<...m....]..Q...A.^p..[....WM..........lc.....7Y.=T.S.z._..4....t./....Z......;.h..CW.4.x...WY^.....,.......p=/...>....p....l.........f3...%a.lp....@...KR.%R4.J.%q.|K.Vn`.:.h.-N.;....6.<.............A.-r..C.'.lw.....(j.F... 9].....m.........V..~vq.?..{....R.]..$...<.<5...P..Y.(......*...SwD].`...../8....}.:..U...^E.m.u..\N9.I.>5R|.....0..w$9...{.L.:.....z....f....:.........w!.3...X.....#.'..../..(.}.f. ..Y...B...s{...=.q.,F...V.m1' ,1.....].?..r.2...qru..;N..#..&..d.....l6.?LTnX..j...G....Gb.. .MK.bW..sI.H.......@...1E.]..(..O.c...c#.....y.'!....eA\X}o.V$R..}S.=??.....H...$t./..e..........W....:.;u.......j'..h_.<[t.q|.O.....|..}..U=........Go[6....l2...[..S.....j....y....*..\....(_......_ S.M.o.<P..>9v#`.?..DN ....lKu....U...Ly..........8....d..B...-.....E.&/.} . .. ....vj..........#.j.y.M..@W....."?...l2....3:.lS...n.cz........ .V...[..]...w..F.mG]P.,..Rl..G..F.qN..$!...........q..hBR.._YQ.5..|k.e.$[_.P.G...E..P.}r.........z............zb.........zU.7o.........:..\6u[.v..t.g...oW.....{[6|.#~;....AU......../.....
<<< skipped >>>
GET /adi/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;sz=728x90;ord=[timestamp]? HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ad.doubleclick.net
Connection: Keep-Alive
Cookie: id=223d076a6a0300d7||t=1422615192|et=730|cs=002213fd48556f693ae5c022f7
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Fri, 30 Jan 2015 10:53:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 859
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
...........T...8..*,..&' ..A..8.FG33.n6.R.Z.......w."....r9...?~.....<.GC..4.r.C<...g.2.....J8.*.}....".......^O/.<."z.`....i........Q|..bY......QF.4...#...(.<Co...V.7.P@...sK..!....g.`.>......C..*QQ..C\.b...2......e/.........#...`......f.i\<.E..g...z;w&Ew>.w......%.. |.|....i...Q...H^.....$1.Y...~.Og.m...r....<..ag2n.G...rX}.<...[3n.>.G.....D..(..D.....c.......pxU..g.u..|>.A.Q..$Rc..@X.....@....y.=......."Z3z9...#.GB.(KCP..P....B..6k]......N..zg?N....z/.[...R.~..'..k......p..]|]..c...X.....U#B.u2'A...v...u][O....VQ...2t...w....).%........O2.3K.e.L..-Yx.r`J|a=.E......h.`FS..".\......@%.G. .?.i....e....{.....I\....$pr..-.%0/SP.)'.5.G......0.PW$.z..U<p...M@ ...}.=>..9^v...E.F......v.....>..^.'.(.O.~...'.D.PC%.....Q..bJ.(...."&%~?..3.8..TW..(...T.....h..C.D.(.x...2A..E..3..V..V..L1......9.. k.......3...L....*......I..U:.J.a~o..g.U.. .5V.i....:..\......
GET /2014/08/b-red-releases-flaming-hot-new-track.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lindaikeji.blogspot.com
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Location: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Fri, 30 Jan 2015 10:53:13 GMT
Expires: Fri, 30 Jan 2015 10:53:13 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 218
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
..........m.A..0.....!..T. K,T.V..$..clgM4iJ......q....<......<aUYlB.{^.....C..`.pJ?.}..F?.U..A.......O.Q.....1......ia.p.....@...#2...T....K../J..;..pQ.I..8X.......f.z"..P...#.....L......N..Tz.q....E......&....,........
GET /1market.php?p=xVZnHcUvikLHCbJuoYbG3ZNh09IyjLo6iAYHWdR0mhLmmIx65IIiiZwliJaHGaFizwaiCII56xImiLImsRIWnYBivocjnIQli1OWiYIuiRL3CcJvwhYmXIR7opbjmIFstJZXSdIi6wISiM91yEdjXNF4kodjSIIusJICnLNxlUYTXNJzjUaDCOI66IICiZIiswIinIBjyFbT3YR2vYY22Y9wsYITjMo4iEaTHZRj0NcTDNo4iQfDSNw1iIZTmOxihVcz2YgkidOzjNAlsJIDmN1jvJYjmIl6sIZCSdIi6wMiCIwxiIbiWO9iiMa2WcxilwXi2I9tzNIjjIo6iITimY8jiJfyQe== HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://adf.ly/ruqdu
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.8
P3P: policyref="hXXp://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"
Cache-Control: max-age=0, no-store, no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 30 Jan 2015 10:53:02 GMT
Cache-Control: post-check=0, pre-check=0
Set-Cookie: adfly_483832=1670080; expires=Sat, 31-Jan-2015 10:53:02 GMT; Max-Age=86400; path=/
Set-Cookie: market_483832=1670080; expires=Fri, 30-Jan-2015 10:54:02 GMT; Max-Age=60; path=/
Server: cloudflare-nginx
CF-RAY: 1b0d1f9b63da0f9f-YYZ
Content-Encoding: gzip
69a.............Wks.6..._AcfUp.Q..6.%.[.N.4...d..j2.x).....-.......d7Ig.Xx....^..8..l.d...'O.K..K......w.=W.....u....."..v.TG.O.6`.....S4...."..].....;....J.X.......l6...e..O.....[.4)$.BIl.......X..H..L../....ukZ.}..5QYU#;..i8.8.2....l.B.Z..gS..4.B;..LE.WD..._...UwX....$..e..o?..U.?.%J..{8Rc.d .6...C_c9U3..K....J..}4..d......0.I._.^..k.6....[....|.P.:'....".'9.G.$....>.....y....m\..zdm<S;...~....b.w2..lU..f3..n9.^..T....U..T2b...F@..f!.$....m..|.;..DI.3..F....(...5..-".Z... ..]=..~E..2.z../^.........,FMy.S.f..~O.5.Jw..*..m./...2;..U...INb.$..n~...1$B.oZ.....k.?...V.;..*].,.XV@..J....D.!.Y,A7.a..Uqfy.._v.."....rM[..VV...Rf..d.j....../....=.]..[.8.5\>..cK .aU3.....O...=........r.....AC2...X..#....D._..H..u..f$e2..O.&....y........;.E..d.mK......[t@).z.1..g.ad)...=.#.-Q............ED....ko..q...m......A.W...?...Shv....i..4..L....z.Z.M..-@..Lp..~.u}..........x......~.5d..=..QJ......E........d/............K."..%...."%].......W...a..,AZ.....m4.m..m......2~..,vc...C\-..,..y......Y.........^x.Z./|..NRli.%...f...`o..pC..j.....h.F8-.X..%G..X._.....UD.E.Z......b..3.....?..'....TIb.F.....!..$.l..y..4..a....wo..^;...(r0.IQ.6.....0...FJ.....O.\.rob.^.*.._.Dhc.k....lgA....1.L;....x.T.k.].......*...Z..>[.....Q..__}]..s......._.o. ^8.^1......0..(...on.n#.l.d....u......4q./S...F.0..h...{8Rw..L..T.1.Q..X.E.....6..~.s4g..... I.#....W1..........wn.K......og....X$.-.3\.,.rA. .B.............V......*X...7..D.e......V..(..zwy.<.S..#....J..].<.eje5.....).....PP...M....D.....o.....h7yi....DQ.....V.2.]....,F.zv.N..9?:F.=.
<<< skipped >>>
POST /callback/2c42e77dc5b92544853ce18160cf6a1c HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://adf.ly/ruqdu
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Content-Length: 538
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b; __utma=255621336.1096569715.1422596427.1422596427.1422596427.1; adfly_483832=1670080; __utmb=255621336.0.10.1422596427; market_483832=1670080; __utmc=255621336; __utmz=255621336.1422596427.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
hithere=TAkyVOUyNICD4MwxQIyjkLi1L4CyJMygZIWFZTlDcBiCIV6FI5ikILsgIsmDlOk0ZYWj5L02IAjToNw0LACjJLmwb4GyFMzgaICFIT6DMBCCwViFc52kNLygZsXzNN3yIcjDoMx1M4DCIM0uLICDJIzSYx30JQlgcQ2VgRiOO5jCcI27OECjwViTdB2yJOyxZ4XSNN3gIQjloT3gOMT3IdsvIRnmdbipcdmFVIz7aACjIL62NADScRxJLNCVJTtgbs2TJZpsbJGWUai0OFjGAcstI9m21YvoYAmClMsuZQVz9LvhcxyGIb6pIpk35bvNIJiiwOiiYQWnNb0ladWW9YuyIVj2oc51LJCCJL6iIMjWoMihMZCj4Z4jNBDjEN2xNgzTgMylNND2AMz1OgDDINw0IUijwMi5aIGWFNzjaRC2IN63IUjmAMy0OMWmIMwiMomjNIkkNlj2JXknZ9GGMbxiZwTiFIj1McmDMMyxYImiIO0iOIDXFZl2NJjCYL3wOoDjFIi4IJny0eu=
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Server: cloudflare-nginx
CF-RAY: 1b0d1fc6c75a0f9f-YYZ
Content-Encoding: gzip
14........................0......
POST /callback/2c42e77dc5b92544853ce18160cf6a1c HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://adf.ly/ruqdu
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Content-Length: 538
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b; __utma=255621336.1096569715.1422596427.1422596427.1422596427.1; adfly_483832=1670080; __utmb=255621336.0.10.1422596427; market_483832=1670080; __utmc=255621336; __utmz=255621336.1422596427.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
hithere=TAkyVOUyNICD4MwxQIyjkLi1L4CyJMygZIWFZTlDcBiCIV6FI5ikILsgIsmDlOk0ZYWj5L02IAjToNw0LACjJLmwb4GyFMzgaICFIT6DMBCCwViFc52kNLygZsXzNN3yIcjDoMx1M4DCIM0uLICDJIzSYx30JQlgcQ2VgRiOO5jCcI27OECjwViTdB2yJOyxZ4XSNN3gIQjloT3gOMT3IdsvIRnmdbipcdmFVIz7aACjIL62NADScRxJLNCVJTtgbs2TJZpsbJGWUai0OFjGAcstI9m21YvoYAmClMsuZQVz9LvhcxyGIb6pIpk35bvNIJiiwOiiYQWnNb0ladWW9YuyIVj2oc11LJCCJL6iIMjWoMihMZCj4Z4jNBTjYN4xMgTTkMzlOND2IMy1NgjDMN30IUijwMi5aIGWFNzjaRC2IN63IUjmgM00NMWmMM5iYozjUI2kNlm2QX3nM92GIb5iNwTiEI51ZcjDRMixYIWiYOxiMIWXRZi2NJjCMLyxYojjMIy4IJny0eu=
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Server: cloudflare-nginx
CF-RAY: 1b0d1fdc88bd0f9f-YYZ
Content-Encoding: gzip
14........................0..
GET /pagead/blank.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=223d076a6a0300d7||t=1422615192|et=730|cs=002213fd48556f693ae5c022f7
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
ETag: 3442959754796973630
Date: Thu, 29 Jan 2015 17:31:20 GMT
Expires: Fri, 30 Jan 2015 17:31:20 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 79
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 62515
Alternate-Protocol: 80:quic,p=0.02
............(....I.O.T(...I.UJJL.N/./.K.M.../.R()J. .H,J. Q....).R`.\\...DsB.....
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: hXXp://trollface.biz/vote
Server: Microsoft-IIS/8.0
Set-Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0; path=/
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:04 GMT
Content-Length: 148
<head><title>Document Moved</title></head>.<body><h1>Object Moved</h1>This document may be found <a HREF="hXXp://trollface.biz/vote">here</a></body>....
GET /vote HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:04 GMT
Content-Length: 12643
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?".....|..>.......4...2}....g'.G.w.~.....O.<M..o...y.;.I_.u1m..=}.Q...mW......._..W...7.....]...n7..x..>:.....0}.(..g.....>..?.F......X....e........@..i>....i.....sp.|.H..m~..........l .......2[R....tV..}... A3.f).r^.......Q..q8..........m......*.N..UY......z..~|W..f.....v.....g..T....~s..?J...g.......r.N.Y...g..|..}.0.l....,o.u.j...d..D^.Wy..l.-~.d.I...g.7.v........'.Y^.og.."...;oL@.G..|U..&.a.}.....X......rN#....?~.....y..^.o.}<.....]..Q.a...C........!~.......t.N......#..5.N.S..........?.'.....J?....EE....o....?wJ..[...L..qZ]...1YA.....?h....."_...}:.....Ez.&r........C^...........Ic^0m....D.O...{[.......\.S`... .Q[c...;..._.........-7k..?..qY....L...7J.u........R...t..U.../.B..?.F;...;,.!..8.....b.6........Z..@...|.h..G..dX.DC.*m..UuQ.@..i~wF......VYU,...*..V.....1.O_..O.}[M.[FwUW$P.5k.[b=.vC......!.n..uMZ.....X.q../G^...oJS.....mRV...-..k...7j..x.Th}x....../f..O?}.so.....Ow?}./83_9..u8m..M{..jH.-.Y.}...2.-a....y.....0q6.8.w}p....y...yv.6c...r3..v.nS..}......c..8......L>.(m.....[.5...e...GG....G).._...O7w......zLm..7...x....(.a/.q..M..GO.Og.T.d..a5..................x...}....%..M...8./!We..W.b.^.m....U1...&...T<.4.0.!.o.b2QD..D/.c......M}N.S....\_..F{........tF.h..X....$r/..T..A..,..4...i>!....6...W._..c.. .M2F ...J....I.2.f.i1....i..2[..h.i.. ]d.r...1.....|.]..a(..}C...BbM.......{]25.KBo.|{7 ..Q.oi....X.../&j.....w...d...]7............".o.wp..._r..qv}..4..\.Xm.....I.\.......Z..
<<< skipped >>>
GET /css/style.css HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 28 Jan 2015 23:50:41 GMT
Accept-Ranges: bytes
ETag: "38e16539553bd01:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:04 GMT
Content-Length: 30652
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?".....Z.e...-.e.....<....y6.._......~.~.../.'.$k>:L.z.(]......]..../.y.~|g.......y...;.yU/.v..|1.g.|.]..e{..?.3J.w..q..{/..:.n{U.....C....]...Y}Q,...N.....Z/g.....G?~.......w..<..].K?z...E....Xn_..v.hw.`g..0!... .E.n7.u).<.=....X^<...e.nhJ.......|.).....v]~.C=R......g...O._.-.h....Z,..i.....~H-..6-..l........hVev.X..k.XUu.-[...q..1.>..B.p|.]l......</....to....3zO...d..w...].=..U..E...........n.l...9......@.Y}...~...z{4..s...$..'..s.&...e....9....UZ,...IU.....O.e.6.....#.........0.1....Z....._.].9^-/..~....}.....WyF., ...f.d%M..tJ.....2.v[...............V%......)Z.(...E.....O..^;p.66...K.w{RV.......-.Yi`-.....;C*...N...'...}..4[..|.h.(..k.'..]g.b..;..a.lIdg.Hu....by^,.6O.....Z..\....m..E^,g.;.....]F..n.by...4....o.....>Z....|.zkk....7...&....&.p...O..:.m...-:.G@..`..>..:/..jc.....!..........:.F.....6.f.F.@.@.;.;.p\..D.;...T.lZ...|b@...9y...%1....C............o..~.'^?....~....h_./(..1X..n{.|.#..$...G......v.$..f..O...|zb.4L6..f....G;).J..I..3....;....7..0:dO....j..t.6D..c.iH.o..z.H............6%..#...Ws.U.IGK:..@..t..J*...xMU..u......[.>]..pXU....3n./....v.k....o..0...."_...L.....4..i..{.O.<{f[.k0.\\....z.....)...lI..>..p..yO..{.J.".<..Tm[-tTbs..>3........H3j../}...P....5x.6..\........2.).|'.1.1.........@8[..F_..>..N..O...??t=..._..G.R.I..euQ)d...|.V..>[y..K..n.O..:wq.U.......o...t.!=...>J?.#g:x.f..*..rD.?N~..I.|.c.7...IU...N`.w..Q.~w.....Ih...........?F.Xl
<<< skipped >>>
GET /UTM_Bebas.eot? HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: application/vnd.ms-fontobject
Last-Modified: Wed, 28 Jan 2015 23:50:35 GMT
Accept-Ranges: bytes
ETag: "be48a735553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:05 GMT
Content-Length: 32472
.~...}............................LP......................-.p\......................U.T.M. .B.e.b.a.s.....R.e.g.u.l.a.r.....B... .F.o.n.t. .c.h... .V.i...t. .s... .d...n.g. .b...n.g. .m... .U.n.i.c.o.d.e. .-. .h.t.t.p.:././.w.w.w...f.o.n.t.c.h.u.d.e.p...v.n.....U.T.M. .B.e.b.a.s................pOS/2D".....x...NPCLTC.@...}....6cmap...........Hcvt ...-.......<fpgm.3.O........glyf..........c.head...........6hhea.{.A...4...$hmtx!.5.........kern_J]...p....4loca.Y.|........maxp.......X... name..}H..u.....postu.bH..z.....prep.d.R...$..............\p_.<...........iH.....L4......N...............................N.........................Q.q.........@.........................3.......3.....f..............................KT .@. "..........t.....-.....;...=.....Q...Q.G... .E...E.O.S.p.K...`... . ... .G.|.Q.(.G.|.Q..... .?. ... .Q. .E. ... .G. .C. .C. .5. .;.|.Q.|.Q. .=. .G. .Q...(...1.A...?.Q...?.C.Q...Q...Q...?.j.Q...Q.....O.Q...Q.S.O.j.O. .?...Q. .?.7.Q.../...../.G.7.......p... ...../...`.......-. .(.......;.A...?.Q...?.C.Q...Q...Q...?.j.Q...Q.....O.Q...Q.S.O.j.O. .?...Q. .?.7.Q.../...../.G.7.......p... ...../........... . .........(...(...A. .................I.A...A...A...A...A...A...A...A...A...A...A...A...A...A...A...A...A.....Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q.......Q...7.......Q. .?. .?. .?. .?. .?. .?. .?. .?. .?. .?. .?./.G./.G./.G./.G./.G./.G./.G./.G./.G./.G./.G. .?. .?. .?. .?. .?. .?. ... ... ... ... ...A...A...A...A...A...A...A...A...A...A...A...A...A...A...A...A...A.....Q...Q...Q...Q...Q...Q...Q..
<<< skipped >>>
GET /images/search_icon.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:42 GMT
Accept-Ranges: bytes
ETag: "a492c739553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:07 GMT
Content-Length: 3308
.PNG........IHDR.......<.....qT......pHYs...........~....OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2....
<<< skipped >>>
GET /images/like.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:41 GMT
Accept-Ranges: bytes
ETag: "4e19b039553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:07 GMT
Content-Length: 12630
.PNG........IHDR...L...L.......Q ..1.IDATx....X....e<....'a.%.Hb.1L.l..mV.&NW./_..M....N.............6.......z...IHB.@ ..>G...$_w........x.....<.9.K ............c.J.D..{N..r.kM...i..tg.FS8....._.....qw.....N.x.g.IHHpa..{......6..?.c.:..E..;....l........5..X....lu...v/>.........Vz.]...o[zv.....s.....e.........{.......m..N...'.6'.N...T...y..........zkU@..J..V.i-.h....~...........~K....7. #>17?..U..o2...uj[...0..&.B....v....R.........T.T.x.@3.E`t.#...../.v...Fv~^....D*l.1d..".].Y........{1...h.p..W .......b..5!Fke..R..g.x.....7.....;y.......?...K......A......q.......0F..Q p.Fu.. ...K...do^G..8.6.%Km,.A.k.Z.G.[(.@.z.m.&{C..^..m..j....,w. -....3....X.....F.....23...D>...C&W.i.......1N8..14.e.=.l..W....]..lM..b....(..o..@...dmZ.c.[..c..q.rW6..........Fh..]s.....{..&......k...:.?".....7.....}...1.].:^@..O..S....ci.....<.&O.{...D.......m.....8..8.......~.&...M. ...\6.......5..."...a.U.........F.0E.|k".gd<./...7{...o....c.c..9.`..x.zN.w_]L7S.....Zr$...F.y..GP..P:.k/z&v..K..........ek}.,h-....X........8......m............1..ed......}fo..4 ..e!....?...........7yl.#?Ac. ..q.".Jf..}.4T...@.. ....:.y.q..R.8.x..'...sWY[.....&....4.'.\..-.D[.....p....n..uv...%....:..(..F<8|G\b..^.s.V.........6......3....)...G..v7...a...$....).,..Kc<.. q7..a.....X....i..X..\#...).....i...t.....$..E.^.).c:.<g..{:E.g......w.(...zn...r,.$3....6..z....w.../L.........?e1.....07.....e...?........!.Q.`u.!q.ZY.Y....~...s.B..#</9.cky.F.......emy.;...-.......-._...&.......>o\c.....=/.a...o...}ara.l....?...vy.......a
<<< skipped >>>
GET /images/sprite_v12.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:42 GMT
Accept-Ranges: bytes
ETag: "541cd139553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:07 GMT
Content-Length: 148533
.PNG........IHDR.............!.."....pHYs................ cHRM..z%..............u0...`..:....o._.F..C.IDATx...y|.e...g.4m..R.}...WQP.9.P..T...,*(.........?/tWWX..d."..*.!....M...EK..9....I'iz..i.|?.*..Lf.y;..;3.HB....U.$Ie..!4..... .@k....r...pX.$7K....1]b@ "....B.....hW..g.|%IR.K......q@.B..p...*N...N...,I..""j..A.1...5....$.ai.^@..8.....H./!.....<(.0 ..QM.....Z..5............Tg.I.....L..1 ..Q#..&.........@DD.C......B....Y...DD.8DW......j^. ..""j@./#T1.......@DD.C...u..F8....'....5.......U...........9R..J(.b8.p^..@DD.....*..U.'.........$..`]-..Gy^..@DD.$$...R...U.............V...T.......lf..h....!g.X..=...x.!... .....z..H......V..u.....z....JH5i=..].......*......$e..kW}...sy..H..h.......7..^.5.....=...~.pV..YxnDL....A...%.<y.....(.......3).l.%.7.^.5.......Jh.jz.....;..]l.3...3.<yr.|..?...I..HI..$I...5K[...^.$}9..%I....\.."\R... W.......W.^..z.2...?..s...v.7..9s.X.y$$$.K=!....X.|.|.^...`*.....b1<.c!...@.X...@......?M.L....5......~...._..y..g* .X......?. .(.BX........-((...d.......j9v.e#...B...z{.F...l......5.W..].............../...?.R.U...!..........;...k.n........L.:q..[..zED...$I..t.M.({..ExnbT..l..U...;,........K..S..$........ ....b.^.... ..V{S.&M....O..z5..?..._.N...9VKe...I..he.JU...^....~.}.../..)I..]Q..k......J.R....^.Q...$Iz!.S.....>W}...y,22...s...=.:.T.]SK.....S...g.......!>.$..j.Z.p..._.X,s...,.Y....ju]6.A..Jn...z....#..q..E.0..........zED......rv...L..c.......y..%......IU....H.....Z.h..<....._.Z.$.....G....V.t......P.e....~^g..........X...L.2E..S.@7.O..>.. .@.....zED!....q..I
<<< skipped >>>
GET /upload/t/1054.jpg HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 28 Jan 2015 23:50:51 GMT
Accept-Ranges: bytes
ETag: "fde74f3f553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:08 GMT
Content-Length: 158511
......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..o...K.|1x.. U..I...-.yf>L..).M.$..#.M.F.....}F.D....]M:Xk.R>....d.....H.[......4..p\.E.?......m.B"....h.72......"_.y...T..........w......b}E..%...../w....4vq.2M...i...|.2..`...m...,C..%$...-.vj..Em.]O..S..,........q......./<1.X.......!.*..wB....V."{..."...............%.aZ.&4E.LI.4w?.\......H)..*.......t..?.,/..SW..M1. ......Y..H......HO.,[b-.d,.../._.<.....4.-'1Y..9.%...U#...J.2..$.~R..\...pT1*.!C.8...z5x'..m...a1r.'.......(i3_.y..R...1.......@..BeH]....r..V%.._.....-t...[.xL.....y`..1;.. h.f.....7U'....M.A..ZAym."U.4[.7$. .PRU..8P.$`....i.Kx.....O........"O0..p..B...k..`...\o..S....M\l..........N.}-.../%{.x..O..K.{}....e6....n.|.v...1.....y....._...Z...m.{T$[..X.{.&.D.F.)....[D.#...?..f.E.....hc.......JB.j[.|..R...X)].9........?.O.Z...1..z......[.j3..^..4.K.bW...,.'.......3.J...2.5.^...o....A6.....\....Ml....i...j......K.K
<<< skipped >>>
GET /images/comment.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:41 GMT
Accept-Ranges: bytes
ETag: "e6449a39553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:09 GMT
Content-Length: 1386
.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:7135B5F362D111E4B03284059EC587A7" xmpMM:DocumentID="xmp.did:7135B5F462D111E4B03284059EC587A7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ACBE5662CC11E4B03284059EC587A7" stRef:documentID="xmp.did:7135B5F262D111E4B03284059EC587A7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>../.....IDATx..S.K.A..u'%...m.C...f,.B7.(.Z.]........{.(.xI.X....J..K.'.t...Eq...í7..1....y.{3...h....m4...$...h.n...x6..F...@$.a....h4.A. B..g?.L.3.X,..r.w 3h..H....R..,B.l.x...'..Z'. m......i..P(..U....V.i.....Jd.d2=2...h4M..... ..<....eL "....N...R0.8..u..z...X,.>..u..O.(r.E.....N.{u:...DB.`.w`HxJV.Tb.......B.pO.[..T.R9..(8......d.|......U.&.`0........g.v.]._.......3r......S..n.Z..wW..~.....e.~.........$.T..Q.J."'.v{.&q.$.q.%m.X.&.A......y..n....c.M.?.u....R.tQ.V........C..E Fs.....IEND.B`.....
<<< skipped >>>
GET /images/viewed.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:42 GMT
Accept-Ranges: bytes
ETag: "478dd39553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:09 GMT
Content-Length: 1207
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:92ACBE5462CC11E4B03284059EC587A7" xmpMM:DocumentID="xmp.did:92ACBE5562CC11E4B03284059EC587A7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92ACBE5262CC11E4B03284059EC587A7" stRef:documentID="xmp.did:92ACBE5362CC11E4B03284059EC587A7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Ig.....%IDATx..Q=N.@...!..... . ...Z..$.'pJKo.......7...5.T.P)T$..=...d..|.y....$I."Q..AI..<f.L....#.y...|I...5...a..'...(^.0.....0.Y....fd.8...Vx.|).b...[.R..UUu..o.{..(..W.4M..m.if.T.Q..... <_uGAm...0..V../~L.I..N......VJ.{=..J.u......6..q...>....G.Q..%......h....I...i7.......;...i......nF...{...`..v..........IEND.B`...
<<< skipped >>>
POST /callback/2c42e77dc5b92544853ce18160cf6a1c HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://adf.ly/ruqdu
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Content-Length: 536
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __cfduid=d860e4e0440de5fb48f7f2b6256e4b5351422615175; FLYSESSID=5420d9e33c294bd05882efaaa6e27aff31843eb4; adf1=668e57544f6910e95c22591759704a2f; adf2=e8b8e1b450a222f8d1c56b9a088a166b; __utma=255621336.1096569715.1422596427.1422596427.1422596427.1; adfly_483832=1670080; __utmb=255621336.0.10.1422596427; market_483832=1670080; __utmc=255621336; __utmz=255621336.1422596427.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
hithere=TukAVyUONyCI4DwMQxyIkjiLL1C4JyyMZgWIZFlTcDiBIC6VIFi5IksLIgmslDkOZ0WY5j0LI2jAoTwNL0CAJjmLbwG4FyzMagCIIF6TMDCBwCiVcF25NkyLZgXsNz3NIyjcoDxMM1D4IC0MLuCIJDzIYS3xJ0lQcg2QgViROOj5cC2IO7CEwjiVdT2BJyyOZxX4NS3NIgjQol3TOgTMI3sdIvnRdmibcpmdVFzIa7CAIj6LN2DAcSxRLJCNJVtTbg2sJTpZbsGJUWiaO0jFAGscItm912vYYomAlCsMZuVQ9zvLchyxIG6bIpkp53vbINiJwiiOYiWQNn0balWd9WuYIyjVo2ycM1yJwCiLeiiMIW6MIhjZAjuZMjDBMjyNMxDgAT4MNlTNU21MM1TgED0NM0yUIjsMI5mIhWhNcj2Rg2iNO3iUJmiMY0TMcmzMYiWoUjyIYkmlZ2lXMnW9MG4bNiWwQi4IM1DcID0MZxmIYi4ONizINXkZZ2DJcCzLMxGoVjhIN4yJJy9e
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Server: cloudflare-nginx
CF-RAY: 1b0d1fdce17c0f9f-YYZ
Content-Encoding: gzip
14........................0..
GET /viewad/3774000/NG_W5_D_VD15_26012015_728x90.jpg HTTP/1.1
Accept: */*
Referer: hXXp://ad.doubleclick.net/adi/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;sz=728x90;ord=[timestamp]?
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s0.2mdn.net
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Fri, 30 Jan 2015 10:53:15 GMT
Expires: Fri, 30 Jan 2015 11:08:15 GMT
Cache-Control: public, max-age=900
Access-Control-Allow-Origin: *
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 43
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
GIF89a.............!.......,...........L..;..
GET /-pzssax7ig_o/VMQQY1VHBhI/AAAAAAAEXeM/f381QtL8lmc/s1600/1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 1.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v45de4"
Expires: Sat, 31 Jan 2015 09:38:22 GMT
Content-Disposition: inline;filename="1.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:53:14 GMT
Server: fife
Content-Length: 18067
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 0
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............xExif..II*.......1.......&...i...............Google............0220........d.......................,...............................................................................................................................................................,....".........................................V............................!"2.#1BR.3bACQar..$Sqs....4ct........%...&5.....DU.......................................B........................!1.AQ."aq.......#2..R.$3Br....4STb..................?...YI.Yu.D......RIm}e....RIou{IV..[VV...[VV...ImYZ.^.I%.eyue..^.VVRIeeeF./.y..{.........poR.. ..n?Y.iVv.....y..`?....U......?......VW.n.p.. ..D6..6....\.W..Ukx..7.}#K1.&...t.m%!.kC........'v.....C.......K9.3.. .nAb..?%...]..g.@U.....n....3...Z.yb..s/bG.!K][_M..........CR.....N.........T...R7V..SH.........\K]Yu%ue..J.^RwV]I$.oI.Yu$......RI)Q.O.]...=..On................................FY.g.v.m..=...z[..8.Z...........u.@&<(.@!W..*g.0....~{D.4Z..>......-e.]..'.-}_7...y......._...E/f-..axf....M........V...CB..i..D......q...J......)%."^.5^gs.4A..a...y.w."....p..;..j.F....;........J).{@. ....m.dKU./.....8.pC.$`1...C..5...6.$.lr....D.gST............._... M......H..7Y^.......>Ax. .._.;....jV..=J.R..U.;...m}m.N..N........9*N5 k...m}q*N. ......$./uou5.....juue..R.R...][]Mu 5)ZI...S}J.JV.quG.!~,...........P....TW./.c.`G.Oa.4. ..-...n....Of.6 .w%....Vu.<..3Z.V.8..... ....a?..Q....f\ ....Y...W.......g..j.4..t./uw.........m.._...jN..0.9..h:v...}./.....'..l.....:'......n8..M....]W...W.........C...#..
<<< skipped >>>
GET /-nerBEGrWuFk/U7B9Sg0IJBI/AAAAAAADFto/lO0wova5fhs/s1600/LoLavita+Hair+%26+Beauty+2.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 1.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v316db"
Expires: Sat, 31 Jan 2015 10:03:48 GMT
Content-Disposition: inline;filename="LoLavita Hair & Beauty 2.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:03:48 GMT
Server: fife
Content-Length: 21501
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 2966
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............xExif..II*.......1.......&...i...............Google............0220........d.......................,...............................................................................................................................................................,...."..........................................Z..........................!"..12..ABQa.#Rbr..Sq..$3.....%........4CTc....Usu......5Dt....................................A.........................!.1AQ"a....2BRqr....#$4Sbs...%3...................?...x.........4....n.....|!Y%{.....Qgt..;..V..U~.R..$^..GuE..:.Hc.[.f.....i.Dd."...."#.{l....{\...../.HR6.1B"..K....p.A1.....(..$.Q...E.2K3......Y#H......D@M..........0.#.W........}K.....{U......K.. ...T.N..;.."B..W..l..X.uucw.A..vy.=^.....^..sX._..`).... ....N./..IJ}..BQ.m2.ld..A..hZ.S"OQ.4m....*....66..yDz.H...v.]Q,.0W..I*(.y_...=Fi..tq....^.qo..S.f.zm.`....I.9zc..(.0....V8..m"Q(.!.y.H...eO.s.JM......x.j...Ypy....9..K4.....4-........w.A.S.E....Li....b.e.)Yq...8.4M..=~nM.'m{mOKO=MC.T.Dj*&`...K...w<.DEfv.Uf....ymh...1TL.......fu,...e.K.U.P....4.....7.E]U.F.R.#.6.'\..$y%g......F.o.Zt...c.].t..(f..u..<.9.e..de1....I.....~...w..vv..jZ...L2.g..77...3..H..G4f...5{...........]s7...YS)..jp.S.N.53.O&H.Y...........W....tEa*..}R.j....I".i.c42...R.-.L..}.zSm;K@..A.3......%...$.....an"rlr...d......,....9Uc...7F...u1.c.t9.,o..e.v.u[.]..;S.vr....4.k...%...#".B@V (..T.H.....L..C....vmDP..P..G.YG..b..1q....qB.B.$..l>...R.....'...~..7..S.W.^:9....|r.r.b......._. ...3x....^...olC.n.....o12..41--...O.F.
<<< skipped >>>
GET /-o3bkrf-qs0A/VKqAyof5pQI/AAAAAAAEOsw/vJqd_lEwam4/s1600/unnamed.gif HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 4.bp.blogspot.com
Connection: Keep-Alive
<<< skipped >>>
GET /ajax/libs/mootools/1.3.1/mootools-yui-compressed.js HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT
Date: Thu, 29 Jan 2015 18:54:12 GMT
Expires: Fri, 29 Jan 2016 18:54:12 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28377
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 57533
Alternate-Protocol: 80:quic,p=0.02
............i{.F.(.].B..2..Q..d.........I..l/E..F..IP ..$........=s.s'c.h.R]]]]]]]u.......mQ|(..28\M....&Z&e.X...h.......m....|....G...j.....b....lu..ev......Q6.1M.d...I.].....Q.}/...<8XD.U4.J.6;... .?...,.{~|.*.....].b(B....d..s~.-....?......EY..e..i.\...Ww.2.)..yr..=*UvNy..S..j..T....~u?..$....2..%. .{}'.........Y6Woo.r1....jX.:.e..l..^.?.x...._...U......:..oo.eQ*.}..F..I../..d......Hz...t............./..X.X.....t..=x||......f5..].h...J.^...O.=.gBr...?$?.......'.'......q..h...Q.......8.>qv...<.B.vu..~.......#7...z:.6e.Z.s._....t...Y>....U....8..H._a.p]........1cb...,Od.......].........;sV...........&P.5...2.&.S.. .f..j.....-..(...,S.D.x..,....u.......$..!.aC;.w.P.q.f....*.'.^o}......Q.0.wX.&..>J..W.:Y..v{.5^....i..P=7a.*..!.V..t.Q.=.K.o.%0..#.Sr.J C.cT...^c.7..9N..AS.8.W.o.g.-....^...\.;.s.......%$....x_.Lo..`(.2...$.._........ht.......Ye..90-..}.Ze..2......}.b....%..U..2c.n.[1.w..Y2$.F"...r.U...X......CA....),...?.....}X.>...|.F.{.5..t&H....P.....M...A..........~T..w}5....=}...*...L.(n.....s....^!.....{..0...).Vn...v.1p[.>0.l.....a.:...M.W!..Zf.|.`..P...U.4..],BZ..Z.....QY.,^ X].......;..c......u.j.s......U77f..o.%.2..L..a..E.h........Qi^Q..e........./Ap....@..D.v}...0r.w...V.....i.T..G..fsf_........E..,.....A.b&I.R..p.o.......<.....\..7F....H..........;......[.`....u*@.....h...p...Zuqa.} ....,b.2.U.j..t.7&..l..li....oSX....QMy....^Hr....,..uj. ? @b.(..Z.....i.......v..O8@.J.'......y..\R..]........3.{z#....r3.r7.;.....g....s....ck..~28.'Sk.a...R}.<..m.. .......iM#..o......4...|.T|.
<<< skipped >>>
GET /tc.js HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.tynt.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "55f4560298442d75c07545e2311e2575:1421262147"
Last-Modified: Wed, 14 Jan 2015 18:51:39 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4157
Cache-Control: max-age=259200
Date: Fri, 30 Jan 2015 10:53:11 GMT
Connection: keep-alive
............kw........\m...8.J.P.qZ...i.b..Z-B...$l.p...YI l.....&........m_.[.....N..d..j.7.<8.i.e..XZ..(j|..a.5>.L.W...9..9..c?..p.X...N80..X%...YgG.9'..W.0V>.sc0.e.&.A.W"m...VB6..j.xm......d.k. .g.E.D.< ..P.o._uI1&...$S.o...p.;HR.O.|.d...]...R...j.S.>...bA.....X.T.........T.#!.....lE.....s`>..3zA..K..*..qC.W|...vg .L1....,..R.F.i.'2.`(&.0I.|....{...r.."......0.r\IR..*.yx.....>~.*.').4.#..6Qz*b.w.>....v..y.`.......e..F.K...S.....`Y..l9....m........]X8..m.7p.g...S.i.v....R.{..-.0....{....?..}.D.".9b...t..4..v.>..uw.e...<.gZ.gmP..._t...vIg_.W.k.#..was............d.tQ.S>.....1..DNF*..#.........A..?K.5.w..ok."..Y[.`.X..2...h...s.iRir.VZ6.o.".{..........5I(...2.....M_.6m_y6ao..Il....^........./....??..........! R0>a.E..:~.&c..3.i...>............1H..H.A>.I..l....Hw....w.....}:/.<O'.U.x...\.....d..w.......U^.Y.b.v..3I......L?.]:[..\...0H.........p.w..(..W-..h.V6.B@.@!...q.d....(...R.{.V..u....p..&q..p..G"..EL..@.;..N.C...ny=.'cT....5}..D9.k7.......!..H...n..\....:.....4...|....#. ...u.A...!.[..P...p..I^.N.P.yf-.5.......>..[.v....o}..3..A...9.....mb.V.ABX7'.....V=......W. .l.%.)....=`..t.....4=8....t.cu.8..@.m......J@A.$..{ae.....7...=.`......3F.(M.......... ...L..}.J.O...g!.%.m........K..........I.....a..{H.T..."E.sz..h...A...V..&.'...z.I-9............(.5....z..H.F......>..W......s. j....t...<i....?\e.......`..)..x....g...T..uh.DZ.......?..........z....7o.............O.I..`.^\F.8..K.|ru=.}'.-`)...8..Y.....6\...=...NE...?.t...B..D....u.P........V.?........a......u
<<< skipped >>>
GET /ad/js/deliverAds.js HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.addynamo.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Length: 1435
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Wed, 12 Jun 2013 07:34:18 GMT
Accept-Ranges: bytes
ETag: "039203f3f67ce1:65a9"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Server: www03.entelligence.biz
X-Powered-By: ASP.NET
Date: Fri, 30 Jan 2015 10:53:01 GMT
...........W.o.6..*.. ^....mjj*....k{k/....$....r.........R..m.*...~.....;L#O.q.=.,..bF.vM":.FT....W......x.H...U.0...H(.'._.A....C.]._.#\!..|"x...4L....."....?...q.l.D;V......N..;.w...t"...z..9}2.<..x..%.^.0.eF.N..6.|...I(.AB.....Y...k..!^.1..Z...W`<.<.:.$......<..c..C...E#1n6...v.....D.#m..Vv....X.t.M:.0..{.>..n...4X..<,..U....Q.p.. Y".n.....|M....18.D:H...Y.I.&q6]r.h.....O...._[.ga{.d.{...a`......P.>..>..Yq.YV.g.vl....jG.l..?-\".....u....q.}.....i267^.E.v.k^2.R..A.t..,.g.3..o...BF\.x..>..>.}u.......{..]........T.<.%.A4.....M...[........!..o....^r..Y..h.q;d..j$.l....:`..0 ..4LGA...6.y1..q.T...V.k.N.{...rJ;0-..~~mA.|gJv.:A...!.......7}...Y.^.xf2..H...R=..w._jM..0=..D..F.v.{.WS....B*..3..8.|...I:H.......\)1|.Fq....iZ.(k..B...@.....zv..~..>g.1.........wo.~)q.;q%.`..T..^.V....K.W..){.s.[]r.....T _.b.hC..{^..f5.y.:.........m..o.......\tA<.../Te.Q.r.Zj..4......t.>......a...-.....Xv.E....Q._.._....1M....w.T.)Q...X.}.....'...SD'..1Qo.g...d".g;.j...)l2.".#.U.Y*.K.U*#.{..A.....<za.}OyXY'.V..T..,k....z)A....g...i<......za...7]...8..[.......5Oo....W_/..='.......p...D.J...q..,z.?4BYX..NN.....qh...]@.T..?.........P......K..q.jd..!m#..aL..&Z..g..>.!.$.c?.i.O.r_....c...X3...j..CN'LK.G....8..4...y..1A..o..E.....xa.U..x<.C8`.E1... .>..YH...!8..)...'..O....c.3 .... ..........Z.j."...[.....Q.S..t....&.....AZ...~C.P..A.......!ZmU..^lAh..?.$Q...k[........P.P......v....|.......J...w........ ...:kk.F.v............Qv.&$........?........
<<< skipped >>>
GET /deb/v2?id=w!psytrs8y6gmn&r=trollface.biz/vote HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: de.tynt.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Type: application/javascript
Content-Length: 2
Date: Fri, 30 Jan 2015 10:53:11 GMT
Connection: close
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
{}..
GET /widget/usytk7tkcyx3.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 303 See Other
Date: Fri, 30 Jan 2015 10:53:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hXXp://widgets.amung.us/classic/04/411.png
Set-Cookie: uid=CgH9JlTLYpaMCyhBzwnxAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=atta; path=/
0..
GET /show.php?vs=&ad=286387&f=300x250&a=956646&s=MDhiZTA0ODk4Y2VjOGU2MzBlOGVjODY2YmY4NDgwMjM=&u=586654&si=742431179&di=5811174&ci=16&cc=CA HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yllix.com
Connection: Keep-Alive
Cookie: fc_286387=1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.36-0 deb7u3
Content-Encoding: gzip
1c9............}.M..0...H.......1.m..U..KK..T...!........V..u.[.a........=y1.2K~...."......g .R~....'s...,oA..$....K..........Iy<..c?,.V&_e..T#.l..D.f..igr.X..q.3.5..[...0.KA...v.a.......p79U$ mO.`.Y6.1.;..8....J.|... m.=.......|B..H.@...?R.._&-.5.4=...[R...d......1..}g.FG.h.....e....@.2;..SN.(|.6.h,.4g'5{.>..xo.l0w4n....b`.:..a...m5.^u.h...Z,.....A.RE..Q7.58..|..Euo.5...{V...@..............=.....4....f&,7...a...0-.....['.5.C.q...k.b.....C'.y........%A........0..
GET /small/03/328.png HTTP/1.1
Accept: */*
Referer: hXXp://wm.sumohit.com/cf.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: widgets.amung.us
HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Fri, 30 Jan 2015 10:53:04 GMT
Content-Type: image/png
Content-Length: 325
Last-Modified: Sun, 13 Jun 2010 09:48:29 GMT
Connection: keep-alive
Expires: Sun, 01 Mar 2015 10:53:04 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...P.........D......9PLTE.bM.nX.82.G:................zc.....z.UC..n.'-00/...555...........IDAT8...... .D#x.%....v!0Z..A.A......\Y2#j...5d.^.jF,we...........yU...z.1z/.....8..m".a.....N.7....$..`"..`.q.s.^.... !..,...6..I..|.;.'.t..x.y..?.K..........0V.6..o..V.....'..=.=.Z...7.N..u..U.....Y.I.>.......IEND.B`.HTTP/1.1 200 OK..Server: nginx/1.2.4..Date: Fri, 30 Jan 2015 10:53:04 GMT..Content-Type: image/png..Content-Length: 325..Last-Modified: Sun, 13 Jun 2010 09:48:29 GMT..Connection: keep-alive..Expires: Sun, 01 Mar 2015 10:53:04 GMT..Cache-Control: max-age=2592000..Accept-Ranges: bytes...PNG........IHDR...P.........D......9PLTE.bM.nX.82.G:................zc.....z.UC..n.'-00/...555...........IDAT8...... .D#x.%....v!0Z..A.A......\Y2#j...5d.^.jF,we...........yU...z.1z/.....8..m".a.....N.7....$..`"..`.q.s.^.... !..,...6..I..|.;.'.t..x.y..?.K..........0V.6..o..V.....'..=.=.Z...7.N..u..U.....Y.I.>.......IEND.B`...
GET /small.js HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: widgets.amung.us
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Fri, 30 Jan 2015 10:53:09 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 Dec 2014 16:34:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sun, 01 Mar 2015 10:53:09 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
86b.............Xow.:..*4/.......e;.....B...r8.c.!$Y.@...?r..h...yx..Y.dY.I...|..w...Pp.iR..d@.bJ.....G..........^.....tB...3...L...>u(W..H.#|./.=;.M... p0...Ja.d...0......}...}J/.rH.."0...&..*..&.....].....;.\....T....r*q.RT.x6.DN..~..W.....&$IQB9X{.0$.b.!....hx.&D.....%............U.'....W..@d ...q....P$*bs.kR.....AM...'Gh............L.,..h.8C5`I.:..K~.kR..K.....Xc.s..`.......]C.R1....|.w>.........!..~.&W....Kd..D&..,.y...>.qbL.....5&y..z....G.....Y.N.&...x~..4$.!....H!.h....w.j.z[.5t....f)x.5r5f^.y.[......Y|Zf.;.6..N....A.0.g..\.Lwn....B..$..h.oa...........]j.%..v.Z..?]N... 8-...l.......t:..oj...h7*...5f6.{......[..N....W..&......e...s.4..^.....Tg.T/u...:=.\..l.N....[.>j7.t.W*..l.....Q......o&.:n\.0.....O....3...<5.}.<5.....t.....^<V...f#w}_{......h....N.,../.k.:...3...^....r=....O.......s.\~p..L/..vu.3.U.6..!:wU... gD..........`....N..6....r..."}..n.n.*...........R..D.:,...G...]......*......osO....&......B.h2.... )....M.p:..$u...J|J....Y/.;I..S>.dW....Ey....FI.........W!$E.NN.%..t.."L..sA..p%B.. .R...|*T ...RY.:<-."[.._.(,..&C..}CV.......5.A#H4.&'.@_NX2L..TlH@*....qMr."...<.r.09.=...b%...<U..]dj{..2..5........&..2*R.&....S"EfM.Z!@L...?....Q.....w!.V..A~.mY.GL....[y...&....(."th.J...t..&`.&......)..Ct......R.5M.D...g....R..?:eR..IZ.l.....&.m..1...!......y..... .s...X...<.....2). X..3.....1..y.G..c...,...(... ."|..%..YdN..._6.E..../....}V<..K{......p..p.7..C....^.$.dvMr.OPv...{..;.:..[...D.......6.*6.O...K.sL...!.C..}........W..l....2..Z...1{....&..S.....k.C..|0..w......
<<< skipped >>>
GET /img/logo-16.png HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.blogger.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 27 Jan 2015 17:45:21 GMT
Date: Thu, 29 Jan 2015 07:52:13 GMT
Expires: Thu, 05 Feb 2015 07:52:13 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 279
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 97261
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR................a....IDAT8.c............h.cL.........(.e...e@.P......?...........#s.. .$`@2T3H...h.(vq...I.x..9.d3H...s.!.f ....c...0.....KB0..3`U....bD.../".@lt.....@7.(.`^...`t.`5.[ .B...........H........HH . [...$..K` ..A8.)).p...y....O.........9......IEND.B`...
GET /-mcc90_3G694/VK1JjzkAFCI/AAAAAAAEPqg/OyqPpsMg5Gk/s1600/00.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 3.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v43ea9"
Expires: Sat, 31 Jan 2015 09:28:17 GMT
Content-Disposition: inline;filename="00.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:39:47 GMT
Server: fife
Content-Length: 21075
X-XSS-Protection: 1; mode=block
Age: 807
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............xExif..II*.......1.......&...i...............Google............0220........d.......................,...............................................................................................................................................................,....".........................................L.........................!..1.."AQ.2a.#Rq.....Bb...3r....$CS..D.%4Tcs......................................<.......................!.1.AQ."aq...2.......#B.b...RS..3r.............?.....:........`F........E....H....$..d.7~[#.k......$.. _s..?.6.:F}.....]n.T..n....1...m.n*.O.u..Z[..A..>.5.]Z..K-8.....A.6....jy|.bn:X........G.rrZ..0..r.X..$..T}?D.....ucfO.I...X....VE*ve...8...F.d.4.........qb.F...IqN|5........y.H.G..`...$3KL.P.C2..v.%....P.P....6.|...O/55G* .)....J..BFT)..q.Z..~p..Dy..qr.\/,......=......|UJj...S.. 1..C"... .2.vk-...v.........5.QM.S<B.s.x.U.H..F.$(.kF...7.....2p...O.Y.....V"..`.okbL......2..D..u....j#l#."?T|.....@.........*;.'c.]....l....m.n....\BeJz.h[....i......#.Jx.~.z........76..r68%.k.z*zV.....f{F")".(_....fs..cOz.V....R..3)q..8...e!V .6e'b.S.....a.. .~~.Y...@....s.PC.Zy.Pr.]B..$l.Ym.I.@.....E........U......\....8...r...[.*.j.|.|~.|6]..0y...mZ.\.....O@v..?.q0....$)}@...>....?....9........tv5/.P..y>C.... q............p........e...X......K.&2.....>.........N..Q.........5.......MW'{.>/w.......6P......O.......5..<.../....%...R?...)OM-....3...0{.....>g. X}..|....0S%..........N._g.....0z...?..p..5......=..^..Kebf^T./._E....PbG {...[.<'..#.?..).....
<<< skipped >>>
GET /pixel?google_nid=simplifi&google_cm&google_sc HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.g.doubleclick.net
Connection: Keep-Alive
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
Date: Fri, 30 Jan 2015 10:53:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 295
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 30-Jan-2015 11:08:11 GMT; path=/; domain=.doubleclick.net
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=">here</A>...</BODY></HTML>......
GET /pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: test_cookie=CheckForPermission
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://um.simpli.fi/g_match?id=&google_gid=CAESENgPIAiUVi0jv3eljxknN3o&google_cver=1
Date: Fri, 30 Jan 2015 10:53:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 289
X-XSS-Protection: 1; mode=block
Set-Cookie: id=223d076a6a0300d7||t=1422615192|et=730|cs=002213fd48556f693ae5c022f7; expires=Sun, 29-Jan-2017 10:53:12 GMT; path=/; domain=.doubleclick.net
Set-Cookie: test_cookie=; expires=Mon, 21-Jul-2008 23:59:00 GMT; path=/; domain=.doubleclick.net
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://um.simpli.fi/g_match?id=&google_gid=CAESENgPIAiUVi0jv3eljxknN3o&google_cver=1">here</A>...</BODY></HTML>......
GET /pixel?google_nid=simplifi&google_hm=A2BCADB89762CB54D84AB87B024B7D7F HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Cookie: id=223d076a6a0300d7||t=1422615192|et=730|cs=002213fd48556f693ae5c022f7
Connection: Keep-Alive
Host: cm.g.doubleclick.net
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://um.simpli.fi/g_match?id=
Date: Fri, 30 Jan 2015 10:53:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 228
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://um.simpli.fi/g_match?id=">here</A>...</BODY></HTML>....
GET /callertunes/lindaikeji/ads/banner_160.gif HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mcomm.ca
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:14 GMT
Server: Apache
Last-Modified: Thu, 08 Jan 2015 10:37:05 GMT
ETag: "1000ed-50c219f091410"
Accept-Ranges: bytes
Content-Length: 1048813
Keep-Alive: timeout=5, max=256
Connection: Keep-Alive
Content-Type: image/gif
GIF89a..X....*5G.......pSI3,rUJ.fP%$$5FV645......qq.igg..m..r......NB5xvw...oG4.........DVj...i..{.9.XF.ye.{.hdXRRJwif.f..........$...xv..w.O5$!....5'4...Jd#...B7ASJG...n.6$. m.H..........xUD..Peu.z.d5*...3&&........YeXl..................#(3wti3H.CIX.......si.!)...THW.v`..........&...tuju..!31)igx............&17......BR[gtx.f@..Z.. A...je..c..............s....,}......l..........j...kR.........=b*..e?....X4.zu....RN....j]D....Z.9B.....&.........ZB...WZc^.%...w......JRH.u?....C!..9jtg.)0..O.......@H.............Yc..........ku)4.8..j. ............k.....z^A.WY..]..`...[})....kv[ZZ.........JJBJJKRRR...AB?...ZRP[ZQJBB................................................KBM...............=BK.........[Q`............RR[...AJJ......BJA...QZ^{c..........RZQ..............................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:55B347279689E3119CDDA4C983515C87" xmpMM:DocumentID="xmp.did:62746F88972111E48817DA7C28E5F390" xmpMM:InstanceID="xmp.iid:62746F87972111E48817DA7C28E5F390" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3A754
<<< skipped >>>
GET /classic/04/411.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: widgets.amung.us
HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Fri, 30 Jan 2015 10:53:10 GMT
Content-Type: image/png
Content-Length: 1487
Last-Modified: Sun, 13 Jun 2010 09:03:09 GMT
Connection: keep-alive
Expires: Sun, 01 Mar 2015 10:53:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...Q...........p.....PLTE...rrr..............................ttt...............ppp........................zzz..................\\\(((...555.'-...000......EEE888...---AAAQQQ===}'*h$'XXX.&,.7;.7;RJJ.#'.& [!$.\_.&,S..2. .' W=>333fNO9%&kKLNFF.UX .EJ.UY.',$$$.QU2((.KNJAAZZZ.MP{%(.KO...^...EI....@DN')|KM.IL= !&&&~' .UY;()<<<eVVN()...9...IM. $.JKMMM222y\].IM:'(:::.KO. $.KM.',J89VNN_FF....@E.' ,"#k.!...s. ..........#(F==,,,...$...RT.QU&...&,nnnS89xxx.EH@@@rJKX.!.\a....<@`&(.IL~NP^^^.<Akkk...J#%___.\^.QUeee///...E().@FOOO (..lVV.VW>>>lAC...111TTTcccbbbSSSmmmUUU...PPP.!&.',IIIaaar\]WWWBBB.& LLLGGG.'-CCCggg.%*ddd```]]]YYY.7<999fff???hhh.@F.<B.EJ.QV.\`.UY.IN.KP.MRjjj[[[KKK"""VVV'''...JJJNNN%%%...RRRFFF...........tRNS.@..f....IDATH...wS.A....wATPDps.Q.1....{.....".......&%..0.....%.p...W.......{..0.d..r.....V..w}P.".....Zj..r.5Ern.N....../!.8....). B=E.......!..kF K%.q.O..M|&sG...h....o~.>.Qt.Y..6[.......}.w.EFD...........[.......[..e.Ek;A.....aP.rVP.@t..l~..u....\..lv.8.....{...."S.?.6....zO....Z.....0._.F.....K.....8;.....`.2......C.0.........I"@%Q......T.Z.o).M).._8.......Q...-=..S.)}.....HJ..$.....=`.@.....&.U"*..h*.(.'d......m.........7......0..zQ...2.......... .T.).O8xy.C.#..v&De...@.. ...w......[..$.H.........!F.8~.qv...\-3:...Jn..mo8.........|n..K....`o-..........^w........`X......11.xb.Q..BA....,..TYL&....g.4|.....$...E'....'# ...=.#.....9'.l........q.M..q.oh...&....x.g.(,<..q.;.'.{x~.'....c#=(..z5n..)......[.F{B..z.c.......s.?.<...2b.....IEND.B`.
<<< skipped >>>
GET /widtemplates/smalloutline.gif HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: widgets.amung.us
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Fri, 30 Jan 2015 10:53:11 GMT
Content-Type: image/gif
Content-Length: 439
Last-Modified: Sun, 18 Mar 2012 22:00:46 GMT
Connection: keep-alive
Expires: Fri, 06 Feb 2015 10:53:11 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
GIF89aP.......bM.nX.82.G:................zc.....z.UC..n.'-...00/...555.......................................!.......,....P...... $.di.h...../r..l.x..|..0..At....r.l:...T..F.."#2p....xL.W!.B.1 ...WyN/.#....(*.u..Lw}.x.CF...tw...........b.E./p....@yD....~...Kwj.}.q...wWY....`...V...E..H...0.35>....-....&.0JI6...8.9..rc...v..........b.sar2..G...}..<...!<x..Dtr..:v...K.1# . ..|..]E(..4....#.w!a*...b=.6[....%8.3_....`..%7.sini..1.B,......;..
GET /swidget/fapcfmodz.png HTTP/1.1
Accept: */*
Referer: hXXp://wm.sumohit.com/cf.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 303 See Other
Date: Fri, 30 Jan 2015 10:53:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hXXp://widgets.amung.us/small/03/328.png
Set-Cookie: uid=CgH9IlTLYpB5A3RreyyNAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=atta; path=/
0..
GET /quant.js HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: edge.quantserve.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
Last-Modified: Fri, 30-Jan-2015 10:53:10 GMT
ETag: M0-072a287f
Content-Type: application/x-javascript
Cache-Control: private, no-transform, must-revalidate, max-age=604800
Expires: Fri, 06 Feb 2015 10:53:10 GMT
Content-Length: 3028
Date: Fri, 30 Jan 2015 10:53:10 GMT
Server: QS
............ks.6..........I=lY......t.m.....e ....%.........O..v....b......W..E.P%.....9...........{....5.T.3yuq.D......<.h5..9..Z.!)g..9A....U........=K...|......X..4.Q...!.......y...yP'En.G...qvA.{.E.k.....4 V..|..j..O.Bw.2)t....M~.53@Y..l.v.....5.=......ou..[C..y..v.~.%..k'. }......m...=.l.....\...A'.....% "..A......." ....I.....Q.zN.|..3.r.....L.q.*...TD.h.;..Nh.!.."3.W3oq.X./.W..y..9..<.]...HX......n......q..QB.'Q..-.h..).Ib..|.uly.4...&.`y.[....t&....kJ.\..`....m@.UZ9P.P.&y...P;.$....Nw.G....9...=.....R%..2MjCszZ.FN...7..>. a.~..k.F....T....X..j.[.P/.<.u..6.WTT.<..O..V..2....w..V.....Fb..E.......... .Y..l.3k..;.i.0..{....:..v<...z.J...<..Bp#.@..7..f....c...n.v...yq.\.!#@.......y...-. .W......l..]Eatu}y..q.\...zv=.....Yt=..W. .......Wa..aJ.t..U4g..y.6........L.. v.2:.f .n.M....f...%....ry...K..:.x.K...yx.Z..K.b3.\\..r.j7..<.{0'.&.S...#."\$...x..4?*iN..!r........z...p.?.k.~In.....?.!.}.d*N.....pH5!k.(?...[D.r% .6iN.J.\..........s...Z\......R..S.....-%..F...._..U:#R:....../.....p3...-....?..G"..)....P.9...2....(..L......=q..O.*...;q.5..&..........iA{.$.....;..R.c...!)B.....U.t.B.....u.,.V.y=v...HD..~W-..0.w...Y.........>.....FC..cd..q........*9...-I....CN7)....d..;..(O.j..|i.6..9=$[Z.......sE.[ .<.e....l........lW....h....T...............t.t...u..'.......\..n'I>........eM.N%(.:.....Hp.........&...(F...../.E.#... _5..O.RV.....w.. ..5%'h .t_.n...I.#.i..Pl....4a...EX....-..g..='.4.&4m._..p..Ck...!.*o..6=/tb.e..o.....l-d@...}..Ea.\.}lJ6R..;.S....qs!Y...c.:U*:.(.....l.......,b...y
<<< skipped >>>
GET /banner_show.php?section=General&pub=586654&format=300x250&ga=g HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yllix.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.36-0 deb7u3
Set-Cookie: fc_286387=1; expires=Fri, 30-Jan-2015 18:53:09 GMT; path=/
Content-Encoding: gzip
4e1.............V.r.6.}.W x(..I.b..Q..r.v";m..n&..H..M.4....... )rb7..-,...g...M./f7./Q....~s.....}B.l_.2.M._?...P3h.YI...KA3B..0.......j....,.2......1..}}`..:......3..G.4...36....Q.4EF.g.._..B....g..a.9)...51.C...TL..^.=..#N.../.:..Q.c.n._.@.F....A.=h.....:.\gl|.e|.r.s:"nk4..!M.....Z..=q..e.AJo2...4..4..Ia..u.D......hA3..`.......... .U...Rk..Z.z......>.1[....q...l..xc.."....g\..T...v;'.s....;0.y.T.=b.s.0E......B$......^....r..[....S....g.p>*...u.3.........(i..H_.r..i.|...h^.i..z.v..J...h.[..;...n..k..N').{v..........~..5.p.].....u...\M...v.|W........u.n6O.v#.p....G<l.HQ.^.a...NC..a.2....d...o......#.Ne....YE...D.b!.1.D.H.sUdt3.RX.../4.1.bE.N..qmIKd$...O...wC...J...X.4..1....R.6.$.F6....k.E%"C....h..0.Q.S...dT......]..h.T@.FD.. 6.9r./...yA#.D.T....[....g...U...M...:6....6...(../R..u.Y.sT..#.R..vxh.r.7.-].m...B.....l.......E.{...Y..Jh..yo..v......~.3.|.>.9...k,.L~L.....5.....V... .D..i>..........`...(....)p..b..&....vv..C.A.LF.$....2..z....(.yh.d.(xG.G....I.|.o.F.H.I.H..sQ-.. z.......R.-A.J.,.B.R...,Y=...p...X.......:.J#p.|......gK....n..................@.z`.E.0 .]..,.JxB.....,a.:..M....Y......}.{....W..mM*...W.j...6.....~^k;h.H|...(..\......lz./......m.......;...Y$..k.}...$_D.............. ....Z.@4....Ar...">...q.=~.|m.O.........%......0..
<<< skipped >>>
GET /flash/jquery-ui.css HTTP/1.1
Accept: */*
Referer: hXXp://lp.showres.pw/flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: websource.website
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d21f0cd7a75f84a7363c8618f1a3423af1422615192; expires=Sat, 30-Jan-16 10:53:12 GMT; path=/; domain=.websource.website; HttpOnly
Last-Modified: Thu, 27 Nov 2014 14:50:35 GMT
Expires: Wed, 04 Feb 2015 10:53:12 GMT
Cache-Control: public, max-age=432000
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1fdb2e470534-YYZ
Content-Encoding: gzip
1440.............]m..6.. ....,.>....v#..........p...%...,.$z.3.......EUQ....I.V=.^.....E.'Y...O..d.V.....m.......z..R........2J7[..u}1..........N.t....,..j..s .J5.m...]%.m../.V.....?.I...lWw..F^M^.Rw.$.v....W..vU.?>..7yo..r.|YK...u .Fvo.n.l.........Z./.(.x..v.......^..|.:'....9F..sv2.:.(.a?N.}..^UeN..Oe?..Z.X...s..V.V....j#.._..$~..../Y..I..02.T/.....K..n[....._......q...c:8. .....\.....".C._.s..|9v..Ty'[).....1~U.Q...j.uL.....y77ob=..X.o..u...y".C..~w.....u..p.?av=.LF.9..<...f...9..e.U&..}..U.B^.)jlD......&.v.N....iv.t5...fk.<...A~.]`....~.lC............./r.....j.>r...N.x.m...N...>P.a.[.........R..*(......$ev....Y.e.......c-.~.....nu}(...9~.6.... ....s........M....eb...T.u.K....$.....*D!.....,..TM/M....=mv.j...B?..1.<s%J..Zr#AD.6.......A.....d...S.S...p..WNd......A.}u.|..*...R7.-rIJJ.@.....O......F.T...Y..h...S..0...Z..F....p........8R>..a...g.iUXh.s.{..<^....F.y..uM........[.......)...........|.._..8.[r.Cw......o.......^.0.|W../.&.....].#...y):a.U>a6LO...h%I..2!..........g.@.?>p..4.s....'.....V......X.i.....Z=...N..X.D.!|.....<.c`...,.....A..`..!..8..9...S...fH...(1Rt.~Me.. E......b0.G.L:A8..q..a....`@.....YH......L..aB0@>..y...^..}b.....I...X. ...u.....O.k.5.dl\?..1'U..F..d4.b,t..B2@Ws)`...H.../.d..J0.d...S@6Y]1....Lb..2.^...v.@Y.MU..f..Ku..x..u....EK.;i.]..."..NC9.......\./....R....X.I$c...$.1..s.....LC...O..X.i,c .r..X....r..B.....)2...:..8.....&......p..!..........h>.p..!...p..G......M....j]620Ww,..1..t]..j..E......H..t .'.8E.J....qDB\..H..A.X.......TD~....Zs.c.(.
<<< skipped >>>
GET /flash/core.css HTTP/1.1
Accept: */*
Referer: hXXp://lp.showres.pw/flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: websource.website
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d21f0cd7a75f84a7363c8618f1a3423af1422615192; expires=Sat, 30-Jan-16 10:53:12 GMT; path=/; domain=.websource.website; HttpOnly
Last-Modified: Thu, 27 Nov 2014 14:50:22 GMT
Expires: Wed, 04 Feb 2015 10:53:12 GMT
Cache-Control: public, max-age=432000
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1fdc3e690534-YYZ
Content-Encoding: gzip
1084...............n.8.Wt...`-...-c..8/.u6M.&........-.$9.....CR.)Q....H.R..!g.y._..E1N.w......L..~.".q..e.....|..,H... t.".M..Q...qD...(...G.a...$..n.)J...l.g}.|D.,Hp.h......8.X0{.T.1.....8.M(.b...F.......v..%......zg.@.....%.[..v..l...<\.D#..I.....!q.N..P.'v..)..u....K.au8...Lb...f.P.6.=.(2....M...o.ki`N......b.%..@M.:.6... .t.q.A5.".dZC...I..W.Q....s.C.A.W..c.E./8`..l.;gO8z-.].>.`.......B=.eD.....a0{wh%,.@.V.C..{5x&~2w...bQ....K.".I>...1.q.*...m.......,...'qH...R.=.^l..x.62.. 6dt........,_[.K.7]t..d(.e...Jn...>P....F..k..t...X.Pd.. ..b .....f,..McF.....k.V$,t..\I.....V?\..B.....Q6cRr.....!.}..\'].#T...$.....=h..e....>....;.....'.b.][..a.X(..........>~"..C......Z..Zy..l.d...a.....$..f.T.l..E...M.h..l3..J....B. ...h........Y).v.U.Y...H.&I!....EE......8..K...3cN9*.Fh.qS.X.. ...E>....d...pe./..p5H...j.....t4..o.Z5..m..".%....5~...Z.......]_^5'....n..^...o...=}j.-..i...'o.=...?..........N.o...h5>=.#r.&w4@.....g...W2....{.8m........x5:=#.......z..~..z..]9_......G...t..\.XozA.....M..|rA.4.<Cw........3.]..?.n..]..v....q..|{.....]...|./.._.o.......?......3...ZYCg..!0......7<y./........}..~.8....9y.,&/.{X.1...~.......y.... g.........~..:..........}[...........3|.k....~.>.. .32..St.3.`nG.....S..............v4.t@.....r}.S."{.....}..Z4."U.k.C..I.7;.Z..8....t...d....7...?....-..',|...... ....C#...,..1.........."M..&...)......j.....hW....u.;...$om..)...p.v..4...f.....,}.....$....H5,.<..)..'|w...."so.o...lu....v...V\g..@\.....}..m..@YF...gK`....x..q...5u..4...0..'.a#.w...i..\.*E...t......
<<< skipped >>>
GET /flash/html5shiv.js HTTP/1.1
Accept: */*
Referer: hXXp://lp.showres.pw/flash/ca.php?st_xh=NWRiZDhmZTU0ZjQxZGRhNzE0MjI2MTUxOTA5ODQxODQuMTA3&no_tr=YzhhZGYxMDU3ZjE5MzZkZjE0MjI2MTUxOTA5ODQ=&nr_tu=MzguMzgxNDIyNjE1MTkwOTg0NWYzYTVmNGNmMDE4YWZiZQ==&gaf=MTQyMjYxNTE5MDk4NA==&ca=MjZkNDllZjM2NjljMjZmMg==&cr=MzAweDI1MA==&cry=Q0E=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: websource.website
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 30 Jan 2015 10:53:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dee59d189370362192e85a18db36fe86b1422615193; expires=Sat, 30-Jan-16 10:53:13 GMT; path=/; domain=.websource.website; HttpOnly
Last-Modified: Thu, 27 Nov 2014 14:50:25 GMT
ETag: W/"54773a31-2528"
Expires: Wed, 04 Feb 2015 10:53:13 GMT
Cache-Control: public, max-age=432000
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b0d1fdc9e750534-YYZ
Content-Encoding: gzip
593.............WMs.6...W.IG G..I..D3..]O2.....:..X..!..@.......R$#9.....v.o.~.L...............k.:.m..6 ..<C..7.K..9QYy...I....1..-J...Uv...|..-.....5.....6..5...X~.cZH........u..rF.=.7p.....Y..,M...B7.....m...|i.W.....M..P....a..f*..Q..Fi)..(.e`4^..R......hij....*!..`=..*...c.9......J.i.q.........8..t....\<...X.U..B..r...Y..$..5x..a..8..........x.~.{qf.(=.:.QI...(.p..L`d8.K..gA@%..J.Y...!..0...e.........Z..s"J%.Z.Po ..SJr.h.{....((........S..s$..M.Ei.c..!D.C.iY.Q..b..t.....zS..P<p...8W..<......4.....K.z,....x...W...BT.&(.=.3f,.E....0s./\).E..c...3?.C..(...H...!!........Q&..~&J.......u.:.\.$.............z.M%.bT.(@....l./.q.Z.....@oG2.~....Exj...S.5./..<=....x..z.~...V.....G=.q.pA..7.'Q....86....6'...dp..H.J.......'.N....U.<Z.$.y.....hg?. ..}7..... .~..A.A..yK.w..{..Z?.2Dt@c.<;......l.K...i{.N..s.\?.U..8...-.A?d...MZ....?.......1O..M.Gq.....QL.....r.....en..Bi!d......<.9..$u...n. '6$....@....l...M.....$%...CY..A.)..R{z.....Lt.Z.>...|i....>.."....C.(m......u...q.b.7.\........$.3>...Q9tl6...d.B.7Ay.%.*.s...|.....T.'c.....n1(......vz..E(m.9.....(t.p.9..c.:.16=..K.....uI...#...f6;=p....z(.....L.........R..A..%....X..].....g-!... c{{./w.......M....#TU.o.K&............V.......4.L.....s .a]1..W..Cc/}..;....$..2Z..;N...n%h....[.1./.2.........`Ih.c.....=.U: .1e*hi..4..ZB....4.-...1.L.k...o.Q...A%.J.R.g8P.z..6.X.4]C........D...#.6h.v...., 0S.....hqd.....X.........@.k.Q....-..xT.....M....N7.............&.%U...(....r n.....0..
<<< skipped >>>
GET /-h3JUlSgQ-_0/VK1KLDMRMgI/AAAAAAAEPqs/TR8XRbZvbY8/s1600/00.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 1.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v43eac"
Expires: Sat, 31 Jan 2015 10:03:48 GMT
Content-Disposition: inline;filename="00.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:03:48 GMT
Server: fife
Content-Length: 27852
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 2966
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............xExif..II*.......1.......&...i...............Google............0220........d...........x...........X...............................................................................................................................................................X.x..".........................................W...........................!"..12BR.#AQab.qr.3.......$CSU...........T....%cs....45Dt..................................A.........................!1AQ.."aq..2R.......B.#r..3b..$C.%S...............?....jP.p.......~`...7.)....k..-..P.n.*.<..O.a....h....I.v.?...knS$.........5......v..]*tx...U.Kv...a...j..[..T...............k)MlpY..j....`.....h]&.......mo..1.V].v.`.8#..G.[@.....I_`..[..Q.. K........Pd......~l9.......rZG.P]..].hee..5...\.<w.9j..a.#0S...k...YY..nh.{...6K,..x..X./(.\......o.......}$"...,.W..O*/......K~5..:=......(....h.\...,......Ge.&..5.V0.g.N...\.sq....lc...I.....|....k..96w`..;..a.b..."....E......55......-.z.E...Po..t[}..=........n..|oWv.^[..H?sdm-.b@.F...i.8G. .V`J...`.i.....q..M.j]..4x.....[K..R.w..F.\...H. kN.Qs@(....U...I'......<\...c...I/M...-..M;......CR.H..[.G....V,/`7.Ri9...._g:.G.b......$@H$]..R'fR..*.s`.x...\F....V.M.Q...:.-{|.Xq..*|..E.. ~.C.B4<.M....lc.R}b..|...{...........]4.O..._..y......u........j...t=..5...(-...]I_9....U@%.kZ5...u.3.t~ . .X..MH..C...\B.....1mH.ur....;....f.l.....^...P;[N..8..%T.(...ovt...u....]C.'......o... .fm....IU...v.%r.....;.W.}.....o........nr~.......:.........b......wF....y......Z.1...0e._.75...|..A.<.d.C...r8k....{q1...P.
<<< skipped >>>
GET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img1.blogblog.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 27 Jan 2015 17:45:21 GMT
Date: Thu, 29 Jan 2015 07:52:05 GMT
Expires: Thu, 05 Feb 2015 07:52:05 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 475
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 97269
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR.............a.~e....PLTE...... J.4e.............u..l..e..c{.........................................................................Y}.T|....`v.`w.............................................................[q.............Eq....__^........bY....tRNS.@..f....IDATx^M.U..1.@...A(33.Cf....qR......"..@....*.v&.g...X.="6.Xz.$/".3.;.R\....Mb.((...J...R...pK.OY.0...Q......q.r3..r.v...b...j ..h.r....<._...l.}lY........o%....b..d,l/. .........N...ig.K.....IEND.B`...
GET /1/92a411bc23?a=4058140,2334836&pl=1422596427839&v=476.c73f3a6&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&ap=11&fe=1047&dc=1047&f=[]&at=ThRRGw4aREw= HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/1market.php?p=xVZnHcUvikLHCbJuoYbG3ZNh09IyjLo6iAYHWdR0mhLmmIx65IIiiZwliJaHGaFizwaiCII56xImiLImsRIWnYBivocjnIQli1OWiYIuiRL3CcJvwhYmXIR7opbjmIFstJZXSdIi6wISiM91yEdjXNF4kodjSIIusJICnLNxlUYTXNJzjUaDCOI66IICiZIiswIinIBjyFbT3YR2vYY22Y9wsYITjMo4iEaTHZRj0NcTDNo4iQfDSNw1iIZTmOxihVcz2YgkidOzjNAlsJIDmN1jvJYjmIl6sIZCSdIi6wMiCIwxiIbiWO9iiMa2WcxilwXi2I9tzNIjjIo6iITimY8jiJfyQe==
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon-3.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=2ad91fc44b8599d2;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 0
GET /b/p?id=w!psytrs8y6gmn&ts=1422596436558&r=trollface.biz/vote&t=Yllix media HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ic.tynt.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Fri, 30 Jan 2015 10:53:12 GMT
Content-Type: image/gif
Content-Length: 35
Last-Modified: Fri, 16 Apr 2010 15:38:20 GMT
Connection: close
ETag: "4bc8846c-23"
Cache-Control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
Expires: "Sat, 26 Jul 1997 05:00:00 GMT"
Set-Cookie: uid=CgUVZ1TLYpgj9QbHJrgSAg==; expires=Sat, 30-Jan-16 10:53:12 GMT; domain=tynt.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Accept-Ranges: bytes
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GIF89a.............,...........D..;..
GET /-B9TeChMS3A8/VLWjCCx4RMI/AAAAAAAESvc/KYmzd1Dl5gc/s1600/1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 4.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v44af8"
Expires: Sat, 31 Jan 2015 05:49:18 GMT
Content-Disposition: inline;filename="1.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:39:47 GMT
Server: fife
Content-Length: 23212
X-XSS-Protection: 1; mode=block
Age: 807
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............xExif..II*.......1.......&...i...............Google............0220........d.......................Z...............................................................................................................................................................Z....".........................................a............................"..#2B.!3Rb$1r....ACQSTacs......%&45Utu.......7Dq.....6E.....'dv..e................................=.......................!.1A..Qa"2q.....BR.....S#3br..4.Cs..............?..%..V.....^.c.XH.%]U............)S...&&9=.K..q..A.....se......>.e..P.z.. .D.p....Y..Y..q%S<...x.....<..P...v..x<.........................j```..........W`...q.p.J..v....&...Q........[..."E.]C..-....c.-%.W..%..BWZ...zNr...0..{LQ.A...d..l..`.}U..=.b.s.4....bBDBCy.. ..V.F.......C......7....]"..S:...L....d.) ".tB..R..>.0. ..,[}.u..S.q...X2..Ct.s...<B...f...E|s..r;5.zR..[M.O .X...\J...H~...Be....b.......L.l..\I1..Ze|....:..$....S l..qy.[.........Q.kO/_=4_G.u8.....r..f.../GM.N..%..,..svg...E.OfzK...e.:...d.Zr)...k..{.; h.....y;.......s.3=o..#...j..].....v.........#..b...t...@N$.)"8<..;p).p....8!...#!.....D..X... . DB, .u.C.#...C:i.....I...X.cbGc]..>j.......C...eN.f1KK.N.R...H.............x.p.T.7..qm"g.....mP......|...M....bW...............A......b...5.Z.^...d.m...T3!zu....?...W.-Ao.P.?..w....>.i~.....<5lgY9.d8.Z_......&y.|.".]r..%.L....u........rf/........D..>5...!....1.jj0.........n....OF.......f.....4...u.[.L.. .".m@......V....j...j.b-.&K#=.....R.<.b....g._O..
<<< skipped >>>
GET /-tgynBCYivZk/VMgdZOklr4I/AAAAAAAEY-k/qplcX1nppmc/s1600/a.jpg HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 4.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v463ea"
Expires: Sat, 31 Jan 2015 06:43:51 GMT
Content-Disposition: inline;filename="a.jpg"
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:39:47 GMT
Server: fife
Content-Length: 14591
X-XSS-Protection: 1; mode=block
Age: 807
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
......JFIF.............xExif..II*.......1.......&...i...............Google............0220........d.......................,...............................................................................................................................................................,...."..........................................W..........................."...2!#BRb.13r..$AQas...4CSTq.........Uc...%D.......5u.....................................<........................!.1A.."Q2aq......RS....Bb..3r..#$C............?......s...V.w...}:...%,.""...^R!...."W......igR..iSY....B...Z.._?R3...Th.Y.....a......~...Z........k2..J....r"."RDl^Q...#.....u....;......u<?.r..H....q.}~....e.8..ig.Z...go{.un..z..F{..8.l\y.)...q.NO...b...E.....f..`....B$%oM.%. }j....W...W.ItgW.... OU-......T*5.:QJR.R....(.)J.JT9...._....f.....r1..(n;..r.C{.2..|...U`J.u..g.I.V..BT....g../........uA.o.-J.v.m..~.Nd..5.j...n...S..{.!C....Y......g......!....H...V....E.c.N...$..X.*.....~....wR...ko.E..qLi.B...l.[.J..~_...x..o.\..W..\...8n.?.....U....]..s.p...|...i......0......|."........d hT..I..5...t.y^...^ .i./j.....k... \o......JX....2.A..\...j3.^i....k......~.......tI).3#...,..../......He.\...~..K]....|%a.....ooq].I-?<|.).}..W6...m.....L..rb.....c-{Bg..E.H...l7.".?1.U...o.vC.G.H......7...N%..6..<..<..`.5q.W........W.....H. ..`.|...=y.3D.....Y,l.Q.b. &.."Z....."c.....gR.OD...^.k....L.....)..%......?.=.%.h..Te........'|..7&.....l%...j.....#M4.e..J....B,^_W"_....v..$p.X>YS...)[/\....p._.......Za.9N/ . ..mc.~..?f......i.MkJ..yl..{....x.
<<< skipped >>>
GET /-2VhpOMtGi9M/VKq5K-uegYI/AAAAAAAEOzE/LGnSu074gr0/s1600/00.png HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 2.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v43b32"
Expires: Sat, 31 Jan 2015 09:58:27 GMT
Content-Disposition: inline;filename="00.png"
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 09:58:27 GMT
Server: fife
Content-Length: 98065
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 3287
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR.......,.......k.....sBIT.....O... .IDATx...y.eYU'..>..{..^L.S..SefeVU.<1#.6.."*XP8 .b...r....v...j..@&....b....2..y......9..x......?.}.Y@!j..'..x...w.=g.=..o..3..C@D.@...Bba.....DT.@@ ....h....D...4..H)J.TD......1!.a... ..XkY.Y.....YDD EDZi..F@...ZD.;.......'..FB..N..,..Z..9.F$".Z[k.H .6-....,3./$".`v..HJ...41....@............*RJ._1...]..@...ND.u..O....=...O..z....D.]..W....w...g......P.uR..N ....v...D$u."Z ...9.00D........D..A.]WH.E.......J$[....B....1.P.Xf....)[5D...^.$.....!k.....P.......ED......E.1.....RJ....""...f.t~3..I..3..... ........03k.....&...M^D...8w...36......K.?C,.........x..C]....Y....cW........2..l.D@D....03...s.......?..T...h...ED...s.......X..9{..~..M....TvI...=.."*"...'d. >c.Q.r...... ".Z........Y.........E2...J)E]...=""...........u.....R.@.9...........6.... .t..*EA`$....R.....E..8..L.Jkd...'"..8..RJ;.,'...QJuU. .. .....Z).%....t.. .......!.Q...3 T. ...U).p....D.d.....3;..P)......".B..=."R..U..=..........q....iA@....A)M..!"e...)...?..P_......U.....O}.-...........3;fQ@J.L..j..U..E....n.9....:F.m........!.8....w:1. b....3....=.r.hCD.5}....PW,..)R.....\.~;fR.XR.:fB ... .5.....v.Z.......WN..""..cD"...... Y.A.t...._...C. .o..@..A.5_.....<.p_6(I-H.$..bf..DDD.9g.)..Z..R..$i..q.z;.W..Z.1.7...o.RJ)..i..6....1.w...*..HX.s ..m6.......yO...>.R....K.%...H.R..G!R..H!z....Z...E..@..........^iu.<.V....O.....1;R.........x...U..I.>..G]..g....)..KUv3m.%$..?.0;.Q.f ...........7..A`.IiB@....."Z.....s...."...hB...U.....bv...... 03....W..........I...P!z.....9...Hu}5..03.#RJ k..
<<< skipped >>>
GET /-vm21KdojIls/VMQP8OWvjNI/AAAAAAAEXeA/8wj2VMb764k/s1600/unnamed.gif HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 2.bp.blogspot.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v45de1"
Expires: Sat, 31 Jan 2015 09:07:34 GMT
Content-Disposition: inline;filename="unnamed.gif"
Content-Type: image/gif
X-Content-Type-Options: nosniff
Date: Fri, 30 Jan 2015 10:09:53 GMT
Server: fife
Content-Length: 102349
X-XSS-Protection: 1; mode=block
Age: 2602
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
GIF87a..,.w..!..NETSCAPE2.0.....!...,...,......,...j....t..dfL...4...........l.....$.4l.T.....L4z$...L........\.4...4.D.....$D.,..4..T.....DD.$..4......|.l......T.....L.....,.$............t.dD.4Lj......$$.4..lD.$...\.D..4...T.<.........<.$...l.,.....T..TTr,..$T.D...D.4..tD.,.....l..4.....,......T.$4n....,....$......<.4.....L..,............L.,..<..l........t.....$D.$...<.$...|.,...T.<dv......$4.4L.$.....4...........,..Ldz4l.L..|L.,..,................................................................................................................................................................................................................................................................................................................................................................................................3d.!......*4.0a...#B....D../j.......;..I2.I.(K.<..%.. .6..f...2o.....A.<s...S.O.E..E...Q.=.....)P.I.....C........k..f..U.V.Z.m....W.\.u.........%.........r...q....?v.Xre.H-g.|Psg..'{.}92h..M7n...D.l_K..W.m..c.....m..yG....A.6..........?...yN.....^}:...SG...}<....g@..!X.uwF.X<.|..3....?~....T~.~.Xm....e.)...'.P..^x.G. ....J.Q..6.Q..>...........(....x..d)HS.H....k.PC._..`...h..k.......A.O..F.k ...,J..@H...MK.Ed.,.....Ia..K".%W6"..~..... t...P....<,Q..#....j8...5.AP.>....(z...5(...5..DP..t....x.a'd.&.5..cM>|....a.qe..-... ..C..J.i_O*.F..F.B...TSM^}.Um.j..|..'..#@.........z[!.Z. .sidP...A.d.1....>d........5..G._....5..c......H.... .\..(.......n.N.;cD9j....&...N&|..v
<<< skipped >>>
GET /pagead/js/google_top_exp.js HTTP/1.1
Accept: */*
Referer: hXXp://lindaikeji.blogspot.ca/2014/08/b-red-releases-flaming-hot-new-track.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 5892566358262920700
Date: Fri, 30 Jan 2015 10:03:18 GMT
Expires: Fri, 30 Jan 2015 12:03:18 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 2665
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=7200
Age: 2996
Alternate-Protocol: 80:quic,p=0.02
...........Xms.6..._!q22P....wg..&r..M......t..._N....d....]..(...3........< ...[DiB..Rd...a..8.....KWj..o%.s.=.... B.l5.e...wJ%.5.A:[.g.XdI.-.8u.r.0..fc.......nH`.jY..z......4.Z.6......Z.....zZA..l.V..7..7i%f".Q .4.4.."...@&..,...W|......R..#...........v.{...X..e...k...s..........!G.6.D5..........m.y`.A..T...?J.M.l....%._t:. .NSp.#.y.z..(....`C.`.|.^.%.........b.......[.U.IK{.d/...R.^q.`.. .;..L........K......zO..X.e......Z...s..-....8[.-2......%c....5D..!..=...td.&_......v....o......._.kS.I....A..~..'.a.....o...8..l..\..SQ.Wp./.M.EI@.P.......|._....-..~..%.}/.T...6q.o#1.E...~..........<..$........M.....q.....<..b..ea.V...._."4g...f,...YX.(s.B.e..q...v.. 1.F.....yX.g....... ....\...O.`F..x.a.^...|..%.<..F.o...............2....t7..zl..-........2)..Y.G..Q.....B....P..c........3U..l..L..v..h........2p.N...r.U....:....{gP..TwJ..Q............8.......( s....bE.l....e.B.......>..4.l....9=.7...~'F.<5...C5;......;.2..U....h....n....}xl.)6.....".]B..*....p...........Dp......l..?...)V/.. .E,....Z....uw...2.V.[...U.......c:.....y.b.v.....G..7....X...H.................sY.a....8.M...9.)o._...Z......._..{.w<\]..MG..\&.9D.....&.0.v._..T...#..c..C.<z..75.Y.o...n.u,.e...".......DG.T...~......"^H0....9...... l!...^.R9...N.9.r.6....d.?.V.la..!.t.x.....4..nAh...: .c.....t..3.q...E...4.C.q/UT..{ #..p......qh......P...X...{...."..{W..<.h..*.>"He.v.Z.Th.......A...".`..lB..~...8.....h....|v$.......9.....L..@a........1...N...h.e...7....n.5eL.U&...c4a...A ..I!..9.A..FW........(!.81....#.....bn...i..Rx.....
<<< skipped >>>
GET /pagead/js/lidar.js HTTP/1.1
Accept: */*
Referer: hXXp://ad.doubleclick.net/adi/N7928.354842LINDAIKEJI.BLOGSPOT./B8074030.110392544;sz=728x90;ord=[timestamp]?
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 4130157043356533555
Date: Fri, 30 Jan 2015 10:05:25 GMT
Expires: Fri, 30 Jan 2015 11:05:25 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 20280
X-XSS-Protection: 1; mode=block
Age: 2870
Cache-Control: public, max-age=3600
Alternate-Protocol: 80:quic,p=0.02
...........}iW....w~..f...16d.../ ..@HBf...j.....L..~......E...7.%.<...~.r(g....~].....]t.l.m..~M...d.z5.&..5.....K!..N......^..G..K........n{..Q.m...~...M..bzDi....Z06.......T...q:j...J.F..T.<.c,....jw8....d.....T..../*.9.B.So..H.B...h6.:....l..v.R..P.5..Z...;LF.-h.4.....Qs(.|../.q:....j?.vf.....0I..a.xkY,..L.........hz......!.Zy......06 nk............&,*k..zo.,.......6.&.%.k....8).".e.,.8.....`......5....d.ySZ>N.....[*v.fe...c{.,......uAmG1...J[..-..LZH...*..../.1,|&&....l.mh/...Z...b2.^=.L.@.........&'.......V..3Y.........(...S]..R..I.......,....%s.d.........T.#...Q_. .B ?..gzs..`(f..tU.....T.m3....98..)...h%.o.......K..f7../..%.Q.Q.81....&fiu8......2L.W1~A..B.. ......t....&(...ai.$...4}.?.......*s.vo..<..n.._...C..t.......PdS.....>.ISK_0o]...@.b.....L...%~..x..;e....*&.a.......Z*{...g.....7..R....F...,X_..u...<w.9..Sx....s.......X,.~..&...<..jm...(#S...A6.~s......_.J.~.....,......V..z~~..9...'*.^p./..-.e(..k,.]..Z...b.......D....q.'.....@......w}....:..._=.4;-.A.........sp3.=..<...........3.Md....k>..7..{.|...._.........pC.....%W..&...I*z@...JY71.Z8..iz4.......Q..$7:..o..2......*.&`..,./.@R.0..`K....4.r'nl.C.4n....#'...I...(.g.l.M....Ri.1...c u........u.... .;hL.y.a.N.h.D!(.........&..W.V...PU.@.K....I..U....`....F4.U...D..#.....|..<...N.......dG.?.....$m......-Sm.F.E.Z-....]@Jy...\@p}a.8...NA...,N3Bj.~...)m...j..A`0_...*w.....1.......G..........x6.v..;..Q./.)..6@..b......t a..u.~.&...#.....$..%7p..l.H].....i..\..=.Ng.0.4..|J<.....bg3!/(..z....!,&.t.mie.t0.J.......L.\...S'-.
<<< skipped >>>
GET /images/premium.png HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yllix.com
Connection: Keep-Alive
Cookie: fc_286387=1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jan 2015 10:53:10 GMT
Content-Type: image/png
Content-Length: 624
Last-Modified: Wed, 06 Feb 2013 02:57:31 GMT
Connection: close
ETag: "5111c69b-270"
Expires: Sat, 30 Jan 2016 10:53:10 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
.PNG........IHDR.............o.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...Ah.Q..g..5.Khh z..D.B..'E....e.Az.).,..z......^JO.. .....d. ...-b)...AJZ...4.v....zH...ofv....]".3`.\...[.O.~...1_k4$.D......1.. !y..kp.q..u....`.h....H[..r.^.p..v.O*.\.<.h#...Y..`*..O...>].o"......H$p...n.....E.em.@.{G..........F...rY..b.......J."c.?.f........W.~..D=.7.(..-.4)..{y.vw.T"..:Mo7..Ws.....1mn.{.m.......iR"....~..rN.im."...^.-.t...`;..v.d2....T,..%.l...VM...w.iB_..j.z...&.........O.WLC.....v...K....6...8......:M......`.......b~...j...#...X...w.?....-X....!4.L&.TU.T*.w.%.|@.u.x....*L.....=..'...?....bG........J.......IEND.B`...
GET /pixel;r=631760284;a=p-EMbv-yy8jFpSp;fpan=1;fpa=P0-1475998630-1422596435355;ns=1;ce=1;cm=;je=1;sr=1024x768x32;enc=n;dst=1;et=1422596435355;tzo=-120;ref=http://trollface.biz/vote;url=http://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g;ogl= HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pixel.quantserve.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: close
Content-Type: image/gif
Set-Cookie: mc=54cb6296-e5c68-98ed7-9e5f9; expires=Sun, 31-Jul-2016 10:53:10 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Fri, 30 Jan 2015 10:53:10 GMT
Server: QS
GIF89a.......,.................D..;..
GET /nr-476.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/1market.php?p=xVZnHcUvikLHCbJuoYbG3ZNh09IyjLo6iAYHWdR0mhLmmIx65IIiiZwliJaHGaFizwaiCII56xImiLImsRIWnYBivocjnIQli1OWiYIuiRL3CcJvwhYmXIR7opbjmIFstJZXSdIi6wISiM91yEdjXNF4kodjSIIusJICnLNxlUYTXNJzjUaDCOI66IICiZIiswIinIBjyFbT3YR2vYY22Y9wsYITjMo4iEaTHZRj0NcTDNo4iQfDSNw1iIZTmOxihVcz2YgkidOzjNAlsJIDmN1jvJYjmIl6sIZCSdIi6wMiCIwxiIbiWO9iiMa2WcxilwXi2I9tzNIjjIo6iITimY8jiJfyQe==
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js-agent.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: IPGgWlaMkm7vqpwaNMM6LCVEcUway5aIDCMrISBYqdlzi/wlOHX6WHeJ1A1v5L/P
x-amz-request-id: 1FD492465421D709
Cache-Control: public, max-age=315360000
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Tue, 30 Sep 2014 18:19:08 GMT
ETag: "d131658362c40cedda15546bb81e9644"
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 18146
Accept-Ranges: bytes
Date: Fri, 30 Jan 2015 10:53:04 GMT
Via: 1.1 varnish
Age: 10496935
Connection: keep-alive
X-Served-By: cache-ord1729-ORD
X-Cache: HIT
X-Cache-Hits: 48790
X-Timer: S1422615184.627401590,VS0,VE0
Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l("bstAgg",[n,e,t,o]),m[n]||(m[n]={});var i=m[n][e];return i||(m[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,c(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?m[n]&&m[n][e]:m[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(m[r]),t[r].length&&(e=!0),delete m[r];return e?t:null}function a(n){return"object"!=typeof n?[]:c(n,function(n,e){return e})}function s(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),p[n]=e}function f(n,e,r){var o=p[e],i=p[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var c=n(1),l=n("handle"),d=n(2),m={},p={};e.exports={store:t,take:u,get:i,mark:s,measure:f},setTimeout(function(){d("bstAgg",function(){})},1e
<<< skipped >>>
GET /images/tags.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:42 GMT
Accept-Ranges: bytes
ETag: "541cd139553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:07 GMT
Content-Length: 2960
.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /upload/t/1056.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:51 GMT
Accept-Ranges: bytes
ETag: "d9ac543f553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:07 GMT
Content-Length: 107151
.PNG........IHDR..............e4... .IDATx...y.\.......V..i_......"@...`.i.=.....g^......z..O...<=~...c{.3...nc3..2f_d..6.Ti.R......r...yo..............7"N.8.qN...x..G%.t.*....*....x.M'...@....}M..e......xJ....L...b.-.\Qg..\n..=..*'.U..AJ..1Z .......X4...$b1=.*.K.......$.)e.......^.*6....^4/.......3..}.8.Q.BQ...^$...!g..dx......D.=.I..=.W.o.FZ..F..D...W>e-M.VZ6.."e&....e.0/.@J....1.?...yk...L<.}?.?.;.. _...6.k.eA..<g.....s.M....|.....&J..........t.|..'...wW.S.hu..f...r...28../?........b..$......[.....1v.....l.0.P.]...@......l......P.,.....d.....;.N......c#.U;.-.p..k3Ai....477gX....!?.|...3.</.RJ.....Ov`sy..2/..nFF.I.T..$5UU8...|...7.a."-.......................".4z..mL.b.)...N..XU.! .Z.....HY.E~s|...hVA...LW..."....E..R#...o`I]y:.L...`..t!.J*.,....X....,..B....A..ZN..,..`....u........).ir.?...9}MK.U!B.EcY.S....gBd..Y..i...S.....P......c\...1."...)2...f..h.....<K. rM[:^.......Q.......-..\..j....ch|N.?....J..[..N.P_....800.....B......6...z.0.H......r".$....$.!....jZD..ahhi.S...........P..BI<>g.@14X]9.%*d....#E..........$. m.......uy......O..s.......o..!...#.5.3.?........F.6.Ct.`D...3.r.ih...o...z.o.#V....:N....*................3..I..Z....n.L.Dimke....SI}....n..M.X........p......z.3a|>O..Sqf.I.|n.I.23....N7.l..Ef.. p.]...y..XU...d.e5.4o.(r.... ..P...t.O.vi.-.......P..=.b........AJV...Q....XVe...5.....).g$...s...V...&b4...1...OW........u.7fTl.f&..^...`..z:..i...,.."k.3e..&.c8...9.d..{b.u.....h&..lF..7z..e.".`Bf..1y...z.1.E..f.y.$R.L.*P..m....\[.....V9.*....IDB.b1...Q..}...X g.4.V".R ......
<<< skipped >>>
GET /upload/t/1055.jpg HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 28 Jan 2015 23:50:51 GMT
Accept-Ranges: bytes
ETag: "e04a523f553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:08 GMT
Content-Length: 137138
......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?............ ..=G...<..I..A....t.....^..<r1....q.&..:~]...G.Q.....01...s. ......9. t.$.x.=...n..r)p6....w..0p0.O......{..8.8..~{d.....8.$.dz....g9...O......A..&....c....8.......<.9...OOb..@E........~...q.3Y....jo.X].........r.5.N1.. ..\r..8...v...uE89..pN:..Q..:.c..py.^...S.e..~)..|"..h.:|.3>.,...$...I......w.,....yE...7;Wi~.....3.u.O..$.7..Z.Z....Ux..xq.|.m.@'.pW.. ....'.....m.....k.B...U.....3.2I.N..#Z.i.5....X....t.t.........Wi'xtmo'. o....W. \.i.[[....X.$Y$..f..T.8... .....~.i.x[......g...J...f@8#.b.8.g.........Ok..>.KnX.*..F,U.. .`g.........'.E...[......dvx......G .z.....i.U0sII......K}._Rd.....'}n....c...5..ss".3.;>6..P...8=.....4.e.._.A.[...M..E.;.Y)!0.x..r.............>5xf..{G...c.S.]....;d..{...|....z....k[F....j..,NxQ...q...u`.QU. ..i.........(.T[.4.iZ[.....WZ...M...p..<-i-.....@....*r.....A.........u_..
<<< skipped >>>
GET /images/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:42 GMT
Accept-Ranges: bytes
ETag: "e3e1b639553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:08 GMT
Content-Length: 8673
.PNG........IHDR.......P......%....!.IDATx..].x.........B.P..@..b.!...BHBW..&E,.........R..'..D..D..%`.T@).`A...NbA....9....w....&...;..N.s....sCB....?$......{BB.:..[....LI.....j...Z..........LN.d\N?.......i...I.m..K..\]../..u...k....VW.n7.Lt~N............y.....;......@.=....r.>...u...Y.F...k....urj...^.V.......\.q..5..T..4-44&..9.....6..Q.N.;.5.f.5.D>.........}..G:..G...<..S...]....^s&;.1-.:ujr"3.....h.D:.....;....E..6|......M..._gg.=..c..v........C.Pz...i..~.>...q...Y..v...(/..Ku].%..(7..h.. ...)......={..B..........F..p....{...].'n.K%...pa...../m....%*...>.:.v.......99...UR..W_.$...#.....I.:.~.....u........k.[.V...o0^.w.....}....B.C........1.U...}*(.....q;.G%.k.!.\...w..8..!#.@T...$ ..N..%.....G.h.._...,B.k.=..mw..V.....{k.k..m..]..g.\Zw..S..g..N...\..m..C......JHW!UD.P.F...^<q.F.....F...^.*..A....=.#rS.l.B......}.d..^W... .H...=.z.....}......@'................$lws...m]...E.....@....4...(}.....jHU...`.`.B.W..sA.k...g......Iz,.&a[..F.,..P..p...s.sf...v~p..j.....@.....e.\....R...U.=...E@..i.#.......'.q....!.D.E.[1....X\.......E..."..x1X}.m..ruM. ...W......Aj...f .....}..=.h.X.....h.0...<..!E.`.U9b....................qs.F&.*V...../...F.<Ki...#3..q......H.*.k...U....I4.....E...*. .3.....{..W..F;...H].:!. %".....E%Y3..zG...L..;...r...../:..1H...!.F....b..r...?0`...........KK...=~..H..}..#...rAA6..3. ..6...^...Fm(M#..D'uDk ...\c...0.. .-...2.9.,'....?L....@......zI.-. tRG.,..\P.. .......]...!.x=..R. .n(.0(.../@.''4.^.....y.f... ..T.".....u-..9..7..Nt.. ..e.tYpa.n...0..Q.b...S..a..'.:%......
<<< skipped >>>
GET /images/upload_icon.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:42 GMT
Accept-Ranges: bytes
ETag: "eaa5da39553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:08 GMT
Content-Length: 3603
.PNG........IHDR................&....pHYs..........d_....OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /images/buttons-white.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:41 GMT
Accept-Ranges: bytes
ETag: "32809539553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:08 GMT
Content-Length: 3475
.PNG........IHDR.......w.......A.....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................LV.....tRNS......`.@.. 0.............p..6...8.M.....L.....P....*....,....b.Z.d..........~.).....................^e.1!.J.f..F.B..]....4....C>.K.3suwR........y."..5?.A...Wr9..$_ .2..T...i./.....[.zvE.NYGl.<.m..|=...j...Xx.:...{.'cnS7#-;..(&q.V.}.khH.OgQ.to.u0_...sIDATx^...S.....yfz...$....'@P....B..q....m6.QwYVVV......}...=.O....wk..w.nU........3.T...~...h.O..z.s..,.."....AI..xcO.%..*..X..Y<........M..@.$...0Z.....PP(..X../A.$.P..J._..F.........M.~l.a.........<TODBvM.....,. ....m;1j.*.R..."j....\....1(...YX.e....$.Cl.R..(B.e(.......N..f7.ri..[5J.|....}9.%..7.\h.(.v.X....DR.NwC.4.4!......op...eFD......D...H .F.(....X.J....>.8.O.,..C.{......R'.N.....!a.49.K.IBW.WP.PS....*!a..rB.z.Z$O.....n..g.#..~.....=....7..'"!..q..{...kM.$..Wt}....gj.U...
<<< skipped >>>
GET /images/loved.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:42 GMT
Accept-Ranges: bytes
ETag: "3d44b939553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:09 GMT
Content-Length: 3128
.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /images/google.png HTTP/1.1
Accept: */*
Referer: hXXp://trollface.biz/vote
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: trollface.biz
Connection: Keep-Alive
Cookie: PHPSESSID=a4to7ljqbg40qd3f1vuu9iu8j0
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 28 Jan 2015 23:50:41 GMT
Accept-Ranges: bytes
ETag: "a9cea339553bd01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Fri, 30 Jan 2015 10:53:09 GMT
Content-Length: 2111
.PNG........IHDR... ... .....szz.....IDATx...k.]E....Yk......iO/......B.. V!..Pk$."V....."..1j41.%..%.......@..!.".K.P..@....s.>....^k.......E.b..J.L.f.z.y.......G...?^y...zJ..`..5.....O...........6.....Z...Wv.......9....u......K.....0@i..-.8.O2|..Z.D........90|..........l..s..7.t.N......Ai.J.F{A..........iF.....X..u.v..n...:~?...5}.[U.......#..u-0k...*.E.V..a..8.w../>-......r....7.......@.J....G..x...m....6....Af.......`..MP.[.......<...tu.ZW...x..8A...v.5.)%...d.I..[..XOj=KTp.I.l...w. ......Y{.=K.7....."..>..m.$E.&....A...A..K...#....1.Ux.....Cbk.H`..K...v.E3v.....F.M....d.R..... O'.7..$.\.)LB.@.Eu9T.C.xt........:..?.?..Y...w...~..:...^.q.M....0.....R..."w.:..WP....;.~y.d.....E..m@kAiA......Lr..W..|r..~....]xIyy..&........;c\.1.$.._.*..~....<.z...R^:..m8..]..%_.\.DeO..!*Z.bFTp.yK.9.".iC^...l.&.1..7.n...#\.........B.R.!6...|F....}j..{*X'(<.z.q....l.oY..Bf....W0.A.AM)(..aF7.........^....r... ...\`....$#.B.....W..._..d.%nZ.FF.Z...C....$..o.t..m.ck_...Z3..&..L`.(u.0...Y..k....,.....v..D.SG......f ...9.....Y=.._@....^M.Rs... .z/.BZd...`...V.p.."F....Mz.......]...N....z.P......5d...q...J..p.wJ..v. .v.[f...Q.R.,.T0Jc.B..........d..'...H..L.......*.r..).i...r.b..'.00(.....EH...i....m.:~../.......\b....<..l...r.|y...yF......i.8m.H..I...`|...Y%N.~.i.....p.*j5u.9.O....K...o.e\9Z0E3k....\~V?s....q..I..F=.Q.U..?.....O..........Q..xg.T..$el......R4.oy.g...[c....foc.}..K....x....F*..q....78.o^.....)5..R.iC.(........ks.#...8..m.~...M./.?Z,..E.Rj..B......b.<..kW...eTj.c..R@....#?g...S.p.......l..(....m
<<< skipped >>>
GET /pixel?id=2085077&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1 HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ads.yahoo.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Fri, 30 Jan 2015 10:53:12 GMT
Server: ATS
X-RightMedia-Hostname: raptor0965.rm.ne1.yahoo.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: B=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: B=db2h2placmoko&b=3&s=mf; path=/; expires=Mon, 30-Jan-2017 10:53:12 GMT; domain=.yahoo.com
Location: hXXp://ads.yahoo.com/cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Vary: *
Last-Modified: Fri, 30 Jan 2015 10:53:12 GMT
Expires: Fri, 30 Jan 2015 10:53:12 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Connection: keep-alive
....
GET /cms/v1?esig=1~553f012f6017f84fb8f957add36d12baf65ffaee&nwid=10000710111&sigv=1 HTTP/1.1
Accept: */*
Referer: hXXp://yllix.com/banner_show.php?section=General&pub=586654&format=300x250&ga=g
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ads.yahoo.com
Connection: Keep-Alive
Cookie: B=db2h2placmoko&b=3&s=mf
HTTP/1.1 302 Found
Date: Fri, 30 Jan 2015 10:53:12 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: hXXp://um.simpli.fi/y_match?xid=OpUesktx0bnS1._7RUN1UBwx
Cache-Control: private
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Age: 0
Connection: keep-alive
Server: ATS
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_332:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t(j.Xj\f
t(j.Xj\f
SSShp
SSShp
^SShq
^SShq
9.vpSW
9.vpSW
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
COMCTL32.dll
COMCTL32.dll
SHLWAPI.dll
SHLWAPI.dll
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
COMDLG32.dll
COMDLG32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
GetConsoleOutputCP
GetConsoleOutputCP
WINRAR.SFX
WINRAR.SFX
zcÁ
zcÁ
c:\%original file name%.exe
c:\%original file name%.exe
:(,4;;?@
:(,4;;?@
3,45657879
3,45657879
8888888888887
8888888888887
version="1.0.0.0"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
Maximum allowed array size (%u) is exceeded
Maximum allowed array size (%u) is exceeded
rtmp%d
rtmp%d
Crypt32.dll
Crypt32.dll
GETPASSWORD1
GETPASSWORD1
sfxcmd
sfxcmd
%s %s
%s %s
%s %s %s
%s %s %s
%s%s%d
%s%s%d
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%s.%d.tmp
%s.%d.tmp
winrarsfxmappingfile.tmp
winrarsfxmappingfile.tmp
-el -s2 "-d%s" "-p%s" "-sp%s"
-el -s2 "-d%s" "-p%s" "-sp%s"
__tmp_rar_sfx_access_check_%u
__tmp_rar_sfx_access_check_%u
WaitForMultipleObjects error %d, GetLastError %d
WaitForMultipleObjects error %d, GetLastError %d
Shell.Explorer
Shell.Explorer
riched20.dll
riched20.dll
riched32.dll
riched32.dll
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
Extracting files to %s folder
Extracting files to %s folder
Extracting from %s
Extracting from %s
Extracting %s
Extracting %s
C:\PRo
C:\PRo
Enter password
Enter password
&Enter password for the encrypted file:
&Enter password for the encrypted file:
Skipping %s
Skipping %s
The file "%s" header is corrupt
The file "%s" header is corrupt
Unknown method in %s
Unknown method in %s
Cannot open %s
Cannot open %s
Cannot create %s
Cannot create %s
Cannot create folder %sHChecksum error in the encrypted file %s. Corrupt file or wrong password.
Cannot create folder %sHChecksum error in the encrypted file %s. Corrupt file or wrong password.
Checksum error in %s Packed data checksum error in %s
Checksum error in %s Packed data checksum error in %s
5Write error in the file %s. Probably the disk is full
5Write error in the file %s. Probably the disk is full
Read error in the file %s
Read error in the file %s
ErroraErrors encountered while performing the operation
ErroraErrors encountered while performing the operation
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Extracting files to %s folder$Extracting files to temporary folder
Extracting files to %s folder$Extracting files to temporary folder
=Total path and file name length must not exceed %d characters
=Total path and file name length must not exceed %d characters
Unknown encryption method in %s$The specified password is incorrect.
Unknown encryption method in %s$The specified password is incorrect.
Cannot copy %s to %s.
Cannot copy %s to %s.
Cannot create symbolic link %s
Cannot create symbolic link %s
Cannot create hard link %s
Cannot create hard link %s
9.9.exe_504:
.text
.text
`.data
`.data
.rsrc
.rsrc
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
Facebook: wWw.Facebook.com/fappro
Facebook: wWw.Facebook.com/fappro
ieframe.dll
ieframe.dll
WebBrowser
WebBrowser
C:\Users\JAMEMO~1\AppData\Local\Temp\RarSFX6\AutoPlay\Docs\Portable.VB6\VB6.OLB
C:\Users\JAMEMO~1\AppData\Local\Temp\RarSFX6\AutoPlay\Docs\Portable.VB6\VB6.OLB
#C:\Windows\System32\ieframe.oca
#C:\Windows\System32\ieframe.oca
ShellExecuteA
ShellExecuteA
user32.dll
user32.dll
shell32.dll
shell32.dll
kernel32.dll
kernel32.dll
PSAPI.DLL
PSAPI.DLL
ntdll.dll
ntdll.dll
VBA6.DLL
VBA6.DLL
sKey
sKey
.yGma
.yGma
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
C:\PRo\9.9.exe
C:\PRo\9.9.exe
OMUdP
OMUdP
D$(.cD
D$(.cD
lG;crT*
lG;crT*
0%DUt[
0%DUt[
T$ `h.RXz
T$ `h.RXz
8u%s\
8u%s\
#.vv/
#.vv/
a-zE}`
a-zE}`
aV%c
aV%c
.BY!_4
.BY!_4
.yT;[
.yT;[
EJ.vyW
EJ.vyW
%sF@t
%sF@t
>]%cV
>]%cV
4.mQz
4.mQz
D ~[-b}
D ~[-b}
.NcKT
.NcKT
2%S~jG
2%S~jG
;x.zi
;x.zi
0 0
0 0
USER32.dll
USER32.dll
#c9%s
#c9%s
xw%x\R^4f
xw%x\R^4f
cKERNEL32.dll
cKERNEL32.dll
[]%xP
[]%xP
R!eC%c
R!eC%c
.RU:K
.RU:K
\,%6U%|
\,%6U%|
vX2.qo
vX2.qo
@35./\~?
@35./\~?
HZ.Qr
HZ.Qr
eX.kC)gI
eX.kC)gI
9qe.UG
9qe.UG
)%F~9
)%F~9
>KND%SZ
>KND%SZ
bk.zw
bk.zw
3!G*.TZH
3!G*.TZH
_Q3
_Q3
.Iyr@
.Iyr@
O:\1J
O:\1J
t%C(Qv
t%C(Qv
[%1UR
[%1UR
.Yl)jK
.Yl)jK
%Fy`w
%Fy`w
y%X6z#
y%X6z#
GZ.LG(J
GZ.LG(J
.xh-|
.xh-|
>r%cT9
>r%cT9
.nnoB
.nnoB
O.bk &
O.bk &
0w.afX
0w.afX
{w%C'^
{w%C'^
o92Ihü.
o92Ihü.
.xR\ix
.xR\ix
Hk%Dp Nx
Hk%Dp Nx
9.JX=
9.JX=
P:3%Se
P:3%Se
.mqbh7
.mqbh7
M"%U9
M"%U9
!{%DP
!{%DP
,r.SQ
,r.SQ
~%cUH
~%cUH
.lL.f
.lL.f
##o9tj
##o9tj
).Qu2
).Qu2
H}.RrD
H}.RrD
MSVBVM60.DLL
MSVBVM60.DLL
Lp.GV
Lp.GV
hXXp:///
hXXp:///
*\AE:\srouce\modznc\Project1.vbp
*\AE:\srouce\modznc\Project1.vbp
C:\aim1
C:\aim1
C:\aim2.dat
C:\aim2.dat
\system32\Drivers\etc\hosts.ics
\system32\Drivers\etc\hosts.ics
crossfire.dat
crossfire.dat
HGWC.exe
HGWC.exe
iexplore.exe
iexplore.exe
adf.ly
adf.ly
\Desktop\Google Chrome.htm
\Desktop\Google Chrome.htm
\Desktop\Google Chrome.html
\Desktop\Google Chrome.html
\Desktop\Google Chrome.Lnk
\Desktop\Google Chrome.Lnk
\Desktop\Mozilla Firefox.htm
\Desktop\Mozilla Firefox.htm
\Desktop\Mozilla Firefox.html
\Desktop\Mozilla Firefox.html
\Desktop\Mozilla Firefox.Lnk
\Desktop\Mozilla Firefox.Lnk
WScript.Shell
WScript.Shell
hXXp://trollface.biz
hXXp://trollface.biz
hXXp://wm.sumohit.com/cf.html
hXXp://wm.sumohit.com/cf.html
LocationURL
LocationURL
InternetExplorer.Application
InternetExplorer.Application
\ddraw.dll
\ddraw.dll
0123456789
0123456789
\FapCF.dll
\FapCF.dll
Windows Internet Explorer
Windows Internet Explorer
Web Browser
Web Browser
iexplore.exe - Application Error
iexplore.exe - Application Error
crossfire.exe
crossfire.exe
\CShell.dll
\CShell.dll
hXXp://6b188f15.linkbucks.com
hXXp://6b188f15.linkbucks.com
hXXp://e96c08fe.linkbucks.com
hXXp://e96c08fe.linkbucks.com
hXXp://197290c7.linkbucks.com
hXXp://197290c7.linkbucks.com
hXXp://863ffe29.linkbucks.com
hXXp://863ffe29.linkbucks.com
hXXp://adf.ly/Wo4hu
hXXp://adf.ly/Wo4hu
hXXp://adf.ly/Wo4pL
hXXp://adf.ly/Wo4pL
hXXp://adf.ly/XX1H9
hXXp://adf.ly/XX1H9
hXXp://adf.ly/XX1JN
hXXp://adf.ly/XX1JN
hXXp://adf.ly/XX1FB
hXXp://adf.ly/XX1FB
hXXp://adf.ly/ruqY2
hXXp://adf.ly/ruqY2
hhXXp://adf.ly/ruqY2
hhXXp://adf.ly/ruqY2
hXXp://adf.ly/ruqZ7
hXXp://adf.ly/ruqZ7
hXXp://adf.ly/ruqdu
hXXp://adf.ly/ruqdu
hXXp://adf.ly/ruqbS
hXXp://adf.ly/ruqbS
@*\AE:\srouce\modznc\Project1.vbp
@*\AE:\srouce\modznc\Project1.vbp
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
Error at initialization of bundled DLL: %s
Error at initialization of bundled DLL: %s
Error at hooking API "%S"
Error at hooking API "%S"
Dumping first %d bytes:
Dumping first %d bytes:
9.5.exe
9.5.exe
9.9.exe_504_rwx_0040D000_00085000:
.yGma
.yGma
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
C:\PRo\9.9.exe
C:\PRo\9.9.exe
OMUdP
OMUdP
D$(.cD
D$(.cD
lG;crT*
lG;crT*
0%DUt[
0%DUt[
T$ `h.RXz
T$ `h.RXz
8u%s\
8u%s\
#.vv/
#.vv/
a-zE}`
a-zE}`
aV%c
aV%c
.BY!_4
.BY!_4
.yT;[
.yT;[
EJ.vyW
EJ.vyW
%sF@t
%sF@t
>]%cV
>]%cV
4.mQz
4.mQz
D ~[-b}
D ~[-b}
.NcKT
.NcKT
2%S~jG
2%S~jG
;x.zi
;x.zi
0 0
0 0
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
Error at initialization of bundled DLL: %s
Error at initialization of bundled DLL: %s
Error at hooking API "%S"
Error at hooking API "%S"
Dumping first %d bytes:
Dumping first %d bytes:
iexplore.exe_828:
%?9-*09,*19}*09
%?9-*09,*19}*09
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
SHDOCVW.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
IE-X-X
rsabase.dll
rsabase.dll
System\CurrentControlSet\Control\Windows
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
dw15 -x -s %u
watson.microsoft.com
watson.microsoft.com
IEWatsonURL
IEWatsonURL
%s -h %u
%s -h %u
iedw.exe
iedw.exe
Iexplore.XPExceptionFilter
Iexplore.XPExceptionFilter
jscript.DLL
jscript.DLL
mshtml.dll
mshtml.dll
mlang.dll
mlang.dll
urlmon.dll
urlmon.dll
wininet.dll
wininet.dll
shdocvw.DLL
shdocvw.DLL
browseui.DLL
browseui.DLL
comctl32.DLL
comctl32.DLL
IEXPLORE.EXE
IEXPLORE.EXE
iexplore.pdb
iexplore.pdb
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
IExplorer.EXE
IExplorer.EXE
IIIIIB(II<.fg>
IIIIIB(II<.fg>
7?_____ZZSSH%
7?_____ZZSSH%
)z.UUUUUUUU
)z.UUUUUUUU
,....Qym
,....Qym
````2```
````2```
{.QLQIIIKGKGKGKGKGKG
{.QLQIIIKGKGKGKGKGKG
;33;33;0
;33;33;0
8888880
8888880
8887080
8887080
browseui.dll
browseui.dll
shdocvw.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
6.00.2900.5512 (xpsp.080413-2105)
Windows
Windows
Operating System
Operating System
6.00.2900.5512
6.00.2900.5512