Trojan.GenericKD.1671062 (B) (Emsisoft), Backdoor.Win32.Fynloski.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, Worm.Win32.AutoIt.FD, WormAutoItGen.YR, GenericDownloader.YR, GenericInjector.YR, BackdoorFynloski.YR, TrojanDownloaderAndromeda.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan, Backdoor, Worm, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 60d92cdbc473daaa6e2ce98732b1c18d
SHA1: 79b1f5e726db3e8686f0dfc0686fab14dbe5cbc4
SHA256: 4f4c79ff4623cdbc5ae7d214e48e1e50c96df68a934df3726a0c721881cf5d7b
SSDeep: 49152:mJZoQrbTFZY1iaBw/kipQc/4qXTPXU1rV4L9S5:mtrbTA1ShnQqDP6iI
Size: 1732802 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-01-29 23:32:28
Analyzed on: WindowsXP SP3 32-bit
Summary: Backdoor. Malware that enables a remote control of victim's machine.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Backdoor creates the following process(es):
%original file name%.exe:1360
adf.exe:1684
The Backdoor injects its code into the following process(es):
adf.exe:1256
abcww.exe:856
abcww.exe:1864
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1360 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\msupd.exe (196 bytes)
%Documents and Settings%\%current user%\Application Data\adf.exe (11518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\abcww.exe (6289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1372 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (0 bytes)
The process adf.exe:1684 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico2 (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (7185 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (0 bytes)
The process abcww.exe:856 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\refresh[1].gif (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\shrink_button_icon[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[2].css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\footer_home_lr_bg[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\api[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\safe[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\core30[1].css (2710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_chrome[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\header_gradient[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\lmp[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_payoneer[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\CAQIL6QM (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[2].js (1405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[2].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (18324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\header_bg[1].png (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CA1O6993.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ads[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAT4KZP5.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (1682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\recaptcha[1].js (4291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_now_tick[1].png (730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\CA4VYN8N (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\scripts[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (381 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (2450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\blockquote_bg[1].png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\andresatria_small[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[2].js (5155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ft_paypal[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[1].htm (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (2906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\help[1].gif (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\sprite[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery-ui.min[1].js (19027 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_home_ll_bg[1].png (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[2].js (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\stats[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\browser_ie[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_alertpay[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\arrow[1].png (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_bg[1].png (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-icons_ffffff_256x240[1].png (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\header[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\language_flags[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\fb_f[1].png (572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[2].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\nr-411.min[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\links_clicked_bg[1].png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_tick[1].png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\shrink_bg[1].png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\audio[1].gif (914 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\recaptcha[1].js (4528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAGD6RKX.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ga[1].js (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\browser_opera[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[2].css (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y[1].js (2263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_firefox[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\browser_safari[1].gif (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[2].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery-ui-1.8.16.custom[1].css (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[2].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (3455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\num_bg[1].png (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\language_arrows[1].png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (2001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[2].js (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\text[1].gif (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\quote_photo_bg[1].png (169 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\quote_top_bg[1].png (195 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (0 bytes)
The process abcww.exe:1864 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (24 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\desktop.ini (67 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
Registry activity
The process %original file name%.exe:1360 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 74 2B A4 40 0B 70 B7 E4 FC B4 FC 98 B5 8B 73"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"abcww.exe" = "Adf.ly Bot"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process adf.exe:1256 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF B7 02 EF B4 ED 6A E5 9D 60 F0 35 98 3E AC DC"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process adf.exe:1684 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 CC 8F DA 42 97 07 18 4D EB 69 9B 0C 2E 33 46"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process abcww.exe:856 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "abcww.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1288215257"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 15 A8 83 34 E7 6D 13 C9 9A 74 F8 07 10 B6 30"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process abcww.exe:1864 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 0B 52 20 D9 E3 5A 8F 28 78 68 4D 7E AD 45 F7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
d8dbd0146a42c4449908392dd902ce7c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\abcww.exe |
6eb4cc0ab3fe8869a86a1c866b284468 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\msupd.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1360
adf.exe:1684 - Delete the original Backdoor file.
- Delete or disinfect the following files created/modified by the Backdoor:
%Documents and Settings%\%current user%\Local Settings\Temp\msupd.exe (196 bytes)
%Documents and Settings%\%current user%\Application Data\adf.exe (11518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\abcww.exe (6289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico2 (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\refresh[1].gif (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\shrink_button_icon[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[2].css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\footer_home_lr_bg[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\api[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\safe[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\core30[1].css (2710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_chrome[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\header_gradient[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\lmp[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_payoneer[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\CAQIL6QM (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[2].js (1405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[2].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (18324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\header_bg[1].png (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CA1O6993.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ads[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAT4KZP5.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (1682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\recaptcha[1].js (4291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_now_tick[1].png (730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\CA4VYN8N (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\scripts[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (381 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (2450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\blockquote_bg[1].png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\andresatria_small[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[2].js (5155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ft_paypal[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[1].htm (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (2906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\help[1].gif (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\sprite[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery-ui.min[1].js (19027 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_home_ll_bg[1].png (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[2].js (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\stats[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\browser_ie[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_alertpay[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\arrow[1].png (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_bg[1].png (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-icons_ffffff_256x240[1].png (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\header[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\language_flags[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\fb_f[1].png (572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[2].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\nr-411.min[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\links_clicked_bg[1].png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_tick[1].png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\shrink_bg[1].png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\audio[1].gif (914 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\recaptcha[1].js (4528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAGD6RKX.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ga[1].js (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\browser_opera[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[2].css (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y[1].js (2263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_firefox[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\browser_safari[1].gif (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[2].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery-ui-1.8.16.custom[1].css (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[2].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (3455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\num_bg[1].png (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\language_arrows[1].png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (2001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[2].js (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\text[1].gif (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\quote_photo_bg[1].png (169 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\quote_top_bg[1].png (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\desktop.ini (67 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3, 3, 8, 1
File Description:
Comments:
Language: Spanish (Spain, International Sort)
Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 3, 3, 8, 1File Description: Comments: Language: Spanish (Spain, International Sort)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 525852 | 526336 | 4.63347 | 61ffce4768976fa0dd2a8f6a97b1417a |
.rdata | 532480 | 57280 | 57344 | 3.32693 | 0354bc5f2376b5e9a4a3ba38b682dff1 |
.data | 589824 | 108376 | 26624 | 1.49032 | 8033f5a38941b4685bc2299e78f31221 |
.rsrc | 700416 | 79736 | 79872 | 3.95117 | 846a36cf3e21355324dca9cbca5ebb68 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://adf.ly/ | 104.20.0.4 |
hxxp://adf.ly/static/css/jquery.loadmask.css | 104.20.0.4 |
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css | 104.20.0.4 |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.1/jquery.min.js | |
hxxp://adf.ly/static/css/core30.css | 104.20.0.4 |
hxxp://adf.ly/static/js/jquery.browserdetect.min.js | 104.20.0.4 |
hxxp://adf.ly/static/js/common.js | 104.20.0.4 |
hxxp://adf.ly/static/js/jquery.placeholder.min.js | 104.20.0.4 |
hxxp://adf.ly/static/js/jquery.loadmask.min.js | 104.20.0.4 |
hxxp://adf.ly/static/js/chosen.jquery.min.js | 104.20.0.4 |
hxxp://adf.ly/static/js/jquery.form.min.js | 104.20.0.4 |
hxxp://adf.ly/static/js/ZeroClipboard.js | 104.20.0.4 |
hxxp://adf.ly/static/js/modernizr.js | 104.20.0.4 |
hxxp://adf.ly/static/js/ie6-warning.js | 104.20.0.4 |
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js | |
hxxp://adf.ly/static/js/spin.js | 104.20.0.4 |
hxxp://adf.ly/static/js/home.js | 104.20.0.4 |
hxxp://adf.ly/static/js/jquery.ulightbox.js | 104.20.0.4 |
hxxp://adf.ly/static/css/jquery.ulightbox.css | 104.20.0.4 |
hxxp://adf.ly/static/image/header_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/header_gradient.jpg | 104.20.0.4 |
hxxp://adf.ly/static/image/testimonials/andresatria_small.jpg | 104.20.0.4 |
hxxp://adf.ly/static/image/header.png | 104.20.0.4 |
hxxp://adf.ly/static/image/quote_photo_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/links_clicked_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/num_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/js/index/index.js | 104.20.0.4 |
hxxp://adf.ly/static/image/logo.png | 104.20.0.4 |
hxxp://adf.ly/static/image/shrink_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/shrink_button_icon.png | 104.20.0.4 |
hxxp://adf.ly/static/image/button_join_now_tick.png | 104.20.0.4 |
hxxp://adf.ly/static/image/fb_f.png | 104.20.0.4 |
hxxp://adf.ly/static/image/arrow.png | 104.20.0.4 |
hxxp://adf.ly/static/image/language_flags.png | 104.20.0.4 |
hxxp://adf.ly/static/image/language_arrows.png | 104.20.0.4 |
hxxp://adf.ly/static/image/safe.png | 104.20.0.4 |
hxxp://adf.ly/static/image/ads.png | 104.20.0.4 |
hxxp://adf.ly/static/image/lmp.png | 104.20.0.4 |
hxxp://adf.ly/static/image/stats.png | 104.20.0.4 |
hxxp://adf.ly/static/image/api.png | 104.20.0.4 |
hxxp://adf.ly/static/image/scripts.png | 104.20.0.4 |
hxxp://adf.ly/static/image/quote_top_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/blockquote_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/footer_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/footer_home_lr_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/footer_home_ll_bg.png | 104.20.0.4 |
hxxp://adf.ly/static/image/ft_paypal.png | 104.20.0.4 |
hxxp://fallback.global-ssl.fastly.net/js/300/addthis_widget.js | |
hxxp://adf.ly/static/image/ft_payoneer.png | 104.20.0.4 |
hxxp://adf.ly/static/image/ft_alertpay.png | 104.20.0.4 |
hxxp://fallback.global-ssl.fastly.net/static/r07/core145.js | |
hxxp://www.google.com/recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr | 173.194.113.210 |
hxxp://fallback.global-ssl.fastly.net/static/r07/widget120.css | |
hxxp://fallback.global-ssl.fastly.net/static/r07/widgetIE67006.css | |
hxxp://www.google.com/recaptcha/api/js/recaptcha.js | 173.194.113.210 |
hxxp://www.google.com/js/th/Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y.js | 173.194.113.210 |
hxxp://www.google.com/recaptcha/api/img/red/sprite.png | 173.194.113.210 |
hxxp://www-google-analytics.l.google.com/ga.js | |
hxxp://www.google.com/recaptcha/api/img/red/refresh.gif | 173.194.113.210 |
hxxp://www.google.com/recaptcha/api/img/red/audio.gif | 173.194.113.210 |
hxxp://www.google.com/recaptcha/api/img/red/text.gif | 173.194.113.210 |
hxxp://www.google.com/recaptcha/api/img/red/help.gif | 173.194.113.210 |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ | |
hxxp://www.google.com/recaptcha/api/reload?c=03AHJ_VuvYPttqF2q1i-Xe_w7vxSeUu624qFaI-wqllz21Fjy8gNmUAk9_IflsXZQZOR1RPQga0rE3O9yvEb3hiOksEGHZ0ckhRy_rdSlNM9nl_EZVNFpLoMP8cv_fP0R9ErMrIblKseEPGN6TgaBInDeWlI7JMI29ih4Fs40mndZmoqvKlN4T2grLtkPnge-g8GakW9Pg67Tue_oEo3JosZzH2Ad0WejzuYFV5ir0ln7Q4Xx6clfFug0&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAXfYAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV0_V2SfNI5vJnOkAF | 173.194.113.210 |
hxxp://adf.ly/static/image/button_join_tick.png | 104.20.0.4 |
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png | 104.20.0.4 |
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png | 104.20.0.4 |
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png | 104.20.0.4 |
hxxp://www.google.com/recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&_=1406985884566 | 173.194.113.210 |
hxxp://adf.ly/static/image/ie6-warning/background_browser.gif | 104.20.0.4 |
hxxp://fallback.global-ssl.fastly.net/static/r07/sh168.html | |
hxxp://www.google.com/recaptcha/api/image?c=03AHJ_VutRa9ox0QVJS6aXVk1OO6dTJv1GnVUfSAjBXCn9FiH4iCYYu9KH052tFvKvsqJ1EEhc2yrBZvtz40X6qHWgxN5xvekcoSZVQDr5H0sjHtVf6rUuXjbiCNsiw7AGRl9dbGMJRr-dxR-i-kC8Xucuzyv-6Au0wbgqgYXNngqzGL01LyCsOEeu_WEG6BUwkzKxqPRmUPgRpiMJbdJdinuuhEVcTyXJCg&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAC_YAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV1aB2SfN6ceYpUNGk | 173.194.113.210 |
hxxp://www.google.com/recaptcha/api/js/recaptcha.js?_=1406985884566 | 173.194.113.210 |
hxxp://a.ssl.fastly.net/feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740 | |
hxxp://ins-011.inscname.net/nr-411.min.js | |
hxxp://adf.ly/static/image/ie6-warning/browser_ie.gif | 104.20.0.4 |
hxxp://a1294.w20.akamai.net/b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7 | |
hxxp://adf.ly/static/image/ie6-warning/browser_firefox.gif | 104.20.0.4 |
hxxp://m.addthisedge.com/live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0<=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener | |
hxxp://adf.ly/static/image/ie6-warning/browser_safari.gif | 104.20.0.4 |
hxxp://adf.ly/static/image/ie6-warning/browser_opera.gif | 104.20.0.4 |
hxxp://adf.ly/static/image/ie6-warning/browser_chrome.gif | 104.20.0.4 |
hxxp://fallback.global-ssl.fastly.net/static/r07/layers063.js | |
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=8&fe=26312&dc=23203&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSwwNV1NNdV9XQBNWXQgAERxfW1JVQQ==&f=[]&jsonp=NREUM.setToken | 50.31.164.176 |
hxxp://fallback.global-ssl.fastly.net/static/r07/json2.js | |
hxxp://fallback.global-ssl.fastly.net/static/r07/layers052.css | |
hxxp://www.google.com/recaptcha/api/reload?c=03AHJ_VusI_eEmhEkfWUXhL203jVTjnGNwCKzxdNvV-rOgJ85wx0HQwxgfD4I-T0iEXi-03GOaup03o4cJvDV0TAEUZCr671PSBfYVJDGHGaAOidSXNihNV5zIfE3NQ8F043KPgLUpbCwgDG8TP9x9FT9MHR0efGrwf2iCp3vL0PgCxVo92sNpO166mJ92oOch238gb6hJfJxS8kAQKGrn2k0HdVzrJMA3Fw&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAD7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NemujaIQd2YQPhUEm | 173.194.113.210 |
hxxp://www.google.com/recaptcha/api/image?c=03AHJ_VuvQ4uJ4qM31rPIFRzobiKbttAeij3-nDLd0xPrOkjPg_n04ludVfZyQPpLmJbJ8JPq1mp1Jh4G9NG2Fg99XxRLyu0QsSna39R5LBxIWK5bohVXPMcejwRn4L491t5edXxP86s3jUJab1qsdxqZpctDMgD9d3Eknjr3eHjA0zYxWuhNmMiqQFqh785r_SAGBAld_exGD8QknpQCZF1frm7YY25XS4w&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAF7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NfvyjaIQa8hG5G7nX | 173.194.113.210 |
hxxp://fallback.global-ssl.fastly.net/static/r07/layersIE6007.css | |
hxxp://cdn.adf.ly/static/js/jquery.loadmask.min.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/ft_alertpay.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/ads.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/quote_top_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/index/index.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/quote_photo_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/fb_f.png | 104.20.1.4 |
hxxp://s7.addthis.com/static/r07/layers052.css | 185.31.17.185 |
hxxp://js-agent.newrelic.com/nr-411.min.js | 192.33.31.101 |
hxxp://cdn.adf.ly/static/js/common.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/shrink_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/footer_home_lr_bg.png | 104.20.1.4 |
hxxp://s7.addthis.com/static/r07/core145.js | 185.31.17.185 |
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_safari.gif | 104.20.1.4 |
hxxp://q.addthis.com/feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740 | 185.31.17.130 |
hxxp://b.scorecardresearch.com/b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7 | 188.43.72.26 |
hxxp://cdn.adf.ly/static/image/stats.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/header_gradient.jpg | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/ft_paypal.png | 104.20.1.4 |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | 74.125.205.95 |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ | 173.194.113.193 |
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_ie.gif | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/jquery.browserdetect.min.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/jquery.placeholder.min.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/footer_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/ft_payoneer.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/header_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/footer_home_ll_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/links_clicked_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css | 104.20.1.4 |
hxxp://cdn.adf.ly/static/css/jquery.loadmask.css | 104.20.1.4 |
hxxp://s7.addthis.com/static/r07/layersIE6007.css | 185.31.17.185 |
hxxp://cdn.adf.ly/static/image/arrow.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png | 104.20.1.4 |
hxxp://www.google-analytics.com/ga.js | 173.194.113.193 |
hxxp://cdn.adf.ly/static/image/ie6-warning/background_browser.gif | 104.20.1.4 |
hxxp://s7.addthis.com/static/r07/sh168.html | 185.31.17.185 |
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js | 74.125.205.95 |
hxxp://cdn.adf.ly/static/js/spin.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/logo.png | 104.20.1.4 |
hxxp://s7.addthis.com/static/r07/widget120.css | 185.31.17.185 |
hxxp://cdn.adf.ly/static/js/ZeroClipboard.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/css/core30.css | 104.20.1.4 |
hxxp://s7.addthis.com/static/r07/widgetIE67006.css | 185.31.17.185 |
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_firefox.gif | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/shrink_button_icon.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/num_bg.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/chosen.jquery.min.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/css/jquery.ulightbox.css | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/header.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/api.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/button_join_tick.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/button_join_now_tick.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/scripts.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/ie6-warning.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/home.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/blockquote_bg.png | 104.20.1.4 |
hxxp://m.addthis.com/live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0<=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener | 8.21.198.203 |
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_chrome.gif | 104.20.1.4 |
hxxp://s7.addthis.com/static/r07/layers063.js | 185.31.17.185 |
hxxp://s7.addthis.com/static/r07/json2.js | 185.31.17.185 |
hxxp://cdn.adf.ly/static/js/modernizr.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/jquery.ulightbox.js | 104.20.1.4 |
hxxp://s7.addthis.com/js/300/addthis_widget.js | 185.31.17.185 |
hxxp://cdn.adf.ly/static/image/lmp.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/language_arrows.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/language_flags.png | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_opera.gif | 104.20.1.4 |
hxxp://cdn.adf.ly/static/js/jquery.form.min.js | 104.20.1.4 |
hxxp://cdn.adf.ly/static/image/safe.png | 104.20.1.4 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db95aed11c9f7d0cdedd6972123ced3ae1406985841821; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.adf.ly; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.8
Set-Cookie: FLYSESSID=bea70ac7d83ca8c8ef7b7d7e48555fc451d91abc; path=/; domain=.adf.ly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Server: cloudflare-nginx
CF-RAY: 153a97e76315075b-AMS
Content-Encoding: gzip
928.............X.S...... ....S.I...&8L...=z.......0.........4... .N..B;-...J.....v....q...O.$.i.....l...$......>.1.$L.R..E.\....H"..I(...p..n..Gl<l6...)....|^.......~,...Y..]..`.l..<...F.HAS.....w..........g......K.22z$..T.......N...P.L...\yN..R....H.._.?.....Q<.......<.F..`..P3.......jLd.Gl.......).D..=X.e&.V..r..H...~H..!.r.[....bag8.....K#A...w...V;.e9kDU.%.p*.N.......q.muZo,d.Jo........{..3........l,._.......Ij..;6. .....v..Y...:f..t..........7.,"f.g...(......O.O.W.....w.9.@.kLy..T.\z...... ..u..z8..p..K.]....J:H|.."(..x.........c..$,....0/..3..as......?...]$~&...c"\.....p1..:.......J...........N.W.....Ry.x.G.D...h.E...<..P..p.@...N....R.0(1< .{.....q/fI.nX.k......Y.....G...D...M.p.kq....D.g.l.q.....&..3...\.....h."....u..zy`.......07.y.\h..L...)....B$jM...;.8h8..DX....w..{I......1.t..'$.0..{c.f.Au..e/...n..b<}.P.w.^....6:......C....!../L...0m..8.4..d..u.>.3..h../m.-.X............^F..A.%.cg.e..S.f:....}2'Mr.....1Q122.%.......j..."s.o...G>.......).9.2.4..0.$I..P.N..(.=.).......T-..h..=...<....G4..\&..!.y.(....W,...D#.>..H....:..F.K...&......#.......$3..R...Y...Y._.YI>:. ....R ..s...O......P........Q....y..J......Y,ER....&....m...(......7T=..a.{.i..iw..('.7.m.....O.?...#.t...b[M.X.. ...f1...L3.4.........4e03'..S...$pXh.*.0..|.F....2i..-..Q[c:5.}.q.J.N..u.E0..&........"DT......*>.H........[V....pK../m9o....f.&..P'7;...y....".......8....k...p.T}..7.3......g.........45.q....K.".$..1..][.Z..Ux[.........XP.WI..[.....u...T7.?.LCc........S.]......J.V..x..~.4.$...b..F..W....
<<
<<< skipped >>>
GET /static/r07/layers052.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 23 Jul 2014 13:08:35 GMT
Cache-Control: public, no-check, max-age=86313600
Content-Type: text/css
Content-Length: 182014
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:42 GMT
Via: 1.1 varnish
Age: 234549
Connection: keep-alive
X-Served-By: cache-fra1221-FRA
X-Cache: HIT
X-Cache-Hits: 40562
X-Timer: S1406985882.968149,VS0,VE0
Vary: Host,Accept-Encoding
#addthissmartlayerscssready{color:#bada55!important;}.addthis-smartlayers,div#at4-share,div#at4-follow,div#at4-whatsnext,div#at4-thankyou{padding:0;margin:0;}#at4-share-label,#at4-follow-label,#at4-whatsnext-label,.at4-recommended-label.hidden{padding:0;border:none;background:none;position:absolute;top:0;left:0;height:0;width:0;overflow:hidden;text-indent:-9999em;}.addthis-smartlayers .at4-arrow:hover{cursor:pointer;}.addthis-smartlayers .at4-arrow:before,.addthis-smartlayers .at4-arrow:after{content:none;}a.at4-logo{background:url(data:image/gif;base64,R0lGODlhBwAHAJEAAP9uQf///wAAAAAAACH5BAkKAAIALAAAAAAHAAcAAAILFH6Ge8EBH2MKiQIAOw==) no-repeat left center;*background-image:url(images000/addthis_logo.png);_background-image:url(images000/addthis_logo.png);}.at4-minimal a.at4-logo{background:url(data:image/gif;base64,R0lGODlhBwAHAJEAAP9uQf///wAAAAAAACH5BAkKAAIALAAAAAAHAAcAAAILFH6Ge8EBH2MKiQIAOw==) no-repeat left center!important;*background-image:url(images000/addthis_logo.png)!important;_background-image:url(images000/addthis_logo.png)!important;}a.at4-privacy{background:url(data:image/gif;base64,R0lGODlhCQAKAMQQANz0 IzZ5gOqynDP4Ruyz7Hl7wSqyv7//x6z0FLF2zG50 v4 xSwzcDr8QuszP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAABAALAAAAAAJAAoAAAU0oIJAZAkZCqOYkNMsA5OU7hM0ikO6x7AcBQTBtVAsHo EgMgABBijmoHAoCUKMxNDwCKFAAA7) no-repeat right center;*background-image:url(images000/privacy.png);_background-image:url(images000/privacy.png);}button.at4-closebutton{position:absolute;top:0;right:0;padding:0
<<
<<< skipped >>>
GET /1/92a411bc23?a=4058140,2334836&ap=8&fe=26312&dc=23203&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSwwNV1NNdV9XQBNWXQgAERxfW1JVQQ==&f=[]&jsonp=NREUM.setToken HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon-3.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=451778de91663b63;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 21
NREUM.setToken(null).HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=451778de91663b63;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: text/javascript;charset=ISO-8859-1..Content-Length: 21..NREUM.setToken(null)...
GET /nr-411.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js-agent.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 5775
Connection: keep-alive
Server: AmazonS3
ETag: "9050946217be03f42647b3f708ef10d3"
x-instart-cache-id: 1:16954596951746155381
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 01 May 2014 23:15:58 GMT
Cache-Control: public, max-age=315360000
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Accept-Ranges: bytes
Date: Thu, 10 Jul 2014 19:02:44 GMT
x-amz-id-2: M6Z1FvhosAPz/iDGNmz4we1GllhHXR2rCe8NAa/cyM2LxF4ezoQWqSqUblbUlD30
x-amz-request-id: 7B5A513F8EC80783
X-Instart-Request-ID: 11148896140670480835:SEN01-NPPRY14:1406985881:70
...........[mw.6....B..*....8NB.V.4......fv?Hj.M....TA..G.............I../.....Y\f.J.......V.=.(...$v..L-L)...@.J.UM...........|/..e"E....P.../])T).^...F...U]n..J..{...{ e...&..\..$.z.<*S......}..=a........\.......u6Z.. M.`hA.^.0..}.p....."".|.{.....=....TU.>.~f....<.G..F.S.-.j....v|.,......{.6....&.............I.D&$K..G.Z.qz...?...........7.....4.w.'Qo....~./....G.v...Mg.b.s..o...6 ......m.*?...@...S.....d..J&a..0.........'0...a^f..a.1...?.1Z............n....N.......4...P.u..w...E^....Col...Q1.1..-Px...V...F....<.A1.LU.Q.6.Se.....-..~.n.G..m.d ..SP.d..g.....&.x0'..4...fr.. .\.........H.B..5..H..2M.....rf~....;.D#.....)Z....0...2..T......!.T.7...p)..d-..(.U[.,4O.J.#l..0.........S..a.....R....c...^r...2.....<.}...4B.-T.....>...@.K.7...r;.W.x....D..S"VoW...lA. ..g...\*O..2Oda.......|..3....J.I.P8)$.H.*.R..,4...{$.........nE...a.&..=..oy.9.....k.x.....U....$.&A]..lAF%......k....&iX..>).d.,..hRVX.9....;...p.)..S.............l.Z.9s.....0RVyG..<..*...e.....l a.<..=.,..[.....a..>...JT...[./.t5B.K]w..g...(M.......1D9l.W..{bS...........v..l...X...^.e..J.......'...^Y.,.....{....Z...2...E.m....].zj......x....2M.......<,.`.a(....T... B.l.^.....xP.......f.!4t=.].=...Fd..U.F.9......F~...bb..v...vR.V.0..|x'.0.....R...Z..!Iw.u...([.s....U..r..|..)...t.M.1..aw.}..H..C9Nd....`.vq...H.y.u.E.A.(_..3E...../H..0v.~.X..^P-Rbh<..^...v...%`c.C0c..].W..7V.h5 .........vP..e..mhY............5..7..o$....V...Kl.....:-...o*..hCc......A......-...\......0,...;........3[..q.l....b.......]x.Yp.,.F..?.ES.[....F
<<
<<< skipped >>>
GET /static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:07 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a980d75070761-AMS
Content-Encoding: gzip
df5.............\.....}.W8;X`&hud.n_.y.....E^.Z.l.eQ....1...$S.........:d...K....KN.j.HN.(h}-X.T.cW..>.x..'$.i..CE..o.d...C.....e...Ij..W........}..}..z.........z&...]....`.Q...(.P.." VSu..S8v<...q.,..L..sA......2i.w............c[...Q.....\...)RJ*.....r..o..s.(r..9.~.;py.J].s~........X!OV..V},y.)...4.>y.....P.JV..w.T..|......c..D.D.../..E.\..Z.K%=..a...#.P...R..B..l..y...T......y>...(....{.J........G*..SC.#lh,@.7..8.$gV}....p.OT.....?.......(HM....T.-......~.<....t..o..!V7...}..J.......J....)...B..B.........TV.....yg....."...L......p......:iy)............>~....g.Q3....9..../...)5#WX.D.R8.7]o.t3..|".l3..X..M.. ./V{ ._..Pi..*].....F..WED.....'.M.......y$.a#7..../..i[.< ....y.Y.....e...9...|.SE.%z...,.5g0n..{..t........I..%./->.Hd4...8.<..t;tPQ..H.y.2.?..|.^...g...Ov....8...K.Jq..2#..H..b.J.|......l..)..AU.tl.....0....`v..T...s,t=.(...;..1.q.wR1.i.ee@:]....`....w-.O._....... l....f.B..*2...d$b..HIJ.\.6.m...,.9..Tm"O,...7{ ._.*.c..,P.QS4F...a...Htt.1.H.>...M.....Y..........)C.k|...Z..uq..Q...........6}..t_...3.b..D.......U@..b.Wk...7.&...e...l.......]..`....v...>[=.g....c?./..#..A..3..q.....J.M.n.A......1.v.....1o%.s.f...spX[."....'',."[....t....'.d0X......,..':7..@~...-.Xn @\.i..........[......q......gq...Bj....R]k...".6.. .....w.....!Q...`@pXL`d....'#.AN.J.$...a.....G....1.`...@Xt@.44.....uxPDQ....(h........LH......Yi......|....@.d)H....f.H...6.U....&,.tD. 4.0$.s..O<..e..DS.C.y...'#...H.;...z*71.t.....t........)4..1..."j<.T......i..i8...p.6..0....2..,...".c..\.v.d.CKA..l.Kf.
<<
<<< skipped >>>
GET /static/js/jquery.browserdetect.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:13 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:13 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a983119ef0761-AMS
Content-Encoding: gzip
c2............u.A.. ...ur.Y...<@C....C...F.&....5........o...<..(s..J......Px.U...\.m..R....g.........U.|..n..#....K..Ck....t....CM..A.u.g......p.'w..f*:.:.wS..<7....!..rm).R.4.>...w..].n...Tk..n.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:13 GMT..Content-Type: application/x-javascript..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:13 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a983119ef0761-AMS..Content-Encoding: gzip..c2............u.A.. ...ur.Y...<@C....C...F.&....5........o...<..(s..J......Px.U...\.m..R....g.........U.|..n..#....K..Ck....t....CM..A.u.g......p.'w..f*:.:.wS..<7....!..rm).R.4.>...w..].n...Tk..n.....0......
GET /static/js/jquery.placeholder.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:13 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:13 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a9832ba400761-AMS
Content-Encoding: gzip
2f1..............]o.0.... .U1.J...(..v.*.R.r...q.$k.#.)C4.}v. ........y.9..{..>......P...4Gs....%..=.....W.X.t...y<.....)d..H...I.)...."..2f..5z........n.@w73.}}....c.......r..y.#.#.2.&.9..f..b...$.fi^.&..g..E.Y..i...k..*..a}1..3.o...D.?....mI...ej...&..n..UfM...T0..k.W....... .s...V1 .4...nt"W.]0^G....mm..x[B..Fw.".c...Q....;...M2.J.-$...c0..7"qx.&,.....s....\.6*K....:&<.O..N..5;fWU...O.r......{W..`.`)_..=.T.....-......-h.v.[....\.R.........T9:.:.0............p).......M8..V..EJ.4(..)..#-..cvw...a;...V.:M2...<}...r...d.H}.F..M\..M...G}........Z...!...s..M..3..........h..j.[..6.....p0.'a.ml#-!7LX...e...\k....<g....#..e9....]w$o[./..V.B.D..`.R=b!.%s.e...6......$".4....L........?f..XE}.Dn....f....3.-.<_4J..e...V.B?..,f.p...G..G.~..q.Hk.(i>.4..a..R/.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:13 GMT..Content-Type: application/x-javascript..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:13 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a9832ba400761-AMS..Content-Encoding: gzip..2f1..............]o.0.... .U1.J...(..v.*.R.r...q.$k.#.)C4.}v. ........y.9..{..>......P...4Gs....%..=.....W.X.t...y<.....)d..H...I.)...."..2f..5z........n.@w73.}}....c.......r..y.#.#.2.&.9..f..b...$.fi^.&..g..E.Y..i...k..*..a}1..3.o...D.?....mI...ej...&..n..UfM...T0..k.W....... .s...V1 .4...nt"W.]0^G....mm..x[B..Fw.".c...Q....;...M2.J.-$...c0..7"qx.&,.....s....\.6*K....:&
<<
<<< skipped >>>
GET /static/js/chosen.jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:14 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:14 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a98342a6e0761-AMS
Content-Encoding: gzip
15fd.............\{.........v.dEQR^...j...}..n..w.z..$$.K..I.z...~.^$......;.XZ.q^8....F..uQ..w....H\;........1).eQ:...#.....y[.uq.%......y..2.o...,.._...T....z;..V.^.. .6........"w....)-.a.eNU...8.f. .;.......Q...b.b..y../...v..s..O&r...i..^.s~Lc.W.?e.Q...h......_=......&.C.[...L3.......5I(e.....D.4K..;I..E..$.......I...]....J...-..<..R$.:...a......E.'.c8.Y....I...}I.]...-eT...p.,."!...{h....xC.0Do.....o.........,v[.0mJ...h......4tK....O....E... #..^.[...j.>....|...g.N..~.#.Mq.>.x..-I>..IZ.(#....{._.8`.^.. ...........!..%.d...^....k...`.7.#....f.....x....5.....!..7.....&..3.@s7:.s..'O\.:W.u w=.'...YH.I.. P.-.v...>}..)_...7..i.B...O?.......k...6x6...G8..:o..W.....FI.W.}F..>......{.....%.m}......j.......r.....o..q!oE<.sr.`..H.>&x..o........0.[].k?i4.l...D.h...-.[ZT..h..8............}6.......,.)...k...$....XDE.EB.x...&'. ..V............-e.*Zr...c....K.!... 4..8.e.Y..*.]$H..ZYT.UJm....|.p...e...z!......C..l..ol.8....X....6!RLp...,X....f.p....4b.6:...l..7.."."_.E^.....*I.......K..Q.X.9....N.*.Ze..2...@i..Y..z..."TE..D.@S.D.......r.....p*. ..l...zQ.a...h......Q...<..Q.3ZR7/r.I.....b!..U?>...#J....5....I..D.......c.(....SF.....vW.............YG,........bW..EP.LL.`kI.;..._.=.2.lW.]EwS..gSw.,.N....k26.%....4N..Qhyb........E*...D....X.........=..j....zz....|U..W{D.dE.r( .=.;...@..5..-...xgNM..)..84.y...;.0D..Q?8G.S....,u........6 -...E...A..2.........t1..KdeN..E...>U...A_.. ....[(.ba.....XA.. h..\ \..<.?Im.7..]..........u..vC.Al.5.o.E1A.....p.N..'...:B........Z..E.~.luV..`..q...8.NA.M
<<
<<< skipped >>>
GET /static/js/ZeroClipboard.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:14 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:14 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a98354a920761-AMS
Content-Encoding: gzip
ef6..............ks.......mm0"A...F...e%q.....SY.........(.n...{...........nwo_...w.~qp.|A>..%yV.X\...rI.....~I.lV.......RZ.. 4..d.o.g$a%|....8..zd]g.....&..YN....(.&..%Y.A:.......&~.TY....j.'4B...~.-...=:.K.g...-.b.( `.yD..(-............V...O/A...5E.%...t...-2.\.......S..9..FG...qt./..|]$<cE8"..EH..).y.%<8...."o....[....p..Q..D..[..yT#...^...lN.>J.UE.Ij......^.......m".....5.....d...(..x...3...|..<... .O ..1..4..[......5g..}[.'...5..-...d...WL...~..9 JdB.."!.f0vt.__..........CK.(.......g...V...`&..I.*.v...(_W..J.....O..o....".'cup?T.s.....<......)....."P.g|[..-...rV..<V....B.#L....O.>.-.W`HK./....i$KL..5.PT.g......q.{p.*...... .....j.b..B..o.8M/p.. .......dE...c1.ZJ.D......t*..=..K...A!..v46.q..hX.=..............g..-.C._.....>.;.w.....q..M.).....#..N...P....B.m.-......a.\.....$.....%.......4.... .Eu.g<.....fr......f......@...........N .Fs.<..# h.6.C...\..$-.S........0.|[..M ..".......2..."...r.J.,...Z.6.JGM..2|.e.pO=.O...w.V..uS...........?O.c..^...u.e..|.A.[....@..o1w.g.M......\....NW.w......M.._..........Yw.s..{..!.m.....H.E3./..tr....|.r..&...3tq......hg.....(.s~.*W.....&K.....H.D?..6....I.2.K.5.D..}...;...).....|..............J..ctQ..O...t.n}...$..*...Oa........Y......W[......z.j..:T..5@..3.K...{....RB*..F....Eh.....CrDN..v.z.u..x...W...............Z...@..f....F.UK....I..!s...2.....J..*b8...'."V".:.........I.gw..... ......%.s....C.4.(..tC....:.2[A%.$........ >..m.._W|........P.ZC&.>a.8 j..............`..MB...\.Q..8.u ......&..5..o. *..2.<.3....l....)6.X..."....:...
<<
<<< skipped >>>
GET /static/js/ie6-warning.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:15 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:15 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a983b0b6f0761-AMS
Content-Encoding: gzip
7bf.............X_..6.......$h..-{.V.C..k.a..n{...b).P.2l.r.a.}.,...8>..3....4E..T.X.c..E?p..d.>....@@S..P.......R..U..H6...Q.......VM..|.h..p`h.j@..k......U..9CM..=..Ol[s`.?.X..GV..8j.}E(C .A.;).w...,...T6......f...A...5m.(....d..QN.....F..2!O.!.....Qks...HY..x..Z.b...G....PT.=....I.y..~.#L......=.....Hv...;...T...f...L..?T..P..t......@.....tZ.y^.Z.`..|s......||...7..H#`M..~........1.vm.7..{hR...lm".....I.5R.k......K...r...........<.5E..l...j...".H..4.v ......U..V..G..c......J.l.......?."... .>..h...n.jab..0.;....'`e.J...)......l.>....8<....e.p.....y..9...9...9...9..[Y.fF..3#R...).....zD....B.......[..R..c...U..^r.k..Fx.y..&A..r. 7S\.}...i...?1||......S....A..~Bvu...............x...@....6.......w..".zn.A.A..8( c#L..d.....4;...;<^.4....f ,.....8]...............i........{.....Q....R..f....l..R..f....l..R"!....S.m...mIk5....i...........g....:L.o.>..-r........d.{...l....'.\....8j8".Z... .Yj.f.J....;..hhT..@..$9....f...$.......Ow.]d..........}.m...<..<z....Vz.....^J..%b..y|.u.n.....F.. .w..JB.>.(s.f,.......I..{..U'..y....,..9r.g.h.K.sJ.O.)(S5m..D.M.(.W..o*N..?YEIA..J.B.z...>'}.O..J.U...e)..D`.N.....G.......a...m...._.kK}.\u..t.....,R^....l..?G.l..... <.j....@.M...1`..c...2...;.<'6........f...Ff......M.O'.ns..(c.c..5.{....I..N..'.iM.~.P~A~8...S.........9....{@.~..@..#.......O.L..m...w.....).;)].&.._....^...6....lLk.6.m&.@. ....`O.v...d. ....q#mm..p...x...@...$..\./,..3{A.,....5.... T... ......B ._..%.....6..:....S..\:*%.W5V.Z....k.]l,W...Vg..#........}7.X..U.Q..].>jUjWe.Z
<<
<<< skipped >>>
GET /static/js/home.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 14 Mar 2013 17:21:53 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a984d4e540761-AMS
Content-Encoding: gzip
5e18...............w.I.(...W.ZhK.m.{ZF....M...m3....>eUI*..4*.c..o...G.d...={.Yf.T..........l?...<.~.d..$....~...Y...%....5.....^.....P.y6..'.."8....p..?..8.......c.............$.$....`.F.<X......A6.~y.2...y.di.............dCf{ww.:\...T..WI.eW..?LRh..|.....mG..;.v0.'..E.@V.^N.|wg...O/.O...k. ...~...y..$....v.L}p..?...y2[..E2...b.-..yx. .......i...B..O....I~.....R.>^_....r......`..s(......<{.F>Z.....b6.A.o.....,_.....5....l>.N...17......x...x.6.......>.8..yh~...Xl.D..SH]..W.........x...........j.....<.N.....4...m...kJ...r.`9Y,..i<.*.....DHK.4.......E....-......7.d2.......<..2..p...*..*.;.}.E.....mE./...)..(....t}w....r...0..I.K...D....'...O..K3....fK...}A..P..vw..Q..H..7......dg1Nr..u......~.$.....5.........RR.........4.1J.Q.j.. .L.a.O.<@.(.....b..(...:..x..0(....NZ.{.`.....0...r....c..TZ.p.3.&N%.H$..[..p.L.0_ .@..i8.6*..~....;;..8..PD......]..E[5.9..ty...\.!..m..E.ZL...r>.S....i...."..E0..!=.......\..q...d..)...lXd.a.=.Yi....j...YP.NW...\.e.v$......q.2w4I..E_.t..,...fQ...t.-.....4.........*qZa...........$.....U.R^1....n`....*u..$fK.\.c.....#.h.o...$....2.k.oo_.<.A.p..6R.1..$..Y.G.8p...a2.(xX..&,-03..l.S.m...../ .4..<...:..6.g...|U.....a3.....%%..b...J!..._%...]G...&C..%.aL.. ....A......a./...$....!L.e..?....TI.%..T.....4..w.-....9:...Z.....i...<......#........T.....E..........X.?. B....b.8.B.s....2....[...;$6..@......Kh...:l.C....jf%..2..c...q... .....1L........,_8.....E.1...8..y.|....q.k....S..$.R.....k..(.L.._...u......r..,...G:VL;.....8..b?.....K....y.....c2BEq
<<
<<< skipped >>>
GET /static/css/jquery.ulightbox.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a984f0e9c0761-AMS
Content-Encoding: gzip
816.............Xio.L.. .w...J.....~.6.......eh.1.!...6.3.LFzgw..`%..............Gf..h;...$.Oc.4Ah7...d.`;).._.`..d...V..[.t.eit..j.V..........?...L...i.i.q'[;S..;l.4......X;..V.....1..q...D.D....RkjD~..|............. 7h..An.l..K.o.........Z..)..kY....................0.........Lk..X.....I.c.]..fgg...N.... .h.5.v..L-.&..C..P'...; .K.@..;....$.........../.~1_.Z..|J.....f..`,........`.......%..w3o'..B.........iV.....P..V..........sZ...!..0M .......P............8-<.....fI.*k...N}.Z.#...D. ........C...N. L.....A...Ib-|.K.CR.}.F@.....0.<...g.G;h..Gi...z>......o..4..pX.....o..khj.$...&[.....I...x...E.9.....3i._zR..{.......o]......,.....DU.<o....f.,...K...=..H.G..Xob...w:?..Lp.....!Fg....'...w...k....Vt.` .....>..~....H.3 .-L.2.....1........B.Z:8/..J?|...q..o}-....x.............I...._.....kVjDG....g*:...........rn.u.}C.."............GP...o."R.....Hof.Z.....KU.q...u........W6..0|...P.c.v...r......i..}..k/.x.f..tS.$p.n.Xw....=...U..r%....BW.4............R....nYr._.Nj0.o2.m1h.......O..H..Y......vf..Na2...hO..}.vx..I...I)....H.`Ie.p..'.._.6.b{......9...*.87*8........gsOu..H)'..@..W.......r.g...Q-.q....r....V.*.\........Q^...w/.R.........:.K.Q..f../.........9.,;`.).q..9.A.....b..7...b.#._....D. .|..@?[..M<.}....U.Xt.tQ..4z.J.(c6p.s....83.S.]....C....8. y...j..k....:.T..8...1.c......q........89.W.3.X._. .W6|..bnt.v<..K...O....J....B.bm#...&..Ey.&DI..4.QsR.DZX;...I~m2.yi....S.....wmo...g.....%d(2r....J.%..>`8.6..dh. y.............#x<.!sZ\.{N...Y.`qS4)x..#J.$..=.....>....xe..>..../z...:G.q...'2
<<
<<< skipped >>>
GET /static/image/header_gradient.jpg HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: image/jpeg
Content-Length: 6647
Connection: keep-alive
Etag: "22a8-50f9295f-8945eddba2f6146"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a984f9eb20761-AMS
......JFIF.............C..............................................!........."$".$.......C.......................................................................r....".........................................................................w.........Z.`..J..([d.F.-Y*..f..E...i..Q-.I*.U(..TP.Q(e..a..jDQ&.T.he...jK.e.e.fh.Q.....Z..K.....FV(BR.d...............,..*,.J....b..ajJ...m..J.RE.TQ...DiQ@..D.E.FZ.Q..I..DQ..K.I..D..f.Z.....e.aK.......fR.jK%.Y(*Y..................".J.......J.*.*..E$.ET..DiQDP.DQ..D........DQ....D.Q.e..DXE,Y.FT.XI..Z..jFf..:.%.&.,X.A*.d...............RU.l......X.J.*.[d.......@.E...R....E.........D...DQ..j.D.P...............%K..FVK%..D.J.%...............)E,....[-..e....*....5`.J.P...Q(....Q....D......DQ..(.D..`.Y.X.dIb.R.Y.VK.fQd.X.X.Ks...............,....B[)l.[-...[-..e...V..K(.....Q............ (.........Q....Y..*.K.d.Y,.D.f.b.b...d@...............R..-..[-..f.jj.V[.j.[..m.P.)QT..,..J......T.......DX...!a..%....D.,$.Y,.K.fHK .X.R.................RU.l.[..-.Y.j.Unm..f.m..[...i(KK.AniQU.....PT..APT..AP.....T.$T...@D..B"...d..%..d.Y, .J.%...............[-.[.V.j.]f.....WYY..e.f.i.lUA.%..f.AR..APT..i..F..APT..di...APT.........B.."....J....0.J.......@..............niE,%....lY..i-.f..f.&..nji.i.....TUAR.APT.di.i..F..di..F..di.T..Ab..PT.EAd-dT.D...-.* 3.J.2.!(*Y.....................i-.....A......i.Y..i.j..A.inVi..inF..PT..APT..i...APT..APT.B.....H..R.!..B....$X...Kb.(@,..................i-.,.KV..JTY...Y.i..i.i.eA.i.I.F.Zdi.AP[..U.iP..B.%AR......APT.AYF.."..!RK....AdKb.$X. "...@.................Pi-.
<<
<<< skipped >>>
GET /static/image/header.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: image/png
Content-Length: 56313
Connection: keep-alive
Etag: "dbf9-50f9295f-f5e52cd7af085266"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98508ecd0761-AMS
.PNG........IHDR.............Q..w....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:0180117407206811AC3EA2F6E16088A5" xmpMM:DocumentID="xmp.did:4C52D47DEF8711E099BACEFA714E110B" xmpMM:InstanceID="xmp.iid:4C52D47CEF8711E099BACEFA714E110B" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:26E1F8D7172068118A6DA26CE47F5BA4" stRef:documentID="xmp.did:0180117407206811AC3EA2F6E16088A5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...H...)IDATx......*.. .Q}9];........a.$$!..!v..fF`..._.z.....?Ty|...3...@.6...P...G(v.B/....Q............R......O.;y..qp]<S...4..?`p..t...V.6...1..a.1F.y....)./..i.<.....?y...fC..n.].....u..uM-..p:..|m......Ur...........K.;B>.,...J:;R.,...~AI.3.F...#....X..Y...C...5j_.....jH.^....[.f_k.}.!...7.e.?5..........0.J\..QeNf<....wQ..t@....t:.>.......z..DM...F..O.a...h...g..N.?..o.. A.#..#h.0....5r..?{...=(.&.{....l,O.4...m.M...2;Kd7....k.\Q.D...y....R&.I...?..t...*[..5N.......C./.M............EG.W..^..Q..Ft>):||&l
<<
<<< skipped >>>
GET /static/image/num_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 506
Connection: keep-alive
Etag: "5d0-50f9295f-f23fd084c8dd12c9"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98537f490761-AMS
.PNG........IHDR... ...'.............IDATH....J.Q.....o@D/.e~K.....$%.2.b""..f.&.u........kw..j....3.;.....~/......L&......0.-^....n....CA....V..y.m.]CA....f.....F..U......@..j..hH....@.^...._.v.].V.xD..z.J.p.Z.^....\.....m.R9....r]7..'..R.tf((@Xp .H............b.~.N..5......CEM5..q86T.T..........J......g(....xR|.....7CA...[......@..j.X,>.........z](............|.A X=.....`..j..t'.,...f..@....@..$.E.@&........%..N.c.R.......Aps1u#..,.z`6... ....2..a..|>.N...x4...... ..X,..a..PP...?S..5.;.B....IEND.B`.....
GET /static/image/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 9758
Connection: keep-alive
Etag: "29e6-50f9295f-5b599ae239950ee8"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9853ef540761-AMS
.PNG........IHDR.......Z......}.p..%.IDATx...w|UE...s..7.$@..P..X......kY...q..*...W......u... .Xw]..Wl...(b$...=.....v.)3.?...7!.........33g.3.y.g...J)....Y.D.$do........`..#.b..[*..\.p.f..._n....g......b.......%..$doQW\..A.p.....1.81..%..&.......>R.\.{..C..4.hR?Hx.....R8JkA....?Q..... .b?.....5J].wR.FA.C........s......q...Dr.Q...0Q.........Q.QpU@'ae&dO.9....}:.....&....~.,%..t.7Q....@..([7.z#f....%8.U...).../TR.........*v..9bO..P...$..R-D.P,....K#M...........b.Tj..$)x.W#.$Z'!.....}...\.%oK*..j..%..V..!..B4..._......-P..p.>.r.i.d.f`....".............].r..B.$ U..2.`[).........M....(.A.....Q..0T..g..]%..~..0B*.... O........^Q.......*......M..E.A..JE..$i...KK">..a.lPy.{..Q..H4MBv=..eJ.K6..T.". ....^7...}......#.R[... ....Z...@..F.J....- ....*.d#6w.......1VW..h...........`K..hZ.b/.G.......h......)E..L......WqLL..a5...{....U.......... ..c...@B...@.......F..%.q.. .P..{....]..42F..."Z..1.8.ON.i...A.D)u.B..`.....R..2.b[.{.X..*.G...L....)=..(U.....4... .b....(.E..)._9J.i.5.......KQ)"R4RN........K..D.$....i}7.'.....d...X"...S.^.p..]..g.%p.....$...e).-E.Qb....H.&.&!...1.:...(j.Q.(..POG.......,x .S.p.B*...{...."h ......I..RWb.R!zJE...(.b...B*.....Dus.X.na...s...1....j.....h..t.....w.p..~uQ....H.!..4..v.LK..$jT...4?.,...Y..._J.....S.....=}....=..x....!.Z..^&w.h..f.0\8..S.EjG....2..O.L.5....w..bT..F...}~........(.|....>.SM..VI......Vf..$..r..}.O/...> '....s(3...,...DC3t.~.v....|........!..Q.,N4KBv....(.n.{O../e......#..5.l.~....K.. ........L...1..........@..|...D.$d.0y<y..3.>............v..6J.WF...... .
<<
<<< skipped >>>
GET /static/image/shrink_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 849
Connection: keep-alive
Etag: "6e9-50f9295f-fe86a040a88ccd38"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9854df740761-AMS
.PNG........IHDR..............hE.....IDATx....j\U...s..$t2!Xmb...B......u.s...[->E.A.r.......B.KM!.......\D&.d.$..p...*..9....../wN.......p.....I.....m.].k...|......g......^.gk.....xo...._.F'y..........~....bw........?._......<.......5.....PW.~||.4M....RZ__......m[....(.....aJ).H9.^..@.....w.9EjSJM.4Mc_..:.....B...N....Py..G....t....5z.....Pw.G...@'.......F.$..;.T.....{2..:..)....Py...;.t.F..;.t....@.j....f...D..}t..;.O..u...kt'..@'...3....=.0...'z8a..:Q....@..=93... ..I.....R...@...........Yw..=.u....5z..n.@..0.....u............RL'<.PW..R.u...........r....@u........a)..bG.."....p..............{...mU..PG].QJ.....{....j.|.._..>.....S...uiW....y...R.v....?i.......ms...Mr....3]..s.5/5.........I...7.Z.R.?Kk)MO...G.0u..V..[~Y....q..E...'.W....*.3..Uv... ...h..4.q#e..g..r.-1.......S..!b..Q.... ...2..b.B1..l.Q.%.w6.x4:zR.......>........IEND.B`.....
GET /static/image/shrink_button_icon.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 1101
Connection: keep-alive
Etag: "83e-51891205-dacf17616870751b"
Last-Modified: Tue, 07 May 2013 14:39:01 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98552f820761-AMS
.PNG........IHDR.............r.......IDATH...ML.i........k....j....n[mT...ZZ....R...].Bwew...d..^LL...=z2......1...x.j..5..q..l.$?.w....~<.39r.<.....Jp_....;sC.P(.A...0...{.D.....(((h.....H5....V.'...($o 3.V....I........q..P'..-....(...z........(|...@.A...a.B<...I....e..O......0,........f.k.e..B.^..0...mY.!.T...I.2sK.hkk...e2...>.R....k.:K.R.&.MB0S.h4.......hwE..0.E.........(.....Z^^~c.f...v....{^...Z......B.T.R..a&.......s.\....~..9pvv.....#..2..@MM......iBP.}".y!...........e2..@.V.#....j{&&&.............S.T....a.\...r....v........../........@~.......g.......{{{.nll..........P.....gff.$..J.#...4B.!.j..d....C E..[i.....=.c ................d..b..`..1I..#.A...A...............(H........&g.{vii...?d.... .......z...b$!....c$..........o...n:..ql.p.onn.ip..........3..]...d{8..-,,..&..L....P...\.A...v.V.....EhC.....pI....W4..4IrKKK..........B.Of"!t.....r.w.R....K........@ 0@..$..l..a.RU......O....Az>....D.A..!.b;.C.......C..loo...!.<.. .Q_..v..........._.....N;.sssD.........82:n.ZY.i_mm...B.....f.,.Cv.....4..>....E.V`.XfggG..$..m... H}..<??O...=..%..J....Y\\..d...J.F........1..-;*....IEND.B`.....
<<
<<< skipped >>>
GET /static/image/button_join_now_tick.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 730
Connection: keep-alive
Etag: "69b-517a684d-ee8d60c7a120e32e"
Last-Modified: Fri, 26 Apr 2013 11:43:09 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98560f9c0761-AMS
.PNG........IHDR.............5.7.....IDATH...Mk.A....j%."...B......V..#.....IkjHLjcL....z..Q.A.G...... ..GQA..;2..U.....|...8.D&.I.e4....7A.8&m.uJ..J.T~W(.a.\.G..Z%......#.J........]..... 4F.!p..j.... r.,![..kp.p..PX.8....H.....M.E..d........P...."..j.W.7pN.r...p8<.j...D....p....]...e..... ..O.h..<..D... 8.*\.e..x<......@,Qb.Ql./<.....;..........q....\ X.>.d..o..D..#._1!........`.>J.H..L&.V.%......,....1...vR.~...e......&.........R.'..........!...6...8.& 8.N....8@.....|>.A.i.`,i6.aA.>.p.d;By@$..A...........}.'.K.....%......#.....\..8,..J%F..B...A.s}zwww9C4.r..1w{......../..?...l.....-..j..KpO"../..)....@b/.....h)....V......c|Ob0......!...*z.n.S>...*...........%T...v..L..b..V....._...O.W.. 5........$....M.DG......IEND.B`.....
GET /static/image/fb_f.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 572
Connection: keep-alive
Etag: "5d5-51839c86-dfeef352323b48a9"
Last-Modified: Fri, 03 May 2013 11:16:22 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98568fad0761-AMS
.PNG........IHDR.......!......>......IDATH.c...?.51..=..1..e..@..I*.....I.."[..eM.3 .{.....=....s.s*... ;Q.2.tX2.....~......c...~...~T....vS....$.................4h...u.?!......mG.0.}....Wp...7$...%.@.>..1.A.........v...........7..|.2....|..P..?...v......0..u....F..B$.x..#..W.z.1P....o6.A..[7M.....E[.....3f.{.....c.....?w../...o.k..s....^...r.A1...>~.$..?.FR.^.......`.....z...1...W..d..SO~..C.Y.]...[........c.p....../....._......#*D'.#g.a...s...\......a..../ ..k17........]F...r....\~1j.....X*...=.....x.a.. ..p..{?n..........}......'.y..*.%.....@.-.!..%d.....IEND.B`.....
GET /static/image/arrow.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 523
Connection: keep-alive
Etag: "5e4-50f9295f-ad2107aed9966ef3"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9856efba0761-AMS
.PNG........IHDR...............,.....IDAT8.... .q....kX...... ...e.8l..G...$..P8PX6.y_.%......Q.;..z.[$...~.g...;l}.M..~.M.....`@q..V........>..|J.Q....7Y..B..V. .`..U....m....Vy.../$.1.8}.ipa[...6. .O0{p......@..:.%(s..h.........'.9......J..xIH..2.!P.H......'...I....r...@......m.!.}.&@u.H...-#...T<AKM.X.y.w.....$H....s]...kfuz=x.......z.6..O.5Mnzz..L. .{.kW...-../.TTQ.'..u8...\......WD.Z&x|fj-..vu.........Q.N.Y.fs.3.K.y.......c...Pjrna{....~...9#.....a.H..].....i(...(.M.j.ILk.q.R.....:P\.."Q...Z./....*.b^....IEND.B`.....
GET /static/image/language_flags.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 2938
Connection: keep-alive
Etag: "c02-533ef450-7c77c8bf1820113f"
Last-Modified: Fri, 04 Apr 2014 18:05:04 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9857bfd40761-AMS
.PNG........IHDR....................AIDATx...{..U..?}..GB..L..."N..H.......% .W..D1...........Ve#.....By.*)..|UB@-...>.......!..a2....y....=....G.....N..s..=...S..._...x..2......!............_......Y..=`j.dpr'....E......s...Nn..%<u c.....q....u....,...........r.._B~........*....w.......S7..W..,Q.<..`2...wX..{.....Vn...|.Qj../....3....l.. ^....4S.d..p.9...!V.i;.<.C....Q.^f>..Dd.....^.g{.%2..*......`...L.Z...$.)P.(.i....>..I.G,Xw.....m...sN..b...O."p.N...O.....<............SD..s.'...2q.N...Y......I...ba..o=....<|..D.>.;1.&......=..9...e?.../.....W.w"7..<..s......[.....|.w.#.9...AY..}r..!q6....r.5...o.Z...k..."...N.8v.~........O....|.....7.n...^.U"../9j..GEP.T.....A#.u...j=....s....9..DQ.....S......;>.....E..(.."..>\.zs.E...^..@P..N.........(.9.....VA;z..-..e...=..Z...Z.....=..T.TZ.......'d...DQ...iR|T...mJ.:...g.{..d.D..z.H....F.K.mY...;.u.k=e....s.N.......,.X.1..8.....s.....F....d.k=.z.....(@.B..U`4XWX...3wV...am..D.5H.(..............!..k....>..55.HD.Z..1...|.P....."..*..H.]|......{.it2a<.......?.`dY.....61q..1..9...c,^.2g..`...;o.Q...~..kL~.Ak.IRb.PJ.$.J).8F%..^..`..`....`.5..|..."....h..&)......Y.]@.#&..Xdr.....R..I.KS.c.3Hc0.....@.....'.:..Y..5KC.!......-.,..-..f:..'.0I`..".fN..k...C...a...8.=.f..0..l...y].......8mI....?.~.|...K%..O^....;...J...c#....Y....^.W.Zt(Z..C4p3.. .`.`.`..<...V..........\...*>..*..."8..._F.. ......Dg.]H~d3.......F4.A.......x.._@.......-|.m i......C#..@.d..gx.6Y.1...,.t.^..2...]....%W$.....(..]t.=\RRg,H.L..4p ...I.l.......2..3..[ .B..L`."
<<
<<< skipped >>>
GET /static/image/language_arrows.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 141
Connection: keep-alive
Etag: "3f8-50f9295f-d0babe0c0e84ba40"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98588ffc0761-AMS
.PNG........IHDR.......F......].....TIDATH.c...?.>.8.`.).....bU.7#.D.....&.80E.|..0A..)Fq..I.q1.`T.......%..2..Rn4.F.....bS..5.......IEND.B`.....
GET /static/image/safe.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 1258
Connection: keep-alive
Etag: "885-50f9295f-251a6c81a43d1c3e"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9859200e0761-AMS
.PNG........IHDR...-...-......xu.....IDATX....o.V......:\..5I.{.....q.jx4m...Ic....{.E.e.'U..#.". .|.^.{..#T....'..?._......h4.......V .:%>$..y......_.."i.|((...*..P.W....pn..DK.CA.f.....U.y.L.i.T.%F..............i.BHc..iq]ed4.78...#3.M.!....p?t...:M..-i....qZ.Ym*.X).{M.&"....'../.n...Z[.x.8..j.#K.;.....x..jSf...j..o.M.....)[........|Z....j....O..*...A..?....'.).(..4....>....k..Ze.G'd.5V.T7.U.LC.vww.....T`..~o..-<.y}..3...B.t...O.M....x..h....e.....O t..*..(.Y.C{.......%c...T.5^.2h....,[.....a...b.......`....:...=..5.o.|4x....Hf... .;'..q....WN.-.E.i.Q....J.D..@.*#..Ro..4'....FY."..xKf..)te4..O...jL.b.y...K..>0.......S.:...XV.q.ck....{..B......|`.Qb......Mq.z.Co.....K.!s...F....jGy...p...> .Y...>|.B..9E.%.P,..3.;.;..qz~.;<y.....c,..'lK...Y..G....jin.!......../.F.q..C.Bu". ..5[.....w....-.>^]u.v...,H..Y..T..L...2T l.F....r......3.S........db ..yl..IC...}..c....K...(..Eq...5D[./......y1..dP.2......."..t......,.........D.2$U,...@.e.Y........CDwc^..........Vt'$..n9Q...L/IK....K6...d.r.nD.....u.......?.Q..LC..c.}X....q_..!.l..2.AK./&........wM..#......5.~..K...oX~B.....I.......5....\B.`..[$.n...R.7....@...z..6....p....h.w1h.|.^.u.S.......6.......}$Qg'...8....F..(.......o..6/....,..wf...K..Z.E.........l.>.......................gkr1.....IEND.B`.....
<<
<<< skipped >>>
GET /static/image/ads.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 1058
Connection: keep-alive
Etag: "7b5-50f9295f-26c22340ee87da5b"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9859801d0761-AMS
.PNG........IHDR...-...-......xu.....IDATX..X.n%5.....Bw....C. ..l`...........D...(..f....X ~(.....pw..v.r.!..nl.}....*..........HU?..]........s~......].j......-..f.e..MC............[..d...l.v48....1=...........:..kpj..U....,..UU].?...w@.................$....-^...}.`..fY..L..7?.@.d..~...G.....(n.9.9....!..(6..1..E$...0.....H...._~.cy..S.....``*0yQx......v...1Y.P.?U..K..X.(Wm....3...v.9?.4.3RU.z.......D..Qo..ly"...).vl...gA]'.W........x.......P?.|..7.&.y....S.G"..jQUu..8.............U.1......c.G.r......C./......y..c..U....[.C.Db.....4[D...W...} Y^... bc._7"YQ...P..!_....<o.[B.1&.X.. @..&ik.l.O.03.[...`SE.9.....HD.Z.[...nJ....^.{6..........K.8..o...B{.WUeR..9k:...%oID...Lhp..?{...W..g.X...L...?.H?..b...%~d.....KK.x..pQn:.s../......H.........IX..VK.y.2?p.....d.R^.....c.....A..{.s..Q{f...F..uqi...Z.........}...Q..N...=.=.T.}...-.w.....X......]...G..E<w.R|.N.L........O.....?q.:.c.s\..6z.W#....n6C}\.............<..z..?..)..S\......1&2"..1..A]. .lG:.....`,.....[...c..E\......j..Q$...qH.'....)H....E....q%....p#.\{}Y.[..O......7...Lf....e.....IEND.B`.....
GET /static/image/lmp.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 1455
Connection: keep-alive
Etag: "9da-50f9295f-d240a8a38f08f263"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a985b705f0761-AMS
.PNG........IHDR...-...-......xu....vIDATX....w.Z.....k..]wUmK)..y...<U........:SP..G..1..of}.p..;..s..<.6.....[...x....O......l..|..=..q{{G..l.y.L7......G...N..EZ.0.'..;<........7......w3....8...."...-.....v...e..... .{'S.SR...........K0.........M7..x.Vue.....(.HIhAo20D ..(.K...4G0.v{u.C..IN........O....3(..."(...$.=G.;{...7.qs..F^.`./UB1.....T.Sp.....Op...d.03O.=3..L._...t........:\......l.u8..rX.A."...1x....x.$.....bl&D..L..c.J..-.A..(..R.\.F.IZ.t|25...b./C...G.r\......x.`.......|.=~1.r....8?O0$. .#'....\].m..F.."hi..Q....d....p....J...U.^.eyu..j.......`....,-(.f......c$..h...{Xh.. .......Vm....y.B..#]z...%......V.X.Y."..H&..#....%\^]..&W.p.5.. .."P..Ru4....p.gd...q.T;]X..?...~......B=.4............-..H....z.yyyU.. .........9.w8......r......n.....V.....-._-.....e#.....}0.. h..v.G&..H.d$..u...u}>....,..JfgZ(..3l|"......V...&.....8I.. .y..oo%.A...D!%8..9:.C.$.%R..L.....l\\a...{...{P....2 L.%.>r\]_......8....V.5.....3E.P]uhL.....@.T .#%.b%.X..99..........J.G.T.....l.1N.........C..?`.&....4[w.....;..b.p.&(FW.....z.Y.u....j..<.qx....1 .......$..r3.)...t....(.f@..(.N......-h..&..3}....d.)Z....;....n...n.p.9d.I$.....\../.]Y.:<:.(m>.....Y..A.A..I.......O......J.!.Y. .....X.V..\._...#9R....... ...r\\^..l.....tey.....Y]..........N:H..YI.p`n.V..qp!.x.Z......8/.8......&n.$........6W....P..g..:.LH....T....0C.. A...........9.Rp...Cz.._<l...ja.......7X..._.#..~N.I*xI.f_..?.Q'.....60.l.w S|.....(T.....*>..r!...7k;(..|...1..?jx=...y.....IEND.B`.....
<<
<<< skipped >>>
GET /static/image/stats.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 1707
Connection: keep-alive
Etag: "a5b-50f9295f-9d0ba04bcf09b269"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a985bd06d0761-AMS
.PNG........IHDR...-...-......xu....rIDATX..X.W.K...?....D..-l....K[...b.(.D.....(b..M.|''.w.|......o..89-WV.|I3-YO.K.....~........?....]......3.._3..f.....u.(^..L ...r.?........Kqrum}tB#.X[...G.......P..a.Q.......].DX....;.....o.....;.-.<<<...B@0"....0.'. -.br..J.U.bV.....!...(;.......Z[.....S*..M_|.l...e...../..=..............n...y".....0#.F...H....)...o>."..}~q9*..o..Q....<l.3...sy5..C. .u..3..4....h.Z!...PA....F...-..........d.!.. ../...6...\..'.......%h..y.S..w..../.C...#[(..IX..QV..8L....%..e..Iw.....<.Eg..\.Q..F..Jz.G8&.8..0B.\]{....~..r*.k#.~.....R..F..U........x....W.......I.......#.5.^.E.B....F@.D..(A......<..<.\Z............o8..c)....%Wj.ww-L..x8m..x`...].c..S............T...?.^.8X..".O..{<H..Uc.1..Z5.m.......X..zyu........8X=a..#[....nnn.$....d....G.Y.x...jf......{...*WV.$......<i.....H..\.[;HuF6'....].eJ........8mv.....=. .A.t...nr`\]..QB....G.SY%1.....@].).../b..T..3>>==.......E.-.... 4$8.9..w..S.....=..Q*.Vn{.....?ono...A....(#:.J?9^.A3E=..."#.y59.`I<iwo.........A.7...k....0.D...W"..Y.....b...tj....xB$2..9..j..G99.J........B...j.]..5...4<8j..1h.4...r..[... h)lNl.J.J...#y..yv1:.QM`....Wy....d.uP....j.M.....S|.sZ...>$...t...........V..(n...r.*....7.......N..J..j...z...T. P...S.)Jq...W'S2..^.......3.F..|... 6&h.E....Ej.~'....".... ........dP.f....U.....c\*h.i^...}..R.".h....=hj.1..t....8....;..?j............dv*..6N..O......P....._^]..>.; W.5z*7.hI..'....b...2.$Pc..;........[..M.z.FwC.R......4/. .\.y....v?W[...r.........(V..7.TD........A.mq..S.t~Z.[Y..x
<<
<<< skipped >>>
GET /static/image/api.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 1068
Connection: keep-alive
Etag: "849-50f9295f-80af35f2c784138b"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a985c40820761-AMS
.PNG........IHDR...-...-......xu.....IDATX...iW"G....9......wz....A......w.=...8......p.eD.<9I.........U..z..A.....Z)..l'._.........?mb.{.~?...O_.?..?.H0..Oz...D.rN...\.Fl.....`}.@0r.U.`d?-y..i...t....?*..F..(..C.R8.%....N`.......)Y.[ww..Q...^*...`s{..?.U#>..B.J.:-..@k.U<..v......e=6.!>yC.%><5..5.M.n.x.L.W)Q.%...'.!r.....u..[......;...T..[;.h.e=.*..#.... #S...D.[G~...O..H.Q....G(1.l.*..^..(..~........'..u..G...AR1.V.....K.a...d...~ ym6.~......*3..k.>....q2 ..bu....=Dke..h]...'PB4.#.X..L.&9...f.Z....r.....[Z...E..-......XH......U.u.@...Sb.jw.#.!Z1..........I...:.V...G4.Ex5.H/..`e..........udQ...........DG..=f...)....@|.C..q..7....m"..6.H..N6 ...:./..S.fb<H..s3/...G'..TLw........9.D....W.....=...^.....W.n6.X..K...Nf._.........Q\.f.....b.x.t..>@.#j...DP...!i..d....f&>BG.6..6......!.ql.m E{VO.S.m.)j&Aq..oCG..>......j%`.t.]Q ~..Q..x|..1.).p.D-.Jd.d..X`.t...^o.3/.%.......Dz........3;.....E*W....<.....8s.?.>8..v...v.9.|..h..@..u....A#..........Zw......,v../...[>x.w.k4n3. n&....-......S|&Ie....._...?...V.@$..%....k....3.d...C.......u..:F..."...?..$....IEND.B`.....
GET /static/image/scripts.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 1819
Connection: keep-alive
Etag: "bb6-50f9295f-3f7d24abdabfe18"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a985d30a90761-AMS
.PNG........IHDR...-...-......xu.....IDATX....[.H......v...$@........7.. bm..*jkmE...}qX.....~.y..'$g......I<?...O.7...K ..V.........|.v...U(..[._....x&..U...........Z...7ne..~{2D..~..'>.....T}3..../........b.{.._zC;{.O.h.../P....p. Dz.......\..BB.....i...G.GA...o.=AM.8.....G.........(W..@...-.. .z..r..|.>'D..Z...._/{=%..."..).{r:.c.......cP.W..l....b}..E........P.df..Z..G..[...F{k.!w.....NDEdF.....K!..2.A6.@..W.V............f\..\Pl4,.D..b.........o..H.4. .K.!....J33$..F..<.c.7$.Z.w.P...)&.H.QX..K$.)./.4..r\.3.s..%.1R..w..G...K.Dz.wAA.(Vf..XT$.....b............o..r#.........;...3N.O......v$.. xw\.s..r8..$.N...L|!.J.\....... '`.`..?.../.=........yJ.....C.. .`l<!R.~$F.X....n...V....).....M.a...........9.i9!<Jf... F.........C...R..../...c.b..x59Sp.P..,P...6r.:......t.[..`P.5PM....k..9........y.".[..L.....pdfJ.j..5]...q*E......*..k.N*[...}........~.:.....J].L)f9%.I.W..-......sB....e.L....=.."O...H#..m...W....B..i.f. uI..F.)1f.E-.......8.Gp........Sh.i.....p.....B<.......V.d........`7f..OO;.z.....`D....\[S...H;%.)6..\.y..........{.8..P.4.4..8.1be....q..s.6.0..-.f.0.........njf.)b..dD...f..n....].]z.....#..%qr..Y....#.@.?.......)F.E..q...\.ry.{.. B.$.L...},4,.qF..TW.'....KT7....r.Za^ax.......f......O...Z""..g...Ro..M.6........l6.t.".8./.n.|~.q.xY........[,.D.u.v.Ux..9.|w.8.L.......Fg.G.\.. n......h......V....<...3..%.Z.r...}.9.....v!....... P*..nf...\....{/.d.9..Kj....p.k.4..|..z...d.....j..(.B..p... .^....*.......I..-kIIKp..AYkn...""\#.?...C.....PY..}....ux......I.....a&...O......43E...[...7.
<<
<<< skipped >>>
GET /static/image/quote_top_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 195
Connection: keep-alive
Etag: "476-50f9295f-7c967d47eb356288"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a985d90bd0761-AMS
.PNG........IHDR.............2.I.....IDAT....... ......7...aA....5.....s.....5..c...*Xk.u......\;.Dd.w.u).N ........1.....,..Z.7..:'..d.&W...."pG5.d...b.K . .a'..h.7A.Zna....Y...7*/.....IEND.B`.....
GET /static/image/blockquote_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:20 GMT
Content-Type: image/png
Content-Length: 311
Connection: keep-alive
Etag: "4cc-50f9295f-2e1383c751194f05"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:20 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a985df0ce0761-AMS
.PNG........IHDR................;....IDAT8..U...0...).*.).).N......?...W]'%.(J.L.,M..{.c.......{Cpp..5.E..rCEl......z...`..SY.W......pN..5.Jx..w....7.........5\.l....;..4...%....4{.../.........W..j.....^E=..A.E.@.P..@.=1..... .. ......E...(N.'...8.........c..;HC.WE2.,..Z.@.v..t....'.hD..W..F..:p.g|....IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:20 GMT..Content-Type: image/png..Content-Length: 311..Connection: keep-alive..Etag: "4cc-50f9295f-2e1383c751194f05"..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:20 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a985df0ce0761-AMS...PNG........IHDR................;....IDAT8..U...0...).*.).).N......?...W]'%.(J.L.,M..{.c.......{Cpp..5.E..rCEl......z...`..SY.W......pN..5.Jx..w....7.........5\.l....;..4...%....4{.../.........W..j.....^E=..A.E.@.P..@.=1..... .. ......E...(N.'...8.........c..;HC.WE2.,..Z.@.v..t....'.hD..W..F..:p.g|....IEND.B`.....
GET /static/image/footer_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:23 GMT
Content-Type: image/png
Content-Length: 85
Connection: keep-alive
Etag: "3f4-50f9295f-b0859217d11bcf11"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:23 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a986d83070761-AMS
.PNG........IHDR.......K.....>.z.....IDAT..c...e...d..s....zX.b....'.%k......IEND.B`.....
GET /static/image/footer_home_ll_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:23 GMT
Content-Type: image/png
Content-Length: 129
Connection: keep-alive
Etag: "41d-50f9295f-95da00cc70972737"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:23 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a986de3100761-AMS
.PNG........IHDR.......3........x...HIDAT..e....0...t.R. ......!..:.~I...u;....1.4....8.Y.n#S...v.n..../S}.Y.0lB.Ga......IEND.B`.....
GET /static/image/ft_payoneer.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:23 GMT
Content-Type: image/png
Content-Length: 1634
Connection: keep-alive
Etag: "68a-5131339a-1396711c46a71c6b"
Last-Modified: Fri, 01 Mar 2013 23:02:50 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:23 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a986e43260761-AMS
.PNG........IHDR...Q.........3.......PLTE...lmm..%.........yzz........c~~~..................ijjPQQ...uvv................u.^__.|...........~...I.........[\\..N...bcc........z..v.y..x...................rss........-..#eff........x......Z[[.....E....}..|..z....RSSaaa........._``WXX]^^...abb\]]...............VWW.....................TUU...deeUVV.........XYY.........ghh........................stt.....................YZZ...opp...........................cdd...............fgg..x..................{||...kll...................}..................h...................................~..............................................................x.....`..............(................................e................{.........8..<..=.................................noo..r............{.............C.s............g...!.m.....IDATH.c..6`.r...H.{^k.=..D....f#8<.~*....:.....L..l...2....'._..D.5W#. .............F)...=o.........Lpd..h8...]= ..*.(]i& ..%M...N..r. s..../#.....G.O.M........nv...u.w....6P$ 4.....e]....".]..n.:...i.uw.N..MY.........T.YP.......".....v?-ww.t..G......|x...|.c..V..l....O......Y..}.C.......r..[....c5Q.O2J^PU...J..O....-.z:..#L...V..:H.q.q5u'....Q..~&..C8._.A?.F........5A,.....s.........2..(....0....,...}I[..;tN..... wDU.S".p.4...w...%.... (.=f...^wC.rww......8......T..4.O..J.n......3.....TxF...Di.X..z.k..s<2.b.Z^......8f......7....z.........A.> ..........c.vkNT..d.#]AAq,..!;.T..9dsL.....q..#.2;0...,.f..-.!..F.....n,.7!5....#).]Th..7O.....i_iVwGii_U....H.&.N.....11......eO'...ww.....M2qO...v..`...u..d
<<
<<< skipped >>>
GET /static/image/button_join_tick.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: image/png
Content-Length: 725
Connection: keep-alive
Etag: "6b7-51839c86-346dea2d3e41ae48"
Last-Modified: Fri, 03 May 2013 11:16:22 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:30 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9898a91d0761-AMS
.PNG........IHDR.............F.......IDAT8...Oh.a.._u%^T.).%..y..#.V.....Pv.$<....o8.....U[..@.z...B...p..*$x.%"C.s.........9....y~.>...>...`.N..p...S....V..^.!......[....Xs....^....L.......R.0..x.Z..."o..kh\.s@......a-{.{.....y .....G.3.....XUdR?Y2..R(.~(..................:...|..f..p.W.g1.....9..'.R.|xx..........K.Z....% ...l...\.....f..ZYY..uH.c..].....,.j....].2.L.s5......\....yy...t....7uw..../6'..M.].W.R.T....###.........~.U...v..V.u. ...*.N...F .....?!]....y......5.....%.Z./..u......@.]<....q.AY[.;.....Y..[...u..M...ByllL..}......z}...|_,.k.(~.:.kw.......lL.y<...].9A.>...K....1....\._..?.T..).....W:.eu`a...>==./..O....;...v.U)..J..LLL.X,...c....n..K.........[[[wc..=.9c.)5._...........G._..#.`..J..s....IEND.B`.....
GET /ga.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 12:44:45 GMT
Expires: Sun, 03 Aug 2014 00:44:45 GMT
Last-Modified: Tue, 17 Jun 2014 01:05:58 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15810
Age: 2379
Cache-Control: public, max-age=43200
Alternate-Protocol: 80:quic
...........}kW.:..w~....c...pk..f..-mii..%...e9..q.........$[NB.s.Y.........h43v..Pd.d.z..|..y ."........(..a.B........1..Tf..K.L2....~...ep...&y....MS...t9.....&..2... .Q.N.(o....8..q..L.!...a..0...$.pX..N&..a. ..zB:l.8c9.p.....;l..x.$c.]BP\.....B...&..*pz.H.~......g...Ap..!....K......V;l.H.....V.a.....s.$p....5.39...a.a7P'9.b.[H>N.$..A..... ..^..;h.h...2l_......w9..d.@.`...N.....|....%.d.%........{.....&.A.I..:....F.;..c..{P*..~..JzP.Kl...F..y.U8(&.......}.BH@..ZC...Ty. u.Y...!..R.h.F..`./>5...*{P..(..:A.}..v.} ..u...k......w\..d....he.q..U.u..yE..J.Re.....Y.2!.J.a..i^R....p..LG4.d.6U..........E..%..5.kz<....[..!2o.tV.V.....|..p7o..?N&..].o>.|...../..a.\...vL3].._....q.....C.].JG..\.[9...hp....w.Y^1..>..`..Q..!w0.U..}x.;^.......w.I................R..aQ2R..<..%....A%|.E...j...L..j..\.\.D.<.g....^Y)...L.*D........2....-..%F.T..j..,F...C.....m_.$..2..2.g...B.{.....\c......*5..c..J.{@...Q.....j..........E..Z...#>.....>...g{...t.....i1..Yk..@m..v.Cf..)..7.....(.......$\.S.......>......a..r..N. ........o;>...A..>...U...J'.....X....B.q..E....()..3. .... A".uss.;.......W.....k-..zF.\`Qp?........\d..a..A.1....5......Z.H...M"tf.GM. .X[.YU...T.._.lH......n@=1.5N....?Z...V>&."..Q$.....&.sS..Kq....].UySz=..3..$."....".'.Iar\Y.WVt\....;k..h._.O..b...2....G=H9@...v0l)2!..xD7...T..Di.v.RC`.m.8.\....J....h..uss.....p..)..O3.W....5....k...y.`^ ....&1..f"..D.w.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m.^..fM....>..>d..Q..!....P1......7L...[.........;.>_W.
<<
<<< skipped >>>
GET /__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 31 Jul 2014 18:28:18 GMT
Server: Golfe2
Content-Length: 35
Age: 154571
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 31 Jul 2014 18:28:18 GMT..Server: Golfe2..Content-Length: 35..Age: 154571..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic..GIF89a.............,...........D..;..
GET /static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: image/png
Content-Length: 2631
Connection: keep-alive
Etag: "eb2-50f9295f-b7350d95446e43db"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:30 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a989a09410761-AMS
.PNG........IHDR.......d.....p..}....IDATx....v....a^N.j.jzns...].N...$...1.......26E....Ak8~.<.h......Hr....k....V....(........(............P........P.........:........:...t..@A....t..@A.......(........(...\}A...?..`.(...P.........)..o.........i.....B.M...N...sz../$..uL........wu.......gh<VN...{..'V....k.Z..{S.W..._V... s..y*......H.y..TrL....s.m,....}....yd.F.L..:u. ....e?..f.....u...J)n....Q.........:..(U..1...u....@A....Q....Q.F...6.v..9......|O........s...XK.G...k...q...;.9k.....9...Mnn{c..on.........*..9...>I.p.y...R.(..-...Y?R.Nj.............n..s.....cJ..f....i.;.9..q..ol.........U"oR...q.u...|....D...3g>j........_........J..}.Y....o.s.9.:Gnu...f...`....9P.K~...h(...\uA.v'.....=....S...9m..K...x.k.9...z.>G....X|..J..9.b.......Rq.........rs<.n....; .J.Z{?6_5............]..7r...5O.~..........k-..N.G...Y.......:({....u.-d..`5(...\GAo..B...bm.m.....>.mw...6.\.~c.5B.wb.Sq...$....z.X....;qMSsU........vMF.....3..].u5GRc......MF>..]..&.>..i.o2.m......g.z.(.K.A#....;.Y.g......z~[...................P...@....N..........u.........gl\......973...]#...C.sC......P....ul.1......1..9&%..3..=...I..v.Z..gO.s..z....f.Y3O....F~6B-.f..Zw<gKN}S.o...yR.'.........l....-...gC....{....e,<.{o... G.\iA.s*B......z-..}A.../........h...u<......>...........I....b..]<.....Wa.C..?..9~..`.<.|px:........^.9@.O.C...? .z...C........V...X.O?4.3...=..../........at.......y.. .?..pr.M ...ZL.........>M....Y`_R..\..O.Q......'.......|..........{._?.....p...m..<._~...S..>m........o....[.dV.....v..
<<
<<< skipped >>>
GET /static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: image/png
Content-Length: 90
Connection: keep-alive
Etag: "5a-50f9295f-a1f214bb4b677d67"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:30 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a989a99560761-AMS
.PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D....".........IEND.B`.....
GET /static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: image/png
Content-Length: 4197
Connection: keep-alive
Etag: "1111-50f9295f-f87e057d046f03d1"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:30 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a989ae95f0761-AMS
.PNG........IHDR..............IJ.....PLTE....................................................................................................................................................................................................................................................NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...|.......(..$......b...l..F>n~.hh.H.....IDATx..].{...>.!.P1EZ.....dv.%Y...Z5YR.......?...D....H.e...'..$.{y....M.....PP.\..9..7O!....(l..M,....[/.(..)..`...@...G...@..%.c..7h. o. ..V;d.j.[.@.. .......X./.n...l7Q.`.B.o...@.vo.nR..0h....1 d....nz..]h..@r.........n...a?HY........2.Wk......n]aG.,.....f....$.*.<.4....nq...QQ..)...@.]:..`........*.g,}p....u..T...[8|.g............6w.7z>nV.;..*.......&...!....(.}.y;|e....p...w=!D.Un=.1...A\....... \.....e..@0..E.u....Tpq5.......s.q.....i!.q..a.....z.>..C.py...u .B". 8.."]x...5...&........ 6...........t.....H..5`....<Vh. '.8..W.....\......;.[.@$...H...=Evk...U....p.........y..B..0x4.. .vD....Z...Rwt...y8l...E....yf..bq.........`..."..B.. ........^..W({...@..8.Ltq.V.#..H>@.......;.....G.........>...vH$$$$$$....V.....g..U......kW...<.s..........*8.F.|s.]..a..:... u..[....A~...l.H~.....p.3..jZa.. ........7}.(D.g..u...:..E8/..)P...'B.....f;!B.1."@v...w....8.`..w.....$.G.V...cb43:*...G..M@..C8..................@h.Jz....>-.8.YL.KGW..iMoO...t.VO..f....i...N`....j......\C........f.Gb9..sq.E..i....v.@....`......`....... .....K..j=4<..^.2:....1.N...Y08.8.|s.@p.X.......>@.~.....:.'$$$$./d...~..<....j].`P...".
<<
<<< skipped >>>
GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT
Date: Thu, 31 Jul 2014 18:45:02 GMT
Expires: Fri, 31 Jul 2015 18:45:02 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33186
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 153546
Alternate-Protocol: 80:quic
.............~.F....?......!J......7.......Y...h....w.T*.".Y.Y...|.D.. (g..;.....b=q.8......?.....w.....>.......g{s.....2...........e. WK?VI.h....~.<n...fy6.....e.z...8.{.U......(.. .e.8....V...}.[..|../.......j-.~'...Q.....%Q.KV...Ec....q.{...x........*..^...^Vn........&_...~.....o.Z..~..^....{?.S..&.w.W.|A...r......t.../V.,.Dt.Pf...&yYLv.U......r.Q}.^']...*W.:H.........~_=.r..s.^..T..=l.]..)Vj.......^.ys...x...C_.h..&............`.^b<.^:_m1'Y....c.....e..1Oo....q...q.x......o...........?..q:..;.>.whu.....=.... . P..i...I..E.!..f.&v(.......m...r...w~.SW.......6p>...........,.........Lsj...L7..j.......y..'.F..h44..SY.V.......i.mw...4Yi.H{'.._..].9?...}..Jn................5Q%m.y.,v.5U.(.^..\-.R...?^m."...7e..vy...b...L..%....]..f...l5>...nw.rYx..|8..V.......0F..|4....<.q....d.(~...h....p.......q1.......y..ZF.p1..;.^..W.Y...(.....<x.F...iI.t..n..p.-......w.p:..I.\.:x\...H..T.j...../i..h....3....Y..w.......5...:..n.....U...]B..`.ZQ..nE}.....L..`..A..W....C.\'......e^./.j\[...6.v."..u...-..K.3Tb....24>,..hD.R..<.F..q5C..vR.iO)Z.(..&T..v.Z#.. .._ts..1.H..=....H1...6..@....9..v...=Q...RZ ..SIt.}.....J.me.....Yq`..5......5.....28L..~.-L.=...b)M'..Gd.....1..,.:H...f.....h..T. Q...~.|%#%....y....7....L......"QU.y0H...<.s....n....I'Z............A........K...k..2...P._..1Z...B..4~.&..h.o{.y..q.......Z..R...l......&.....>....P.......&.;W.3...L......@$...,....Q..U1..hC1.$ .;ByWj.M..... B=1....s_....:HP...&.7.&..>7.(=.....P.b8...Q..Nw,...E........t;.4..`..._ F.P.......t....hm..w...Q....
<<
<<< skipped >>>
GET /ajax/libs/jqueryui/1.9.2/jquery-ui.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Tue, 27 Nov 2012 15:27:03 GMT
Date: Thu, 31 Jul 2014 18:45:10 GMT
Expires: Fri, 31 Jul 2015 18:45:10 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 62651
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 153545
Alternate-Protocol: 80:quic
............k{...(.........R.....`>..L.Ln'v&.QX?0.Zh(..@.....g]..........X.._.^{..........g...O~|y2<y?..y..~<.O..'.........m7.........hQ.@..r....&9........Ml$...wy.$.T..-...w....nz..x...)..Io.u.h}.U.K.W (.$f.....J7}.V0..:o.v.n..S~....X...nF...w......r..Um.........sp..9....Z.4..zs.u....w.k..wAE.f.n.....f.......~..Z.}.l..lV............n......5o3......)....@..IU.ni.. =.6.k\2:u.<~.;...c:...I.^....*...H..fz.u...&_.|........W..X#..6.._'E..et.>.O....x........&..|].......hZ........ M..,.......[...i=*.^|....|.....]...i..7.&..N..J.0(n.].....w..... ...........(....(7.v.Gy...Z......z.wH...y...h.#Y....e..a...I.a.m.W.._w<..|.G....u....}.....8;;.?b.M..`.^......z......~]4q@M.....D0...X..2.G.u^.k....e:....o.bX,.?/..v1..BR.g...O.U..G.ax.W.=Mq.m^.)3...I@.<...?>..I..x..?^}.....O......i2...../.~..E........m..q...........?$....W..~."y.......E......_.N...........7O.?O&c.......<.:.L.*....|..R&2E.>..L...._.....B..2..._............................._...;....../.. ...c...G..._$.......(.G.R....U..6.......^.Q...~....... .7o.:.....lqm.>.....M...n.j........0....r..n..{8..(.Vyh.l.Y.d...w...>(.,.j....1q.n....R...."lZ@..].....<...zB .$...h....U..m~....9.G.. \....lx.*>.K9....=......l}. ......../y../...../.G8....L.;.._....#@s.9fy..PA.......,........5J..m$!Y5....rD-...J0.).Pr.wE3.........Y.9.....^..`...q...`..o....f.DwM.;../.6..aF.dL.......a.......5....}...^$....,..}.L.h.{.).X.v.........`P.^..:......-....K../q4....m.."..tA.J.v....$..w@.d....p....M.]V3O..\_t&tp..i..i.......80.;....z<.U <..m......Y.(...
<<
<<< skipped >>>
GET /static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: image/png
Content-Length: 4197
Connection: keep-alive
Etag: "1111-50f9295f-f87e057d046f03d1"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:30 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a989a09ee0761-AMS
.PNG........IHDR..............IJ.....PLTE....................................................................................................................................................................................................................................................NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...|.......(..$......b...l..F>n~.hh.H.....IDATx..].{...>.!.P1EZ.....dv.%Y...Z5YR.......?...D....H.e...'..$.{y....M.....PP.\..9..7O!....(l..M,....[/.(..)..`...@...G...@..%.c..7h. o. ..V;d.j.[.@.. .......X./.n...l7Q.`.B.o...@.vo.nR..0h....1 d....nz..]h..@r.........n...a?HY........2.Wk......n]aG.,.....f....$.*.<.4....nq...QQ..)...@.]:..`........*.g,}p....u..T...[8|.g............6w.7z>nV.;..*.......&...!....(.}.y;|e....p...w=!D.Un=.1...A\....... \.....e..@0..E.u....Tpq5.......s.q.....i!.q..a.....z.>..C.py...u .B". 8.."]x...5...&........ 6...........t.....H..5`....<Vh. '.8..W.....\......;.[.@$...H...=Evk...U....p.........y..B..0x4.. .vD....Z...Rwt...y8l...E....yf..bq.........`..."..B.. ........^..W({...@..8.Ltq.V.#..H>@.......;.....G.........>...vH$$$$$$....V.....g..U......kW...<.s..........*8.F.|s.]..a..:... u..[....A~...l.H~.....p.3..jZa.. ........7}.(D.g..u...:..E8/..)P...'B.....f;!B.1."@v...w....8.`..w.....$.G.V...cb43:*...G..M@..C8..................@h.Jz....>-.8.YL.KGW..iMoO...t.VO..f....i...N`....j......\C........f.Gb9..sq.E..i....v.@....`......`....... .....K..j=4<..^.2:....1.N...Y08.8.|s.@p.X.......>@.~.....:.'$$$$./d...~..<....j].`P...".
<<
<<< skipped >>>
GET /static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: image/png
Content-Length: 2631
Connection: keep-alive
Etag: "eb2-50f9295f-b7350d95446e43db"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:30 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a989ab9fb0761-AMS
.PNG........IHDR.......d.....p..}....IDATx....v....a^N.j.jzns...].N...$...1.......26E....Ak8~.<.h......Hr....k....V....(........(............P........P.........:........:...t..@A....t..@A.......(........(...\}A...?..`.(...P.........)..o.........i.....B.M...N...sz../$..uL........wu.......gh<VN...{..'V....k.Z..{S.W..._V... s..y*......H.y..TrL....s.m,....}....yd.F.L..:u. ....e?..f.....u...J)n....Q.........:..(U..1...u....@A....Q....Q.F...6.v..9......|O........s...XK.G...k...q...;.9k.....9...Mnn{c..on.........*..9...>I.p.y...R.(..-...Y?R.Nj.............n..s.....cJ..f....i.;.9..q..ol.........U"oR...q.u...|....D...3g>j........_........J..}.Y....o.s.9.:Gnu...f...`....9P.K~...h(...\uA.v'.....=....S...9m..K...x.k.9...z.>G....X|..J..9.b.......Rq.........rs<.n....; .J.Z{?6_5............]..7r...5O.~..........k-..N.G...Y.......:({....u.-d..`5(...\GAo..B...bm.m.....>.mw...6.\.~c.5B.wb.Sq...$....z.X....;qMSsU........vMF.....3..].u5GRc......MF>..]..&.>..i.o2.m......g.z.(.K.A#....;.Y.g......z~[...................P...@....N..........u.........gl\......973...]#...C.sC......P....ul.1......1..9&%..3..=...I..v.Z..gO.s..z....f.Y3O....F~6B-.f..Zw<gKN}S.o...yR.'.........l....-...gC....{....e,<.{o... G.\iA.s*B......z-..}A.../........h...u<......>...........I....b..]<.....Wa.C..?..9~..`.<.|px:........^.9@.O.C...? .z...C........V...X.O?4.3...=..../........at.......y.. .?..pr.M ...ZL.........>M....Y`_R..\..O.Q......'.......|..........{._?.....p...m..<._~...S..>m........o....[.dV.....v..
<<
<<< skipped >>>
GET /static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: image/png
Content-Length: 90
Connection: keep-alive
Etag: "5a-50f9295f-a1f214bb4b677d67"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:30 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a989b4a0f0761-AMS
.PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D....".........IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:30 GMT..Content-Type: image/png..Content-Length: 90..Connection: keep-alive..Etag: "5a-50f9295f-a1f214bb4b677d67"..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:30 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a989b4a0f0761-AMS...PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D....".........IEND.B`.....
GET /b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7 HTTP/1.1
Accept: */*
Referer: hXXp://s7.addthis.com/static/r07/sh168.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive
Cookie: UID=dc7262f-206.167.78.17-1360768137; UIDR=1360768137
HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 02 Aug 2014 13:24:41 GMT
Connection: keep-alive
Set-Cookie: UID=dc7262f-206.167.78.17-1360768137; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com
Set-Cookie: UIDR=1406985881; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Sat, 02 Aug 2014 13:24:41 GMT..Connection: keep-alive..Set-Cookie: UID=dc7262f-206.167.78.17-1360768137; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com..Set-Cookie: UIDR=1406985881; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com..P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"..Pragma: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..
GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sat, 02 Aug 2014 13:24:23 GMT
Set-Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS;Domain=.google.com;Path=/;Expires=Sun, 01-Feb-2015 13:24:23 GMT;HttpOnly
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Type: text/javascript
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 6676
Server: GSE
Alternate-Protocol: 80:quic
..........].m........(./5.;........Rb.06.$....t.....L.........e.gR:.s..#v....|.....L.....-...........g....4.G........E...u/...............d..z.7......i.j#.=_?...........T.(...Gi]...}...i............W...lG.#P...xI._...?.-....u_.....C..>Jo?..4...doo....6.0j5\>..C6...................w......'.....o..M.~.X...e...M.......a....V..<4...J.^-...L9~|......n...\./..<..o.=.._?.....Z_....,.o.t.../:.....Q.c.do.?.....z..>..G...Qh ....?^.\...........?.O..........o..o..o?.c}..:.w.Gin........0.....[G;....we/.8.{.m?...*w..^..Y.C.......D_IdDi.Lz4.].Wy.U....#i".Z.J..i.ga.......Ga.Z...i7;.tE..<...;...7Tp......e2..:...H.X...?65"^..M........./.9zv..G......P....B.....hm...&.bi|...=...W..4.F...pe...YKD...*'n-........:NY..W........z.[.:J4.y...knv.>keQ......'....6T.|R.W...K.Df....'......A..Hh)t[FS.k-.....sUn...(...7......q1Q)E.....Kb...(#H$,h....I.v..a&.w1.;.&......b.R...,/V)..X..tbz.....$.YR...'.....^7.....\.j.<...v...g^...S.1#..4....`......... ....Q..k%.....-.U..Z....b.... .7...:.L....\.I6.}V..2....ZuT...B..WG...GE.wY>y%jy..K../rh..OHX.A.i.#oOB|!..U..I...].0$F......:%$..*X^H...Olx|..7..L$F....Z.}..H.s...'.....c..{....b.9.#y.VL.......B9..'n.I.8..7Kv0I...._......5c.5..^.....$..........k.._....P1.o..n...M..P......#.U.n._?.H.8.O9l.........E.b..q.f.5...........S......H....bH....dc..2|......I.X)...V.$.=..kiG..p.d....`...Y....M....E.x(.}....KP...9DPi....fV.....=......98.>}.V{.l...D...2yq.7."{]yN..oPm.$../;..>.thn.3!m...m....Px......',..z....f}:.x.V....`vl-gJ.H.<n3F.lP33....q.X. O.g#...`f.hNM.7|.m..^u.)K...?..
<<
<<< skipped >>>
GET /recaptcha/api/js/recaptcha.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Wed, 16 Jul 2014 09:49:49 GMT
Date: Sat, 02 Aug 2014 13:18:08 GMT
Expires: Sat, 02 Aug 2014 14:08:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33075
X-XSS-Protection: 1; mode=block
Age: 376
Cache-Control: public, max-age=3000
Alternate-Protocol: 80:quic
............{{.6.(..?...q.5-.._....m.....6..~@...K.JRv.......@.$A.n.{.y....$.....`0..j.....`U...`.1..'...,.&..[k..2....Wk.L.6..53p>s76'...........l.b.'a...!.7..d.b..y^....p.X.;...u.......wq..f..-.P.!.I``.......0q..$n.l.....1W...CxI..X..,..........{.n.5Z/|.W}.D.<..^F/.0........5S.3.e...~ i.......7...2...7o."..L]m .x....4..@..I..b.$.}k.r<...d..|k9L.......P)cI....o......L.~k.....Z`..0LGJ.....qw.._.........M..tl..zqUc....b...o.G../....e.x.....0......QZN.C`.Mhx(C.B...-)b......9...@}\..YEs.......V.d.6...\k).B.[ ,.r..*.z$.....[.1.=.z.^..... ....p..F...F<.h#..`'..h....P.....L\Q.z.i.7.\C."AI.;H...<g1o......i.W........M.E...B>.5.a.-or>v?5O......z......._.77.[....>f........n*.k....Q........E.{Fs.....x...1...g..V......M....87#..........g..Eg./Y.$...4....p..A8a..a.W.p.Y....O.i2..{qC..}7..`.*FV:.h........J7....R....0~..$.-.....qT3.r..cw....z......>.4~....x..<:.q.2|ob.I.3J3..{JI.....8...F."Z....%.O.e`B...O.=>:.=..(J%E..[..*.....d3~......@;.>>...Bk(..`...&..Z............5...r.........h.P3....c.ghB1.W.....z....3.Bo..-..'...F&?..|........6c.%6....7.!3`.L.2....-.k...c]>....'.i..&..BE...`.U.[........9.fX....`hH...N....1D"../...9..3...>.P......lu..#.>.........N..h...}.{.6.........M.T0.-..e.Xt.5......&T.VL..]x..z...A.E(I.td.....:u]./..r..F...8~l<.y.l............F|.|.$...Y...m1SC'T.!(..h..._.yP.....0.|....9...........h.f......w..:.a....[.... 3......._.0...Q3.=v....&.q\.u.G.....fY.&...j..h.{..Wcl.3.:mb3.z,...P<....G.c..~.b........Oc........8X.s....:.k..$...c...E.../F.,@Y..7..oiU..5
<<
<<< skipped >>>
GET /js/th/Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Thu, 17 Jul 2014 12:32:21 GMT
Date: Mon, 28 Jul 2014 03:18:38 GMT
Expires: Tue, 28 Jul 2015 03:18:38 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 5671
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 468346
Alternate-Protocol: 80:quic
...........:.w.....|.\....I.@p.4.c.N_YB{d[.4.PcH....f$...l......1.F..H.....d\....Vz...d<.....x..R2-..4..../.._......._:|...q...6s~..?0G....&..K.......e..:.%7.....z&..........`.!..e?/..y.#.a..._.X$.828V..6..9..*9..2.X.....^-..&.8.k..CX....z..8...C..MW.x.T..DEB.VF..8".J..Z("?.*.c.yb4..g.7..Y8v.]...L.....1L,b...[..a.j2..>....}.).;.......Sm.J.n.E8.%..-..#[....._...1..IJ.5.m.... 7.S...F. .c.........Ve.&..{...Y.Z.k..,kX.L:.ilv....`nm..G.IH.........=......6~..Z...?.X...?.:....=.o..k.9...aY:a... ...%.B.%.#..l.....K...^..N..A....Z..c.'....'...g?k....}.%....]3.w.X..R.^_3.X#..s.........P<JH.g.WSO.'kz.......s..._.>?^.K2h......9..-b...C..S7....x...{....3....8..7..\..S................>.hH#:.1M.&)........Az:.N].g.qR..,..0.|.......x}h.r.{.|j...Oz...x.^.$.M...r..t.P..;u).~Wt|."7.s...d..!...F.....f...z~..'...}bP..u....xS<..E...Y..0..?.......... .`@=...d...~...N;......(1...uB... .....L..L......)6..e0.}.GH......9... .... .t.Y...}..i....G....i.@..2.z?Cq.....iO.w....q.....R.........AMe.s~...G.,...8l0.Ns...nj[:....an..#@.01=B.....;....L..F..o...W.A.mn.....h..De...yH..6l.-..E...vDp Gx.O.s...X...x...GH.................o..{......_.....z..../.I4.....byyu..n7................~2.I........o...k...t...#..=-aKK.rV..}.)..J.a.....r1.r..*Q..z#.[..!O.....H.....8.V.7%..TcR....q..8.$.F.<wc!..|..^!...g.....Fs.....P..:...S\....e5.n.n..X.T.....l.6..x.zSp.L.......j..;v.C!%s..8 ..x..C..L..M..%s..4...=S[w/P.]......%.0..yZ*.e.jm.C~-./.pni.Y..,.>..#.iIC..@../............3.d.ii....7.=gYO.@<-e=..m......b1....F....4.r]....i......-..
<<
<<< skipped >>>
GET /recaptcha/api/img/red/sprite.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 09 Jul 2014 00:21:01 GMT
Date: Wed, 30 Jul 2014 14:19:00 GMT
Expires: Wed, 06 Aug 2014 14:19:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 6523
X-XSS-Protection: 1; mode=block
Age: 255924
Cache-Control: public, max-age=604800
Alternate-Protocol: 80:quic
.PNG........IHDR...W...H.....B.......tEXtSoftware.Adobe ImageReadyq.e<...siTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a027154a-1d27-493d-8dba-70d5c6309dcd" xmpMM:DocumentID="xmp.did:DC3CA263F59A11E381E896CBEFA59130" xmpMM:InstanceID="xmp.iid:DC3CA262F59A11E381E896CBEFA59130" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3d86b8b8-9b35-4adb-b633-3cfc4eaa5dfb" stRef:documentID="xmp.did:a027154a-1d27-493d-8dba-70d5c6309dcd"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...X....IDATx....XT....3..".wDT./...b......b....W...Si'...[...%/...).<.._iv..........x.....0..|{.a....0........{.Y..{..~.........Y."AC.X.1....~=as.........wl....|.l.....A.7. 02.... ...4..w..!}}:n....bc..8..F...*.W.....I..g..I4...|.'.....5..C..9.]H.R.....>....~...A.Z........dg.Z~...I..b#H.\pQ..'..0...m..4.bA.o.W.h^.:.....F.;4.....fR9....(.....Z............ZC...-.K....%.RI..c......^nX..6.;;.....[.r..A"...c5`.R#R.D&..C.4........vL[.l..a....,a.....hJ..^W.t......x...A!<x.2.^.a}r*....T..P".....2..=...E.m.w....
<<
<<< skipped >>>
GET /recaptcha/api/img/red/audio.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT
Date: Thu, 31 Jul 2014 08:09:51 GMT
Expires: Thu, 07 Aug 2014 08:09:51 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 914
X-XSS-Protection: 1; mode=block
Age: 191673
Cache-Control: public, max-age=604800
Alternate-Protocol: 80:quic
GIF89a........4!.$....J...@....4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..........o....H................X..!...)b$P.#...9........Qf.(....#U~...eK.1q:,.....2y...SgC..O..I..H.M.v..4.E.Q=F. ..W.....;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT..Date: Thu, 31 Jul 2014 08:09:51 GMT..Expires: Thu, 07 Aug 2014 08:09:51 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 914..X-XSS-Protection: 1; mode=block..Age: 191673..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic..GIF89a........4!.$....J...@....4...................................................................................................................................................................................................................................................
<<
<<< skipped >>>
GET /recaptcha/api/img/red/text.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT
Date: Thu, 31 Jul 2014 08:25:07 GMT
Expires: Thu, 07 Aug 2014 08:25:07 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 155
X-XSS-Protection: 1; mode=block
Age: 190757
Cache-Control: public, max-age=604800
Alternate-Protocol: 80:quic
GIF89a....................4!.$..A/.M=.ZK.gY..u.........J..4..,..........P..I...9... .la...0....h8(F.$H..$.p.......&c.YR.......>.M.. .1.<.!AN......>I0p.#..;....
GET /recaptcha/api/img/red/help.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT
Date: Wed, 30 Jul 2014 14:44:34 GMT
Expires: Wed, 06 Aug 2014 14:44:34 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 367
X-XSS-Protection: 1; mode=block
Age: 254390
Cache-Control: public, max-age=604800
Alternate-Protocol: 80:quic
GIF89a........4!J............}q.5"|..............j........Z.......t..../..3!.$..@....t..m..n...1..2.h...sfR..T...'..(........................................................................................,.............`H,......D*....@........x....y,x=...[8.......4....H.H$.v^.zH}...._.c{Dq..$._y.Hf...._m.G\..k.an .HQSUWG..."M.C!.....L..#......D.........J........A.;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT..Date: Wed, 30 Jul 2014 14:44:34 GMT..Expires: Wed, 06 Aug 2014 14:44:34 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 367..X-XSS-Protection: 1; mode=block..Age: 254390..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic..GIF89a........4!J............}q.5"|..............j........Z.......t..../..3!.$..@....t..m..n...1..2.h...sfR..T...'..(........................................................................................,.............`H,......D*....@........x....y,x=...[8.......4....H.H$.v^.zH}...._.c{Dq..$._y.Hf...._m.G\..k.an .HQSUWG..."M.C!.....L..#......D.........J........A.;....
GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: text/javascript
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 6688
Server: GSE
Alternate-Protocol: 80:quic
..........].k........(./5.3]..dow.i)1... .....J@P..`..6f.....e.gR..JH..k..}^2.z...IS..\.e6.s.._~..?.._p@.f<5?......g.....6l.l..?...?Ut..].F..o.....i.{...o.4.7.....:.sM........~....x.|v....c.#...u.?]...$.~...9..}hN...\...5X.w....dWc.D&.....A...q.k;......4..vtoIy.o......yp....t....F.....g........k........<4....6......r<.......n...\...y.............._......{.[9....E.....qT...... ....._..g...~..3.$._....5.......n........r...p.O...g.......X_......Q.[..3.Y...f.}.....]...}Hk...?.l.]..F..&j.mjDO...r..Ga..P.......vmT.QW..?......X.<...................b,V..>....4....z.J.Z2OW..w..&g{.{...q.:<b.nX.~$...C?....*o...._V.kJ.t.|............ ..QQ...l. V....~1a>J.Y....TB..Os...s.g"M....z.#]v.I....^.X.....I|4I..j....v...9...*..R.=*a...c9Z(...&.....'\.....?........RN..}..\u.O..4zb.a....<.....{T....M6x.YC./.<.>,^.G^.G...Cz89......>i..y..O5..;o}..N...Cbr.....g6Y.^)<GL_....I-.T.r...db.*.$.?..I...*.,..B.Q_...x..O6.0...0../..i.|.j....tM`.kk62..4o.lD.1\/:v-.....J$/.K.j..{.F..b8-J..d..v.Q..W..Ta{..M.J.l$e.9..C...{m..1.gVK..m.U~..n..|p.....o..*.i's.lz.]Q.k......x..s.........zp...kFQY.......Z..=...c?v.-......m. d(.....P....a......k>.^M$.P6N.2.O........*.7|.....!6 }....u......k9...Sif.'^....... ....Fi.l>.67. ....N....8..=]*...V..'..sZ.I.....:.._.R,c...\b.3.i....b.(%.........Y.....KC..&.....K....aZ.Uo....?_........<Ka,...R.....WM.Ml.}...X......*u../%.d.,O..C..f.".`..J<.BDF........Z.I..}<.Vj..rme..96QY...6...5..[..zn..0.......W.9..\...u.|...Ao..GNi.1..V...X.4-.k.........@....8wq.EEak.......y^.!
<<
<<< skipped >>>
GET /recaptcha/api/img/red/refresh.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT
Date: Thu, 31 Jul 2014 07:52:38 GMT
Expires: Thu, 07 Aug 2014 07:52:38 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 974
X-XSS-Protection: 1; mode=block
Age: 192706
Cache-Control: public, max-age=604800
Alternate-Protocol: 80:quic
GIF89a........4!J............}q....5"j.....].........$.y..U...............3!.1........|o.cT.6#.9&....'..(...x.F5.......wjh..q..p............6$....]M........|.>,.............L;.|p...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..............`.@A....*T.......4.......%4@0a....0.......&<...ad...*.<P.....,... .....F8!......D.aCDP..D..I....5...9 .H.2...0B...b....#....3..* ........t.......(..M......B.J.S.K.,ye...;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT..Date: Thu, 31 Jul 2014 07:52:38 GMT..Expires: Thu, 07 Aug 2014 07:52:38 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 974..X-XSS-Protection: 1; mode=block..Age: 192706..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic..GIF89a........4!J............}q....5"j.....].........$.y..U...............3!.1........|o.cT.6#.9&....'..(...x.F5.......wjh..q..p............6$....]M........|.>,.............L;.|p.........................
<<
<<< skipped >>>
GET /recaptcha/api/reload?c=03AHJ_VuvYPttqF2q1i-Xe_w7vxSeUu624qFaI-wqllz21Fjy8gNmUAk9_IflsXZQZOR1RPQga0rE3O9yvEb3hiOksEGHZ0ckhRy_rdSlNM9nl_EZVNFpLoMP8cv_fP0R9ErMrIblKseEPGN6TgaBInDeWlI7JMI29ih4Fs40mndZmoqvKlN4T2grLtkPnge-g8GakW9Pg67Tue_oEo3JosZzH2Ad0WejzuYFV5ir0ln7Q4Xx6clfFug0&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAXfYAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV0_V2SfNI5vJnOkAF HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: text/javascript
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 263
Server: GSE
Alternate-Protocol: 80:quic
..........%..n.0..._..[2.......B..V........Rn_.%{998..g.e.G. .f.&).A......nDt8P.#8.t..%...0>.^.*..'-..Q..n....Bul.,.M..m.d.........W.....q..}RD........mnw$..'h.rc...K.p....C....K\*.5....^...C.j..}.....y;..k&.v1-.{C1;c}.w.....P...WBd&...E.[..,.=`._*Q...}..7.Y6....HTTP/1.1 200 OK..Cache-Control: no-cache, no-store, max-age=0, must-revalidate..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Date: Sat, 02 Aug 2014 13:24:30 GMT..Content-Type: text/javascript..Content-Encoding: gzip..X-Content-Type-Options: nosniff..X-XSS-Protection: 1; mode=block..Content-Length: 263..Server: GSE..Alternate-Protocol: 80:quic............%..n.0..._..[2.......B..V........Rn_.%{998..g.e.G. .f.&).A......nDt8P.#8.t..%...0>.^.*..'-..Q..n....Bul.,.M..m.d.........W.....q..}RD........mnw$..'h.rc...K.p....C....K\*.5....^...C.j..}.....y;..k&.v1-.{C1;c}.w.....P...WBd&...E.[..,.=`._*Q...}..7.Y6........
GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&_=1406985884566 HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sat, 02 Aug 2014 13:24:30 GMT
Content-Type: text/javascript
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 6676
Server: GSE
Alternate-Protocol: 80:quic
..........].k..J......./{F.t..L...I.!.... ......;1...I......}.93)e.....b..}.......B.....-...._......_......../.........._.._.`h..w...l#....C..N...S..~.......tY?~.w.?1t......^...9.].?}........_........Fa..r.YN.-..v.=pH....sz.8..:,.~.....=f.$...=./.....<........~..b......]..v~|Tom.{.f?...)..v."-.{..t...?.u..uhn_3........r....W..7=....._j.y...~[.......i.\.......o.t.......-..Y.c.d?....=.!z.._../....B[a.>.....~...24.G.......~....p.?..........\..v.u|....<...r...{a..?w~...._..?....@.U..._{T......C..6.V...YZ_IdDi.LzkJ.6........F.D....:.......e..........v..1.ZZ.8W>.T..M..dg.j.i5...C......,u....Gn/.u..R.......i.s. .,..*5f...C'jM.&..n...V...~..=....".h..]{....M....*C....$.K..< T...=.....-.t.Q...[..6u...)Oze....@...C9..227b....N.S{.UP..]2....F...E.4!.......k.s.O.D......^....&u.ab.._U.X.........,....U..I.hehK|..r....sF....V.8..&I(..6...r....?v..w'..T.a...F..Ve)>. {.Y..7.w....(..H.:.> AS..]e.W1..F....'..PF...Qu.%..J:.........I,....9.=..kf[e3`.d...b...%....~..O.....;....H..H.j........,h=.h.d.Q........S.em............E.....n.t...n<H....tp.....l..X.R~...,...=.[.D......<.....>Y.@Cy.."...3v.C/..M.6.c;....W..JP..]..X.....`z.m..d.X 5r4..O6............R.K...O"b&.Ir...9.N...d...S.=.u...!........v.IsM....:...%...q..fr..%....cZ.6......{2zE....k.l"N.u."|R....'a...dG;.H.....68Hy. z-..........}[....E..~B.".X..{..N.TZ..f!.....v. .....s#..dsPr......>...,Ps...0LD... ...*-}S..e..$p.\...&.d.v.i............Uxt..x%..eHy..S:...{_.yA.....(;..6..}.P.].mMb4...^.....r.l.......rg.k.g!4t".y..7.v.&2..W.$'..W.....e.-...6$
<<
<<< skipped >>>
GET /recaptcha/api/image?c=03AHJ_VutRa9ox0QVJS6aXVk1OO6dTJv1GnVUfSAjBXCn9FiH4iCYYu9KH052tFvKvsqJ1EEhc2yrBZvtz40X6qHWgxN5xvekcoSZVQDr5H0sjHtVf6rUuXjbiCNsiw7AGRl9dbGMJRr-dxR-i-kC8Xucuzyv-6Au0wbgqgYXNngqzGL01LyCsOEeu_WEG6BUwkzKxqPRmUPgRpiMJbdJdinuuhEVcTyXJCg&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAC_YAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV1aB2SfN6ceYpUNGk HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Expires: Sat, 02 Aug 2014 13:34:34 GMT
Date: Sat, 02 Aug 2014 13:24:34 GMT
Cache-Control: public, max-age=600
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 2939
Server: GSE
Alternate-Protocol: 80:quic
......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342......9.,.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?...(.....g`.:.8....ln.....fRT..V .....'.w...~6h....Um:.h.d....1...Lgn.....W.2j....k..CJ.u x..l..r.N...vgo!.#..=....5,..Gv8....RDr.........@fPI........A"3.WRT..zR.*)f (.$..|.........:.C.M.,..{...F...(.....;....4.pH.,.....5.QE.QE.QE.QE.QE.QE..........{.p.. .83........k.<........i....4P\... 3.f...N....|j..~0.b.&HRH S ...{.j......=w`y.s...U.;..Q..:..m.5..)...7.\...`.;.O....[?.S..x^M.J.........(.....:g...^.....?.5?..<.......o1.!U...\.........B....-g..y cjE....@X(.....q..\......K.n..\.. .VAyl...L...s.....v...k.!....Z...T.VCy....).'.<du....|N.......E..(uY.1t#.>f.....1...}Oi.YA..<..}.SQE.QE.QE.QE.QE.QE.Q\O./..x..#L.....n..#'.f.....a.5....~.m..mv. ..D../.l..B./.|..O.....-v.X. ..<..$a9..y,X.Ga.m|K.a...M"X.[hd.R.]..[n....s.......>(.... .....k....Y.G.=.<...j.~..P.7w.4..6Kwe..5....b..... ....<.W../u........1..G....=p2G........G.....^h.)..y....0c.......X^.._.....xsI...M....|...A..I .0.c..]?./...,.N..A.y....Y.z\.a....q.\..~.|J.t6R..F-.......K.:.........E...A...Y..;h.....@.1...^..*.......&...Ekk..I!.......4......S..uqa.....%.......=:.u.....e...".........O.s..3. f.....;.;..-...X.:...pjj(..(..(..(..(..(.. ...[y.<R.GC.....W.>.O.X.c.O.....Ky...(c..X....@..t.............E%..e
<<
<<< skipped >>>
GET /recaptcha/api/reload?c=03AHJ_VusI_eEmhEkfWUXhL203jVTjnGNwCKzxdNvV-rOgJ85wx0HQwxgfD4I-T0iEXi-03GOaup03o4cJvDV0TAEUZCr671PSBfYVJDGHGaAOidSXNihNV5zIfE3NQ8F043KPgLUpbCwgDG8TP9x9FT9MHR0efGrwf2iCp3vL0PgCxVo92sNpO166mJ92oOch238gb6hJfJxS8kAQKGrn2k0HdVzrJMA3Fw&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAD7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NemujaIQd2YQPhUEm HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sat, 02 Aug 2014 13:24:43 GMT
Content-Type: text/javascript
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 262
Server: GSE
Alternate-Protocol: 80:quic
..........%..N.0...W..&j`-.....u0.D.\...O..\........E6.E....k.:...d.Q...Gi..xpEpr........9..b.../.t.,0..Z\.L..J.2.yxt..#..I.F....O...t=..s[eo.X.t_uv.p>....#......:PW...H`.m..7.re.....XL.2u.>;.r@..!.cq^...6.gM.VSy.....IJ.mj^.F.#.....8..Q.......YE.........!.......HTTP/1.1 200 OK..Cache-Control: no-cache, no-store, max-age=0, must-revalidate..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Date: Sat, 02 Aug 2014 13:24:43 GMT..Content-Type: text/javascript..Content-Encoding: gzip..X-Content-Type-Options: nosniff..X-XSS-Protection: 1; mode=block..Content-Length: 262..Server: GSE..Alternate-Protocol: 80:quic............%..N.0...W..&j`-.....u0.D.\...O..\........E6.E....k.:...d.Q...Gi..xpEpr........9..b.../.t.,0..Z\.L..J.2.yxt..#..I.F....O...t=..s[eo.X.t_uv.p>....#......:PW...H`.m..7.re.....XL.2u.>;.r@..!.cq^...6.gM.VSy.....IJ.mj^.F.#.....8..Q.......YE.........!.........
GET /feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740 HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: q.addthis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache, s-maxage=3600
Last-Modified: Sat, 02 Aug 2014 13:16:44 GMT
Content-Type: application/javascript;charset=UTF-8
Transfer-Encoding: chunked
Date: Sat, 02 Aug 2014 13:24:41 GMT
Via: 1.1 varnish
Age: 476
Connection: keep-alive
X-Served-By: cache-fra1221-FRA
X-Cache: HIT
X-Cache-Hits: 230
X-Timer: S1406985881.334395,VS0,VE0
Vary: Accept-Encoding
20.._ate.cbs.fds_ra53993a6f0d2e8c740..8b..({"_default":{"widgets":{"tbx":{"elements":".addthis_sharing_toolbox","numPreferredServices":5,"services":"twitter,facebook,linkedin"}}}});..0..
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.adf.ly; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.8
Set-Cookie: FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; path=/; domain=.adf.ly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Server: cloudflare-nginx
CF-RAY: 153a97e75c5f075b-AMS
Content-Encoding: gzip
928.............X.S...... ....S.I...&8L...=z.......0.........4... .N..B;-...J.....v....q...O.$.i.....l...$......>.1.$L.R..E.\....H"..I(...p..n..Gl<l6...)....|^.......~,...Y..]..`.l..<...F.HAS.....w..........g......K.22z$..T.......N...P.L...\yN..R....H.._.?.....Q<.......<.F..`..P3.......jLd.Gl.......).D..=X.e&.V..r..H...~H..!.r.[....bag8.....K#A...w...V;.e9kDU.%.p*.N.......q.muZo,d.Jo........{..3........l,._.......Ij..;6. .....v..Y...:f..t..........7.,"f.g...(......O.O.W.....w.9.@.kLy..T.\z...... ..u..z8..p..K.]....J:H|.."(..x.........c..$,....0/..3..as......?...]$~&...c"\.....p1..:.......J...........N.W.....Ry.x.G.D...h.E...<..P..p.@...N....R.0(1< .{.....q/fI.nX.k......Y.....G...D...M.p.kq....D.g.l.q.....&..3...\.....h."....u..zy`.......07.y.\h..L...)....B$jM...;.8h8..DX....w..{I......1.t..'$.0..{c.f.Au..e/...n..b<}.P.w.^....6:......C....!../L...0m..8.4..d..u.>.3..h../m.-.X............^F..A.%.cg.e..S.f:....}2'Mr.....1Q122.%.......j..."s.o...G>.......).9.2.4..0.$I..P.N..(.=.).......T-..h..=...<....G4..\&..!.y.(....W,...D#.>..H....:..F.K...&......#.......$3..R...Y...Y._.YI>:. ....R ..s...O......P........Q....y..J......Y,ER....&....m...(......7T=..a.{.i..iw..('.7.m.....O.?...#.t...b[M.X.. ...f1...L3.4.........4e03'..S...$pXh.*.0..|.F....2i..-..Q[c:5.}.q.J.N..u.E0..&........"DT......*>.H........[V....pK../m9o....f.&..P'7;...y....".......8....k...p.T}..7.3......g.........45.q....K.".$..1..][.Z..Ux[.........XP.WI..[.....u...T7.?.LCc........S.]......J.V..x..~.4.$...b..F..W....
<<
<<< skipped >>>
GET /static/image/testimonials/andresatria_small.jpg HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: image/jpeg
Content-Length: 1095
Connection: keep-alive
Etag: "a11-50fec6f1-6e97f3a5aa03044c"
Last-Modified: Tue, 22 Jan 2013 17:05:53 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a984f9d13075b-AMS
......JFIF.............C..............................................!........."$".$.......C.......................................................................-.$..".......................................0..........................!..1"A.2Qaq....BR.........................................................!1.A............?...W... f.N..-q....g..V.j..-...vGnB.l.......*...7bh.%>..i...8.......w.h.ase."s.r..9/..q~..{...g.......r...........G.......f.'...$...p...Qt..5......vv-.&.o...r.I....,.-..aHC...~.......b[....R7.F........iS...^.....su>..4..SPn\]Q..;..r.fBW.....p.@I.D..7.}=v.,.lO.,-h.u} V...R..#..r.\S..]1....p.l.-6..O..'.v....w.w."M.s..>..........@NS..T...G..v......C........%./HXm9s.e.8..p*....N....qq.o....Xq$.|..D:.r...{..i,.)."-'. pA ...{h-j-$.eG......HP'g>.b...)D..]..&b.Y..5...>,..M*...\~.....m.....'..G.J..052..:..7Q.;OK.6.u...@Js.B.I...j..l.o6.Y.....m,....y.R.Mf...lZ./...Am........y.j....Zu.V.w[Y.eD........m........4M..p.i.....<....1.m7....Y..{..p..JI.#..}.#..k..u..I^........g.9....3./........y.....q."...gS_.J.XX.;.g^-.....9)'....q.('..C..=|.j..-.......7....p......Sm5.1Y......
GET /static/image/ie6-warning/background_browser.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 753
Connection: keep-alive
Etag: "2f1-50feb3ff-b51bdc9920a39332"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98de50500761-AMS
GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~...,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\..@.....s........soq......S.G........."}......Gn.:w..%M.pZ<l..X76@......08. ...j.4........G...D....<..n..6....0.@... ....F...v... .(..$.h..."p@..HP...0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;....
GET /static/image/ie6-warning/background_browser.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 753
Connection: keep-alive
Etag: "2f1-50feb3ff-b51bdc9920a39332"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98ded05e0761-AMS
GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~...,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\..@.....s........soq......S.G........."}......Gn.:w..%M.pZ<l..X76@......08. ...j.4........G...D....<..n..6....0.@... ....F...v... .(..$.h..."p@..HP...0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;....
GET /static/image/ie6-warning/browser_safari.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 4834
Connection: keep-alive
Etag: "12e2-50feb3ff-92be58ed00a33337"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98df80730761-AMS
GIF89ad.d.......EEELm.4........,s.....n..[..........)))......M....................yyyZZZA..v...........s.........{_F..?Z.U..m..B.. m.Q..d..3..9.....S...w6.N.t..,G|g.........K.H..I...../~........jbe...........8a.w......=...........4v@.....q..s......................."f.....A..............V/............ ^.......|..............W..Hz.iiib.............qvm|...V........ppq...vE=......Yx................!.......,....d.d............................................C.>..n....n.....Cn.......R...>]..C....._.].....>M........|]...sMJn....>X]JJ........C.X.>_...0.......b.....s.0..@.....i....C.S...P'..9x..P..#.709v.....<.. .x@....l1.E...].fBz...?.....D.jU6..<..lJ....*m$.../F.8X....?.....PO...c....@..?n..m.D..l.....e.......[.c......S........=......`Q..N.9....L.....5..S...d......x......"eH.!..HU0$B....*........P X2@....\X/.xq.yp...`*.......O.\......R\`.q.I@A.>4..g_H1......fp..G.X.../...U....@I.`....`.....!c...0...@C!...&E6_.....|............S.j.....H...e....Zj....|a....HP..IT..,.."c.HA.Zn.p..)J)..at....,.D......?.!..........@.....6...d...FA......Ll...mLph.8..C.@....]V0..*.P...2.e.M..PV.}'..u.....L.e.8....?,`A......8.......@..b.\..5.F...3.K.D0...u.F......LL.*..r@...Z....'.0.?h)...D`..j\0..cup.........dxo......?....,,`..@L`...L...8.:A.H..EC.W...y..O..<......C....A.={qh...0..?.....hPm.7W.C.dh9...L...R...BFj...u.P..].a ....D......4.....,q........8...l...........[7&.L...A.P..<.a3......c.@..cD~..d....QX...?....ML.w.f.'.X.[.......4..1..H..........c. .....>.dl.@.,l`..#P.....q..._.t&..._.d.!p..1.......,A.8`..
<<
<<< skipped >>>
GET /static/image/ie6-warning/background_browser.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 753
Connection: keep-alive
Etag: "2f1-50feb3ff-b51bdc9920a39332"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98dff07b0761-AMS
GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~...,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\..@.....s........soq......S.G........."}......Gn.:w..%M.pZ<l..X76@......08. ...j.4........G...D....<..n..6....0.@... ....F...v... .(..$.h..."p@..HP...0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;....
GET /static/image/ie6-warning/browser_chrome.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 4949
Connection: keep-alive
Etag: "1355-50feb3ff-ddf5500540a2733d"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98e090850761-AMS
GIF89ad.d....C..f..*%$r..')$)( a."...O$...... .. .....".. Y%*)2;03,R*-....56..!730J.....B43.."E77*A0:<8@;9>;?J90<>/G=..BO.,/9BC(GL9FK*N7"Q3.T .Qm(MaKER.*/\BB9N;DGb.(0.UyNJ:KJG.#7THILJM.0(aK(.` .;4.^..61.<?fNX^UT2fAE`IE^i.k.dZ;.S.*l=[\L.j..;C_[e.p..E6Y`W.u2.[..s.:ju.EIJn</w:#|7ica.LGTh.(~2.{.9x=.Q;6r..aXAxM.XR/v.-.8.XI&.:sn[.\hvmo?.F7.C#..osm$..[}\}vV3.;=..I.NQ.\.kg.eV8.A.e^8.=.xI.n[..UI.NB..@....2R.XH..^.Z9...tg>.BW....GL..d.f~...ydt.kn.lF.C.}z?.C..s..Um..R....wz.|.}o..YJ.Ie.gT.S..._.....o.u..w_.].........\.X..|.....-q....#n.gw.s.....j...........R..c..E........6..y.....s.....'........v...........M.....D..$........d..%........Y...........N..=..............I.....4...........i.....&...........M..............D.................;..U..E.....O.....g..z...........................!.......,....d.d........H......*\......#J.H.....3j...... C..I....(S.\.........wO.M.2...)S..f.~..E..._@....S....HI......U....l.=.M%>m&....h..U[...bJ..].O^.[....k....^.....o....q]:..L.u....%....3k.....,{..j..1Ay..t^......c...[s......j...b<r..\.....` X...s..d..<..._....7.X).2\.d.........W0......._.[...Y ...o..7B....T.e........6.@|.........=.......A.......$...s.M..)..$.0.D.B....I.....z.....@..c.#>.^.u4..I/...-...B(.....B..e.'F..5K..b .<........@6...p....2,A..K,!.....@.[.8.....bIc..J4..`A............$...x.r.,..zJ..&p).@.(....!OI.....'..c.0oD..7..........v|..,.... ...........iP.=<Qc.(..c.5.(..".4....bp...& ..?. ..?.Q...bB...f.'.>....J........5.D...m..J..8.....B...<..............2....N....Ar.G..".).x.0.o...-
<<
<<< skipped >>>
GET /live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0<=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener HTTP/1.1
Accept: */*
Referer: hXXp://s7.addthis.com/static/r07/sh168.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: m.addthis.com
Connection: Keep-Alive
Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: bt2=53dce699001s70001;Path=/;Domain=.addthis.com;Expires=Wed, 15-Apr-2015 13:24:41 GMT
Set-Cookie: di2=N9OL95.UYM;Path=/;Domain=.addthis.com;Expires=Mon, 01-Aug-2016 13:24:41 GMT
Set-Cookie: bt=;Path=/;Domain=.addthis.com;Expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: dt=X;Path=/;Domain=.addthis.com;Expires=Mon, 01-Sep-2014 13:24:41 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Content-Type: application/javascript;charset=UTF-8
Content-Encoding: gzip
Connection: close
..........5OMk.0../:m..0.%...t.@..K......k.YY...........IO.d,....!......=G(...&r.vVPB.... .....s...W.4....o......{7f.N.3.7.|o.....{99.|..`>.@....>2@!....6...7-....#...#.......*L...^x...2#.^*.B...~Dm=..z]...b\.......
GET /static/image/ie6-warning/browser_ie.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 3621
Connection: keep-alive
Etag: "e25-50feb3ff-74bc5aa87252c7d"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98de63740761-AMS
GIF89ad.d..../................2....s...LS^e.M..............X..LzQ..Vm~6.....U.......O...1....Qj...... T..m......g....w...........H..>....8i.................i...3m..^.l}...M..K.f.v.........}............5.r....(v...N.......~....#0@.......Pq...w...._dV....A...e.~..s.UV..6DQ.............|...!......?........d........2..;bw..g.....:.c...6.n."......Z..A}......>~...$......R......A`............)..&.....!.......,....d.d................................................XC.%.....*\.._.M.[[...@.@tV_...`".[<..[..FyyF.s.>...X.M.0=<<>Vyw.w*t@>...#.M.0p==.y#...SA..=q.......#.@...t...8 .:.....D..$q....$9.....G.. 4l.dE..AIv.IP...4G.T.y.F.r0V 0rI.....T!@...%;(...#O...p$......u*.y.....?..,q...].\W...t...h..M2).G\...$p..........,.....H.b...hf8..b..;K.7...$.... .."...._#..zF.G*$.r..........;...,j...B.u..$...... ..P....y.;.(.`.........9.u=...@...v..,2....r...I`...H..~..g....P.|.PP.}........]..%......C.T.1...,q.. >(..{..AK.a.a......3...P.$.\.).....PBY............."..~..8e.al....l..!..(J.-R1..tV...7.....]...`.9$.E.ih.vTP..j.2.<.......ii......C...|f.J..eFi.....h.i.A.*DP.F... ....J..5..B.8x.........".j.P4;....QEZ..0^.e......QC.......*z...BaG..:;A.r.....0...J`...B|....~.........N0A..f.p..j...h.Y...-*....s.....,...\...n..f......}..p.P<ls.]t.G.Z.....80...w,.....i.....OU.........].|3.8.l..}.....-Q...../.n@0..&.....(........h@...9..x._[.E.n...(.....J@.v.& ....LE...$.G.m.>x..#N6.fG*...C@....12.,......a...........'I..2..W^....Kr.S.!.$.t.....^.........JU...'_y. .%..4tp.....A.:.......r..%...p.Z..@..U.........4.A..
<<
<<< skipped >>>
GET /static/image/ie6-warning/browser_firefox.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 4204
Connection: keep-alive
Etag: "106c-50feb3ff-6fa54936e724cc72"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98dee38b0761-AMS
GIF89ad.d......QBx..y.i...I.............H...h ...M...................o..c..0.q..7h.'.U....)..X.s.;k.nnn..L..N.9...4..&.m`.......m*t..............)O.......UTTuL,..*.i.G......C}3d...@.q.)...a..T...O..L..j..9..............:.~!..y",|...kTN}...................a6]...X..i.../Hi.y:....!...>`.........dC}$.............V`.....X....i......b...1..-....O.........$..".....v.{...3W@<._....?D..............t....!.......,....d.d..........................................................x.`cyGGyy,.yc``x...b.ymmi8.99.J9..88ii5.`b..%.cGm...ZZ.[[@J.Z....imGc.{.....A..`..&...{....-9....._.....l...Bw.86..._...KX$d..5..6.d.....8.p.Q....y..,.....ZfrTX..G7(.@."eB.*?.......Cb\^.!S)....r\0...#s.4x.A....fZ...G. <G..t1....'. .........I..C..r..8@.N...Pd........]..X.......M....Z$..`.F.*0...."..T.z.. .............KP|q..Bm....>.`..:1Z..r%...).H9f*..8u.,Ac.Yt...............w.*.....s..1.q..7..G........Q._..PA...q.O.8.C....F~.|.@..0p........&x...u0...H.....>.A.4.h..sp...&. @..TpG.5..Bo..........Dd1Ao.`..mZ0..<0&.....f..7. ...<...4HQ..s....;..G......SL..^s.`D.Cd.F.<.`C..)...g.....*a.......BhV...z...K.qC.$r...;..C.>|....n........c.aP..@........,.....(p.f.H B.)....F..O'O.@..e,....,...=......0D..~.....s'..)....,........p...B.s.@...<q..:d.C.E....[f.....@G.6...l....u.$P... .q. o....H....b...*. ..El...^g...d..s.v..3.l..!.X.a....7.p.= E.Vj.G......`..u.d.l6.*t...?G...A&....0.......................2.nv....3.X. ...G....&.;e6. .{..!..O..2&..Q..:.`...'>.. ....&.......`...k.;o5t........S..7&<p.}.8W.{..........g.....|...e0V...`t4
<<
<<< skipped >>>
GET /static/image/ie6-warning/background_browser.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 753
Connection: keep-alive
Etag: "2f1-50feb3ff-b51bdc9920a39332"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98df83a30761-AMS
GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~...,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\..@.....s........soq......S.G........."}......Gn.:w..%M.pZ<l..X76@......08. ...j.4........G...D....<..n..6....0.@... ....F...v... .(..$.h..."p@..HP...0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;....
GET /static/image/ie6-warning/browser_opera.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 3275
Connection: keep-alive
Etag: "ccb-50feb3ff-4800cd42c7246c77"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98e023c10761-AMS
GIF89ad.d........!.aai.xy.78..........V[.fj.............BF.77.$...........FK....}~......................$!.sv....=?...., ....JK.Za.......KP.22.......*&.......B@....($....QVl...wx.MO....% .............>?.lu....}}7' k%&.0/.........G.....oq.................lo....*(......VHK.......1/.......ko.*&.ab.$..MR.PL....uw....Z`.57..../..............X]...B:B................rs.............ed.9:...._b.`f......!.......,....d.d.............................................................uQka~.b. q3F....Lvy!-..-X..>`.Z3w....y#^\.#RR2..2.X>.$.u..v%.g.....9.9...<.....DWJ@...!.|......B.,-.<... !./.......r.<.Yy.C... ^."&.......@ .H..U.<.....H."..."..YR....Y.=RBh..T...[. .RE@..HN...6..-Z..X.s....>I6.....) .qP#$-L..-r..D...zTP.`...3[V.. .!.U........ri....K....J.....E...xZ.....g.....k.w.j.R...Ej.....K. .aM...D........I.FnvSo.`..X...........X.....F..F.zYlAB......t$P.w..E..g.`.#....@.p.C..\@....A.}.9.......#.....O.@....b.T ...........p.$...^.E^....eh.G. hA..}@h@.'.....m...q....l..@..P........^.p.$o.....qa....p..F..D.{T.c...H.s.T......Av..P..N....m....=$p@..(!#uk.0CU..0F..v........_x..$..PZL/..!...1.......3.....<....L!..1..E.f.....b`...z...S=....HrA..u.N..8.))S|...3.`...F;.....In.(..?......h...........jn.^..b$o.....D,C...bC.Z..B..o,p..B.2..T..S..,....z..?....$.Ls..;!..^..o.....>R ..).....P.1..M.l..j.......u..q]..{.r....`B.}$P..i....R.A..x....R.$..Ad........~.>..0...%<........I>@q..z...._|.9..'..........p.=..qJ.zP6.........p.....y....=.&......`..../....O.A.'m.OPA..............*` ..C8...H.....;......%x
<<
<<< skipped >>>
GET /static/image/ie6-warning/background_browser.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:41 GMT
Content-Type: image/gif
Content-Length: 753
Connection: keep-alive
Etag: "2f1-50feb3ff-b51bdc9920a39332"
Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:41 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a98e093d70761-AMS
GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~...,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\..@.....s........soq......S.G........."}......Gn.:w..%M.pZ<l..X76@......08. ...j.4........G...D....<..n..6....0.@... ....F...v... .(..$.h..."p@..HP...0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:41 GMT..Content-Type: image/gif..Content-Length: 753..Connection: keep-alive..Etag: "2f1-50feb3ff-b51bdc9920a39332"..Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:41 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a98e093d70761-AMS..GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.
<<
<<< skipped >>>
GET /recaptcha/api/js/recaptcha.js?_=1406985884566 HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Wed, 16 Jul 2014 09:49:49 GMT
Date: Sat, 02 Aug 2014 13:24:41 GMT
Expires: Sat, 02 Aug 2014 14:14:41 GMT
Cache-Control: public, max-age=3000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33075
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
............{{.6.(..?...q.5-.._....m.....6..~@...K.JRv.......@.$A.n.{.y....$.....`0..j.....`U...`.1..'...,.&..[k..2....Wk.L.6..53p>s76'...........l.b.'a...!.7..d.b..y^....p.X.;...u.......wq..f..-.P.!.I``.......0q..$n.l.....1W...CxI..X..,..........{.n.5Z/|.W}.D.<..^F/.0........5S.3.e...~ i.......7...2...7o."..L]m .x....4..@..I..b.$.}k.r<...d..|k9L.......P)cI....o......L.~k.....Z`..0LGJ.....qw.._.........M..tl..zqUc....b...o.G../....e.x.....0......QZN.C`.Mhx(C.B...-)b......9...@}\..YEs.......V.d.6...\k).B.[ ,.r..*.z$.....[.1.=.z.^..... ....p..F...F<.h#..`'..h....P.....L\Q.z.i.7.\C."AI.;H...<g1o......i.W........M.E...B>.5.a.-or>v?5O......z......._.77.[....>f........n*.k....Q........E.{Fs.....x...1...g..V......M....87#..........g..Eg./Y.$...4....p..A8a..a.W.p.Y....O.i2..{qC..}7..`.*FV:.h........J7....R....0~..$.-.....qT3.r..cw....z......>.4~....x..<:.q.2|ob.I.3J3..{JI.....8...F."Z....%.O.e`B...O.=>:.=..(J%E..[..*.....d3~......@;.>>...Bk(..`...&..Z............5...r.........h.P3....c.ghB1.W.....z....3.Bo..-..'...F&?..|........6c.%6....7.!3`.L.2....-.k...c]>....'.i..&..BE...`.U.[........9.fX....`hH...N....1D"../...9..3...>.P......lu..#.>.........N..h...}.{.6.........M.T0.-..e.Xt.5......&T.VL..]x..z...A.E(I.td.....:u]./..r..F...8~l<.y.l............F|.|.$...Y...m1SC'T.!(..h..._.yP.....0.|....9...........h.f......w..:.a....[.... 3......._.0...Q3.=v....&.q\.u.G.....fY.&...j..h.{..Wcl.3.:mb3.z,...P<....G.c..~.b........Oc........8X.s....:.k..$...c...E.../F.,@Y..7..oiU..5
<<
<<< skipped >>>
GET /recaptcha/api/image?c=03AHJ_VuvQ4uJ4qM31rPIFRzobiKbttAeij3-nDLd0xPrOkjPg_n04ludVfZyQPpLmJbJ8JPq1mp1Jh4G9NG2Fg99XxRLyu0QsSna39R5LBxIWK5bohVXPMcejwRn4L491t5edXxP86s3jUJab1qsdxqZpctDMgD9d3Eknjr3eHjA0zYxWuhNmMiqQFqh785r_SAGBAld_exGD8QknpQCZF1frm7YY25XS4w&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAF7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NfvyjaIQa8hG5G7nX HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS
HTTP/1.1 200 OK
Expires: Sat, 02 Aug 2014 13:34:43 GMT
Date: Sat, 02 Aug 2014 13:24:43 GMT
Cache-Control: public, max-age=600
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 2792
Server: GSE
Alternate-Protocol: 80:quic
......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342......9.,.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?...(.../._.....dv.E,.2..q..FF=..^....OH..Q...d..#5._....x .v....Vh.@........m.............u8....d..nr= N...`......0.5-.QE.QE.QE.QE.QE.QE.QE.W...".m.#jqj..v.Z[p...1(>..{......u.W.....R[/........8..^{.Hi..sJ../.m..w.....~..7....Ei.K..K..;P."X.d.;.....x.W.l.;mN..R........~..r?.<iy.|D...R.K.-e..B.O ....1Y^/...7z..._...J...JX8.. ..J._.Z....t.Ne.-..7..@.....J(..(..(..(..(..(..(.. .o....P.q....C......O...<?wi.......i.X....GQ^..HjQ...i...../.1.\W}.j.|?..i...ts....c#o.&.....(...\";.eb'....\.......R>....{2..9.v.}{..>!i..4..4v0E..(.nm[/....^..th....u*....V. .K...(..(..(...U.3..d.x..k..^...[I.K.y.q..8...!.. .....-.... ......S...>9...#x~...u2...r..@n...A... .......N........_d....m.E_..(..(..(.../.K..6P .. ...w.?0`. .Fzz.U.....!...{..j.^O..I..E..P.....(.[...jk.j..<....9P.s....>.:*i!/...e......}z...... .}^=SM..nP..I..}....].K.!.jv..H.tK.m.L........f.-.....].E.. c..]p.@.`.....(....>...Z...>....?7..M.....>...:......h.!c.....;d...)8..x.=z.{....qx........n.d.Bg.M../.l..u.&.k@..O._>....b.Ds$..Jl .....c8'.....P.alu9/...F.....g.:7<...z..:..<Em.jVF.M7...E.0..U..8..{.....O...\.c..CM..L....8.U...9...Gj.>(.z.....Wk...lH.L.m.l7JN.$...G8..;.|8.L.".&.|5..m|W.....>V.;~o
<<
<<< skipped >>>
GET /static/r07/widgetIE67006.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 14 Apr 2014 12:52:34 GMT
Cache-Control: public, no-check, max-age=86313600
Content-Type: text/css
Content-Length: 1503
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:24 GMT
Via: 1.1 varnish
Age: 572230
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 236590
X-Timer: S1406985864.391919,VS0,VE0
Vary: Host,Accept-Encoding
#at15s{background:url(//s7.addthis.com/static/t00/atbkg.png);}.atPinBox{background:url(//s7.addthis.com/static/t00/atbkg.png);}.addthis_textshare{background:url(//s7.addthis.com/static/t00/atsh00.png) no-repeat 0 0;}#at16p{background:url(//s7.addthis.com/static/t00/atbkg.png);}a#at16pit{background:url(//s7.addthis.com/static/t00/tab00.gif) no-repeat;}#at15pf .ac-logo,#at16pf .ac-logo{background:url(//s7.addthis.com/static/t00/ac12.gif) no-repeat left;}#at15pf a.at-logo,#at16pf a.at-logo{background:url(//s7.addthis.com/static/t00/logo88.gif) no-repeat left;}#at16psf{background:#f2f2f2 url(//s7.addthis.com/static/t00/atf02.gif) no-repeat center center;}#at16ep a.at_gmail{background:url(//s7.addthis.com/static/t00/gmail.gif) no-repeat left;}#at16ep a.at_hotmail{background:url(//s7.addthis.com/static/t00/hotmail.gif) no-repeat left;}#at16ep a.at_yahoo{background:url(//s7.addthis.com/static/t00/yahoo.gif) no-repeat left;}.at3lblight{background:url(//s7.addthis.com/static/t00/bg-at3lb-light.png);}.at3lbdark{background:url(//s7.addthis.com/static/t00/bg-at3lb-black.png);}.at3lbnone{background:none;}#at3winheaderclose{background-image:url(//s7.addthis.com/static/t00/at3-x.png) no-repeat center!important;}#at3winfooter{position:relative!important;}.at3winssi-profile{margin-right:-1px;border-left:1px solid #DEDEDE;cursor:pointer;}.at3winssi-profile a{font-size:12px;height:50px;line-height:50px;padding:0 20px;color:#000;text-decoration:none;}.at3winssi-profile a:hover{background:#dedede;}...
<<
<<< skipped >>>
GET /js/300/addthis_widget.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 29 Jul 2014 16:24:33 GMT
ETag: "57e52b7-1ae0-4ff5779877240"
Content-Type: text/javascript
Content-Length: 6880
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:23 GMT
Via: 1.1 varnish
Age: 3227
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 4085
X-Timer: S1406985863.370505,VS0,VE0
Vary: Host,Accept-Encoding
/* (c) 2008-2014 AddThis, Inc */.var addthis_conf={ver:300};if(!((window._atc||{}).ver)){var _atd="VVV.addthis.com/",_atr=window.addthis_cdn||"//s7.addthis.com/",_euc=encodeURIComponent,_duc=decodeURIComponent,_atc={dbg:0,rrev:1406650926,dr:0,ver:250,loc:0,enote:"",cwait:500,bamp:0.25,camp:1,csmp:0.0001,damp:1,famp:1,pamp:0.1,abmp:0.5,sfmp:-1,tamp:1,plmp:1,stmp:0,vamp:1,cscs:1,dtt:0.01,ohmp:0,ltj:1,xamp:1,abf:!!window.addthis_do_ab,qs:0,cdn:0,rsrcs:{bookmark:_atr "static/r07/bookmark043.html",atimg:_atr "static/r07/atimg043.html",countercss:_atr "static/r07/counter015.css",counterIE67css:_atr "static/r07/counterIE67004.css",counter:_atr "static/r07/counter018.js",core:_atr "static/r07/core145.js",wombat:_atr "static/r07/bar026.js",wombatcss:_atr "static/r07/bar012.css",qbarcss:_atr "bannerQuirks.css",fltcss:_atr "static/r07/floating010.css",barcss:_atr "static/r07/banner006.css",barjs:_atr "static/r07/banner004.js",contentcss:_atr "static/r07/content009.css",contentjs:_atr "static/r07/content023.js",layersjs:_atr "static/r07/layers063.js",layerscss:_atr "static/r07/layers052.css",layersiecss:_atr "static/r07/layersIE6007.css",layersdroidcss:_atr "static/r07/layersdroid004.css",warning:_atr "static/r07/warning000.html",ssojs:_atr "static/r07/ssi005.js",ssocss:_atr "static/r07/ssi004.css",peekaboocss:_atr "static/r07/peekaboo002.css",overlayjs:_atr "static/r07/overlay005.js",widget32css:_atr "static/r07/widgetbig060.css",widget32whitecss:_atr "static/r07/widgetbigwhite016_32x32.css",widget20css:_atr "static/r07/w
<<
<<< skipped >>>
GET /static/r07/core145.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 28 Jul 2014 21:23:54 GMT
Cache-Control: public, no-check, max-age=86313600
Content-Type: text/javascript
Content-Length: 215747
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:23 GMT
Via: 1.1 varnish
Age: 403019
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 667550
X-Timer: S1406985863.722895,VS0,VE0
Vary: Host,Accept-Encoding
/* (c) 2008-2014 AddThis, Inc */.if(!window._ate){(function(){var _1,w=window,d=document;var l;try{l=window.location;if(l.protocol.indexOf("file")===0||l.protocol.indexOf("safari-extension")===0||l.protocol.indexOf("chrome-extension")===0){_atr="http:" _atr;}if(l.hostname.indexOf("localhost")!=-1){_atc.loc=1;}}catch(e){}var ua=navigator.userAgent.toLowerCase(),d=document,w=window,_6=window.addthis||{},A=_6,dl=d.location,b={win:/windows/.test(ua),xp:(/windows nt 5.1/.test(ua))||(/windows nt 5.2/.test(ua)),osx:/os x/.test(ua),chb:/chrome/.test(ua)&&parseInt((/chrome\/(. ?)\./.exec(ua)).pop(),10)>13,chr:/chrome/.test(ua)&&!(/rockmelt/.test(ua)),cho:/chrome\/(1[2345678]|2\d)/.test(ua),iph:/iphone/.test(ua)||(/ipod/.test(ua)),dro:/android/.test(ua),wph:/windows phone/.test(ua),ipa:/ipad/.test(ua),saf:/safari/.test(ua)&&!(/chrome/.test(ua)),opr:/opera/.test(ua),ffx:/firefox/.test(ua),ff2:/firefox\/2/.test(ua),ffn:/firefox\/((3.[6789][0-9a-z]*)|(4.[0-9a-z]*))/.test(ua),ie6:/msie 6.0/.test(ua),ie7:/msie 7.0/.test(ua),ie8:/msie 8.0/.test(ua),ie9:/msie 9.0/.test(ua),ie10:/msie 10.0/.test(ua),ie11:/trident\/7.0/.test(ua),msi:(/msie/.test(ua))&&!(/opera/.test(ua)),mob:/(iphone|ipod|ipad|android|mobi|blackberry|opera mini|silk)/.test(ua),mod:-1},_a={rev:"1406582527",bro:b,wlp:(l||{}).protocol,dl:dl,unj:w.JSON&&typeof w.JSON.parse=="function"&&typeof w.JSON.stringify=="function",upm:!!w.postMessage&&("" w.postMessage).toLowerCase().indexOf("[native code]")!==-1,uls:(function(){try{var _b="addthis-test",_c=window.localStor
<<
<<< skipped >>>
GET /static/r07/widget120.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 29 Apr 2014 11:58:30 GMT
Cache-Control: public, no-check, max-age=86313600
Content-Type: text/css
Content-Length: 83107
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:24 GMT
Via: 1.1 varnish
Age: 1406133
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 589045
X-Timer: S1406985864.287595,VS0,VE0
Vary: Host,Accept-Encoding
#at16lb{display:none;position:absolute;top:0;left:0;width:100%;height:100%;z-index:1001;background-color:black;opacity:.001;}#at20mc,#at_email,#at16pib,#at16pc,#at16pi,#at_share,#at_complete,#at_success,#at_error{position:static!important;}#at20mc{position:absolute;left:0;top:0;float:none;}#at20mc a{color:#36B;}#at20mc div{float:none;}.at15dn{display:none;}.at15a{border:0;height:0;margin:0;padding:0;width:100%;width:230px;}.atnt{text-align:center!important;padding:6px 0 0 0!important;height:24px!important;}.atnt a{text-decoration:none;color:#36b;}.atnt a:hover{text-decoration:underline;}#at16recap,#at_msg,#at16p label,#at16nms,#at16sas,#at_share .at_item,#at16p,#at15s,#at16p form input,#at16p textarea{font-family:arial,helvetica,tahoma,verdana,sans-serif!important;font-size:12px!important;outline-style:none;outline-width:0;line-height:1em;}* html #at15s.mmborder{position:absolute!important;}#at15s.mmborder{position:fixed!important;}/*\*/ #at15s.mmborder{width:250px!important;}/**/ #at20mc div.at15sie6{color:#4c4c4c!important;width:256px!important;}#at15s{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs 9AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAABtJREFUeNpiZGBgaGAgAjAxEAlGFVJHIUCAAQDcngCUgqGMqwAAAABJRU5ErkJggg==);float:none;line-height:1em;margin:0;overflow:visible;padding:5px;text-align:left;position:absolute;}#at15s a,#at15s span{outline:0;direction:ltr;}html>body #at15s{width:250px!important;}#at20mc .atm.at15satmie6{background:none!important;padding:0!important;wi
<<
<<< skipped >>>
GET /static/r07/sh168.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 28 Jul 2014 21:24:46 GMT
Cache-Control: public, no-check, max-age=86313600
P3P: CP="NON ADM OUR DEV IND COM STA"
Content-Type: text/html; charset=UTF-8
Content-Length: 63802
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:33 GMT
Via: 1.1 varnish
Age: 403027
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 886558
X-Timer: S1406985873.314992,VS0,VE0
Vary: Host,Accept-Encoding
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>AddThis utility frame</title></head><body style="background-color:transparent" onload="run();"><script type="text/javascript">/* <![CDATA[ */.if(!((window._atc||{}).ver)){var _atd="VVV.addthis.com/",_atr=window.addthis_cdn||"//s7.addthis.com/",_euc=encodeURIComponent,_duc=decodeURIComponent,_atc={dbg:0,rrev:1406582527,dr:0,ver:250,loc:0,enote:"",cwait:500,bamp:0.25,camp:1,csmp:0.0001,damp:1,famp:1,pamp:0.1,abmp:0.5,sfmp:-1,tamp:1,plmp:1,stmp:0,vamp:1,cscs:1,dtt:0.01,ohmp:0,ltj:1,xamp:1,abf:!!window.addthis_do_ab,qs:0,cdn:0,rsrcs:{bookmark:_atr "static/r07/bookmark043.html",atimg:_atr "static/r07/atimg043.html",countercss:_atr "static/r07/counter015.css",counterIE67css:_atr "static/r07/counterIE67004.css",counter:_atr "static/r07/counter018.js",core:_atr "static/r07/core145.js",wombat:_atr "static/r07/bar026.js",wombatcss:_atr "static/r07/bar012.css",qbarcss:_atr "bannerQuirks.css",fltcss:_atr "static/r07/floating010.css",barcss:_atr "static/r07/banner006.css",barjs:_atr "static/r07/banner004.js",contentcss:_atr "static/r07/content009.css",contentjs:_atr "static/r07/content023.js",layersjs:_atr "static/r07/layers063.js",layerscss:_atr "static/r07/layers052.css",layersiecss:_atr "static/r07/layersIE6007.css",layersdroidcss:_atr "static/r07/layersdroid004.css",warnin
<<
<<< skipped >>>
GET /static/r07/layers063.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 21 Jul 2014 20:22:03 GMT
Cache-Control: public, no-check, max-age=86313600
Content-Type: text/javascript
Content-Length: 162945
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:41 GMT
Via: 1.1 varnish
Age: 1011311
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 62609
X-Timer: S1406985881.721824,VS0,VE0
Vary: Host,Accept-Encoding
(function(e,c,f,i){var h,a;var g={};g.qwery=function(){var b=function(){var n=document,M=n.documentElement,Z="getElementsByClassName",B="getElementsByTagName",m="querySelectorAll",N="useNativeQSA",x="tagName",W="nodeType",ai,V=/#([\w\-] )/,w=/\.[\w\-] /g,ap=/^#([\w\-] )$/,al=/^\.([\w\-] )$/,A=/^([\w\-] )$/,ad=/^([\w] )?\.([\w\-] )$/,R=/(^|,)\s*[>~ ]/,X=/^\s |\s*([,\s\ \~>]|$)\s*/g,aq=/[\s\>\ \~]/,I=/(?![\s\w\-\/\?\&\=\:\.\(\)\!,@#%<>\{\}\$\*\^'"]*\]|[\s\w\ \-]*\))/,an=/([.* ?\^=!:${}()|\[\]\/\\])/g,j=/^(\*|[a-z0-9] )?(?:([\.\#] [\w\-\.#] )?)/,y=/\[([\w\-] )(?:([\|\^\$\*\~]?\=)['"]?([ \w\-\/\?\&\=\:\.\(\)\!,@#%<>\{\}\$\*\^] )["']?)?\]/,D=/:([\w\-] )(\(['"]?([^()] )['"]?\))?/,C=new RegExp(ap.source "|" A.source "|" al.source),t=new RegExp("(" aq.source ")" I.source,"g"),am=new RegExp(aq.source I.source),H=new RegExp(j.source "(" y.source ")?(" D.source ")?");var S={" ":function(q){return q&&q!==M&&q.parentNode;},">":function(q,ar){return q&&q.parentNode==ar.parentNode&&q.parentNode;},"~":function(q){return q&&q.previousSibling;}," ":function(q,at,au,ar){if(!q){return false;}return(au=aa(q))&&(ar=aa(at))&&au==ar&&au;}};function v(){this.c={};}v.prototype={g:function(q){return this.c[q]||i;},s:function(ar,q,at){q=at?new RegExp(q):q;return this.c[ar]=q;}};var af=new v(),E=new v(),K=new v(),ag=new v();function T(q){return af.g(q)||af.s(q,"(^|\\s )" q "(\\s |$)",1);}function aj(ar,au){var at=0,q=ar.length;for(;at<q;at ){au(ar[at]);}}function G(at){for(var av=[],au=0,q=at.length;au<q; au
<<
<<< skipped >>>
GET /static/r07/json2.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 04 Apr 2014 15:06:38 GMT
Cache-Control: public, no-check, max-age=86313600
Content-Type: application/javascript
Content-Length: 3353
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:42 GMT
Via: 1.1 varnish
Age: 573946
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 80873
X-Timer: S1406985882.908518,VS0,VE0
Vary: Host,Accept-Encoding
if(!this.JSON){this.JSON={}}(function(){function f(n){return n<10?"0" n:n}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear() "-" f(this.getUTCMonth() 1) "-" f(this.getUTCDate()) "T" f(this.getUTCHours()) ":" f(this.getUTCMinutes()) ":" f(this.getUTCSeconds()) "Z":null};String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(key){return this.valueOf()}}var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,escapable=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,gap,indent,meta={"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"},rep;function quote(string){escapable.lastIndex=0;return escapable.test(string)?'"' string.replace(escapable,function(a){var c=meta[a];return typeof c==="string"?c:"\\u" ("0000" a.charCodeAt(0).toString(16)).slice(-4)}) '"':'"' string '"'}function str(key,holder){var i,k,v,length,mind=gap,partial,value=holder[key];if(value&&typeof value==="object"&&typeof value.toJSON==="function"){value=value.toJSON(key)}if(typeof rep==="function"){value=rep.call(holder,key,value)}switch(typeof value){case"string":return quote(value);case"number":return isFinite(value)?String(value):"null";case"boolean":case"null":return String(value);case"object":if(!value){return"null"}gap =indent;partial=[];if(Object.prototype.toString.apply(value
<<
<<< skipped >>>
GET /static/r07/layersIE6007.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s7.addthis.com
Connection: Keep-Alive
Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X; loc=MDAwMDBFVVVBMDAyMzAwMjE2MzAwMDAwMDAwVg==
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 22 May 2014 15:35:37 GMT
Cache-Control: public, no-check, max-age=86313600
Content-Type: text/css
Content-Length: 2211
Accept-Ranges: bytes
Date: Sat, 02 Aug 2014 13:24:43 GMT
Via: 1.1 varnish
Age: 573956
Connection: keep-alive
X-Served-By: cache-fra1220-FRA
X-Cache: HIT
X-Cache-Hits: 25755
X-Timer: S1406985883.470858,VS0,VE0
Vary: Host,Accept-Encoding
.at4-follow,.at4-follow-inner,.at4-follow-container{position:static!important;display:inline;}.at4-follow-outer{position:absolute!important;display:block!important;top:0;right:0;}.at4-follow-inner{display:block!important;padding-left:30px!important;}#at4-foc{position:absolute!important;display:block;}.at4-follow-close-control{height:44px;}.at4-share-outer{position:absolute!important;background:none;top:20%;left:0;}.at4-share-outer-right{position:absolute!important;background:none;top:20%;left:auto;right:0;}#at4-share{position:static!important;}.at4-share-btn{position:static!im..
GET /static/css/jquery.loadmask.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2013 11:51:19 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:07 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a980d85410761-AMS
Content-Encoding: gzip
16f...............j.0.._%..mPgNJ.....$Jl'b.el7.5....-..;8........-..!..7.N..h8.."&$'..d.I.D^pi.I.b3..y.0}.........m.A...<~..u.I.0....N..,..;.N..*M....4.Sz.oD.h.[..cs.?5.....*{.*.i...aT...;..........QzP..(Z...g.pY.p.Y...8m6..L_Nu......q.Q?.V.e.W.h..*G,h.!....E..6.K.~.....Q~l.m[i.%.(.`..d&.h.=.....]t....\dQ.4r8.../.).Y$i.....t..*.....B.. %...p.......e.s..#.h...J..o}7.x.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:07 GMT..Content-Type: text/css..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Wed, 17 Apr 2013 11:51:19 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:07 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a980d85410761-AMS..Content-Encoding: gzip..16f...............j.0.._%..mPgNJ.....$Jl'b.el7.5....-..;8........-..!..7.N..h8.."&$'..d.I.D^pi.I.b3..y.0}.........m.A...<~..u.I.0....N..,..;.N..*M....4.Sz.oD.h.[..cs.?5.....*{.*.i...aT...;..........QzP..(Z...g.pY.p.Y...8m6..L_Nu......q.Q?.V.e.W.h..*G,h.!....E..6.K.~.....Q~l.m[i.%.(.`..d&.h.=.....]t....\dQ.4r8.../.).Y$i.....t..*.....B.. %...p.......e.s..#.h...J..o}7.x.....0......
GET /static/css/core30.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:08 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 13 May 2014 14:12:47 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:08 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a9811d6410761-AMS
Content-Encoding: gzip
606d...................0......p.t...(QGu...io..p.g......"...)Q............x.j...[...H ........l..'r....O...g/..\d%..."'.....<...]...Eu._/5.l..L....9.sWW......N$.r.yq:....MYe.^~I/yQ...p.....v.J...8.!/..|.../U.........._..p..........e..uW.99..z.;...-.4<.....x....=..e.q....Q`...G..P..g.............O./_6U..a..w..v...3=~z...#......../?.\.g:...x9.1 ....~Z....M.EI.K.......eV.U}{..../...}............C~{.%."......%G}...G1(....M......../N....m.L...>.`.U.9 ........ahn.......VW...mJ..'...~.l....sI....jJu.....q.. l.'J..;>....o..>.}..B.VN......N..|{..r.\.....EF....XN$..q...d...ar..".n.,{)..t.._..</.w...E. ../..._..........1...dU...... >X...../wl.tEg.]..6.........Cu:...p:\...f...H....o..(^.d.Zx...T2d.o../........#.N.......C.....?..;.>..vC..E......H.p&....g/....i..x./..bO.J'.#z....R..UQ..Q.I..1...IycZ.. ..n7)]@.k......G.......I_.....T%&<D..<..s.I.[.W#....@..$'..Q.=,...x.....b.....8ZA..>V%.'.Prr.).......r...z....mM7......r......4;.B.i..,H...G..C.L7.|....R..bh.....r]...:,..|;\..B ........)~..........uZ.|...X....S.O$*.?xu]6.. .._.....g...../kB..zG)p_.....=.=.IZ....8L.=.z.#..M..n).[.3`..`.`..'6..@.6..h-O.0.. ^...............H.]S..o.7...Y..!..........X..{M.hH....l..."/.|.a./.#T...erE...b.C.i.s.#HMn..[..O.V."7..............[U.......V.d....z.3y.....|.].....O.....%t..I..M..#.o...{.g.....>.i.X....dA...z.S...o...............`............N..;....t.E.FK.)%U...Z.r...}^.AH4]@?0....f.....Jk.y...A..JV..LD......r.T.N..6Q;...`.....LlX...._-...).sS..*`."_....f......L.M.*\4.....0*..w...{......U....D.g .:.y.y...
<<
<<< skipped >>>
GET /static/js/common.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:13 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:13 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a98321ccc0761-AMS
Content-Encoding: gzip
b25..............ks.6.3. P....L.V....VI..S7.YN.z...HHbB....q..... .R...3...../..74%C.......;.......o.GW.=b.......%.. .[................._...NO...V...?N...F.8.1...^.]...{......$.`r..G.%.`.v.'.<.......w....]....6;.?v........,..Q.^.."N..]....<.<.....-..UB.Et.;B..m=....|...#......g.|q.nX.#.T.....8..z..9........>...H..|......F.......Ky....`.R..D.O9..M...N....k./.J}...Gm{.l."..8......7Ln...I....Bp.u..7..i...74.@<p..M...M...r)..m.....2.GKF}....@.....>.X..bYF..h..U.V_Z.m..?*vj9n.V.....F0'vc.F...I."...,H.M(...........&,....1..A4N.....U.nSc.M.'.2&.......P.viF..)C..J...e@.^.O.4. .Y...-.h.".).....~..$......x.n.s2..MG.O......PM......9.L~~:5A .v.......O..;f..%.[r..'w.-.h..<.......1..."?.u...fq3FSoY.WI...0T!.2...1.f....yP.._...WI........j...6..IL....z.. .X...J.J. ...(Nx.".......#L.k.e.A.2........_....p....[.N.......a..XO...U...1(N.n...4....S.,)..v@.>.....:..~.. 0..?O`....../v......[e........%..$..,^..i|...(..X}...$....F.|!..jt..d@^H...*....l.z....F~....[6{7..\,!......._^..?.diz.. .3.Is.,(.....p.&p..U...8.ra.#?.....$xEC.l........I.D.E y.1..x....A....r.....f.c...qZ..........6.;..V..l.q.[h...w...>..h..A8.........k..5..). .W.g.k..Hn.....Lz....{..Q.j._..Ip...o.Q}.Cb...b.j_nh..p..*..AA.......!.}...B.e.X..?|...%..q..WVV.|t.Hb.....c..g.e_.YW.kM5...Z..4.......%dK.....zL.........X.. sAg).<.|#[.W......4W.S;..Q..0Q0.m.v..%9?e.z.....5.Q......D.j...8..P...$..~.yy.|.hTXC.w.....Q2x...O...,.TW.=j'..K....i.'.,yXzlM.4.8X.z.,...^).._...E...P.n..5U...@?..,..?..1.$...n...3...K.Q.......o..b.E. .....G...dR...1'{..#X....
<<
<<< skipped >>>
GET /static/js/jquery.loadmask.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:14 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:14 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a98338d1e0761-AMS
Content-Encoding: gzip
321.............TQ..8.~G.?.?...:{ t'........w.w......G..nU....d... x.n......f.\\<}......V..GDPt}u..}...-.h.\...C.....\...\i&LI....m.5.J@.@...`./..~..H.}.:I6..3u.0......>.%.........y%...~.)...G..d.k.:....f....#.).2......PB.Y....H.uw.....5%zw....>y..c..Zp...........O...D.&..8[U-.b...,.._(G.pQ...N.H.l..}\..........."...R.$...o...W%.........#.6}_%.3A.....vpb........{S.....{..4:@)w.. .`.|c .=Y......\.~...A..c..W.;A...;.....LD..Z(....3..\.....Z.....6NE......Q...$.R.U8...q.!.c .i..../.H.F"Z.X....^.I....MC...U.......W.g..Of..&.:.L....^.x.B...7..V@\......5..>...j...:so...Isf.7e..)......... . .#..m..._/....)Y..I...".=..PRB..P..F.h.*.')..M.1/]...[..,..5...L..H....G.%....3.8..1..m.b.g.....@d$Sr='.p......6i>..\.K\..!u .q.^..u..........3..lHx~...:.~.=......1...?.g..e...0L]49...........|...FtO.....[....TD.......0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:14 GMT..Content-Type: application/x-javascript..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:14 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a98338d1e0761-AMS..Content-Encoding: gzip..321.............TQ..8.~G.?.?...:{ t'........w.w......G..nU....d... x.n......f.\\<}......V..GDPt}u..}...-.h.\...C.....\...\i&LI....m.5.J@.@...`./..~..H.}.:I6..3u.0......>.%.........y%...~.)...G..d.k.:....f....#.).2......PB.Y....H.uw.....5%zw....>y..c..Zp...........O...D.&..8[U-.b...,.._(G.pQ...N.H.l..}\..........."...R.$...o...
<<
<<< skipped >>>
GET /static/js/jquery.form.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:14 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:14 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a9834cd5f0761-AMS
Content-Encoding: gzip
1340.............[ms.8..._A...`......2.*.dvr..s...l.4[ ..H.)..mE...n.|....M]U..xi........m..N...t.>[..t. J ...E-<...[..mV.*...k...4D8..nj.e>.....X...[...$...I...kQ..f1....Fd..P.v ....f[..Z...t.......U...U...<p2..uBKYo...xp7[.p......z.x..Z"v.w.9...".......(.d......|.....u%.........".|'.M.9.a...t.K....\.0.......@q]l.K...F..S.../..z...e..I....j....VD.............W..~ .P..X......~ .....za....R..$..@]8."..@d..}...N*f..=.yX<:A.WE....;Y...........Rt....)..]Y...r..P.P..W.n.}b.Tvf....(....W6u.4..:XPy.....#..-....x.q1...,|.."..s.h....3O.l.....4r.f#...wr..b-.zz..V*...|.K..h 7....V...DT......R.HL...n........i.W....c-6.....|.^Y.i.WL.=...._@.........P..."HT9...?.~.b.p..& D...Kh...8OI..F.........G.........>:E.1.{I~.;3..5..X....m..|#.J..k...'....b.k.........'M|..e.-.(.O#...c0P'..p..%l...j../.9...C.3.V..J.S.|....m....7Vv..I2x..R.;....v...].......@9..U.5%.g%..mN.R.p.....6.......>..tjo.4.e.,.*C.MT...Q.oD...N..%...K.......>..A...EY....f[.~.....,&O.=L.A&E.Jz."......rD]...a.:.]...N....y.e...e........v-...m.-..t.Cg[f..qK3.S....N.J7......oa.e..]N`.kD....1.E..!.y.....k..).p}.p|.6c3...w...."tj.....t...d......5.?@.&.n..M. .'.)C@.V...).e%.f[%.'/..l'i....p....2.|a.zA.^)LDM...-.A./.YR.....4*A.....^........`."...=h .......m.S.v....CZ..H...d..q....{eG.....98.n..$R...9......[.....x}.PS....A.X>I..4...b.Uc.=..B...."........@s.q]Z.htc...:``.....R3_X..$.....n.4jR.Pa..~:....s.M8I)#tHm....i*..9.......\ ...{..U[.Pp..7*Z'e.....,.~Zg....1t6.......>...>...=E4..u...H..hLw..1.....4.....'.a.?}........j_J.....*......./.....~
<<
<<< skipped >>>
GET /static/js/modernizr.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:14 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:14 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a9835cd930761-AMS
Content-Encoding: gzip
35dd.............}.z.7...?......l.b."YI.[Fg|...wVV.&...5..FS.m.|.5...I..........c.%......B..P(....%..W.P.i.%....fx..M.b...-..pj^..l.....l.......AGlon>.nonm..Q>?...T.x...q..j...D^.cyQd)V.6..n..d..P.Sh@..)..?.Y.^.......5.z.].@.n...)w../.XL..D.Q..K...xGD.P......b$.b.K%.\..<....H..n..`..2-..C.5...0..J....JE&.....b..E.T{.%Rb.g3..1T.R..q....C4....E@M@.A.)...)..xRL...L......I...Q.O._.4I.."...hp..*.q..2.D.....\..1._...q..t.D.H$...H....3.z..B^.......t.....R.....S;..@l...r.AX.X.......I.Au.3..a.-.._.;..G......Y....W..... ....".eb,..F..'C.6.......B&..x.e*N...9.......b...:...E. {....b..J...X?.<w..q.^p._.@.c9...'2...(e....Sh6t.?...<. q....b....!.M.Q...;...[..9.2..B~9.-......p.^.........`6`%`u....N!..@.>L.!.;.....~{ .|.u[..sfdxn0....*0E.&.._n..//..`.]G=Y......l..X.s.y.....C...9.z)p*l...0...h!..1.Tad...,.5.....HL...............@G.=.. >.L.P...h#..t6/,.800.q6W..... .T..2.T}=z-*..h4.4&.[{..1Ev........_...x...@.h.....93....@)...=`.....w.[.c..._...Dw!.gq...i.........P2vE T.$.....px..XD$.L.DL..8.....S&...x...Q.....o.#..<0....I........2.P|...l..l.b..#6.`%...0.u...7'.....D...%,7.... 1A........0.. ..<...W. .T6"..q&.#2.z..j..@.=....h6.Q.TsX....k..T}.,T.....VM........G.?..i1...3...V.y.$..C..X)......1..o=..4.......G.h`..K.m..qkO.<.f..f.....f..^.&.9.D"...AT...M..V.....g"...)0.......L.d.....Q......L3o.G.f*..2#.y"... ......\AL.:...Zv...,....*.....r../.,.`...l......k...mu...x$..w.J..K...f..s ...f.2...1jm.(.N.i.............M.^...IU......A..V.!." ....Z..".4Q.....j3......!,..F.N........~B...=Zc..&.|..A..!..t..0.R.R.
<<
<<< skipped >>>
GET /static/js/spin.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:15 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:15 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a983e1f510761-AMS
Content-Encoding: gzip
d48..............k..6....`.....lo.;..N.....IsH..... K...,.......73|...{.F.......T....)..W.[o.y)7c..&....N.....t.m.N.&..M%.....v..n..M....U.>...OOO.){)..%V...e..&.).......ObW.DVt.....@.c..F.W.....QV.[s.....f. .''......N.....Ur..7.K.,y-..k........O.o...P..!R4bS.lH......5..5.....[< 3B......V..Z{.}.....H.k'j.=0.A.IV*^t.....u...... V...l%ny34$....o.h....i.TQ.. .l...pY..[p..f..p.G..A..N..!!......5....;X......,..m..{..D...J.&..&..W.5..Ux2x;..x.U.@...R....S.4kQW.7`...kr..P...|....D...th...,....c.8f). ........[..Yu.s&.k..`..c.-...H5.hW.:;".A9....Yu`...1.=...9..7...H........x... ........{.....6O..g=T....w.....e....M.5/.$..\...E.f...........I.fq..$. ..&...`...Q.E....h0..w.)9.H.......).5[...ub#......Qw..z........;..Os0.>..G..E..D......q/ ...zZ.....N...21$d.Z......=...>....d.....{).4.....B..'.d..L...1{.G..]t.|S.....#....;M.xDt26df.G6y.(.g.\o..S..t2<..r...,...%Y.w.....e.y..B..... .2....<R.IlJ.K.>.S......Er?8...-./...%?$. <i...g.."..V?...~...k.Y2x.$.p...pB .<\.`S......ez....}.V./.'...=.....&V......?=..p.0G]*.)`6!...W>...R(.L.m[..D...`.(. C ..a..5..@..r......,.........c.O..(...9.Ppr..wL....W..5{.....%t.3h.dk[^....K'...By..O~...[.tj...R.'Xa.6..........3..w.~....76.;.)s..;.B.%..=.td.....A....2z...._..n.......gQ..O.1.`.lVo.Z...p..)...B..e..#.>.:..1.cX...c...G4..GS..[.."..............XhYo;l.V|$.K.uX.i..F.V..N 5.R.o...~..2.^.%......lm8.A.........jp.^.2...#r.~.!......K/.5.Z.r.AQ...)ts.g<f. |..,`\.U...R.*.."Yz..r..l"./.F`Q!....G.(..(o.,md(*.E.&!..7..P.i..R..6g).A'2c.}.i.mg.F........d2I...S.Z`..T..j
<<
<<< skipped >>>
GET /static/js/jquery.ulightbox.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a984e42e30761-AMS
Content-Encoding: gzip
500.............W.r.6.]._qEg.*.)9...g.w.v..5...L. ...a.%A........(R...B....8./.^M...../X...._'..z0{...b6.l6A..,V:.L..'.....1.v..mf......1.......=.....9...1.@'...~...,.J.. , 0.z.4..s.kvpO..HX......2.... .1.../....g..[.r..l..<Oq..J2."A.|....O......'4V..*.Pi...%."D. ..g#........K%5.z....t.z...u>....i..u...'..%..X.2.H..R.O ...8..W.R.:k /|..xK..MS&c.s.b}.....]...W...uuW...(.....Q.u.....m..D..=..... ..i.$.N.^. P.2..S1}..iw.As-...OfM..._......7.r-...d..|B.g...$..|...%...3.~H...La..d...../....@6...............O.y...~B.......~CzN>9 &r....!.O_ ..5B)..L....r..@\m..d..!~.$ Q...L.".Uc.~.....XeY.Tn....i..<_a..;.*c..$.)...e..U.3B&]....d...A.l.u........:F..#.I.. G..2.....>.H.m*ae!....-5.u..u......&.[nD.gq.2.M..K.@....Z''.g./.s.<9.....#......e%.B\.4uy-..L.(......#.tD..........<.2....k...`..x.U.u.M..c.........9F....h.Y........I.7....1.T...d...qM...P.4.......exDJ.......Ll...@..|.q(/...5...h...q.f..r.;....\.!..Mif.vCi.......&...)5.K3......O..."*.......y....~%m.4.....d..b...:b.FiC..T.,...y.P......E..g]..`4..8..........U..-RZ1........|.@<.f .l..C[]..,....(.G...6...i.c.......K....Z.cFd.o....m..a....]E.$U.;|..m....22/.....l.l..3g.}......Zg.....eT...Nv..:..W.'.EX.......I.9@.......}s...=......6b>I....2..)'..)..sB......].....".:{.S8........\3..s...7W._...7.*..#.v.1.u...[.Z[......:x..R0X.M.....0......
<<
<<< skipped >>>
GET /static/image/header_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: image/png
Content-Length: 230
Connection: keep-alive
Etag: "481-50f9295f-7f4e3286a18fa4ed"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a984f93270761-AMS
.PNG........IHDR.............=.#.....IDATH...1..0.E.....@....^...,TB....*..-....8?......p,f.........G.-c.5.>...>y..@W...?..>......w.q..^*5..hy<./n4[Uk.......[?$.^~..}..>.....<oG....y....................#.].M.....|....i....IEND.B`.....
GET /static/image/quote_photo_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:18 GMT
Content-Type: image/png
Content-Length: 169
Connection: keep-alive
Etag: "430-50f9295f-5c8366b15e404e47"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:18 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a9851b3ac0761-AMS
.PNG........IHDR...0...1......<.u...pIDATX......@.D.....0r...&[......9G.?.....Y...M...|@....X>m......6...}J....... @....... @...z...1r.....%HRf..e...,...........IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:18 GMT..Content-Type: image/png..Content-Length: 169..Connection: keep-alive..Etag: "430-50f9295f-5c8366b15e404e47"..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:18 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a9851b3ac0761-AMS...PNG........IHDR...0...1......<.u...pIDATX......@.D.....0r...&[......9G.?.....Y...M...|@....X>m......6...}J....... @....... @...z...1r.....%HRf..e...,...........IEND.B`.....
GET /static/image/links_clicked_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: image/png
Content-Length: 433
Connection: keep-alive
Etag: "525-50f9295f-70456e5279c4711c"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a985374140761-AMS
.PNG........IHDR.......1............xIDATx...=..Q......&.... V~k.E...(j>....!...t....S.ps.S./.....^...t>..%...|.........v...f........d.N....uN..`2.$...v.._...K.I8..4..9.....b:.......r5..K...O".sZ,.&.%.Q..r.4.(....r.9A.s._.o...)BN '.....wN.....HDr.9....9.f._@.D$'......S.G...$"9..@N.......P...LN '...8..x..(....r.9....7...@N '.....F..W.@"......r.>...|..OI>..V..n.3.xN.IDuNUU....v{:....K2.'.$.:......~~.....K.ID.9..y..['aB.....IEND.B`.....
GET /static/js/index/index.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:19 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Jun 2013 11:34:38 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:19 GMT
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 153a9853d4260761-AMS
Content-Encoding: gzip
701.............Xmo.6..l..6.*9.d....M.4k.`]S..X...c...ZTI.........))Y?T@b.|.x/..G..$3.dC..$M...}..I......7.."......K)..&..~..Y.b..D..x...t......o....#...O..dN.....Ft..X.7Rl...}.....8....2.b..L..T-/.,.R......6.H8..I. &RL..i|.K%d.e.....Yx....._St:...oo.P.(..U...`H*7a....*...#.#.S..Cj.;.{...F.,c2......o.].. ....@. ..]..0...I.......,........f....n.h....cl..3..B.I*.... .........AL..F'.&x~...."I.rtD6I..M...b..%..9..k..<..0X(.qT........t&bv}qv...).*,.X.v.F.l.....[..#.'MP....?{.mri...*&.R2...3.p.I..[.R.}.... Z.s...V..F..<..4....'Z...D.;...Ws".....:.u<v..X....;K.6.T....W.a.......1.0.R...,.,.S=......42.....F6..3.I1cJ...V..\_|..'..bdE..Q...A8..`..]1I...%1h.....i<... ?...X.......a]..6c.H....a5.K..#..j.`....HL5}....4..:M.WEA8.t6=.x...............C...,.>.m....... `....LVa.0.A].j#..\Hv.R.."....._.....pc.t.h..@..hD.'1d..iQ-3..R........TPq..C.....".qg.......V..T.jh!WK8.R.L........2...)....=.X".Sbn....J....#4 ....Dfu.q......j....z.<..YC.aw.........GV.R......7....|..0.....S..AGY....7.m..`..{....s.V...^$p.......;.8T.n..Kv%\........-...O.&.{-...8..v.~....h.~HC....&M...uX.`l*jme.x.;.)w:D.o.{u..1.YS..ex....N^..]t....wT....S....\.dN.g.Q.....G9..q...p.`T.X..oS...,.)i0.Gf.a......dT*f..d..1.t;$y.c....P...@5..al..C..{.....RG{.......'......xo..B..^..0...:.0.y.r..#[yT....S.p.pU0A..z.Q.L...L.n...[9.,M*.Y....Fq..M...G...a.w.7.........D..!jGL.gTM..~....;.Q...ya.(..X-_.....O<..>..V...K.2.6.....KM..>..../...6\.|......~V..-r.....R)...-...d*....."........V......'.=dPu1i........iN.......t..8v....x4..........c..?._..f..8!.
<<
<<< skipped >>>
GET /static/image/footer_home_lr_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:23 GMT
Content-Type: image/png
Content-Length: 126
Connection: keep-alive
Etag: "415-50f9295f-1e5347f3b5265ffa"
Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:23 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a986d995b0761-AMS
.PNG........IHDR.......3........x...EIDAT.[}....0..O..St..?U ....N .%...y...7..0..,..&..V..l..y..|f........A.....^....IEND.B`.....
GET /static/image/ft_paypal.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:23 GMT
Content-Type: image/png
Content-Length: 1121
Connection: keep-alive
Etag: "489-5131339a-c928e4b38120432b"
Last-Modified: Fri, 01 Mar 2013 23:02:50 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:23 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a986df9700761-AMS
.PNG........IHDR...Q.........3......GPLTE....U.......W..........................-`....Iu.......s........;j......................e.......................................................................................................................................................................................................................................................IDATH..UW..@....... ..v..{.u{........^.}...=g.....7_2a.R...`....A^...w..B....as..m.0....0?.........*I.".....d..*...1.y%v0..zM..I. (.f%.......'].g.....s.tO.u....u..c.....h...g...%...2....v.^..C.............V..y....0..(0.....&.....,......|c_...1Z.c.~~.....jR$....W......z.`.H..($...0.2..WQ...$&2 ...H.L...6....C.Z...$.\..b$.....T[.....1....G..y.*.%.$...F.^0!.3.....a ..aN.(.....a...u.......Y7"/.....;...|.Q...>j.|....N.".......kEB.. .k..Z.1.ok....N..r..J.8.R6.....F..mJB2h...z...IQ.(.wz^..q.e...y.l...XL.....J.^.#...:IF...R.......S..2...Mh......z.....d:*...0...<.|....x........U....?...XZ...)7.A.q.[=..|.Z......I.P..M...w.."...>..._.63Ch.uGN\..F....T.*4m..g...r.l.-.U.............Z......m".L0.a......7.......x...'w..%|......../.8>W..u.....IEND.B`.....
<<
<<< skipped >>>
GET /static/image/ft_alertpay.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b
HTTP/1.1 200 OK
Date: Sat, 02 Aug 2014 13:24:23 GMT
Content-Type: image/png
Content-Length: 2058
Connection: keep-alive
Etag: "996-5367718a-98fe83db70031711"
Last-Modified: Mon, 05 May 2014 11:10:02 GMT
Cache-Control: public, max-age=604800
Expires: Sat, 09 Aug 2014 13:24:23 GMT
CF-BGJ: imgq(85)
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 153a986e798d0761-AMS
.PNG........IHDR...Q..........Lc<....IDATh....S.......w..O.c.....X....B..K.<B..[^.b........2;...K......(. ..@.......y.O...]....b...zgz.....s..G....#;.;D;..K.333....l5.4e..jV.OI...{...j}...'_.r.E.=L.o...|.g.|....\t...C|....q.6..EQ...@....).Fp.F..J......H.W.......l1...[....<.S........V^...#Z..H.V..:..........w.:==...)X,.i|......1..3.>B... ..p\....;.q..k.S..l.D...........w.....0......|.2..?.s......HOO..;w0<<l........D....Bu...@.6.....L).,.....O...R....A.b...a....31.>|.nnn...B@@........???......_.V..........L&..!~.Q.X....|.t[.O.~....X&-.....a\...#.~.B.....jE'R....<Xg..p....B..@.....K...@bb..yxx....2....mmmx......q..=455.....AKK.Z[[....aav.ss3^.~...~y...s[..../%.LLL...S....B.....Z.(...()).....!.[..\.....(....'..|.7.70....8..f4t.!D....Q...y!.g............<}.7-. ...ds..\..m..../c.........T.......o..c...E.a......'.k..!22.6.-66.'N.......!:\.....b..]x..).>|(!g........ Y..AJ...#V........1......F...].]H....|we..1.`|............./}.F.l...2.`...;wb..=......h=.........`hh....b.qqqbM'O.........[..!H....>....O..>.9t..zzz099)m..[_?C.bQ.<.hoy@.....x<h CC_=...DE............7.......T...9!.8p........,qgZ........;fs..........W....A.N..#G.=.\.x.555..s1..U.y...$......._.y......W[[ ....$........V....@....&..nY......\-<.....Gx ......R........6<m...iI*<...q ....._....w...*.....P...K0.N.B^^.@...[5).&.s.-[..A...B.&t.f.:..8.\.DJ..,8.i.@.d;K..v.5...._:...F\..=LV.;...{..)s.|n..Q.....f).>.".M.6I<d......@........IKK..3g.....$$U./i....Yf.r..]9@ggg.<)).!!!X.~...EC.R.E.B....T`...!..W. ..6}
<<
<<< skipped >>>
Map
The Backdoor connects to the servers at the folowing location(s):
Strings from Dumps
abcww.exe_1864_rwx_009D0000_00006000:
x{^%x
x{^%x
adf.exe_1684:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
s%j.Zf
s%j.Zf
8crtsu
8crtsu
:crts
:crts
crts
crts
GetProcessWindowStation
GetProcessWindowStation
operator
operator
This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.
This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.
uxtheme.dll
uxtheme.dll
kernel32.dll
kernel32.dll
operand of unlimited repeat could match the empty string
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
POSIX named classes are supported only within a class
erroffset passed as NULL
erroffset passed as NULL
POSIX collating elements are not supported
POSIX collating elements are not supported
this version of PCRE is not compiled with PCRE_UTF8 support
this version of PCRE is not compiled with PCRE_UTF8 support
PCRE does not support \L, \l, \N{name}, \U, or \u
PCRE does not support \L, \l, \N{name}, \U, or \u
support for \P, \p, and \X has not been compiled
support for \P, \p, and \X has not been compiled
this version of PCRE is not compiled with PCRE_UCP support
this version of PCRE is not compiled with PCRE_UCP support
ICMP.DLL
ICMP.DLL
advapi32.dll
advapi32.dll
RegDeleteKeyExW
RegDeleteKeyExW
Error text not found (please report)
Error text not found (please report)
WSOCK32.dll
WSOCK32.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
COMCTL32.dll
COMCTL32.dll
MPR.dll
MPR.dll
InternetCrackUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpQueryInfoW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
FtpOpenFileW
FtpOpenFileW
FtpGetFileSize
FtpGetFileSize
InternetOpenUrlW
InternetOpenUrlW
WININET.dll
WININET.dll
PSAPI.DLL
PSAPI.DLL
USERENV.dll
USERENV.dll
GetProcessHeap
GetProcessHeap
CreatePipe
CreatePipe
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
OpenWindowStationW
OpenWindowStationW
SetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
CloseWindowStation
MapVirtualKeyW
MapVirtualKeyW
EnumChildWindows
EnumChildWindows
EnumWindows
EnumWindows
VkKeyScanW
VkKeyScanW
GetKeyState
GetKeyState
GetKeyboardState
GetKeyboardState
SetKeyboardState
SetKeyboardState
GetAsyncKeyState
GetAsyncKeyState
keybd_event
keybd_event
EnumThreadWindows
EnumThreadWindows
ExitWindowsEx
ExitWindowsEx
UnregisterHotKey
UnregisterHotKey
RegisterHotKey
RegisterHotKey
GetKeyboardLayoutNameW
GetKeyboardLayoutNameW
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GDI32.dll
GDI32.dll
COMDLG32.dll
COMDLG32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
GetCPInfo
GetCPInfo
zcÁ
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity>
mscoree.dll
mscoree.dll
nKERNEL32.DLL
nKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
>>>AUTOIT NO CMDEXECUTE<<<</pre><pre>CMDLINERAW</pre><pre>CMDLINE</pre><pre>/AutoIt3ExecuteLine</pre><pre>/AutoIt3ExecuteScript</pre><pre>%s (%d) : ==> %s.:</pre><pre>Line %d:</pre><pre>Line %d (File "%s"):</pre><pre>%s (%d) : ==> %s:</pre><pre>AutoIt script files (*.au3, *.a3x)</pre><pre>*.au3;*.a3x</pre><pre>All files (*.*)</pre><pre>#NoAutoIt3Execute</pre><pre>APPSKEY</pre><pre>04090000</pre><pre>%u.%u.%u.%u</pre><pre>0.0.0.0</pre><pre>Mddddd</pre><pre>%s (%d) : ==> %s:</pre><pre>UDPSTARTUP</pre><pre>UDPSHUTDOWN</pre><pre>UDPSEND</pre><pre>UDPRECV</pre><pre>UDPOPEN</pre><pre>UDPCLOSESOCKET</pre><pre>UDPBIND</pre><pre>TRAYGETMSG</pre><pre>TCPSTARTUP</pre><pre>TCPSHUTDOWN</pre><pre>TCPSEND</pre><pre>TCPRECV</pre><pre>TCPNAMETOIP</pre><pre>TCPLISTEN</pre><pre>TCPCONNECT</pre><pre>TCPCLOSESOCKET</pre><pre>TCPACCEPT</pre><pre>SHELLEXECUTEWAIT</pre><pre>SHELLEXECUTE</pre><pre>REGENUMKEY</pre><pre>MSGBOX</pre><pre>ISKEYWORD</pre><pre>HTTPSETUSERAGENT</pre><pre>HTTPSETPROXY</pre><pre>HOTKEYSET</pre><pre>GUIREGISTERMSG</pre><pre>GUIGETMSG</pre><pre>GUICTRLSENDMSG</pre><pre>GUICTRLRECVMSG</pre><pre>FTPSETPROXY</pre><pre>\??\%s</pre><pre>GUI_RUNDEFMSG</pre><pre>SendKeyDelay</pre><pre>SendKeyDownDelay</pre><pre>TCPTimeout</pre><pre>AUTOITCALLVARIABLE%d</pre><pre>255.255.255.255</pre><pre>Keyword</pre><pre>AutoIt.Error</pre><pre>Null Object assignment in FOR..IN loop</pre><pre>Incorrect Object type in FOR..IN loop</pre><pre>HOTKEYPRESSED</pre><pre>AUTOITEXE</pre><pre>WINDOWSDIR</pre><pre>3, 3, 8, 1</pre><pre>HKEY_LOCAL_MACHINE</pre><pre>HKEY_CLASSES_ROOT</pre><pre>HKEY_CURRENT_CONFIG</pre><pre>HKEY_CURRENT_USER</pre><pre>HKEY_USERS</pre><pre>%d/d/d</pre><pre>%Documents and Settings%\%current user%\Application Data\adf.exe</pre><pre>:%Documents and Settings%\%current user%\Application Data\adf.exe</pre><pre>AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.</pre><pre>Missing operator in expression."Unbalanced brackets in expression.</pre><pre>Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.</pre><pre>Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.</pre><pre>Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.</pre><pre>3This keyword cannot be used after a "Then" keyword.</pre><pre>>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.</pre><pre>HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.</pre><pre>String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.</pre><b>abcww.exe_856_rwx_009D0000_00006000:</b><pre>x{^%x</pre><b>adf.exe_1256:</b><pre>.text</pre><pre>`.itext</pre><pre>`.data</pre><pre>.idata</pre><pre>.rdata</pre><pre>@.reloc</pre><pre>B.rsrc</pre><pre>kernel32.dll</pre><pre>Windows</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>oleaut32.dll</pre><pre>EVariantBadIndexError</pre><pre>ssShift</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>%s_%d</pre><pre>EInvalidGraphicOperation</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre><pre>%s, ClassID: %s</pre><pre>%s, ProgID: "%s"</pre><pre>ole32.dll</pre><pre>USER32.DLL</pre><pre>uxtheme.dll</pre><pre>DWMAPI.DLL</pre><pre>clWebSnow</pre><pre>clWebFloralWhite</pre><pre>clWebLavenderBlush</pre><pre>clWebOldLace</pre><pre>clWebIvory</pre><pre>clWebCornSilk</pre><pre>clWebBeige</pre><pre>clWebAntiqueWhite</pre><pre>clWebWheat</pre><pre>clWebAliceBlue</pre><pre>clWebGhostWhite</pre><pre>clWebLavender</pre><pre>clWebSeashell</pre><pre>clWebLightYellow</pre><pre>clWebPapayaWhip</pre><pre>clWebNavajoWhite</pre><pre>clWebMoccasin</pre><pre>clWebBurlywood</pre><pre>clWebAzure</pre><pre>clWebMintcream</pre><pre>clWebHoneydew</pre><pre>clWebLinen</pre><pre>clWebLemonChiffon</pre><pre>clWebBlanchedAlmond</pre><pre>clWebBisque</pre><pre>clWebPeachPuff</pre><pre>clWebTan</pre><pre>clWebYellow</pre><pre>clWebDarkOrange</pre><pre>clWebRed</pre><pre>clWebDarkRed</pre><pre>clWebMaroon</pre><pre>clWebIndianRed</pre><pre>clWebSalmon</pre><pre>clWebCoral</pre><pre>clWebGold</pre><pre>clWebTomato</pre><pre>clWebCrimson</pre><pre>clWebBrown</pre><pre>clWebChocolate</pre><pre>clWebSandyBrown</pre><pre>clWebLightSalmon</pre><pre>clWebLightCoral</pre><pre>clWebOrange</pre><pre>clWebOrangeRed</pre><pre>clWebFirebrick</pre><pre>clWebSaddleBrown</pre><pre>clWebSienna</pre><pre>clWebPeru</pre><pre>clWebDarkSalmon</pre><pre>clWebRosyBrown</pre><pre>clWebPaleGoldenrod</pre><pre>clWebLightGoldenrodYellow</pre><pre>clWebOlive</pre><pre>clWebForestGreen</pre><pre>clWebGreenYellow</pre><pre>clWebChartreuse</pre><pre>clWebLightGreen</pre><pre>clWebAquamarine</pre><pre>clWebSeaGreen</pre><pre>clWebGoldenRod</pre><pre>clWebKhaki</pre><pre>clWebOliveDrab</pre><pre>clWebGreen</pre><pre>clWebYellowGreen</pre><pre>clWebLawnGreen</pre><pre>clWebPaleGreen</pre><pre>clWebMediumAquamarine</pre><pre>clWebMediumSeaGreen</pre><pre>clWebDarkGoldenRod</pre><pre>clWebDarkKhaki</pre><pre>clWebDarkOliveGreen</pre><pre>clWebDarkgreen</pre><pre>clWebLimeGreen</pre><pre>clWebLime</pre><pre>clWebSpringGreen</pre><pre>clWebMediumSpringGreen</pre><pre>clWebDarkSeaGreen</pre><pre>clWebLightSeaGreen</pre><pre>clWebPaleTurquoise</pre><pre>clWebLightCyan</pre><pre>clWebLightBlue</pre><pre>clWebLightSkyBlue</pre><pre>clWebCornFlowerBlue</pre><pre>clWebDarkBlue</pre><pre>clWebIndigo</pre><pre>clWebMediumTurquoise</pre><pre>clWebTurquoise</pre><pre>clWebCyan</pre><pre>clWebPowderBlue</pre><pre>clWebSkyBlue</pre><pre>clWebRoyalBlue</pre><pre>clWebMediumBlue</pre><pre>clWebMidnightBlue</pre><pre>clWebDarkTurquoise</pre><pre>clWebCadetBlue</pre><pre>clWebDarkCyan</pre><pre>clWebTeal</pre><pre>clWebDeepskyBlue</pre><pre>clWebDodgerBlue</pre><pre>clWebBlue</pre><pre>clWebNavy</pre><pre>clWebDarkViolet</pre><pre>clWebDarkOrchid</pre><pre>clWebMagenta</pre><pre>clWebDarkMagenta</pre><pre>clWebMediumVioletRed</pre><pre>clWebPaleVioletRed</pre><pre>clWebBlueViolet</pre><pre>clWebMediumOrchid</pre><pre>clWebMediumPurple</pre><pre>clWebPurple</pre><pre>clWebDeepPink</pre><pre>clWebLightPink</pre><pre>clWebViolet</pre><pre>clWebOrchid</pre><pre>clWebPlum</pre><pre>clWebThistle</pre><pre>clWebHotPink</pre><pre>clWebPink</pre><pre>clWebLightSteelBlue</pre><pre>clWebMediumSlateBlue</pre><pre>clWebLightSlateGray</pre><pre>clWebWhite</pre><pre>clWebLightgrey</pre><pre>clWebGray</pre><pre>clWebSteelBlue</pre><pre>clWebSlateBlue</pre><pre>clWebSlateGray</pre><pre>clWebWhiteSmoke</pre><pre>clWebSilver</pre><pre>clWebDimGray</pre><pre>clWebMistyRose</pre><pre>clWebDarkSlateBlue</pre><pre>clWebDarkSlategray</pre><pre>clWebGainsboro</pre><pre>clWebDarkGray</pre><pre>clWebBlack</pre><pre>comctl32.dll</pre><pre>AutoHotkeysd-</pre><pre>AutoHotkeys</pre><pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview</pre><pre>WindowState</pre><pre>OnKeyDownL</pre><pre>OnKeyPress</pre><pre>OnKeyUpH</pre><pre>GlassFrame.Bottom</pre><pre>GlassFrame.Enabled</pre><pre>GlassFrame.Left</pre><pre>GlassFrame.Right</pre><pre>GlassFrame.SheetOfGlass</pre><pre>GlassFrame.Top</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>User32.dll</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword n</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>imm32.dll</pre><pre>TSocketPort</pre><pre>%d.%d.%d.%d</pre><pre>0.0.0.0</pre><pre>PSAPI.dll</pre><pre>TDCWebCam</pre><pre>127.0.0.1</pre><pre>BuildImportTable: can't load library:</pre><pre>BuildImportTable: ReallocMemory failed</pre><pre>BuildImportTable: GetProcAddress failed</pre><pre>BTMemoryLoadLibary: BuildImportTable failed</pre><pre>BTMemoryGetProcAddress: no export table found</pre><pre>BTMemoryGetProcAddress: DLL doesn't export anything</pre><pre>BTMemoryGetProcAddress: exported symbol not found</pre><pre>1.2.3</pre><pre>127.0.0.1:1604</pre><pre>#KCMDDC51#-</pre><pre>5.3.0</pre><pre>cmd.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</pre><pre>hkey</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>*.torrent</pre><pre>\Internet Explorer\iexplore.exe</pre><pre>explorer.exe</pre><pre>wlanapi.dll</pre><pre>80211_SHARED_KEY</pre><pre>user32.dll</pre><pre>TUploadFTP</pre><pre>notepad.exe</pre><pre>KEYNAME</pre><pre>%ShortCut#</pre><pre>RELATEDCMD</pre><pre>ping 127.0.0.1 -n 4 > NUL && "</pre><pre>DRKey</pre><pre>CRKey</pre><pre>DelMSKey</pre><pre>InstallHKEY</pre><pre>ActiveOnlineKeylogger</pre><pre>UnActiveOnlineKeylogger</pre><pre>KeylogOn</pre><pre>ActiveOfflineKeylogger</pre><pre>UnActiveOfflineKeylogger</pre><pre>ActiveOnlineKeyStrokes</pre><pre>UnActiveOnlineKeyStrokes</pre><pre>OpenWebPage</pre><pre>tmpprint.txt</pre><pre>URLUpdate</pre><pre>MSGBOX</pre><pre>#BOT#VisitUrl</pre><pre>#BOT#OpenUrl</pre><pre>HTTP://</pre><pre>http://</pre><pre>BTRESULTOpen URL|</pre><pre>Command successfully executed!|</pre><pre>#BOT#URLUpdate</pre><pre>BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|</pre><pre>BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|</pre><pre>#BOT#URLDownload</pre><pre>GetActivePorts</pre><pre>out.txt</pre><pre>tmp.txt</pre><pre>DDOSHTTPFLOOD</pre><pre>DDOSUDPFLOOD</pre><pre>%IPPORTSCAN</pre><pre>SAPI.SpVoice</pre><pre>WEBCAMLIVE</pre><pre>WEBCAMSTOP</pre><pre>PASSWORD</pre><pre>FTPFILEUPLOAD</pre><pre>URLDOWNLOADTOFILE</pre><pre>UPLOADEXEC</pre><pre>UPANDEXEC</pre><pre>FTPPORT</pre><pre>FTPPASS</pre><pre>FTPUSER</pre><pre>FTPHOST</pre><pre>FTPROOT</pre><pre>FTPUPLOADK</pre><pre>FTPSIZE</pre><pre>BTRESULTUDP Flood|UDP Flood task finished!|</pre><pre>PortScanAdd</pre><pre>BTRESULTVisit URL|finished to visit</pre><pre>BTERRORVisit URL|An exception occured in the thread|</pre><pre>POST /index.php/1.0</pre><pre>BTRESULTHTTP Flood|Http Flood task finished!|</pre><pre>Mozilla</pre><pre>BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|</pre><pre>BTERRORDownload File| Error on downloading file check if you type the correct url...|</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</pre><pre>ERR|Cannot listen to port, try another one..|</pre><pre>TCaptureWebcam</pre><pre>taskmgr.exe</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>DC3_FEXEC</pre><pre>Windows NT 4.0</pre><pre>Windows 2000</pre><pre>Windows XP</pre><pre>Windows Server 2003</pre><pre>Windows Vista</pre><pre>Windows 7</pre><pre>Windows 95</pre><pre>Windows 98</pre><pre>Windows Me</pre><pre>S-%u-</pre><pre>FAKEMSG</pre><pre>MSGICON</pre><pre>MSGTITLE</pre><pre>MSGCORE</pre><pre>deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</pre><pre>inflate 1.2.3 Copyright 1995-2005 Mark Adler</pre><pre>%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-02-7.dc</pre><pre>advapi32.dll</pre><pre>RegOpenKeyExA</pre><pre>RegCloseKey</pre><pre>GetKeyboardType</pre><pre>keybd_event</pre><pre>VkKeyScanA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>MsgWaitForMultipleObjects</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutNameA</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>ExitWindowsEx</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>gdi32.dll</pre><pre>SetViewportOrgEx</pre><pre>version.dll</pre><pre>WinExec</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryA</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>CreatePipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExA</pre><pre>RegCreateKeyA</pre><pre>wsock32.dll</pre><pre>shell32.dll</pre><pre>ShellExecuteExA</pre><pre>ShellExecuteA</pre><pre>SHFileOperationA</pre><pre>URLMON.DLL</pre><pre>URLDownloadToFileA</pre><pre>wininet.dll</pre><pre>InternetOpenUrlA</pre><pre>HttpQueryInfoA</pre><pre>FtpPutFileA</pre><pre>winmm.dll</pre><pre>netapi32.dll</pre><pre>gdiplus.dll</pre><pre>GdiplusShutdown</pre><pre>msacm32.dll</pre><pre>ntdll.dll</pre><pre>WS2_32.DLL</pre><pre>SHFolder.dll</pre><pre>SHELL32.DLL</pre><pre>AVICAP32.DLL</pre><pre>1!1,1=1|1</pre><pre>6 6$6(6,606</pre><pre>=!=%=)=-=1=</pre><pre>01m1</pre><pre>0 0$0(0,0004080<0@0</pre><pre><!><pre>;"<?<_><pre>; ;$;(;,;0;4;8;<;@;</pre><pre>7 8$888<8</pre><pre>= =$=(=,=0=4=8=</pre><pre>UntKeylogger</pre><pre>KWindows</pre><pre>UntActivePorts</pre><pre>UntControlKey</pre><pre>UntCaptureWebcam</pre><pre>UntWebCam</pre><pre>UrlMon</pre><pre>(UntUploadFTPThread</pre><pre>UntFTP</pre><pre>_UntUDPFlood</pre><pre>YUntScanPorts</pre><pre>0UntPasswordAndData</pre><pre>XUntHTTPFlood</pre><pre>UntCPU</pre><pre>66006666</pre><pre>No help found for %s#No context-sensitive help installed</pre><pre>No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Invalid clipboard format Clipboard does not support Icons</pre><pre>Cannot open clipboard/Menu '%s' is already being used by another form</pre><pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window</pre><pre>Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Thread creation error: %s</pre><pre>Thread Error: %s (%d)</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to create key %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list</pre><pre>Ancestor for '%s' not found</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file "%s". %s</pre><pre>Cannot open file "%s". %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre><pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre><pre>1, 0, 0, 1</pre><pre>MSRSAAP.EXE</pre><pre>4, 0, 0, 0</pre><b>adf.exe_1256_rwx_00050000_000B2000:</b><pre>.text</pre><pre>`.itext</pre><pre>`.data</pre><pre>.idata</pre><pre>.rdata</pre><pre>@.reloc</pre><pre>B.rsrc</pre><pre>kernel32.dll</pre><pre>Windows</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>oleaut32.dll</pre><pre>EVariantBadIndexError</pre><pre>ssShift</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>%s_%d</pre><pre>EInvalidGraphicOperation</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre><pre>%s, ClassID: %s</pre><pre>%s, ProgID: "%s"</pre><pre>ole32.dll</pre><pre>USER32.DLL</pre><pre>uxtheme.dll</pre><pre>DWMAPI.DLL</pre><pre>clWebSnow</pre><pre>clWebFloralWhite</pre><pre>clWebLavenderBlush</pre><pre>clWebOldLace</pre><pre>clWebIvory</pre><pre>clWebCornSilk</pre><pre>clWebBeige</pre><pre>clWebAntiqueWhite</pre><pre>clWebWheat</pre><pre>clWebAliceBlue</pre><pre>clWebGhostWhite</pre><pre>clWebLavender</pre><pre>clWebSeashell</pre><pre>clWebLightYellow</pre><pre>clWebPapayaWhip</pre><pre>clWebNavajoWhite</pre><pre>clWebMoccasin</pre><pre>clWebBurlywood</pre><pre>clWebAzure</pre><pre>clWebMintcream</pre><pre>clWebHoneydew</pre><pre>clWebLinen</pre><pre>clWebLemonChiffon</pre><pre>clWebBlanchedAlmond</pre><pre>clWebBisque</pre><pre>clWebPeachPuff</pre><pre>clWebTan</pre><pre>clWebYellow</pre><pre>clWebDarkOrange</pre><pre>clWebRed</pre><pre>clWebDarkRed</pre><pre>clWebMaroon</pre><pre>clWebIndianRed</pre><pre>clWebSalmon</pre><pre>clWebCoral</pre><pre>clWebGold</pre><pre>clWebTomato</pre><pre>clWebCrimson</pre><pre>clWebBrown</pre><pre>clWebChocolate</pre><pre>clWebSandyBrown</pre><pre>clWebLightSalmon</pre><pre>clWebLightCoral</pre><pre>clWebOrange</pre><pre>clWebOrangeRed</pre><pre>clWebFirebrick</pre><pre>clWebSaddleBrown</pre><pre>clWebSienna</pre><pre>clWebPeru</pre><pre>clWebDarkSalmon</pre><pre>clWebRosyBrown</pre><pre>clWebPaleGoldenrod</pre><pre>clWebLightGoldenrodYellow</pre><pre>clWebOlive</pre><pre>clWebForestGreen</pre><pre>clWebGreenYellow</pre><pre>clWebChartreuse</pre><pre>clWebLightGreen</pre><pre>clWebAquamarine</pre><pre>clWebSeaGreen</pre><pre>clWebGoldenRod</pre><pre>clWebKhaki</pre><pre>clWebOliveDrab</pre><pre>clWebGreen</pre><pre>clWebYellowGreen</pre><pre>clWebLawnGreen</pre><pre>clWebPaleGreen</pre><pre>clWebMediumAquamarine</pre><pre>clWebMediumSeaGreen</pre><pre>clWebDarkGoldenRod</pre><pre>clWebDarkKhaki</pre><pre>clWebDarkOliveGreen</pre><pre>clWebDarkgreen</pre><pre>clWebLimeGreen</pre><pre>clWebLime</pre><pre>clWebSpringGreen</pre><pre>clWebMediumSpringGreen</pre><pre>clWebDarkSeaGreen</pre><pre>clWebLightSeaGreen</pre><pre>clWebPaleTurquoise</pre><pre>clWebLightCyan</pre><pre>clWebLightBlue</pre><pre>clWebLightSkyBlue</pre><pre>clWebCornFlowerBlue</pre><pre>clWebDarkBlue</pre><pre>clWebIndigo</pre><pre>clWebMediumTurquoise</pre><pre>clWebTurquoise</pre><pre>clWebCyan</pre><pre>clWebPowderBlue</pre><pre>clWebSkyBlue</pre><pre>clWebRoyalBlue</pre><pre>clWebMediumBlue</pre><pre>clWebMidnightBlue</pre><pre>clWebDarkTurquoise</pre><pre>clWebCadetBlue</pre><pre>clWebDarkCyan</pre><pre>clWebTeal</pre><pre>clWebDeepskyBlue</pre><pre>clWebDodgerBlue</pre><pre>clWebBlue</pre><pre>clWebNavy</pre><pre>clWebDarkViolet</pre><pre>clWebDarkOrchid</pre><pre>clWebMagenta</pre><pre>clWebDarkMagenta</pre><pre>clWebMediumVioletRed</pre><pre>clWebPaleVioletRed</pre><pre>clWebBlueViolet</pre><pre>clWebMediumOrchid</pre><pre>clWebMediumPurple</pre><pre>clWebPurple</pre><pre>clWebDeepPink</pre><pre>clWebLightPink</pre><pre>clWebViolet</pre><pre>clWebOrchid</pre><pre>clWebPlum</pre><pre>clWebThistle</pre><pre>clWebHotPink</pre><pre>clWebPink</pre><pre>clWebLightSteelBlue</pre><pre>clWebMediumSlateBlue</pre><pre>clWebLightSlateGray</pre><pre>clWebWhite</pre><pre>clWebLightgrey</pre><pre>clWebGray</pre><pre>clWebSteelBlue</pre><pre>clWebSlateBlue</pre><pre>clWebSlateGray</pre><pre>clWebWhiteSmoke</pre><pre>clWebSilver</pre><pre>clWebDimGray</pre><pre>clWebMistyRose</pre><pre>clWebDarkSlateBlue</pre><pre>clWebDarkSlategray</pre><pre>clWebGainsboro</pre><pre>clWebDarkGray</pre><pre>clWebBlack</pre><pre>comctl32.dll</pre><pre>AutoHotkeysd-</pre><pre>AutoHotkeys</pre><pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview</pre><pre>WindowState</pre><pre>OnKeyDownL</pre><pre>OnKeyPress</pre><pre>OnKeyUpH</pre><pre>GlassFrame.Bottom</pre><pre>GlassFrame.Enabled</pre><pre>GlassFrame.Left</pre><pre>GlassFrame.Right</pre><pre>GlassFrame.SheetOfGlass</pre><pre>GlassFrame.Top</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>User32.dll</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword n</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>imm32.dll</pre><pre>TSocketPort</pre><pre>%d.%d.%d.%d</pre><pre>0.0.0.0</pre><pre>PSAPI.dll</pre><pre>TDCWebCam</pre><pre>127.0.0.1</pre><pre>BuildImportTable: can't load library:</pre><pre>BuildImportTable: ReallocMemory failed</pre><pre>BuildImportTable: GetProcAddress failed</pre><pre>BTMemoryLoadLibary: BuildImportTable failed</pre><pre>BTMemoryGetProcAddress: no export table found</pre><pre>BTMemoryGetProcAddress: DLL doesn't export anything</pre><pre>BTMemoryGetProcAddress: exported symbol not found</pre><pre>1.2.3</pre><pre>127.0.0.1:1604</pre><pre>#KCMDDC51#-</pre><pre>5.3.0</pre><pre>cmd.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</pre><pre>hkey</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>*.torrent</pre><pre>\Internet Explorer\iexplore.exe</pre><pre>explorer.exe</pre><pre>wlanapi.dll</pre><pre>80211_SHARED_KEY</pre><pre>user32.dll</pre><pre>TUploadFTP</pre><pre>notepad.exe</pre><pre>KEYNAME</pre><pre>%ShortCut#</pre><pre>RELATEDCMD</pre><pre>ping 127.0.0.1 -n 4 > NUL && "</pre><pre>DRKey</pre><pre>CRKey</pre><pre>DelMSKey</pre><pre>InstallHKEY</pre><pre>ActiveOnlineKeylogger</pre><pre>UnActiveOnlineKeylogger</pre><pre>KeylogOn</pre><pre>ActiveOfflineKeylogger</pre><pre>UnActiveOfflineKeylogger</pre><pre>ActiveOnlineKeyStrokes</pre><pre>UnActiveOnlineKeyStrokes</pre><pre>OpenWebPage</pre><pre>tmpprint.txt</pre><pre>URLUpdate</pre><pre>MSGBOX</pre><pre>#BOT#VisitUrl</pre><pre>#BOT#OpenUrl</pre><pre>HTTP://</pre><pre>http://</pre><pre>BTRESULTOpen URL|</pre><pre>Command successfully executed!|</pre><pre>#BOT#URLUpdate</pre><pre>BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|</pre><pre>BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|</pre><pre>#BOT#URLDownload</pre><pre>GetActivePorts</pre><pre>out.txt</pre><pre>tmp.txt</pre><pre>DDOSHTTPFLOOD</pre><pre>DDOSUDPFLOOD</pre><pre>%IPPORTSCAN</pre><pre>SAPI.SpVoice</pre><pre>WEBCAMLIVE</pre><pre>WEBCAMSTOP</pre><pre>PASSWORD</pre><pre>FTPFILEUPLOAD</pre><pre>URLDOWNLOADTOFILE</pre><pre>UPLOADEXEC</pre><pre>UPANDEXEC</pre><pre>FTPPORT</pre><pre>FTPPASS</pre><pre>FTPUSER</pre><pre>FTPHOST</pre><pre>FTPROOT</pre><pre>FTPUPLOADK</pre><pre>FTPSIZE</pre><pre>BTRESULTUDP Flood|UDP Flood task finished!|</pre><pre>PortScanAdd</pre><pre>BTRESULTVisit URL|finished to visit</pre><pre>BTERRORVisit URL|An exception occured in the thread|</pre><pre>POST /index.php/1.0</pre><pre>BTRESULTHTTP Flood|Http Flood task finished!|</pre><pre>Mozilla</pre><pre>BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|</pre><pre>BTERRORDownload File| Error on downloading file check if you type the correct url...|</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</pre><pre>ERR|Cannot listen to port, try another one..|</pre><pre>TCaptureWebcam</pre><pre>taskmgr.exe</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>DC3_FEXEC</pre><pre>Windows NT 4.0</pre><pre>Windows 2000</pre><pre>Windows XP</pre><pre>Windows Server 2003</pre><pre>Windows Vista</pre><pre>Windows 7</pre><pre>Windows 95</pre><pre>Windows 98</pre><pre>Windows Me</pre><pre>S-%u-</pre><pre>FAKEMSG</pre><pre>MSGICON</pre><pre>MSGTITLE</pre><pre>MSGCORE</pre><pre>deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</pre><pre>inflate 1.2.3 Copyright 1995-2005 Mark Adler</pre><pre>%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-02-7.dc</pre><pre>advapi32.dll</pre><pre>RegOpenKeyExA</pre><pre>RegCloseKey</pre><pre>GetKeyboardType</pre><pre>keybd_event</pre><pre>VkKeyScanA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>MsgWaitForMultipleObjects</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutNameA</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>ExitWindowsEx</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>gdi32.dll</pre><pre>SetViewportOrgEx</pre><pre>version.dll</pre><pre>WinExec</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryA</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>CreatePipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExA</pre><pre>RegCreateKeyA</pre><pre>wsock32.dll</pre><pre>shell32.dll</pre><pre>ShellExecuteExA</pre><pre>ShellExecuteA</pre><pre>SHFileOperationA</pre><pre>URLMON.DLL</pre><pre>URLDownloadToFileA</pre><pre>wininet.dll</pre><pre>InternetOpenUrlA</pre><pre>HttpQueryInfoA</pre><pre>FtpPutFileA</pre><pre>winmm.dll</pre><pre>netapi32.dll</pre><pre>gdiplus.dll</pre><pre>GdiplusShutdown</pre><pre>msacm32.dll</pre><pre>ntdll.dll</pre><pre>WS2_32.DLL</pre><pre>SHFolder.dll</pre><pre>SHELL32.DLL</pre><pre>AVICAP32.DLL</pre><pre>1!1,1=1|1</pre><pre>6 6$6(6,606</pre><pre>=!=%=)=-=1=</pre><pre>01m1</pre><pre>0 0$0(0,0004080<0@0</pre><pre><!><pre>;"<?<_><pre>; ;$;(;,;0;4;8;<;@;</pre><pre>7 8$888<8</pre><pre>= =$=(=,=0=4=8=</pre><pre>UntKeylogger</pre><pre>KWindows</pre><pre>UntActivePorts</pre><pre>UntControlKey</pre><pre>UntCaptureWebcam</pre><pre>UntWebCam</pre><pre>UrlMon</pre><pre>(UntUploadFTPThread</pre><pre>UntFTP</pre><pre>_UntUDPFlood</pre><pre>YUntScanPorts</pre><pre>0UntPasswordAndData</pre><pre>XUntHTTPFlood</pre><pre>UntCPU</pre><pre>66006666</pre><pre>No help found for %s#No context-sensitive help installed</pre><pre>No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Invalid clipboard format Clipboard does not support Icons</pre><pre>Cannot open clipboard/Menu '%s' is already being used by another form</pre><pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window</pre><pre>Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Thread creation error: %s</pre><pre>Thread Error: %s (%d)</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to create key %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list</pre><pre>Ancestor for '%s' not found</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file "%s". %s</pre><pre>Cannot open file "%s". %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre><pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre><pre>1, 0, 0, 1</pre><pre>MSRSAAP.EXE</pre><pre>4, 0, 0, 0</pre></_></pre></!></pre></_></pre></!></pre>