Backdoor.Win32.Fynloski_60d92cdbc4 – Adaware

Trojan.GenericKD.1671062 (B) (Emsisoft), Backdoor.Win32.Fynloski.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, Worm.Win32.AutoIt.FD, WormAutoItGen.YR, GenericDownloader.YR, GenericInjector.YR, BackdoorFynloski.YR, TrojanDownloaderAndromeda.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan, Backdoor, Worm, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 60d92cdbc473daaa6e2ce98732b1c18d

SHA1: 79b1f5e726db3e8686f0dfc0686fab14dbe5cbc4

SHA256: 4f4c79ff4623cdbc5ae7d214e48e1e50c96df68a934df3726a0c721881cf5d7b

SSDeep: 49152:mJZoQrbTFZY1iaBw/kipQc/4qXTPXU1rV4L9S5:mtrbTA1ShnQqDP6iI

Size: 1732802 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2012-01-29 23:32:28

Analyzed on: WindowsXP SP3 32-bit

Summary: Backdoor. Malware that enables a remote control of victim's machine.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Backdoor creates the following process(es):

%original file name%.exe:1360
adf.exe:1684

The Backdoor injects its code into the following process(es):

adf.exe:1256
abcww.exe:856
abcww.exe:1864

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:1360 makes changes in the file system.

The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\msupd.exe (196 bytes)
%Documents and Settings%\%current user%\Application Data\adf.exe (11518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\abcww.exe (6289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1372 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (0 bytes)

The process adf.exe:1684 makes changes in the file system.

The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\res.ico2 (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (7185 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (0 bytes)

The process abcww.exe:856 makes changes in the file system.

The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\refresh[1].gif (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\shrink_button_icon[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[2].css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\footer_home_lr_bg[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\api[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\safe[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\core30[1].css (2710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_chrome[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\header_gradient[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\lmp[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_payoneer[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\CAQIL6QM (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[2].js (1405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[2].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (18324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\header_bg[1].png (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CA1O6993.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ads[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAT4KZP5.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (1682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\recaptcha[1].js (4291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_now_tick[1].png (730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\CA4VYN8N (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\scripts[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (381 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (2450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\blockquote_bg[1].png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\andresatria_small[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[2].js (5155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ft_paypal[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[1].htm (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (2906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\help[1].gif (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\sprite[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery-ui.min[1].js (19027 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_home_ll_bg[1].png (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[2].js (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\stats[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\browser_ie[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_alertpay[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\arrow[1].png (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_bg[1].png (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-icons_ffffff_256x240[1].png (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\header[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\language_flags[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\fb_f[1].png (572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[2].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\nr-411.min[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\links_clicked_bg[1].png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_tick[1].png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\shrink_bg[1].png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\audio[1].gif (914 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\recaptcha[1].js (4528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAGD6RKX.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ga[1].js (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\browser_opera[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[2].css (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y[1].js (2263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_firefox[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\browser_safari[1].gif (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[2].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery-ui-1.8.16.custom[1].css (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[2].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (3455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\num_bg[1].png (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\language_arrows[1].png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (2001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[2].js (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\text[1].gif (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\quote_photo_bg[1].png (169 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\quote_top_bg[1].png (195 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (0 bytes)

The process abcww.exe:1864 makes changes in the file system.

The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (24 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\desktop.ini (67 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)

Registry activity

The process %original file name%.exe:1360 makes changes in the system registry.

The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 74 2B A4 40 0B 70 B7 E4 FC B4 FC 98 B5 8B 73"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"abcww.exe" = "Adf.ly Bot"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process adf.exe:1256 makes changes in the system registry.

The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF B7 02 EF B4 ED 6A E5 9D 60 F0 35 98 3E AC DC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process adf.exe:1684 makes changes in the system registry.

The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 CC 8F DA 42 97 07 18 4D EB 69 9B 0C 2E 33 46"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process abcww.exe:856 makes changes in the system registry.

The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "abcww.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1288215257"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 15 A8 83 34 E7 6D 13 C9 9A 74 F8 07 10 B6 30"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process abcww.exe:1864 makes changes in the system registry.

The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 0B 52 20 D9 E3 5A 8F 28 78 68 4D 7E AD 45 F7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
d8dbd0146a42c4449908392dd902ce7c	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\abcww.exe
6eb4cc0ab3fe8869a86a1c866b284468	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\msupd.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1360
adf.exe:1684
Delete the original Backdoor file.
Delete or disinfect the following files created/modified by the Backdoor:
%Documents and Settings%\%current user%\Local Settings\Temp\msupd.exe (196 bytes)
%Documents and Settings%\%current user%\Application Data\adf.exe (11518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\abcww.exe (6289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico2 (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\refresh[1].gif (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\shrink_button_icon[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[2].css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\footer_home_lr_bg[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\api[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\safe[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\core30[1].css (2710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_chrome[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\header_gradient[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\lmp[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_payoneer[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\CAQIL6QM (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[2].js (1405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[2].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (18324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\header_bg[1].png (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CA1O6993.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ads[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAT4KZP5.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (1682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\recaptcha[1].js (4291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_now_tick[1].png (730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\CA4VYN8N (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\scripts[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (381 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (2450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\blockquote_bg[1].png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\andresatria_small[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[2].js (5155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ft_paypal[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[1].htm (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (2906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\help[1].gif (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\sprite[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery-ui.min[1].js (19027 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_home_ll_bg[1].png (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[2].js (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\stats[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\browser_ie[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_alertpay[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\arrow[1].png (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_bg[1].png (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-icons_ffffff_256x240[1].png (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\header[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\language_flags[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\fb_f[1].png (572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[2].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\nr-411.min[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\links_clicked_bg[1].png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_tick[1].png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\shrink_bg[1].png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\audio[1].gif (914 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\recaptcha[1].js (4528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAGD6RKX.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ga[1].js (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\browser_opera[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[2].css (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y[1].js (2263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_firefox[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\browser_safari[1].gif (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[2].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery-ui-1.8.16.custom[1].css (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[2].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (3455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\num_bg[1].png (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\language_arrows[1].png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (2001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[2].js (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\text[1].gif (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\quote_photo_bg[1].png (169 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\quote_top_bg[1].png (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\desktop.ini (67 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3, 3, 8, 1
File Description:
Comments:
Language: Spanish (Spain, International Sort)

Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 3, 3, 8, 1File Description: Comments: Language: Spanish (Spain, International Sort)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	525852	526336	4.63347	61ffce4768976fa0dd2a8f6a97b1417a
.rdata	532480	57280	57344	3.32693	0354bc5f2376b5e9a4a3ba38b682dff1
.data	589824	108376	26624	1.49032	8033f5a38941b4685bc2299e78f31221
.rsrc	700416	79736	79872	3.95117	846a36cf3e21355324dca9cbca5ebb68

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://adf.ly/	104.20.0.4
hxxp://adf.ly/static/css/jquery.loadmask.css	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css	104.20.0.4
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.1/jquery.min.js
hxxp://adf.ly/static/css/core30.css	104.20.0.4
hxxp://adf.ly/static/js/jquery.browserdetect.min.js	104.20.0.4
hxxp://adf.ly/static/js/common.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.placeholder.min.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.loadmask.min.js	104.20.0.4
hxxp://adf.ly/static/js/chosen.jquery.min.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.form.min.js	104.20.0.4
hxxp://adf.ly/static/js/ZeroClipboard.js	104.20.0.4
hxxp://adf.ly/static/js/modernizr.js	104.20.0.4
hxxp://adf.ly/static/js/ie6-warning.js	104.20.0.4
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
hxxp://adf.ly/static/js/spin.js	104.20.0.4
hxxp://adf.ly/static/js/home.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.ulightbox.js	104.20.0.4
hxxp://adf.ly/static/css/jquery.ulightbox.css	104.20.0.4
hxxp://adf.ly/static/image/header_bg.png	104.20.0.4
hxxp://adf.ly/static/image/header_gradient.jpg	104.20.0.4
hxxp://adf.ly/static/image/testimonials/andresatria_small.jpg	104.20.0.4
hxxp://adf.ly/static/image/header.png	104.20.0.4
hxxp://adf.ly/static/image/quote_photo_bg.png	104.20.0.4
hxxp://adf.ly/static/image/links_clicked_bg.png	104.20.0.4
hxxp://adf.ly/static/image/num_bg.png	104.20.0.4
hxxp://adf.ly/static/js/index/index.js	104.20.0.4
hxxp://adf.ly/static/image/logo.png	104.20.0.4
hxxp://adf.ly/static/image/shrink_bg.png	104.20.0.4
hxxp://adf.ly/static/image/shrink_button_icon.png	104.20.0.4
hxxp://adf.ly/static/image/button_join_now_tick.png	104.20.0.4
hxxp://adf.ly/static/image/fb_f.png	104.20.0.4
hxxp://adf.ly/static/image/arrow.png	104.20.0.4
hxxp://adf.ly/static/image/language_flags.png	104.20.0.4
hxxp://adf.ly/static/image/language_arrows.png	104.20.0.4
hxxp://adf.ly/static/image/safe.png	104.20.0.4
hxxp://adf.ly/static/image/ads.png	104.20.0.4
hxxp://adf.ly/static/image/lmp.png	104.20.0.4
hxxp://adf.ly/static/image/stats.png	104.20.0.4
hxxp://adf.ly/static/image/api.png	104.20.0.4
hxxp://adf.ly/static/image/scripts.png	104.20.0.4
hxxp://adf.ly/static/image/quote_top_bg.png	104.20.0.4
hxxp://adf.ly/static/image/blockquote_bg.png	104.20.0.4
hxxp://adf.ly/static/image/footer_bg.png	104.20.0.4
hxxp://adf.ly/static/image/footer_home_lr_bg.png	104.20.0.4
hxxp://adf.ly/static/image/footer_home_ll_bg.png	104.20.0.4
hxxp://adf.ly/static/image/ft_paypal.png	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/js/300/addthis_widget.js
hxxp://adf.ly/static/image/ft_payoneer.png	104.20.0.4
hxxp://adf.ly/static/image/ft_alertpay.png	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/static/r07/core145.js
hxxp://www.google.com/recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr	173.194.113.210
hxxp://fallback.global-ssl.fastly.net/static/r07/widget120.css
hxxp://fallback.global-ssl.fastly.net/static/r07/widgetIE67006.css
hxxp://www.google.com/recaptcha/api/js/recaptcha.js	173.194.113.210
hxxp://www.google.com/js/th/Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y.js	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/sprite.png	173.194.113.210
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://www.google.com/recaptcha/api/img/red/refresh.gif	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/audio.gif	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/text.gif	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/help.gif	173.194.113.210
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none);&utmu=D~
hxxp://www.google.com/recaptcha/api/reload?c=03AHJ_VuvYPttqF2q1i-Xe_w7vxSeUu624qFaI-wqllz21Fjy8gNmUAk9_IflsXZQZOR1RPQga0rE3O9yvEb3hiOksEGHZ0ckhRy_rdSlNM9nl_EZVNFpLoMP8cv_fP0R9ErMrIblKseEPGN6TgaBInDeWlI7JMI29ih4Fs40mndZmoqvKlN4T2grLtkPnge-g8GakW9Pg67Tue_oEo3JosZzH2Ad0WejzuYFV5ir0ln7Q4Xx6clfFug0&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAXfYAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV0_V2SfNI5vJnOkAF	173.194.113.210
hxxp://adf.ly/static/image/button_join_tick.png	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png	104.20.0.4
hxxp://www.google.com/recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&_=1406985884566	173.194.113.210
hxxp://adf.ly/static/image/ie6-warning/background_browser.gif	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/static/r07/sh168.html
hxxp://www.google.com/recaptcha/api/image?c=03AHJ_VutRa9ox0QVJS6aXVk1OO6dTJv1GnVUfSAjBXCn9FiH4iCYYu9KH052tFvKvsqJ1EEhc2yrBZvtz40X6qHWgxN5xvekcoSZVQDr5H0sjHtVf6rUuXjbiCNsiw7AGRl9dbGMJRr-dxR-i-kC8Xucuzyv-6Au0wbgqgYXNngqzGL01LyCsOEeu_WEG6BUwkzKxqPRmUPgRpiMJbdJdinuuhEVcTyXJCg&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAC_YAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV1aB2SfN6ceYpUNGk	173.194.113.210
hxxp://www.google.com/recaptcha/api/js/recaptcha.js?_=1406985884566	173.194.113.210
hxxp://a.ssl.fastly.net/feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740
hxxp://ins-011.inscname.net/nr-411.min.js
hxxp://adf.ly/static/image/ie6-warning/browser_ie.gif	104.20.0.4
hxxp://a1294.w20.akamai.net/b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7
hxxp://adf.ly/static/image/ie6-warning/browser_firefox.gif	104.20.0.4
hxxp://m.addthisedge.com/live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0&lt=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener
hxxp://adf.ly/static/image/ie6-warning/browser_safari.gif	104.20.0.4
hxxp://adf.ly/static/image/ie6-warning/browser_opera.gif	104.20.0.4
hxxp://adf.ly/static/image/ie6-warning/browser_chrome.gif	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/static/r07/layers063.js
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=8&fe=26312&dc=23203&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSwwNV1NNdV9XQBNWXQgAERxfW1JVQQ==&f=[]&jsonp=NREUM.setToken	50.31.164.176
hxxp://fallback.global-ssl.fastly.net/static/r07/json2.js
hxxp://fallback.global-ssl.fastly.net/static/r07/layers052.css
hxxp://www.google.com/recaptcha/api/reload?c=03AHJ_VusI_eEmhEkfWUXhL203jVTjnGNwCKzxdNvV-rOgJ85wx0HQwxgfD4I-T0iEXi-03GOaup03o4cJvDV0TAEUZCr671PSBfYVJDGHGaAOidSXNihNV5zIfE3NQ8F043KPgLUpbCwgDG8TP9x9FT9MHR0efGrwf2iCp3vL0PgCxVo92sNpO166mJ92oOch238gb6hJfJxS8kAQKGrn2k0HdVzrJMA3Fw&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAD7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NemujaIQd2YQPhUEm	173.194.113.210
hxxp://www.google.com/recaptcha/api/image?c=03AHJ_VuvQ4uJ4qM31rPIFRzobiKbttAeij3-nDLd0xPrOkjPg_n04ludVfZyQPpLmJbJ8JPq1mp1Jh4G9NG2Fg99XxRLyu0QsSna39R5LBxIWK5bohVXPMcejwRn4L491t5edXxP86s3jUJab1qsdxqZpctDMgD9d3Eknjr3eHjA0zYxWuhNmMiqQFqh785r_SAGBAld_exGD8QknpQCZF1frm7YY25XS4w&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAF7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NfvyjaIQa8hG5G7nX	173.194.113.210
hxxp://fallback.global-ssl.fastly.net/static/r07/layersIE6007.css
hxxp://cdn.adf.ly/static/js/jquery.loadmask.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/ft_alertpay.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/ads.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/quote_top_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/index/index.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/quote_photo_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/fb_f.png	104.20.1.4
hxxp://s7.addthis.com/static/r07/layers052.css	185.31.17.185
hxxp://js-agent.newrelic.com/nr-411.min.js	192.33.31.101
hxxp://cdn.adf.ly/static/js/common.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/shrink_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/footer_home_lr_bg.png	104.20.1.4
hxxp://s7.addthis.com/static/r07/core145.js	185.31.17.185
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_safari.gif	104.20.1.4
hxxp://q.addthis.com/feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740	185.31.17.130
hxxp://b.scorecardresearch.com/b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7	188.43.72.26
hxxp://cdn.adf.ly/static/image/stats.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/header_gradient.jpg	104.20.1.4
hxxp://cdn.adf.ly/static/image/ft_paypal.png	104.20.1.4
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js	74.125.205.95
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none);&utmu=D~	173.194.113.193
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_ie.gif	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.browserdetect.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.placeholder.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/footer_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/ft_payoneer.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/header_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/footer_home_ll_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/links_clicked_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery.loadmask.css	104.20.1.4
hxxp://s7.addthis.com/static/r07/layersIE6007.css	185.31.17.185
hxxp://cdn.adf.ly/static/image/arrow.png	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png	104.20.1.4
hxxp://www.google-analytics.com/ga.js	173.194.113.193
hxxp://cdn.adf.ly/static/image/ie6-warning/background_browser.gif	104.20.1.4
hxxp://s7.addthis.com/static/r07/sh168.html	185.31.17.185
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js	74.125.205.95
hxxp://cdn.adf.ly/static/js/spin.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/logo.png	104.20.1.4
hxxp://s7.addthis.com/static/r07/widget120.css	185.31.17.185
hxxp://cdn.adf.ly/static/js/ZeroClipboard.js	104.20.1.4
hxxp://cdn.adf.ly/static/css/core30.css	104.20.1.4
hxxp://s7.addthis.com/static/r07/widgetIE67006.css	185.31.17.185
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_firefox.gif	104.20.1.4
hxxp://cdn.adf.ly/static/image/shrink_button_icon.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/num_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/chosen.jquery.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery.ulightbox.css	104.20.1.4
hxxp://cdn.adf.ly/static/image/header.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/api.png	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/button_join_tick.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/button_join_now_tick.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/scripts.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/ie6-warning.js	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/home.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/blockquote_bg.png	104.20.1.4
hxxp://m.addthis.com/live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0&lt=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener	8.21.198.203
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_chrome.gif	104.20.1.4
hxxp://s7.addthis.com/static/r07/layers063.js	185.31.17.185
hxxp://s7.addthis.com/static/r07/json2.js	185.31.17.185
hxxp://cdn.adf.ly/static/js/modernizr.js	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.ulightbox.js	104.20.1.4
hxxp://s7.addthis.com/js/300/addthis_widget.js	185.31.17.185
hxxp://cdn.adf.ly/static/image/lmp.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/language_arrows.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/language_flags.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_opera.gif	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.form.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/safe.png	104.20.1.4

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:02 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=db95aed11c9f7d0cdedd6972123ced3ae1406985841821; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.adf.ly; HttpOnly

Vary: Accept-Encoding

X-Powered-By: PHP/5.5.8

Set-Cookie: FLYSESSID=bea70ac7d83ca8c8ef7b7d7e48555fc451d91abc; path=/; domain=.adf.ly

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

X-Frame-Options: SAMEORIGIN

Server: cloudflare-nginx

CF-RAY: 153a97e76315075b-AMS

Content-Encoding: gzip

928.............X.S...... ....S.I...&8L...=z.......0.........4... .N..B;-...J.....v....q...O.$.i.....l...$......>.1.$L.R..E.\....H"..I(...p..n..Gl<l6...)....|^.......~,...Y..]..`.l..<...F.HAS.....w..........g......K.22z$..T.......N...P.L...\yN..R....H.._.?.....Q<.......<.F..`..P3.......jLd.Gl.......).D..=X.e&.V..r..H...~H..!.r.[....bag8.....K#A...w...V;.e9kDU.%.p*.N.......q.muZo,d.Jo........{..3........l,._.......Ij..;6. .....v..Y...:f..t..........7.,"f.g...(......O.O.W.....w.9.@.kLy..T.\z...... ..u..z8..p..K.]....J:H|.."(..x.........c..$,....0/..3..as......?...]$~&...c"\.....p1..:.......J...........N.W.....Ry.x.G.D...h.E...<..P..p.@...N....R.0(1< .{.....q/fI.nX.k......Y.....G...D...M.p.kq....D.g.l.q.....&..3...\.....h."....u..zy`.......07.y.\h..L...)....B$jM...;.8h8..DX....w..{I......1.t..'$.0..{c.f.Au..e/...n..b<}.P.w.^....6:......C....!../L...0m..8.4..d..u.>.3..h../m.-.X............^F..A.%.cg.e..S.f:....}2'Mr.....1Q122.%.......j..."s.o...G>.......).9.2.4..0.$I..P.N..(.=.).......T-..h..=...<....G4..\&..!.y.(....W,...D#.>..H....:..F.K...&......#.......$3..R...Y...Y._.YI>:. ....R ..s...O......P........Q....y..J......Y,ER....&....m...(......7T=..a.{.i..iw..('.7.m.....O.?...#.t...b[M.X.. ...f1...L3.4.........4e03'..S...$pXh.*.0..|.F....2i..-..Q[c:5.}.q.J.N..u.E0..&........"DT......*>.H........[V....pK../m9o....f.&..P'7;...y....".......8....k...p.T}..7.3......g.........45.q....K.".$..1..][.Z..Ux[.........XP.WI..[.....u...T7.?.LCc........S.]......J.V..x..~.4.$...b..F..W....

<<< skipped >>>

GET /static/r07/layers052.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 23 Jul 2014 13:08:35 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 182014

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:42 GMT

Via: 1.1 varnish

Age: 234549

Connection: keep-alive

X-Served-By: cache-fra1221-FRA

X-Cache: HIT

X-Cache-Hits: 40562

X-Timer: S1406985882.968149,VS0,VE0

Vary: Host,Accept-Encoding

#addthissmartlayerscssready{color:#bada55!important;}.addthis-smartlayers,div#at4-share,div#at4-follow,div#at4-whatsnext,div#at4-thankyou{padding:0;margin:0;}#at4-share-label,#at4-follow-label,#at4-whatsnext-label,.at4-recommended-label.hidden{padding:0;border:none;background:none;position:absolute;top:0;left:0;height:0;width:0;overflow:hidden;text-indent:-9999em;}.addthis-smartlayers .at4-arrow:hover{cursor:pointer;}.addthis-smartlayers .at4-arrow:before,.addthis-smartlayers .at4-arrow:after{content:none;}a.at4-logo{background:url(data:image/gif;base64,R0lGODlhBwAHAJEAAP9uQf///wAAAAAAACH5BAkKAAIALAAAAAAHAAcAAAILFH6Ge8EBH2MKiQIAOw==) no-repeat left center;*background-image:url(images000/addthis_logo.png);_background-image:url(images000/addthis_logo.png);}.at4-minimal a.at4-logo{background:url(data:image/gif;base64,R0lGODlhBwAHAJEAAP9uQf///wAAAAAAACH5BAkKAAIALAAAAAAHAAcAAAILFH6Ge8EBH2MKiQIAOw==) no-repeat left center!important;*background-image:url(images000/addthis_logo.png)!important;_background-image:url(images000/addthis_logo.png)!important;}a.at4-privacy{background:url(data:image/gif;base64,R0lGODlhCQAKAMQQANz0 IzZ5gOqynDP4Ruyz7Hl7wSqyv7//x6z0FLF2zG50 v4 xSwzcDr8QuszP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAABAALAAAAAAJAAoAAAU0oIJAZAkZCqOYkNMsA5OU7hM0ikO6x7AcBQTBtVAsHo EgMgABBijmoHAoCUKMxNDwCKFAAA7) no-repeat right center;*background-image:url(images000/privacy.png);_background-image:url(images000/privacy.png);}button.at4-closebutton{position:absolute;top:0;right:0;padding:0

<<< skipped >>>

GET /1/92a411bc23?a=4058140,2334836&ap=8&fe=26312&dc=23203&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSwwNV1NNdV9XQBNWXQgAERxfW1JVQQ==&f=[]&jsonp=NREUM.setToken HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-3.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=451778de91663b63;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/javascript;charset=ISO-8859-1

Content-Length: 21

NREUM.setToken(null).HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=451778de91663b63;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: text/javascript;charset=ISO-8859-1..Content-Length: 21..NREUM.setToken(null)...

GET /nr-411.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 5775

Connection: keep-alive

Server: AmazonS3

ETag: "9050946217be03f42647b3f708ef10d3"

x-instart-cache-id: 1:16954596951746155381

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Thu, 01 May 2014 23:15:58 GMT

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Accept-Ranges: bytes

Date: Thu, 10 Jul 2014 19:02:44 GMT

x-amz-id-2: M6Z1FvhosAPz/iDGNmz4we1GllhHXR2rCe8NAa/cyM2LxF4ezoQWqSqUblbUlD30

x-amz-request-id: 7B5A513F8EC80783

X-Instart-Request-ID: 11148896140670480835:SEN01-NPPRY14:1406985881:70

...........[mw.6....B..*....8NB.V.4......fv?Hj.M....TA..G.............I../.....Y\f.J.......V.=.(...$v..L-L)...@.J.UM...........|/..e"E....P.../])T).^...F...U]n..J..{...{ e...&..\..$.z.<*S......}..=a........\.......u6Z.. M.`hA.^.0..}.p....."".|.{.....=....TU.>.~f....<.G..F.S.-.j....v|.,......{.6....&.............I.D&$K..G.Z.qz...?...........7.....4.w.'Qo....~./....G.v...Mg.b.s..o...6 ......m.*?...@...S.....d..J&a..0.........'0...a^f..a.1...?.1Z............n....N.......4...P.u..w...E^....Col...Q1.1..-Px...V...F....<.A1.LU.Q.6.Se.....-..~.n.G..m.d ..SP.d..g.....&.x0'..4...fr.. .\.........H.B..5..H..2M.....rf~....;.D#.....)Z....0...2..T......!.T.7...p)..d-..(.U[.,4O.J.#l..0.........S..a.....R....c...^r...2.....<.}...4B.-T.....>...@.K.7...r;.W.x....D..S"VoW...lA. ..g...\*O..2Oda.......|..3....J.I.P8)$.H.*.R..,4...{$.........nE...a.&..=..oy.9.....k.x.....U....$.&A]..lAF%......k....&iX..>).d.,..hRVX.9....;...p.)..S.............l.Z.9s.....0RVyG..<..*...e.....l a.<..=.,..[.....a..>...JT...[./.t5B.K]w..g...(M.......1D9l.W..{bS...........v..l...X...^.e..J.......'...^Y.,.....{....Z...2...E.m....].zj......x....2M.......<,.`.a(....T... B.l.^.....xP.......f.!4t=.].=...Fd..U.F.9......F~...bb..v...vR.V.0..|x'.0.....R...Z..!Iw.u...([.s....U..r..|..)...t.M.1..aw.}..H..C9Nd....`.vq...H.y.u.E.A.(_..3E...../H..0v.~.X..^P-Rbh<..^...v...%`c.C0c..].W..7V.h5 .........vP..e..mhY............5..7..o$....V...Kl.....:-...o*..hCc......A......-...\......0,...;........3[..q.l....b.......]x.Yp.,.F..?.ES.[....F

<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:07 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:07 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a980d75070761-AMS

Content-Encoding: gzip

df5.............\.....}.W8;X`&hud.n_.y.....E^.Z.l.eQ....1...$S.........:d...K....KN.j.HN.(h}-X.T.cW..>.x..'$.i..CE..o.d...C.....e...Ij..W........}..}..z.........z&...]....`.Q...(.P.." VSu..S8v<...q.,..L..sA......2i.w............c[...Q.....\...)RJ*.....r..o..s.(r..9.~.;py.J].s~........X!OV..V},y.)...4.>y.....P.JV..w.T..|......c..D.D.../..E.\..Z.K%=..a...#.P...R..B..l..y...T......y>...(....{.J........G*..SC.#lh,@.7..8.$gV}....p.OT.....?.......(HM....T.-......~.<....t..o..!V7...}..J.......J....)...B..B.........TV.....yg....."...L......p......:iy)............>~....g.Q3....9..../...)5#WX.D.R8.7]o.t3..|".l3..X..M.. ./V{ ._..Pi..*].....F..WED.....'.M.......y$.a#7..../..i[.< ....y.Y.....e...9...|.SE.%z...,.5g0n..{..t........I..%./->.Hd4...8.<..t;tPQ..H.y.2.?..|.^...g...Ov....8...K.Jq..2#..H..b.J.|......l..)..AU.tl.....0....`v..T...s,t=.(...;..1.q.wR1.i.ee@:]....`....w-.O._....... l....f.B..*2...d$b..HIJ.\.6.m...,.9..Tm"O,...7{ ._.*.c..,P.QS4F...a...Htt.1.H.>...M.....Y..........)C.k|...Z..uq..Q...........6}..t_...3.b..D.......U@..b.Wk...7.&...e...l.......]..`....v...>[=.g....c?./..#..A..3..q.....J.M.n.A......1.v.....1o%.s.f...spX[."....'',."[....t....'.d0X......,..':7..@~...-.Xn @\.i..........[......q......gq...Bj....R]k...".6.. .....w.....!Q...`@pXL`d....'#.AN.J.$...a.....G....1.`...@Xt@.44.....uxPDQ....(h........LH......Yi......|....@.d)H....f.H...6.U....&,.tD. 4.0$.s..O<..e..DS.C.y...'#...H.;...z*71.t.....t........)4..1..."j<.T......i..i8...p.6..0....2..,...".c..\.v.d.CKA..l.Kf.

<<< skipped >>>

GET /static/js/jquery.browserdetect.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:13 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a983119ef0761-AMS

Content-Encoding: gzip

c2............u.A.. ...ur.Y...<@C....C...F.&....5........o...<..(s..J......Px.U...\.m..R....g.........U.|..n..#....K..Ck....t....CM..A.u.g......p.'w..f*:.:.wS..<7....!..rm).R.4.>...w..].n...Tk..n.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:13 GMT..Content-Type: application/x-javascript..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:13 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a983119ef0761-AMS..Content-Encoding: gzip..c2............u.A.. ...ur.Y...<@C....C...F.&....5........o...<..(s..J......Px.U...\.m..R....g.........U.|..n..#....K..Ck....t....CM..A.u.g......p.'w..f*:.:.wS..<7....!..rm).R.4.>...w..].n...Tk..n.....0......

GET /static/js/jquery.placeholder.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:13 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9832ba400761-AMS

Content-Encoding: gzip

2f1..............]o.0.... .U1.J...(..v.*.R.r...q.$k.#.)C4.}v. ........y.9..{..>......P...4Gs....%..=.....W.X.t...y<.....)d..H...I.)...."..2f..5z........n.@w73.}}....c.......r..y.#.#.2.&.9..f..b...$.fi^.&..g..E.Y..i...k..*..a}1..3.o...D.?....mI...ej...&..n..UfM...T0..k.W....... .s...V1 .4...nt"W.]0^G....mm..x[B..Fw.".c...Q....;...M2.J.-$...c0..7"qx.&,.....s....\.6*K....:&<.O..N..5;fWU...O.r......{W..`.`)_..=.T.....-......-h.v.[....\.R.........T9:.:.0............p).......M8..V..EJ.4(..)..#-..cvw...a;...V.:M2...<}...r...d.H}.F..M\..M...G}........Z...!...s..M..3..........h..j.[..6.....p0.'a.ml#-!7LX...e...\k....<g....#..e9....]w$o[./..V.B.D..`.R=b!.%s.e...6......$".4....L........?f..XE}.Dn....f....3.-.<_4J..e...V.B?..,f.p...G..G.~..q.Hk.(i>.4..a..R/.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:13 GMT..Content-Type: application/x-javascript..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:13 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a9832ba400761-AMS..Content-Encoding: gzip..2f1..............]o.0.... .U1.J...(..v.*.R.r...q.$k.#.)C4.}v. ........y.9..{..>......P...4Gs....%..=.....W.X.t...y<.....)d..H...I.)...."..2f..5z........n.@w73.}}....c.......r..y.#.#.2.&.9..f..b...$.fi^.&..g..E.Y..i...k..*..a}1..3.o...D.?....mI...ej...&..n..UfM...T0..k.W....... .s...V1 .4...nt"W.]0^G....mm..x[B..Fw.".c...Q....;...M2.J.-$...c0..7"qx.&,.....s....\.6*K....:&

<<< skipped >>>

GET /static/js/chosen.jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98342a6e0761-AMS

Content-Encoding: gzip

15fd.............\{.........v.dEQR^...j...}..n..w.z..$$.K..I.z...~.^$......;.XZ.q^8....F..uQ..w....H\;........1).eQ:...#.....y[.uq.%......y..2.o...,.._...T....z;..V.^.. .6........"w....)-.a.eNU...8.f. .;.......Q...b.b..y../...v..s..O&r...i..^.s~Lc.W.?e.Q...h......_=......&.C.[...L3.......5I(e.....D.4K..;I..E..$.......I...]....J...-..<..R$.:...a......E.'.c8.Y....I...}I.]...-eT...p.,."!...{h....xC.0Do.....o.........,v[.0mJ...h......4tK....O....E... #..^.[...j.>....|...g.N..~.#.Mq.>.x..-I>..IZ.(#....{._.8`.^.. ...........!..%.d...^....k...`.7.#....f.....x....5.....!..7.....&..3.@s7:.s..'O\.:W.u w=.'...YH.I.. P.-.v...>}..)_...7..i.B...O?.......k...6x6...G8..:o..W.....FI.W.}F..>......{.....%.m}......j.......r.....o..q!oE<.sr.`..H.>&x..o........0.[].k?i4.l...D.h...-.[ZT..h..8............}6.......,.)...k...$....XDE.EB.x...&'. ..V............-e.*Zr...c....K.!... 4..8.e.Y..*.]$H..ZYT.UJm....|.p...e...z!......C..l..ol.8....X....6!RLp...,X....f.p....4b.6:...l..7.."."_.E^.....*I.......K..Q.X.9....N.*.Ze..2...@i..Y..z..."TE..D.@S.D.......r.....p*. ..l...zQ.a...h......Q...<..Q.3ZR7/r.I.....b!..U?>...#J....5....I..D.......c.(....SF.....vW.............YG,........bW..EP.LL.`kI.;..._.=.2.lW.]EwS..gSw.,.N....k26.%....4N..Qhyb........E*...D....X.........=..j....zz....|U..W{D.dE.r( .=.;...@..5..-...xgNM..)..84.y...;.0D..Q?8G.S....,u........6 -...E...A..2.........t1..KdeN..E...>U...A_.. ....[(.ba.....XA.. h..\ \..<.?Im.7..]..........u..vC.Al.5.o.E1A.....p.N..'...:B........Z..E.~.luV..`..q...8.NA.M

<<< skipped >>>

GET /static/js/ZeroClipboard.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98354a920761-AMS

Content-Encoding: gzip

ef6..............ks.......mm0"A...F...e%q.....SY.........(.n...{...........nwo_...w.~qp.|A>..%yV.X\...rI.....~I.lV.......RZ.. 4..d.o.g$a%|....8..zd]g.....&..YN....(.&..%Y.A:.......&~.TY....j.'4B...~.-...=:.K.g...-.b.( `.yD..(-............V...O/A...5E.%...t...-2.\.......S..9..FG...qt./..|]$<cE8"..EH..).y.%<8...."o....[....p..Q..D..[..yT#...^...lN.>J.UE.Ij......^.......m".....5.....d...(..x...3...|..<... .O ..1..4..[......5g..}[.'...5..-...d...WL...~..9 JdB.."!.f0vt.__..........CK.(.......g...V...`&..I.*.v...(_W..J.....O..o....".'cup?T.s.....<......)....."P.g|[..-...rV..<V....B.#L....O.>.-.W`HK./....i$KL..5.PT.g......q.{p.*...... .....j.b..B..o.8M/p.. .......dE...c1.ZJ.D......t*..=..K...A!..v46.q..hX.=..............g..-.C._.....>.;.w.....q..M.).....#..N...P....B.m.-......a.\.....$.....%.......4.... .Eu.g<.....fr......f......@...........N .Fs.<..# h.6.C...\..$-.S........0.|[..M ..".......2..."...r.J.,...Z.6.JGM..2|.e.pO=.O...w.V..uS...........?O.c..^...u.e..|.A.[....@..o1w.g.M......\....NW.w......M.._..........Yw.s..{..!.m.....H.E3./..tr....|.r..&...3tq......hg.....(.s~.*W.....&K.....H.D?..6....I.2.K.5.D..}...;...).....|..............J..ctQ..O...t.n}...$..*...Oa........Y......W[......z.j..:T..5@..3.K...{....RB*..F....Eh.....CrDN..v.z.u..x...W...............Z...@..f....F.UK....I..!s...2.....J..*b8...'."V".:.........I.gw..... ......%.s....C.4.(..tC....:.2[A%.$........ >..m.._W|........P.ZC&.>a.8 j..............`..MB...\.Q..8.u ......&..5..o. *..2.<.3....l....)6.X..."....:...

<<< skipped >>>

GET /static/js/ie6-warning.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:15 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:15 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a983b0b6f0761-AMS

Content-Encoding: gzip

7bf.............X_..6.......$h..-{.V.C..k.a..n{...b).P.2l.r.a.}.,...8>..3....4E..T.X.c..E?p..d.>....@@S..P.......R..U..H6...Q.......VM..|.h..p`h.j@..k......U..9CM..=..Ol[s`.?.X..GV..8j.}E(C .A.;).w...,...T6......f...A...5m.(....d..QN.....F..2!O.!.....Qks...HY..x..Z.b...G....PT.=....I.y..~.#L......=.....Hv...;...T...f...L..?T..P..t......@.....tZ.y^.Z.`..|s......||...7..H#`M..~........1.vm.7..{hR...lm".....I.5R.k......K...r...........<.5E..l...j...".H..4.v ......U..V..G..c......J.l.......?."... .>..h...n.jab..0.;....'`e.J...)......l.>....8<....e.p.....y..9...9...9...9..[Y.fF..3#R...).....zD....B.......[..R..c...U..^r.k..Fx.y..&A..r. 7S\.}...i...?1||......S....A..~Bvu...............x...@....6.......w..".zn.A.A..8( c#L..d.....4;...;<^.4....f ,.....8]...............i........{.....Q....R..f....l..R..f....l..R"!....S.m...mIk5....i...........g....:L.o.>..-r........d.{...l....'.\....8j8".Z... .Yj.f.J....;..hhT..@..$9....f...$.......Ow.]d..........}.m...<..<z....Vz.....^J..%b..y|.u.n.....F.. .w..JB.>.(s.f,.......I..{..U'..y....,..9r.g.h.K.sJ.O.)(S5m..D.M.(.W..o*N..?YEIA..J.B.z...>'}.O..J.U...e)..D`.N.....G.......a...m...._.kK}.\u..t.....,R^....l..?G.l..... <.j....@.M...1`..c...2...;.<'6........f...Ff......M.O'.ns..(c.c..5.{....I..N..'.iM.~.P~A~8...S.........9....{@.~..@..#.......O.L..m...w.....).;)].&.._....^...6....lLk.6.m&.@. ....`O.v...d. ....q#mm..p...x...@...$..\./,..3{A.,....5.... T... ......B ._..%.....6..:....S..\:*%.W5V.Z....k.]l,W...Vg..#........}7.X..U.Q..].>jUjWe.Z

<<< skipped >>>

GET /static/js/home.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 14 Mar 2013 17:21:53 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a984d4e540761-AMS

Content-Encoding: gzip

5e18...............w.I.(...W.ZhK.m.{ZF....M...m3....>eUI*..4*.c..o...G.d...={.Yf.T..........l?...<.~.d..$....~...Y...%....5.....^.....P.y6..'.."8....p..?..8.......c.............$.$....`.F.<X......A6.~y.2...y.di.............dCf{ww.:\...T..WI.eW..?LRh..|.....mG..;.v0.'..E.@V.^N.|wg...O/.O...k. ...~...y..$....v.L}p..?...y2[..E2...b.-..yx. .......i...B..O....I~.....R.>^_....r......`..s(......<{.F>Z.....b6.A.o.....,_.....5....l>.N...17......x...x.6.......>.8..yh~...Xl.D..SH]..W.........x...........j.....<.N.....4...m...kJ...r.`9Y,..i<.*.....DHK.4.......E....-......7.d2.......<..2..p...*..*.;.}.E.....mE./...)..(....t}w....r...0..I.K...D....'...O..K3....fK...}A..P..vw..Q..H..7......dg1Nr..u......~.$.....5.........RR.........4.1J.Q.j.. .L.a.O.<@.(.....b..(...:..x..0(....NZ.{.`.....0...r....c..TZ.p.3.&N%.H$..[..p.L.0_ .@..i8.6*..~....;;..8..PD......]..E[5.9..ty...\.!..m..E.ZL...r>.S....i...."..E0..!=.......\..q...d..)...lXd.a.=.Yi....j...YP.NW...\.e.v$......q.2w4I..E_.t..,...fQ...t.-.....4.........*qZa...........$.....U.R^1....n`....*u..$fK.\.c.....#.h.o...$....2.k.oo_.<.A.p..6R.1..$..Y.G.8p...a2.(xX..&,-03..l.S.m...../ .4..<...:..6.g...|U.....a3.....%%..b...J!..._%...]G...&C..%.aL.. ....A......a./...$....!L.e..?....TI.%..T.....4..w.-....9:...Z.....i...<......#........T.....E..........X.?. B....b.8.B.s....2....[...;$6..@......Kh...:l.C....jf%..2..c...q... .....1L........,_8.....E.1...8..y.|....q.k....S..$.R.....k..(.L.._...u......r..,...G:VL;.....8..b?.....K....y.....c2BEq

<<< skipped >>>

GET /static/css/jquery.ulightbox.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a984f0e9c0761-AMS

Content-Encoding: gzip

816.............Xio.L.. .w...J.....~.6.......eh.1.!...6.3.LFzgw..`%..............Gf..h;...$.Oc.4Ah7...d.`;).._.`..d...V..[.t.eit..j.V..........?...L...i.i.q'[;S..;l.4......X;..V.....1..q...D.D....RkjD~..|............. 7h..An.l..K.o.........Z..)..kY....................0.........Lk..X.....I.c.]..fgg...N.... .h.5.v..L-.&..C..P'...; .K.@..;....$.........../.~1_.Z..|J.....f..`,........`.......%..w3o'..B.........iV.....P..V..........sZ...!..0M .......P............8-<.....fI.*k...N}.Z.#...D. ........C...N. L.....A...Ib-|.K.CR.}.F@.....0.<...g.G;h..Gi...z>......o..4..pX.....o..khj.$...&[.....I...x...E.9.....3i._zR..{.......o]......,.....DU.<o....f.,...K...=..H.G..Xob...w:?..Lp.....!Fg....'...w...k....Vt.` .....>..~....H.3 .-L.2.....1........B.Z:8/..J?|...q..o}-....x.............I...._.....kVjDG....g*:...........rn.u.}C.."............GP...o."R.....Hof.Z.....KU.q...u........W6..0|...P.c.v...r......i..}..k/.x.f..tS.$p.n.Xw....=...U..r%....BW.4............R....nYr._.Nj0.o2.m1h.......O..H..Y......vf..Na2...hO..}.vx..I...I)....H.`Ie.p..'.._.6.b{......9...*.87*8........gsOu..H)'..@..W.......r.g...Q-.q....r....V.*.\........Q^...w/.R.........:.K.Q..f../.........9.,;`.).q..9.A.....b..7...b.#._....D. .|..@?[..M<.}....U.Xt.tQ..4z.J.(c6p.s....83.S.]....C....8. y...j..k....:.T..8...1.c......q........89.W.3.X._. .W6|..bnt.v<..K...O....J....B.bm#...&..Ey.&DI..4.QsR.DZX;...I~m2.yi....S.....wmo...g.....%d(2r....J.%..>`8.6..dh. y.............#x<.!sZ\.{N...Y.`qS4)x..#J.$..=.....>....xe..>..../z...:G.q...'2

<<< skipped >>>

GET /static/image/header_gradient.jpg HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/jpeg

Content-Length: 6647

Connection: keep-alive

Etag: "22a8-50f9295f-8945eddba2f6146"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a984f9eb20761-AMS

......JFIF.............C..............................................!........."$".$.......C.......................................................................r....".........................................................................w.........Z.`..J..([d.F.-Y*..f..E...i..Q-.I*.U(..TP.Q(e..a..jDQ&.T.he...jK.e.e.fh.Q.....Z..K.....FV(BR.d...............,..*,.J....b..ajJ...m..J.RE.TQ...DiQ@..D.E.FZ.Q..I..DQ..K.I..D..f.Z.....e.aK.......fR.jK%.Y(*Y..................".J.......J.*.*..E$.ET..DiQDP.DQ..D........DQ....D.Q.e..DXE,Y.FT.XI..Z..jFf..:.%.&.,X.A*.d...............RU.l......X.J.*.[d.......@.E...R....E.........D...DQ..j.D.P...............%K..FVK%..D.J.%...............)E,....[-..e....*....5`.J.P...Q(....Q....D......DQ..(.D..`.Y.X.dIb.R.Y.VK.fQd.X.X.Ks...............,....B[)l.[-...[-..e...V..K(.....Q............ (.........Q....Y..*.K.d.Y,.D.f.b.b...d@...............R..-..[-..f.jj.V[.j.[..m.P.)QT..,..J......T.......DX...!a..%....D.,$.Y,.K.fHK .X.R.................RU.l.[..-.Y.j.Unm..f.m..[...i(KK.AniQU.....PT..APT..AP.....T.$T...@D..B"...d..%..d.Y, .J.%...............[-.[.V.j.]f.....WYY..e.f.i.lUA.%..f.AR..APT..i..F..APT..di...APT.........B.."....J....0.J.......@..............niE,%....lY..i-.f..f.&..nji.i.....TUAR.APT.di.i..F..di..F..di.T..Ab..PT.EAd-dT.D...-.* 3.J.2.!(*Y.....................i-.....A......i.Y..i.j..A.inVi..inF..PT..APT..i...APT..APT.B.....H..R.!..B....$X...Kb.(@,..................i-.,.KV..JTY...Y.i..i.i.eA.i.I.F.Zdi.AP[..U.iP..B.%AR......APT.AYF.."..!RK....AdKb.$X. "...@.................Pi-.

<<< skipped >>>

GET /static/image/header.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/png

Content-Length: 56313

Connection: keep-alive

Etag: "dbf9-50f9295f-f5e52cd7af085266"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98508ecd0761-AMS

.PNG........IHDR.............Q..w....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:0180117407206811AC3EA2F6E16088A5" xmpMM:DocumentID="xmp.did:4C52D47DEF8711E099BACEFA714E110B" xmpMM:InstanceID="xmp.iid:4C52D47CEF8711E099BACEFA714E110B" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:26E1F8D7172068118A6DA26CE47F5BA4" stRef:documentID="xmp.did:0180117407206811AC3EA2F6E16088A5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...H...)IDATx......*.. .Q}9];........a.$$!..!v..fF`..._.z.....?Ty|...3...@.6...P...G(v.B/....Q............R......O.;y..qp]<S...4..?`p..t...V.6...1..a.1F.y....)./..i.<.....?y...fC..n.].....u..uM-..p:..|m......Ur...........K.;B>.,...J:;R.,...~AI.3.F...#....X..Y...C...5j_.....jH.^....[.f_k.}.!...7.e.?5..........0.J\..QeNf<....wQ..t@....t:.>.......z..DM...F..O.a...h...g..N.?..o.. A.#..#h.0....5r..?{...=(.&.{....l,O.4...m.M...2;Kd7....k.\Q.D...y....R&.I...?..t...*[..5N.......C./.M............EG.W..^..Q..Ft>):||&l

<<< skipped >>>

GET /static/image/num_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 506

Connection: keep-alive

Etag: "5d0-50f9295f-f23fd084c8dd12c9"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98537f490761-AMS

.PNG........IHDR... ...'.............IDATH....J.Q.....o@D/.e~K.....$%.2.b""..f.&.u........kw..j....3.;.....~/......L&......0.-^....n....CA....V..y.m.]CA....f.....F..U......@..j..hH....@.^...._.v.].V.xD..z.J.p.Z.^....\.....m.R9....r]7..'..R.tf((@Xp .H............b.~.N..5......CEM5..q86T.T..........J......g(....xR|.....7CA...[......@..j.X,>.........z](............|.A X=.....`..j..t'.,...f..@....@..$.E.@&........%..N.c.R.......Aps1u#..,.z`6... ....2..a..|>.N...x4...... ..X,..a..PP...?S..5.;.B....IEND.B`.....

GET /static/image/logo.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 9758

Connection: keep-alive

Etag: "29e6-50f9295f-5b599ae239950ee8"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9853ef540761-AMS

.PNG........IHDR.......Z......}.p..%.IDATx...w|UE...s..7.$@..P..X......kY...q..*...W......u... .Xw]..Wl...(b$...=.....v.)3.?...7!.........33g.3.y.g...J)....Y.D.$do........`..#.b..[*..\.p.f..._n....g......b.......%..$doQW\..A.p.....1.81..%..&.......>R.\.{..C..4.hR?Hx.....R8JkA....?Q..... .b?.....5J].wR.FA.C........s......q...Dr.Q...0Q.........Q.QpU@'ae&dO.9....}:.....&....~.,%..t.7Q....@..([7.z#f....%8.U...).../TR.........*v..9bO..P...$..R-D.P,....K#M...........b.Tj..$)x.W#.$Z'!.....}...\.%oK*..j..%..V..!..B4..._......-P..p.>.r.i.d.f`....".............].r..B.$ U..2.`[).........M....(.A.....Q..0T..g..]%..~..0B*.... O........^Q.......*......M..E.A..JE..$i...KK">..a.lPy.{..Q..H4MBv=..eJ.K6..T.". ....^7...}......#.R[... ....Z...@..F.J....- ....*.d#6w.......1VW..h...........`K..hZ.b/.G.......h......)E..L......WqLL..a5...{....U.......... ..c...@B...@.......F..%.q.. .P..{....]..42F..."Z..1.8.ON.i...A.D)u.B..`.....R..2.b[.{.X..*.G...L....)=..(U.....4... .b....(.E..)._9J.i.5.......KQ)"R4RN........K..D.$....i}7.'.....d...X"...S.^.p..]..g.%p.....$...e).-E.Qb....H.&.&!...1.:...(j.Q.(..POG.......,x .S.p.B*...{...."h ......I..RWb.R!zJE...(.b...B*.....Dus.X.na...s...1....j.....h..t.....w.p..~uQ....H.!..4..v.LK..$jT...4?.,...Y..._J.....S.....=}....=..x....!.Z..^&w.h..f.0\8..S.EjG....2..O.L.5....w..bT..F...}~........(.|....>.SM..VI......Vf..$..r..}.O/...> '....s(3...,...DC3t.~.v....|........!..Q.,N4KBv....(.n.{O../e......#..5.l.~....K.. ........L...1..........@..|...D.$d.0y<y..3.>............v..6J.WF...... .

<<< skipped >>>

GET /static/image/shrink_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 849

Connection: keep-alive

Etag: "6e9-50f9295f-fe86a040a88ccd38"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9854df740761-AMS

.PNG........IHDR..............hE.....IDATx....j\U...s..$t2!Xmb...B......u.s...[->E.A.r.......B.KM!.......\D&.d.$..p...*..9....../wN.......p.....I.....m.].k...|......g......^.gk.....xo...._.F'y..........~....bw........?._......<.......5.....PW.~||.4M....RZ__......m[....(.....aJ).H9.^..@.....w.9EjSJM.4Mc_..:.....B...N....Py..G....t....5z.....Pw.G...@'.......F.$..;.T.....{2..:..)....Py...;.t.F..;.t....@.j....f...D..}t..;.O..u...kt'..@'...3....=.0...'z8a..:Q....@..=93... ..I.....R...@...........Yw..=.u....5z..n.@..0.....u............RL'<.PW..R.u...........r....@u........a)..bG.."....p..............{...mU..PG].QJ.....{....j.|.._..>.....S...uiW....y...R.v....?i.......ms...Mr....3]..s.5/5.........I...7.Z.R.?Kk)MO...G.0u..V..[~Y....q..E...'.W....*.3..Uv... ...h..4.q#e..g..r.-1.......S..!b..Q.... ...2..b.B1..l.Q.%.w6.x4:zR.......>........IEND.B`.....

GET /static/image/shrink_button_icon.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 1101

Connection: keep-alive

Etag: "83e-51891205-dacf17616870751b"

Last-Modified: Tue, 07 May 2013 14:39:01 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98552f820761-AMS

.PNG........IHDR.............r.......IDATH...ML.i........k....j....n[mT...ZZ....R...].Bwew...d..^LL...=z2......1...x.j..5..q..l.$?.w....~<.39r.<.....Jp_....;sC.P(.A...0...{.D.....(((h.....H5....V.'...($o 3.V....I........q..P'..-....(...z........(|...@.A...a.B<...I....e..O......0,........f.k.e..B.^..0...mY.!.T...I.2sK.hkk...e2...>.R....k.:K.R.&.MB0S.h4.......hwE..0.E.........(.....Z^^~c.f...v....{^...Z......B.T.R..a&.......s.\....~..9pvv.....#..2..@MM......iBP.}".y!...........e2..@.V.#....j{&&&.............S.T....a.\...r....v........../........@~.......g.......{{{.nll..........P.....gff.$..J.#...4B.!.j..d....C E..[i.....=.c ................d..b..`..1I..#.A...A...............(H........&g.{vii...?d.... .......z...b$!....c$..........o...n:..ql.p.onn.ip..........3..]...d{8..-,,..&..L....P...\.A...v.V.....EhC.....pI....W4..4IrKKK..........B.Of"!t.....r.w.R....K........@ 0@..$..l..a.RU......O....Az>....D.A..!.b;.C.......C..loo...!.<.. .Q_..v..........._.....N;.sssD.........82:n.ZY.i_mm...B.....f.,.Cv.....4..>....E.V`.XfggG..$..m... H}..<??O...=..%..J....Y\\..d...J.F........1..-;*....IEND.B`.....

<<< skipped >>>

GET /static/image/button_join_now_tick.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 730

Connection: keep-alive

Etag: "69b-517a684d-ee8d60c7a120e32e"

Last-Modified: Fri, 26 Apr 2013 11:43:09 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98560f9c0761-AMS

.PNG........IHDR.............5.7.....IDATH...Mk.A....j%."...B......V..#.....IkjHLjcL....z..Q.A.G...... ..GQA..;2..U.....|...8.D&.I.e4....7A.8&m.uJ..J.T~W(.a.\.G..Z%......#.J........]..... 4F.!p..j.... r.,![..kp.p..PX.8....H.....M.E..d........P...."..j.W.7pN.r...p8<.j...D....p....]...e..... ..O.h..<..D... 8.*\.e..x<......@,Qb.Ql./<.....;..........q....\ X.>.d..o..D..#._1!........`.>J.H..L&.V.%......,....1...vR.~...e......&.........R.'..........!...6...8.& 8.N....8@.....|>.A.i.`,i6.aA.>.p.d;By@$..A...........}.'.K.....%......#.....\..8,..J%F..B...A.s}zwww9C4.r..1w{......../..?...l.....-..j..KpO"../..)....@b/.....h)....V......c|Ob0......!...*z.n.S>...*...........%T...v..L..b..V....._...O.W.. 5........$....M.DG......IEND.B`.....

GET /static/image/fb_f.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 572

Connection: keep-alive

Etag: "5d5-51839c86-dfeef352323b48a9"

Last-Modified: Fri, 03 May 2013 11:16:22 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98568fad0761-AMS

.PNG........IHDR.......!......>......IDATH.c...?.51..=..1..e..@..I*.....I.."[..eM.3 .{.....=....s.s*... ;Q.2.tX2.....~......c...~...~T....vS....$.................4h...u.?!......mG.0.}....Wp...7$...%.@.>..1.A.........v...........7..|.2....|..P..?...v......0..u....F..B$.x..#..W.z.1P....o6.A..[7M.....E[.....3f.{.....c.....?w../...o.k..s....^...r.A1...>~.$..?.FR.^.......`.....z...1...W..d..SO~..C.Y.]...[........c.p....../....._......#*D'.#g.a...s...\......a..../ ..k17........]F...r....\~1j.....X*...=.....x.a.. ..p..{?n..........}......'.y..*.%.....@.-.!..%d.....IEND.B`.....

GET /static/image/arrow.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 523

Connection: keep-alive

Etag: "5e4-50f9295f-ad2107aed9966ef3"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9856efba0761-AMS

.PNG........IHDR...............,.....IDAT8.... .q....kX...... ...e.8l..G...$..P8PX6.y_.%......Q.;..z.[$...~.g...;l}.M..~.M.....`@q..V........>..|J.Q....7Y..B..V. .`..U....m....Vy.../$.1.8}.ipa[...6. .O0{p......@..:.%(s..h.........'.9......J..xIH..2.!P.H......'...I....r...@......m.!.}.&@u.H...-#...T<AKM.X.y.w.....$H....s]...kfuz=x.......z.6..O.5Mnzz..L. .{.kW...-../.TTQ.'..u8...\......WD.Z&x|fj-..vu.........Q.N.Y.fs.3.K.y.......c...Pjrna{....~...9#.....a.H..].....i(...(.M.j.ILk.q.R.....:P\.."Q...Z./....*.b^....IEND.B`.....

GET /static/image/language_flags.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 2938

Connection: keep-alive

Etag: "c02-533ef450-7c77c8bf1820113f"

Last-Modified: Fri, 04 Apr 2014 18:05:04 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9857bfd40761-AMS

.PNG........IHDR....................AIDATx...{..U..?}..GB..L..."N..H.......% .W..D1...........Ve#.....By.*)..|UB@-...>.......!..a2....y....=....G.....N..s..=...S..._...x..2......!............_......Y..=`j.dpr'....E......s...Nn..%..Dd.....^.g{.%2..*......`...L.Z...$.)P.(.i....>..I.G,Xw.....m...sN..b...O."p.N...O.....<............SD..s.'...2q.N...Y......I...ba..o=....<|..D.>.;1.&......=..9...e?.../.....W.w"7..<..s......[.....|.w.#.9...AY..}r..!q6....r.5...o.Z...k..."...N.8v.~........O....|.....7.n...^.U"../9j..GEP.T.....A#.u...j=....s....9..DQ.....S......;>.....E..(.."..>\.zs.E...^..@P..N.........(.9.....VA;z..-..e...=..Z...Z.....=..T.TZ.......'d...DQ...iR|T...mJ.:...g.{..d.D..z.H....F.K.mY...;.u.k=e....s.N.......,.X.1..8.....s.....F....d.k=.z.....(@.B..U`4XWX...3wV...am..D.5H.(..............!..k....>..55.HD.Z..1...|.P....."..*..H.]|......{.it2a<.......?.`dY.....61q..1..9...c,^.2g..`...;o.Q...~..kL~.Ak.IRb.PJ.$.J).8F%..^..`..`....`.5..|..."....h..&)......Y.]@.#&..Xdr.....R..I.KS.c.3Hc0.....@.....'.:..Y..5KC.!......-.,..-..f:..'.0I`..".fN..k...C...a...8.=.f..0..l...y].......8mI....?.~.|...K%..O^....;...J...c#....Y....^.W.Zt(Z..C4p3.. .`.`.`..<...V..........\...*>..*..."8..._F.. ......Dg.]H~d3.......F4.A.......x.._@.......-|.m i......C#..@.d..gx.6Y.1...,.t.^..2...]....%W$.....(..]t.=\RRg,H.L..4p ...I.l.......2..3..[ .B..L`."

<<< skipped >>>

GET /static/image/language_arrows.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 141

Connection: keep-alive

Etag: "3f8-50f9295f-d0babe0c0e84ba40"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98588ffc0761-AMS

.PNG........IHDR.......F......].....TIDATH.c...?.>.8.`.).....bU.7#.D.....&.80E.|..0A..)Fq..I.q1.`T.......%..2..Rn4.F.....bS..5.......IEND.B`.....

GET /static/image/safe.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1258

Connection: keep-alive

Etag: "885-50f9295f-251a6c81a43d1c3e"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9859200e0761-AMS

.PNG........IHDR...-...-......xu.....IDATX....o.V......:\..5I.{.....q.jx4m...Ic....{.E.e.'U..#.". .|.^.{..#T....'..?._......h4.......V .:%>$..y......_.."i.|((...*..P.W....pn..DK.CA.f.....U.y.L.i.T.%F..............i.BHc..iq]ed4.78...#3.M.!....p?t...:M..-i....qZ.Ym*.X).{M.&"....'../.n...Z[.x.8..j.#K.;.....x..jSf...j..o.M.....)[........|Z....j....O..*...A..?....'.).(..4....>....k..Ze.G'd.5V.T7.U.LC.vww.....T`..~o..-<.y}..3...B.t...O.M....x..h....e.....O t..*..(.Y.C{.......%c...T.5^.2h....,[.....a...b.......`....:...=..5.o.|4x....Hf... .;'..q....WN.-.E.i.Q....J.D..@.*#..Ro..4'....FY."..xKf..)te4..O...jL.b.y...K..>0.......S.:...XV.q.ck....{..B......|`.Qb......Mq.z.Co.....K.!s...F....jGy...p...> .Y...>|.B..9E.%.P,..3.;.;..qz~.;<y.....c,..'lK...Y..G....jin.!......../.F.q..C.Bu". ..5[.....w....-.>^]u.v...,H..Y..T..L...2T l.F....r......3.S........db ..yl..IC...}..c....K...(..Eq...5D[./......y1..dP.2......."..t......,.........D.2$U,...@.e.Y........CDwc^..........Vt'$..n9Q...L/IK....K6...d.r.nD.....u.......?.Q..LC..c.}X....q_..!.l..2.AK./&........wM..#......5.~..K...oX~B.....I.......5....\B.`..[$.n...R.7....@...z..6....p....h.w1h.|.^.u.S.......6.......}$Qg'...8....F..(.......o..6/....,..wf...K..Z.E.........l.>.......................gkr1.....IEND.B`.....

<<< skipped >>>

GET /static/image/ads.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1058

Connection: keep-alive

Etag: "7b5-50f9295f-26c22340ee87da5b"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9859801d0761-AMS

.PNG........IHDR...-...-......xu.....IDATX..X.n%5.....Bw....C. ..l`...........D...(..f....X ~(.....pw..v.r.!..nl.}....*..........HU?..]........s~......].j......-..f.e..MC............[..d...l.v48....1=...........:..kpj..U....,..UU].?...w@.................$....-^...}.`..fY..L..7?.@.d..~...G.....(n.9.9....!..(6..1..E$...0.....H...._~.cy..S.....``*0yQx......v...1Y.P.?U..K..X.(Wm....3...v.9?.4.3RU.z.......D..Qo..ly"...).vl...gA]'.W........x.......P?.|..7.&.y....S.G"..jQUu..8.............U.1......c.G.r......C./......y..c..U....[.C.Db.....4[D...W...} Y^... bc._7"YQ...P..!_....<o.[B.1&.X.. @..&ik.l.O.03.[...`SE.9.....HD.Z.[...nJ....^.{6..........K.8..o...B{.WUeR..9k:...%oID...Lhp..?{...W..g.X...L...?.H?..b...%~d.....KK.x..pQn:.s../......H.........IX..VK.y.2?p.....d.R^.....c.....A..{.s..Q{f...F..uqi...Z.........}...Q..N...=.=.T.}...-.w.....X......]...G..E<w.R|.N.L........O.....?q.:.c.s\..6z.W#....n6C}\.............<..z..?..)..S\......1&2"..1..A]. .lG:.....`,.....[...c..E\......j..Q$...qH.'....)H....E....q%....p#.\{}Y.[..O......7...Lf....e.....IEND.B`.....

GET /static/image/lmp.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1455

Connection: keep-alive

Etag: "9da-50f9295f-d240a8a38f08f263"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985b705f0761-AMS

.PNG........IHDR...-...-......xu....vIDATX....w.Z.....k..]wUmK)..y...<U........:SP..G..1..of}.p..;..s..<.6.....[...x....O......l..|..=..q{{G..l.y.L7......G...N..EZ.0.'..;<........7......w3....8...."...-.....v...e..... .{'S.SR...........K0.........M7..x.Vue.....(.HIhAo20D ..(.K...4G0.v{u.C..IN........O....3(..."(...$.=G.;{...7.qs..F^.`./UB1.....T.Sp.....Op...d.03O.=3..L._...t........:\......l.u8..rX.A."...1x....x.$.....bl&D..L..c.J..-.A..(..R.\.F.IZ.t|25...b./C...G.r\......x.`.......|.=~1.r....8?O0$. .#'....\].m..F.."hi..Q....d....p....J...U.^.eyu..j.......`....,-(.f......c$..h...{Xh.. .......Vm....y.B..#]z...%......V.X.Y."..H&..#....%\^]..&W.p.5.. .."P..Ru4....p.gd...q.T;]X..?...~......B=.4............-..H....z.yyyU.. .........9.w8......r......n.....V.....-._-.....e#.....}0.. h..v.G&..H.d$..u...u}>....,..JfgZ(..3l|"......V...&.....8I.. .y..oo%.A...D!%8..9:.C.$.%R..L.....l\\a...{...{P....2 L.%.>r\]_......8....V.5.....3E.P]uhL.....@.T .#%.b%.X..99..........J.G.T.....l.1N.........C..?`.&....4[w.....;..b.p.&(FW.....z.Y.u....j..<.qx....1 .......$..r3.)...t....(.f@..(.N......-h..&..3}....d.)Z....;....n...n.p.9d.I$.....\../.]Y.:<:.(m>.....Y..A.A..I.......O......J.!.Y. .....X.V..\._...#9R....... ...r\\^..l.....tey.....Y]..........N:H..YI.p`n.V..qp!.x.Z......8/.8......&n.$........6W....P..g..:.LH....T....0C.. A...........9.Rp...Cz.._<l...ja.......7X..._.#..~N.I*xI.f_..?.Q'.....60.l.w S|.....(T.....*>..r!...7k;(..|...1..?jx=...y.....IEND.B`.....

<<< skipped >>>

GET /static/image/stats.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1707

Connection: keep-alive

Etag: "a5b-50f9295f-9d0ba04bcf09b269"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985bd06d0761-AMS

.PNG........IHDR...-...-......xu....rIDATX..X.W.K...?....D..-l....K[...b.(.D.....(b..M.|''.w.|......o..89-WV.|I3-YO.K.....~........?....]......3.._3..f.....u.(^..L ...r.?........Kqrum}tB#.X[...G.......P..a.Q.......].DX....;.....o.....;.-.<<<...B@0"....0.'. -.br..J.U.bV.....!...(;.......Z[.....S*..M_|.l...e...../..=..............n...y".....0#.F...H....)...o>."..}~q9*..o..Q....<l.3...sy5..C. .u..3..4....h.Z!...PA....F...-..........d.!.. ../...6...\..'.......%h..y.S..w..../.C...#[(..IX..QV..8L....%..e..Iw.....<.Eg..\.Q..F..Jz.G8&.8..0B.\]{....~..r*.k#.~.....R..F..U........x....W.......I.......#.5.^.E.B....F@.D..(A......<..<.\Z............o8..c)....%Wj.ww-L..x8m..x`...].c..S............T...?.^.8X..".O..{<H..Uc.1..Z5.m.......X..zyu........8X=a..#[....nnn.$....d....G.Y.x...jf......{...*WV.$......<i.....H..\.[;HuF6'....].eJ........8mv.....=. .A.t...nr`\]..QB....G.SY%1.....@].).../b..T..3>>==.......E.-.... 4$8.9..w..S.....=..Q*.Vn{.....?ono...A....(#:.J?9^.A3E=..."#.y59.`I<iwo.........A.7...k....0.D...W"..Y.....b...tj....xB$2..9..j..G99.J........B...j.]..5...4<8j..1h.4...r..[... h)lNl.J.J...#y..yv1:.QM`....Wy....d.uP....j.M.....S|.sZ...>$...t...........V..(n...r.*....7.......N..J..j...z...T. P...S.)Jq...W'S2..^.......3.F..|... 6&h.E....Ej.~'....".... ........dP.f....U.....c\*h.i^...}..R.".h....=hj.1..t....8....;..?j............dv*..6N..O......P....._^]..>.; W.5z*7.hI..'....b...2.$Pc..;........[..M.z.FwC.R......4/. .\.y....v?W[...r.........(V..7.TD........A.mq..S.t~Z.[Y..x

<<< skipped >>>

GET /static/image/api.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1068

Connection: keep-alive

Etag: "849-50f9295f-80af35f2c784138b"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985c40820761-AMS

.PNG........IHDR...-...-......xu.....IDATX...iW"G....9......wz....A......w.=...8......p.eD.<9I.........U..z..A.....Z)..l'._.........?mb.{.~?...O_.?..?.H0..Oz...D.rN...\.Fl.....`}.@0r.U.`d?-y..i...t....?*..F..(..C.R8.%....N`.......)Y.[ww..Q...^*...`s{..?.U#>..B.J.:-..@k.U<..v......e=6.!>yC.%><5..5.M.n.x.L.W)Q.%...'.!r.....u..[......;...T..[;.h.e=.*..#.... #S...D.[G~...O..H.Q....G(1.l.*..^..(..~........'..u..G...AR1.V.....K.a...d...~ ym6.~......*3..k.>....q2 ..bu....=Dke..h]...'PB4.#.X..L.&9...f.Z....r.....[Z...E..-......XH......U.u.@...Sb.jw.#.!Z1..........I...:.V...G4.Ex5.H/..`e..........udQ...........DG..=f...)....@|.C..q..7....m"..6.H..N6 ...:./..S.fb<H..s3/...G'..TLw........9.D....W.....=...^.....W.n6.X..K...Nf._.........Q\.f.....b.x.t..>@.#j...DP...!i..d....f&>BG.6..6......!.ql.m E{VO.S.m.)j&Aq..oCG..>......j%`.t.]Q ~..Q..x|..1.).p.D-.Jd.d..X`.t...^o.3/.%.......Dz........3;.....E*W....<.....8s.?.>8..v...v.9.|..h..@..u....A#..........Zw......,v../...[>x.w.k4n3. n&....-......S|&Ie....._...?...V.@$..%....k....3.d...C.......u..:F..."...?..$....IEND.B`.....

GET /static/image/scripts.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1819

Connection: keep-alive

Etag: "bb6-50f9295f-3f7d24abdabfe18"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985d30a90761-AMS

.PNG........IHDR...-...-......xu.....IDATX....[.H......v...$@........7.. bm..*jkmE...}qX.....~.y..'$g......I<?...O.7...K ..V.........|.v...U(..[._....x&..U...........Z...7ne..~{2D..~..'>.....T}3..../........b.{.._zC;{.O.h.../P....p. Dz.......\..BB.....i...G.GA...o.=AM.8.....G.........(W..@...-.. .z..r..|.>'D..Z...._/{=%..."..).{r:.c.......cP.W..l....b}..E........P.df..Z..G..[...F{k.!w.....NDEdF.....K!..2.A6.@..W.V............f\..\Pl4,.D..b.........o..H.4. .K.!....J33$..F..<.c.7$.Z.w.P...)&.H.QX..K$.)./.4..r\.3.s..%.1R..w..G...K.Dz.wAA.(Vf..XT$.....b............o..r#.........;...3N.O......v$.. xw\.s..r8..$.N...L|!.J.\....... '`.`..?.../.=........yJ.....C.. .`l<!R.~$F.X....n...V....).....M.a...........9.i9!<Jf... F.........C...R..../...c.b..x59Sp.P..,P...6r.:......t.[..`P.5PM....k..9........y.".[..L.....pdfJ.j..5]...q*E......*..k.N*[...}........~.:.....J].L)f9%.I.W..-......sB....e.L....=.."O...H#..m...W....B..i.f. uI..F.)1f.E-.......8.Gp........Sh.i.....p.....B<.......V.d........`7f..OO;.z.....`D....\[S...H;%.)6..\.y..........{.8..P.4.4..8.1be....q..s.6.0..-.f.0.........njf.)b..dD...f..n....].]z.....#..%qr..Y....#.@.?.......)F.E..q...\.ry.{.. B.$.L...},4,.qF..TW.'....KT7....r.Za^ax.......f......O...Z""..g...Ro..M.6........l6.t.".8./.n.|~.q.xY........[,.D.u.v.Ux..9.|w.8.L.......Fg.G.\.. n......h......V....<...3..%.Z.r...}.9.....v!....... P*..nf...\....{/.d.9..Kj....p.k.4..|..z...d.....j..(.B..p... .^....*.......I..-kIIKp..AYkn...""\#.?...C.....PY..}....ux......I.....a&...O......43E...[...7.

<<< skipped >>>

GET /static/image/quote_top_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 195

Connection: keep-alive

Etag: "476-50f9295f-7c967d47eb356288"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985d90bd0761-AMS

.PNG........IHDR.............2.I.....IDAT....... ......7...aA....5.....s.....5..c...*Xk.u......\;.Dd.w.u).N ........1.....,..Z.7..:'..d.&W...."pG5.d...b.K . .a'..h.7A.Zna....Y...7*/.....IEND.B`.....

GET /static/image/blockquote_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 311

Connection: keep-alive

Etag: "4cc-50f9295f-2e1383c751194f05"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985df0ce0761-AMS

.PNG........IHDR................;....IDAT8..U...0...).*.).).N......?...W]'%.(J.L.,M..{.c.......{Cpp..5.E..rCEl......z...`..SY.W......pN..5.Jx..w....7.........5\.l....;..4...%....4{.../.........W..j.....^E=..A.E.@.P..@.=1..... .. ......E...(N.'...8.........c..;HC.WE2.,..Z.@.v..t....'.hD..W..F..:p.g|....IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:20 GMT..Content-Type: image/png..Content-Length: 311..Connection: keep-alive..Etag: "4cc-50f9295f-2e1383c751194f05"..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:20 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a985df0ce0761-AMS...PNG........IHDR................;....IDAT8..U...0...).*.).).N......?...W]'%.(J.L.,M..{.c.......{Cpp..5.E..rCEl......z...`..SY.W......pN..5.Jx..w....7.........5\.l....;..4...%....4{.../.........W..j.....^E=..A.E.@.P..@.=1..... .. ......E...(N.'...8.........c..;HC.WE2.,..Z.@.v..t....'.hD..W..F..:p.g|....IEND.B`.....

GET /static/image/footer_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 85

Connection: keep-alive

Etag: "3f4-50f9295f-b0859217d11bcf11"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986d83070761-AMS

.PNG........IHDR.......K.....>.z.....IDAT..c...e...d..s....zX.b....'.%k......IEND.B`.....

GET /static/image/footer_home_ll_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 129

Connection: keep-alive

Etag: "41d-50f9295f-95da00cc70972737"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986de3100761-AMS

.PNG........IHDR.......3........x...HIDAT..e....0...t.R. ......!..:.~I...u;....1.4....8.Y.n#S...v.n..../S}.Y.0lB.Ga......IEND.B`.....

GET /static/image/ft_payoneer.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 1634

Connection: keep-alive

Etag: "68a-5131339a-1396711c46a71c6b"

Last-Modified: Fri, 01 Mar 2013 23:02:50 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986e43260761-AMS

.PNG........IHDR...Q.........3.......PLTE...lmm..%.........yzz........c~~~..................ijjPQQ...uvv................u.^__.|...........~...I.........[\\..N...bcc........z..v.y..x...................rss........-..#eff........x......Z[[.....E....}..|..z....RSSaaa........._``WXX]^^...abb\]]...............VWW.....................TUU...deeUVV.........XYY.........ghh........................stt.....................YZZ...opp...........................cdd...............fgg..x..................{||...kll...................}..................h...................................~..............................................................x.....`..............(................................e................{.........8..<..=.................................noo..r............{.............C.s............g...!.m.....IDATH.c..6`.r...H.{^k.=..D....f#8<.~*....:.....L..l...2....'._..D.5W#. .............F)...=o.........Lpd..h8...]= ..*.(]i& ..%M...N..r. s..../#.....G.O.M........nv...u.w....6P$ 4.....e]....".]..n.:...i.uw.N..MY.........T.YP.......".....v?-ww.t..G......|x...|.c..V..l....O......Y..}.C.......r..[....c5Q.O2J^PU...J..O....-.z:..#L...V..:H.q.q5u'....Q..~&..C8._.A?.F........5A,.....s.........2..(....0....,...}I[..;tN..... wDU.S".p.4...w...%.... (.=f...^wC.rww......8......T..4.O..J.n......3.....TxF...Di.X..z.k..s<2.b.Z^......8f......7....z.........A.> ..........c.vkNT..d.#]AAq,..!;.T..9dsL.....q..#.2;0...,.f..-.!..F.....n,.7!5....#).]Th..7O.....i_iVwGii_U....H.&.N.....11......eO'...ww.....M2qO...v..`...u..d

<<< skipped >>>

GET /static/image/button_join_tick.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 725

Connection: keep-alive

Etag: "6b7-51839c86-346dea2d3e41ae48"

Last-Modified: Fri, 03 May 2013 11:16:22 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9898a91d0761-AMS

.PNG........IHDR.............F.......IDAT8...Oh.a.._u%^T.).%..y..#.V.....Pv.$<....o8.....U[..@.z...B...p..*$x.%"C.s.........9....y~.>...>...`.N..p...S....V..^.!......[....Xs....^....L.......R.0..x.Z..."o..kh\.s@......a-{.{.....y .....G.3.....XUdR?Y2..R(.~(..................:...|..f..p.W.g1.....9..'.R.|xx..........K.Z....% ...l...\.....f..ZYY..uH.c..].....,.j....].2.L.s5......\....yy...t....7uw..../6'..M.].W.R.T....###.........~.U...v..V.u. ...*.N...F .....?!]....y......5.....%.Z./..u......@.]<....q.AY[.;.....Y..[...u..M...ByllL..}......z}...|_,.k.(~.:.kw.......lL.y<...].9A.>...K....1....\._..?.T..).....W:.eu`a...>==./..O....;...v.U)..J..LLL.X,...c....n..K.........[[[wc..=.9c.)5._...........G._..#.`..J..s....IEND.B`.....

GET /ga.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 12:44:45 GMT

Expires: Sun, 03 Aug 2014 00:44:45 GMT

Last-Modified: Tue, 17 Jun 2014 01:05:58 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15810

Age: 2379

Cache-Control: public, max-age=43200

Alternate-Protocol: 80:quic

...........}kW.:..w~....c...pk..f..-mii..%...e9..q.........$[NB.s.Y.........h43v..Pd.d.z..|..y ."........(..a.B........1..Tf..K.L2....~...ep...&y....MS...t9.....&..2... .Q.N.(o....8..q..L.!...a..0...$.pX..N&..a. ..zB:l.8c9.p.....;l..x.$c.]BP\.....B...&..*pz.H.~......g...Ap..!....K......V;l.H.....V.a.....s.$p....5.39...a.a7P'9.b.[H>N.$..A..... ..^..;h.h...2l_......w9..d.@.`...N.....|....%.d.%........{.....&.A.I..:....F.;..c..{P*..~..JzP.Kl...F..y.U8(&.......}.BH@..ZC...Ty. u.Y...!..R.h.F..`./>5...*{P..(..:A.}..v.} ..u...k......w\..d....he.q..U.u..yE..J.Re.....Y.2!.J.a..i^R....p..LG4.d.6U..........E..%..5.kz<....[..!2o.tV.V.....|..p7o..?N&..].o>.|...../..a.\...vL3].._....q.....C.].JG..\.[9...hp....w.Y^1..>..`..Q..!w0.U..}x.;^.......w.I................R..aQ2R..<..%....A%|.E...j...L..j..\.\.D.<.g....^Y)...L.*D........2....-..%F.T..j..,F...C.....m_.$..2..2.g...B.{.....\c......*5..c..J.{@...Q.....j..........E..Z...#>.....>...g{...t.....i1..Yk..@m..v.Cf..)..7.....(.......$\.S.......>......a..r..N. ........o;>...A..>...U...J'.....X....B.q..E....()..3. .... A".uss.;.......W.....k-..zF.\`Qp?........\d..a..A.1....5......Z.H...M"tf.GM. .X[.YU...T.._.lH......n@=1.5N....?Z...V>&."..Q$.....&.sS..Kq....].UySz=..3..$."....".'.Iar\Y.WVt\....;k..h._.O..b...2....G=H9@...v0l)2!..xD7...T..Di.v.RC`.m.8.\....J....h..uss.....p..)..O3.W....5....k...y.`^ ....&1..f"..D.w.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m.^..fM....>..>d..Q..!....P1......7L...[.........;.>_W.

<<< skipped >>>

GET /__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 31 Jul 2014 18:28:18 GMT

Server: Golfe2

Content-Length: 35

Age: 154571

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic

GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Thu, 31 Jul 2014 18:28:18 GMT..Server: Golfe2..Content-Length: 35..Age: 154571..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Protocol: 80:quic..GIF89a.............,...........D..;..

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 2631

Connection: keep-alive

Etag: "eb2-50f9295f-b7350d95446e43db"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989a09410761-AMS

.PNG........IHDR.......d.....p..}....IDATx....v....a^N.j.jzns...].N...$...1.......26E....Ak8~.<.h......Hr....k....V....(........(............P........P.........:........:...t..@A....t..@A.......(........(...\}A...?..`.(...P.........)..o.........i.....B.M...N...sz../$..uL........wu.......gh<VN...{..'V....k.Z..{S.W..._V... s..y*......H.y..TrL....s.m,....}....yd.F.L..:u. ....e?..f.....u...J)n....Q.........:..(U..1...u....@A....Q....Q.F...6.v..9......|O........s...XK.G...k...q...;.9k.....9...Mnn{c..on.........*..9...>I.p.y...R.(..-...Y?R.Nj.............n..s.....cJ..f....i.;.9..q..ol.........U"oR...q.u...|....D...3g>j........_........J..}.Y....o.s.9.:Gnu...f...`....9P.K~...h(...\uA.v'.....=....S...9m..K...x.k.9...z.>G....X|..J..9.b.......Rq.........rs<.n....; .J.Z{?6_5............]..7r...5O.~..........k-..N.G...Y.......:({....u.-d..`5(...\GAo..B...bm.m.....>.mw...6.\.~c.5B.wb.Sq...$....z.X....;qMSsU........vMF.....3..].u5GRc......MF>..]..&.>..i.o2.m......g.z.(.K.A#....;.Y.g......z~[...................P...@....N..........u.........gl\......973...]#...C.sC......P....ul.1......1..9&%..3..=...I..v.Z..gO.s..z....f.Y3O....F~6B-.f..Zw<gKN}S.o...yR.'.........l....-...gC....{....e,<.{o... G.\iA.s*B......z-..}A.../........h...u<......>...........I....b..]<.....Wa.C..?..9~..`.<.|px:........^.9@.O.C...? .z...C........V...X.O?4.3...=..../........at.......y.. .?..pr.M ...ZL.........>M....Y`_R..\..O.Q......'.......|..........{._?.....p...m..<._~...S..>m........o....[.dV.....v..

<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 90

Connection: keep-alive

Etag: "5a-50f9295f-a1f214bb4b677d67"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989a99560761-AMS

.PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D....".........IEND.B`.....

GET /static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 4197

Connection: keep-alive

Etag: "1111-50f9295f-f87e057d046f03d1"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989ae95f0761-AMS

.PNG........IHDR..............IJ.....PLTE....................................................................................................................................................................................................................................................NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...|.......(..$......b...l..F>n~.hh.H.....IDATx..].{...>.!.P1EZ.....dv.%Y...Z5YR.......?...D....H.e...'..$.{y....M.....PP.\..9..7O!....(l..M,....[/.(..)..`...@...G...@..%.c..7h. o. ..V;d.j.[.@.. .......X./.n...l7Q.`.B.o...@.vo.nR..0h....1 d....nz..]h..@r.........n...a?HY........2.Wk......n]aG.,.....f....$.*.<.4....nq...QQ..)...@.]:..`........*.g,}p....u..T...[8|.g............6w.7z>nV.;..*.......&...!....(.}.y;|e....p...w=!D.Un=.1...A\....... \.....e..@0..E.u....Tpq5.......s.q.....i!.q..a.....z.>..C.py...u .B". 8.."]x...5...&........ 6...........t.....H..5`....<Vh. '.8..W.....\......;.[.@$...H...=Evk...U....p.........y..B..0x4.. .vD....Z...Rwt...y8l...E....yf..bq.........`..."..B.. ........^..W({...@..8.Ltq.V.#..H>@.......;.....G.........>...vH$$$$$$....V.....g..U......kW...<.s..........*8.F.|s.]..a..:... u..[....A~...l.H~.....p.3..jZa.. ........7}.(D.g..u...:..E8/..)P...'B.....f;!B.1."@v...w....8.`..w.....$.G.V...cb43:*...G..M@..C8..................@h.Jz....>-.8.YL.KGW..iMoO...t.VO..f....i...N`....j......\C........f.Gb9..sq.E..i....v.@....`......`....... .....K..j=4<..^.2:....1.N...Y08.8.|s.@p.X.......>@.~.....:.'$$$$./d...~..<....j].`P...".

<<< skipped >>>

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT

Date: Thu, 31 Jul 2014 18:45:02 GMT

Expires: Fri, 31 Jul 2015 18:45:02 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33186

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 153546

Alternate-Protocol: 80:quic

.............~.F....?......!J......7.......Y...h....w.T*.".Y.Y...|.D.. (g..;.....b=q.8......?.....w.....>.......g{s.....2...........e. WK?VI.h....~.<n...fy6.....e.z...8.{.U......(.. .e.8....V...}.[..|../.......j-.~'...Q.....%Q.KV...Ec....q.{...x........*..^...^Vn........&_...~.....o.Z..~..^....{?.S..&.w.W.|A...r......t.../V.,.Dt.Pf...&yYLv.U......r.Q}.^']...*W.:H.........~_=.r..s.^..T..=l.]..)Vj.......^.ys...x...C_.h..&............`.^b<.^:_m1'Y....c.....e..1Oo....q...q.x......o...........?..q:..;.>.whu.....=.... . P..i...I..E.!..f.&v(.......m...r...w~.SW.......6p>...........,.........Lsj...L7..j.......y..'.F..h44..SY.V.......i.mw...4Yi.H{'.._..].9?...}..Jn................5Q%m.y.,v.5U.(.^..\-.R...?^m."...7e..vy...b...L..%....]..f...l5>...nw.rYx..|8..V.......0F..|4....<.q....d.(~...h....p.......q1.......y..ZF.p1..;.^..W.Y...(.....<x.F...iI.t..n..p.-......w.p:..I.\.:x\...H..T.j...../i..h....3....Y..w.......5...:..n.....U...]B..`.ZQ..nE}.....L..`..A..W....C.\'......e^./.j\[...6.v."..u...-..K.3Tb....24>,..hD.R..<.F..q5C..vR.iO)Z.(..&T..v.Z#.. .._ts..1.H..=....H1...6..@....9..v...=Q...RZ ..SIt.}.....J.me.....Yq`..5......5.....28L..~.-L.=...b)M'..Gd.....1..,.:H...f.....h..T. Q...~.|%#%....y....7....L......"QU.y0H...<.s....n....I'Z............A........K...k..2...P._..1Z...B..4~.&..h.o{.y..q.......Z..R...l......&.....>....P.......&.;W.3...L......@$...,....Q..U1..hC1.$ .;ByWj.M..... B=1....s_....:HP...&.7.&..>7.(=.....P.b8...Q..Nw,...E........t;.4..`..._ F.P.......t....hm..w...Q....

<<< skipped >>>

GET /ajax/libs/jqueryui/1.9.2/jquery-ui.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Tue, 27 Nov 2012 15:27:03 GMT

Date: Thu, 31 Jul 2014 18:45:10 GMT

Expires: Fri, 31 Jul 2015 18:45:10 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 62651

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 153545

Alternate-Protocol: 80:quic

............k{...(.........R.....`>..L.Ln'v&.QX?0.Zh(..@.....g]..........X.._.^{..........g...O~|y2<y?..y..~<.O..'.........m7.........hQ.@..r....&9........Ml$...wy.$.T..-...w....nz..x...)..Io.u.h}.U.K.W (.$f.....J7}.V0..:o.v.n..S~....X...nF...w......r..Um.........sp..9....Z.4..zs.u....w.k..wAE.f.n.....f.......~..Z.}.l..lV............n......5o3......)....@..IU.ni.. =.6.k\2:u.<~.;...c:...I.^....*...H..fz.u...&_.|........W..X#..6.._'E..et.>.O....x........&..|].......hZ........ M..,.......[...i=*.^|....|.....]...i..7.&..N..J.0(n.].....w..... ...........(....(7.v.Gy...Z......z.wH...y...h.#Y....e..a...I.a.m.W.._w<..|.G....u....}.....8;;.?b.M..`.^......z......~]4q@M.....D0...X..2.G.u^.k....e:....o.bX,.?/..v1..BR.g...O.U..G.ax.W.=Mq.m^.)3...I@.<...?>..I..x..?^}.....O......i2...../.~..E........m..q...........?$....W..~."y.......E......_.N...........7O.?O&c.......<.:.L.*....|..R&2E.>..L...._.....B..2..._............................._...;....../.. ...c...G..._$.......(.G.R....U..6.......^.Q...~....... .7o.:.....lqm.>.....M...n.j........0....r..n..{8..(.Vyh.l.Y.d...w...>(.,.j....1q.n....R...."lZ@..].....<...zB .$...h....U..m~....9.G.. \....lx.*>.K9....=......l}. ......../y../...../.G8....L.;.._....#@s.9fy..PA.......,........5J..m$!Y5....rD-...J0.).Pr.wE3.........Y.9.....^..`...q...`..o....f.DwM.;../.6..aF.dL.......a.......5....}...^$....,..}.L.h.{.).X.v.........`P.^..:......-....K../q4....m.."..tA.J.v....$..w@.d....p....M.]V3O..\_t&tp..i..i.......80.;....z<.U <..m......Y.(...

<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 4197

Connection: keep-alive

Etag: "1111-50f9295f-f87e057d046f03d1"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989a09ee0761-AMS

<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 2631

Connection: keep-alive

Etag: "eb2-50f9295f-b7350d95446e43db"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989ab9fb0761-AMS

<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 90

Connection: keep-alive

Etag: "5a-50f9295f-a1f214bb4b677d67"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989b4a0f0761-AMS

.PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D....".........IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:30 GMT..Content-Type: image/png..Content-Length: 90..Connection: keep-alive..Etag: "5a-50f9295f-a1f214bb4b677d67"..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:30 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a989b4a0f0761-AMS...PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D....".........IEND.B`.....

GET /b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7 HTTP/1.1

Accept: */*

Referer: hXXp://s7.addthis.com/static/r07/sh168.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: b.scorecardresearch.com

Connection: Keep-Alive

Cookie: UID=dc7262f-206.167.78.17-1360768137; UIDR=1360768137

HTTP/1.1 204 No Content

Content-Length: 0

Date: Sat, 02 Aug 2014 13:24:41 GMT

Connection: keep-alive

Set-Cookie: UID=dc7262f-206.167.78.17-1360768137; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com

Set-Cookie: UIDR=1406985881; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

HTTP/1.1 204 No Content..Content-Length: 0..Date: Sat, 02 Aug 2014 13:24:41 GMT..Connection: keep-alive..Set-Cookie: UID=dc7262f-206.167.78.17-1360768137; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com..Set-Cookie: UIDR=1406985881; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com..P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"..Pragma: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..

GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:23 GMT

Set-Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS;Domain=.google.com;Path=/;Expires=Sun, 01-Feb-2015 13:24:23 GMT;HttpOnly

P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 6676

Server: GSE

Alternate-Protocol: 80:quic

..........].m........(./5.;........Rb.06.$....t.....L.........e.gR:.s..#v....|.....L.....-...........g....4.G........E...u/...............d..z.7......i.j#.=_?...........T.(...Gi]...}...i............W...lG.#P...xI._...?.-....u_.....C..>Jo?..4...doo....6.0j5\>..C6...................w......'.....o..M.~.X...e...M.......a....V..<4...J.^-...L9~|......n...\./..<..o.=.._?.....Z_....,.o.t.../:.....Q.c.do.?.....z..>..G...Qh ....?^.\...........?.O..........o..o..o?.c}..:.w.Gin........0.....[G;....we/.8.{.m?...*w..^..Y.C.......D_IdDi.Lz4.].Wy.U....#i".Z.J..i.ga.......Ga.Z...i7;.tE..<...;...7Tp......e2..:...H.X...?65"^..M........./.9zv..G......P....B.....hm...&.bi|...=...W..4.F...pe...YKD...*'n-........:NY..W........z.[.:J4.y...knv.>keQ......'....6T.|R.W...K.Df....'......A..Hh)t[FS.k-.....sUn...(...7......q1Q)E.....Kb...(#H$,h....I.v..a&.w1.;.&......b.R...,/V)..X..tbz.....$.YR...'.....^7.....\.j.<...v...g^...S.1#..4....`......... ....Q..k%.....-.U..Z....b.... .7...:.L....\.I6.}V..2....ZuT...B..WG...GE.wY>y%jy..K../rh..OHX.A.i.#oOB|!..U..I...].0$F......:%$..*X^H...Olx|..7..L$F....Z.}..H.s...'.....c..{....b.9.#y.VL.......B9..'n.I.8..7Kv0I...._......5c.5..^.....$..........k.._....P1.o..n...M..P......#.U.n._?.H.8.O9l.........E.b..q.f.5...........S......H....bH....dc..2|......I.X)...V.$.=..kiG..p.d....`...Y....M....E.x(.}....KP...9DPi....fV.....=......98.>}.V{.l...D...2yq.7."{]yN..oPm.$../;..>.thn.3!m...m....Px......',..z....f}:.x.V....`vl-gJ.H.<n3F.lP33....q.X. O.g#...`f.hNM.7|.m..^u.)K...?..

<<< skipped >>>

GET /recaptcha/api/js/recaptcha.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Wed, 16 Jul 2014 09:49:49 GMT

Date: Sat, 02 Aug 2014 13:18:08 GMT

Expires: Sat, 02 Aug 2014 14:08:08 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33075

X-XSS-Protection: 1; mode=block

Age: 376

Cache-Control: public, max-age=3000

Alternate-Protocol: 80:quic

............{{.6.(..?...q.5-.._....m.....6..~@...K.JRv.......@.$A.n.{.y....$.....`0..j.....`U...`.1..'...,.&..[k..2....Wk.L.6..53p>s76'...........l.b.'a...!.7..d.b..y^....p.X.;...u.......wq..f..-.P.!.I``.......0q..$n.l.....1W...CxI..X..,..........{.n.5Z/|.W}.D.<..^F/.0........5S.3.e...~ i.......7...2...7o."..L]m .x....4..@..I..b.$.}k.r<...d..|k9L.......P)cI....o......L.~k.....Z`..0LGJ.....qw.._.........M..tl..zqUc....b...o.G../....e.x.....0......QZN.C`.Mhx(C.B...-)b......9...@}\..YEs.......V.d.6...\k).B.[ ,.r..*.z$.....[.1.=.z.^..... ....p..F...F<.h#..`'..h....P.....L\Q.z.i.7.\C."AI.;H...<g1o......i.W........M.E...B>.5.a.-or>v?5O......z......._.77.[....>f........n*.k....Q........E.{Fs.....x...1...g..V......M....87#..........g..Eg./Y.$...4....p..A8a..a.W.p.Y....O.i2..{qC..}7..`.*FV:.h........J7....R....0~..$.-.....qT3.r..cw....z......>.4~....x..<:.q.2|ob.I.3J3..{JI.....8...F."Z....%.O.e`B...O.=>:.=..(J%E..[..*.....d3~......@;.>>...Bk(..`...&..Z............5...r.........h.P3....c.ghB1.W.....z....3.Bo..-..'...F&?..|........6c.%6....7.!3`.L.2....-.k...c]>....'.i..&..BE...`.U.[........9.fX....`hH...N....1D"../...9..3...>.P......lu..#.>.........N..h...}.{.6.........M.T0.-..e.Xt.5......&T.VL..]x..z...A.E(I.td.....:u]./..r..F...8~l<.y.l............F|.|.$...Y...m1SC'T.!(..h..._.yP.....0.|....9...........h.f......w..:.a....[.... 3......._.0...Q3.=v....&.q\.u.G.....fY.&...j..h.{..Wcl.3.:mb3.z,...P<....G.c..~.b........Oc........8X.s....:.k..$...c...E.../F.,@Y..7..oiU..5

<<< skipped >>>

GET /js/th/Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 17 Jul 2014 12:32:21 GMT

Date: Mon, 28 Jul 2014 03:18:38 GMT

Expires: Tue, 28 Jul 2015 03:18:38 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5671

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 468346

Alternate-Protocol: 80:quic

...........:.w.....|.\....I.@p.4.c.N_YB{d[.4.PcH....f$...l......1.F..H.....d\....Vz...d<.....x..R2-..4..../.._......._:|...q...6s~..?0G....&..K.......e..:.%7.....z&..........`.!..e?/..y.#.a..._.X$.828V..6..9..*9..2.X.....^-..&.8.k..CX....z..8...C..MW.x.T..DEB.VF..8".J..Z("?.*.c.yb4..g.7..Y8v.]...L.....1L,b...[..a.j2..>....}.).;.......Sm.J.n.E8.%..-..#[....._...1..IJ.5.m.... 7.S...F. .c.........Ve.&..{...Y.Z.k..,kX.L:.ilv....`nm..G.IH.........=......6~..Z...?.X...?.:....=.o..k.9...aY:a... ...%.B.%.#..l.....K...^..N..A....Z..c.'....'...g?k....}.%....]3.w.X..R.^_3.X#..s.........P<JH.g.WSO.'kz.......s..._.>?^.K2h......9..-b...C..S7....x...{....3....8..7..\..S................>.hH#:.1M.&)........Az:.N].g.qR..,..0.|.......x}h.r.{.|j...Oz...x.^.$.M...r..t.P..;u).~Wt|."7.s...d..!...F.....f...z~..'...}bP..u....xS<..E...Y..0..?.......... .`@=...d...~...N;......(1...uB... .....L..L......)6..e0.}.GH......9... .... .t.Y...}..i....G....i.@..2.z?Cq.....iO.w....q.....R.........AMe.s~...G.,...8l0.Ns...nj[:....an..#@.01=B.....;....L..F..o...W.A.mn.....h..De...yH..6l.-..E...vDp Gx.O.s...X...x...GH.................o..{......_.....z..../.I4.....byyu..n7................~2.I........o...k...t...#..=-aKK.rV..}.)..J.a.....r1.r..*Q..z#.[..!O.....H.....8.V.7%..TcR....q..8.$.F.<wc!..|..^!...g.....Fs.....P..:...S\....e5.n.n..X.T.....l.6..x.zSp.L.......j..;v.C!%s..8 ..x..C..L..M..%s..4...=S[w/P.]......%.0..yZ*.e.jm.C~-./.pni.Y..,.>..#.iIC..@../............3.d.ii....7.=gYO.@<-e=..m......b1....F....4.r]....i......-..

<<< skipped >>>

GET /recaptcha/api/img/red/sprite.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 09 Jul 2014 00:21:01 GMT

Date: Wed, 30 Jul 2014 14:19:00 GMT

Expires: Wed, 06 Aug 2014 14:19:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 6523

X-XSS-Protection: 1; mode=block

Age: 255924

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

.PNG........IHDR...W...H.....B.......tEXtSoftware.Adobe ImageReadyq.e<...siTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a027154a-1d27-493d-8dba-70d5c6309dcd" xmpMM:DocumentID="xmp.did:DC3CA263F59A11E381E896CBEFA59130" xmpMM:InstanceID="xmp.iid:DC3CA262F59A11E381E896CBEFA59130" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3d86b8b8-9b35-4adb-b633-3cfc4eaa5dfb" stRef:documentID="xmp.did:a027154a-1d27-493d-8dba-70d5c6309dcd"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...X....IDATx....XT....3..".wDT./...b......b....W...Si'...[...%/...).<.._iv..........x.....0..|{.a....0........{.Y..{..~.........Y."AC.X.1....~=as.........wl....|.l.....A.7. 02.... ...4..w..!}}:n....bc..8..F...*.W.....I..g..I4...|.'.....5..C..9.]H.R.....>....~...A.Z........dg.Z~...I..b#H.\pQ..'..0...m..4.bA.o.W.h^.:.....F.;4.....fR9....(.....Z............ZC...-.K....%.RI..c......^nX..6.;;.....[.r..A"...c5`.R#R.D&..C.4........vL[.l..a....,a.....hJ..^W.t......x...A!<x.2.^.a}r*....T..P".....2..=...E.m.w....

<<< skipped >>>

GET /recaptcha/api/img/red/audio.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Thu, 31 Jul 2014 08:09:51 GMT

Expires: Thu, 07 Aug 2014 08:09:51 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 914

X-XSS-Protection: 1; mode=block

Age: 191673

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

GIF89a........4!.$....J...@....4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..........o....H................X..!...)b$P.#...9........Qf.(....#U~...eK.1q:,.....2y...SgC..O..I..H.M.v..4.E.Q=F. ..W.....;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT..Date: Thu, 31 Jul 2014 08:09:51 GMT..Expires: Thu, 07 Aug 2014 08:09:51 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 914..X-XSS-Protection: 1; mode=block..Age: 191673..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic..GIF89a........4!.$....J...@....4...................................................................................................................................................................................................................................................

<<< skipped >>>

GET /recaptcha/api/img/red/text.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Thu, 31 Jul 2014 08:25:07 GMT

Expires: Thu, 07 Aug 2014 08:25:07 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 155

X-XSS-Protection: 1; mode=block

Age: 190757

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

GIF89a....................4!.$..A/.M=.ZK.gY..u.........J..4..,..........P..I...9... .la...0....h8(F.$H..$.p.......&c.YR.......>.M.. .1.<.!AN......>I0p.#..;....

GET /recaptcha/api/img/red/help.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Wed, 30 Jul 2014 14:44:34 GMT

Expires: Wed, 06 Aug 2014 14:44:34 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 367

X-XSS-Protection: 1; mode=block

Age: 254390

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

GIF89a........4!J............}q.5"|..............j........Z.......t..../..3!.$..@....t..m..n...1..2.h...sfR..T...'..(........................................................................................,.............`H,......D*....@........x....y,x=...[8.......4....H.H$.v^.zH}...._.c{Dq..$._y.Hf...._m.G\..k.an .HQSUWG..."M.C!.....L..#......D.........J........A.;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT..Date: Wed, 30 Jul 2014 14:44:34 GMT..Expires: Wed, 06 Aug 2014 14:44:34 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 367..X-XSS-Protection: 1; mode=block..Age: 254390..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic..GIF89a........4!J............}q.5"|..............j........Z.......t..../..3!.$..@....t..m..n...1..2.h...sfR..T...'..(........................................................................................,.............`H,......D*....@........x....y,x=...[8.......4....H.H$.v^.zH}...._.c{Dq..$._y.Hf...._m.G\..k.an .HQSUWG..."M.C!.....L..#......D.........J........A.;....

GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 6688

Server: GSE

Alternate-Protocol: 80:quic

..........].k........(./5.3]..dow.i)1... .....J@P..`..6f.....e.gR..JH..k..}^2.z...IS..\.e6.s.._~..?.._p@.f<5?......g.....6l.l..?...?Ut..].F..o.....i.{...o.4.7.....:.sM........~....x.|v....c.#...u.?]...$.~...9..}hN...\...5X.w....dWc.D&.....A...q.k;......4..vtoIy.o......yp....t....F.....g........k........<4....6......r<.......n...\...y.............._......{.[9....E.....qT...... ....._..g...~..3.$._....5.......n........r...p.O...g.......X_......Q.[..3.Y...f.}.....]...}Hk...?.l.]..F..&j.mjDO...r..Ga..P.......vmT.QW..?......X.<...................b,V..>....4....z.J.Z2OW..w..&g{.{...q.:<b.nX.~$...C?....*o...._V.kJ.t.|............ ..QQ...l. V....~1a>J.Y....TB..Os...s.g"M....z.#]v.I....^.X.....I|4I..j....v...9...*..R.=*a...c9Z(...&.....'\.....?........RN..}..\u.O..4zb.a....<.....{T....M6x.YC./.<.>,^.G^.G...Cz89......>i..y..O5..;o}..N...Cbr.....g6Y.^)<GL_....I-.T.r...db.*.$.?..I...*.,..B.Q_...x..O6.0...0../..i.|.j....tM`.kk62..4o.lD.1\/:v-.....J$/.K.j..{.F..b8-J..d..v.Q..W..Ta{..M.J.l$e.9..C...{m..1.gVK..m.U~..n..|p.....o..*.i's.lz.]Q.k......x..s.........zp...kFQY.......Z..=...c?v.-......m. d(.....P....a......k>.^M$.P6N.2.O........*.7|.....!6 }....u......k9...Sif.'^....... ....Fi.l>.67. ....N....8..=]*...V..'..sZ.I.....:.._.R,c...\b.3.i....b.(%.........Y.....KC..&.....K....aZ.Uo....?_........<Ka,...R.....WM.Ml.}...X......*u../%.d.,O..C..f.".`..J<.BDF........Z.I..}<.Vj..rme..96QY...6...5..[..zn..0.......W.9..\...u.|...Ao..GNi.1..V...X.4-.k.........@....8wq.EEak.......y^.!

<<< skipped >>>

GET /recaptcha/api/img/red/refresh.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Thu, 31 Jul 2014 07:52:38 GMT

Expires: Thu, 07 Aug 2014 07:52:38 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 974

X-XSS-Protection: 1; mode=block

Age: 192706

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

GIF89a........4!J............}q....5"j.....].........$.y..U...............3!.1........|o.cT.6#.9&....'..(...x.F5.......wjh..q..p............6$....]M........|.>,.............L;.|p...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..............`.@A....*T.......4.......%4@0a....0.......&<...ad...*.<P.....,... .....F8!......D.aCDP..D..I....5...9 .H.2...0B...b....#....3..* ........t.......(..M......B.J.S.K.,ye...;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT..Date: Thu, 31 Jul 2014 07:52:38 GMT..Expires: Thu, 07 Aug 2014 07:52:38 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 974..X-XSS-Protection: 1; mode=block..Age: 192706..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic..GIF89a........4!J............}q....5"j.....].........$.y..U...............3!.1........|o.cT.6#.9&....'..(...x.F5.......wjh..q..p............6$....]M........|.>,.............L;.|p.........................

<<< skipped >>>

GET /recaptcha/api/reload?c=03AHJ_VuvYPttqF2q1i-Xe_w7vxSeUu624qFaI-wqllz21Fjy8gNmUAk9_IflsXZQZOR1RPQga0rE3O9yvEb3hiOksEGHZ0ckhRy_rdSlNM9nl_EZVNFpLoMP8cv_fP0R9ErMrIblKseEPGN6TgaBInDeWlI7JMI29ih4Fs40mndZmoqvKlN4T2grLtkPnge-g8GakW9Pg67Tue_oEo3JosZzH2Ad0WejzuYFV5ir0ln7Q4Xx6clfFug0&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAXfYAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV0_V2SfNI5vJnOkAF HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 263

Server: GSE

Alternate-Protocol: 80:quic

..........%..n.0..._..[2.......B..V........Rn_.%{998..g.e.G. .f.&).A......nDt8P.#8.t..%...0>.^.*..'-..Q..n....Bul.,.M..m.d.........W.....q..}RD........mnw$..'h.rc...K.p....C....K\*.5....^...C.j..}.....y;..k&.v1-.{C1;c}.w.....P...WBd&...E.[..,.=`._*Q...}..7.Y6....HTTP/1.1 200 OK..Cache-Control: no-cache, no-store, max-age=0, must-revalidate..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Date: Sat, 02 Aug 2014 13:24:30 GMT..Content-Type: text/javascript..Content-Encoding: gzip..X-Content-Type-Options: nosniff..X-XSS-Protection: 1; mode=block..Content-Length: 263..Server: GSE..Alternate-Protocol: 80:quic............%..n.0..._..[2.......B..V........Rn_.%{998..g.e.G. .f.&).A......nDt8P.#8.t..%...0>.^.*..'-..Q..n....Bul.,.M..m.d.........W.....q..}RD........mnw$..'h.rc...K.p....C....K\*.5....^...C.j..}.....y;..k&.v1-.{C1;c}.w.....P...WBd&...E.[..,.=`._*Q...}..7.Y6........

GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&_=1406985884566 HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 6676

Server: GSE

Alternate-Protocol: 80:quic

..........].k..J......./{F.t..L...I.!.... ......;1...I......}.93)e.....b..}.......B.....-...._......_......../.........._.._.`h..w...l#....C..N...S..~.......tY?~.w.?1t......^...9.].?}........_........Fa..r.YN.-..v.=pH....sz.8..:,.~.....=f.$...=./.....<........~..b......]..v~|Tom.{.f?...)..v."-.{..t...?.u..uhn_3........r....W..7=....._j.y...~[.......i.\.......o.t.......-..Y.c.d?....=.!z.._../....B[a.>.....~...24.G.......~....p.?..........\..v.u|....<...r...{a..?w~...._..?....@.U..._{T......C..6.V...YZ_IdDi.LzkJ.6........F.D....:.......e..........v..1.ZZ.8W>.T..M..dg.j.i5...C......,u....Gn/.u..R.......i.s. .,..*5f...C'jM.&..n...V...~..=....".h..]{....M....*C....$.K..< T...=.....-.t.Q...[..6u...)Oze....@...C9..227b....N.S{.UP..]2....F...E.4!.......k.s.O.D......^....&u.ab.._U.X.........,....U..I.hehK|..r....sF....V.8..&I(..6...r....?v..w'..T.a...F..Ve)>. {.Y..7.w....(..H.:.> AS..]e.W1..F....'..PF...Qu.%..J:.........I,....9.=..kf[e3`.d...b...%....~..O.....;....H..H.j........,h=.h.d.Q........S.em............E.....n.t...n<H....tp.....l..X.R~...,...=.[.D......<.....>Y.@Cy.."...3v.C/..M.6.c;....W..JP..]..X.....`z.m..d.X 5r4..O6............R.K...O"b&.Ir...9.N...d...S.=.u...!........v.IsM....:...%...q..fr..%....cZ.6......{2zE....k.l"N.u."|R....'a...dG;.H.....68Hy. z-..........}[....E..~B.".X..{..N.TZ..f!.....v. .....s#..dsPr......>...,Ps...0LD... ...*-}S..e..$p.\...&.d.v.i............Uxt..x%..eHy..S:...{_.yA.....(;..6..}.P.].mMb4...^.....r.l.......rg.k.g!4t".y..7.v.&2..W.$'..W.....e.-...6$

<<< skipped >>>

GET /recaptcha/api/image?c=03AHJ_VutRa9ox0QVJS6aXVk1OO6dTJv1GnVUfSAjBXCn9FiH4iCYYu9KH052tFvKvsqJ1EEhc2yrBZvtz40X6qHWgxN5xvekcoSZVQDr5H0sjHtVf6rUuXjbiCNsiw7AGRl9dbGMJRr-dxR-i-kC8Xucuzyv-6Au0wbgqgYXNngqzGL01LyCsOEeu_WEG6BUwkzKxqPRmUPgRpiMJbdJdinuuhEVcTyXJCg&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAC_YAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV1aB2SfN6ceYpUNGk HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Expires: Sat, 02 Aug 2014 13:34:34 GMT

Date: Sat, 02 Aug 2014 13:24:34 GMT

Cache-Control: public, max-age=600

Content-Type: image/jpeg

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 2939

Server: GSE

Alternate-Protocol: 80:quic

......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342......9.,.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?...(.....g`.:.8....ln.....fRT..V .....'.w...~6h....Um:.h.d....1...Lgn.....W.2j....k..CJ.u x..l..r.N...vgo!.#..=....5,..Gv8....RDr.........@fPI........A"3.WRT..zR.*)f (.$..|.........:.C.M.,..{...F...(.....;....4.pH.,.....5.QE.QE.QE.QE.QE.QE..........{.p.. .83........k.<........i....4P\... 3.f...N....|j..~0.b.&HRH S ...{.j......=w`y.s...U.;..Q..:..m.5..)...7.\...`.;.O....[?.S..x^M.J.........(.....:g...^.....?.5?..<.......o1.!U...\.........B....-g..y cjE....@X(.....q..\......K.n..\.. .VAyl...L...s.....v...k.!....Z...T.VCy....).'.<du....|N.......E..(uY.1t#.>f.....1...}Oi.YA..<..}.SQE.QE.QE.QE.QE.QE.Q\O./..x..#L.....n..#'.f.....a.5....~.m..mv. ..D../.l..B./.|..O.....-v.X. ..<..$a9..y,X.Ga.m|K.a...M"X.[hd.R.]..[n....s.......>(.... .....k....Y.G.=.<...j.~..P.7w.4..6Kwe..5....b..... ....<.W../u........1..G....=p2G........G.....^h.)..y....0c.......X^.._.....xsI...M....|...A..I .0.c..]?./...,.N..A.y....Y.z\.a....q.\..~.|J.t6R..F-.......K.:.........E...A...Y..;h.....@.1...^..*.......&...Ekk..I!.......4......S..uqa.....%.......=:.u.....e...".........O.s..3. f.....;.;..-...X.:...pjj(..(..(..(..(..(.. ...[y.<R.GC.....W.>.O.X.c.O.....Ky...(c..X....@..t.............E%..e

<<< skipped >>>

GET /recaptcha/api/reload?c=03AHJ_VusI_eEmhEkfWUXhL203jVTjnGNwCKzxdNvV-rOgJ85wx0HQwxgfD4I-T0iEXi-03GOaup03o4cJvDV0TAEUZCr671PSBfYVJDGHGaAOidSXNihNV5zIfE3NQ8F043KPgLUpbCwgDG8TP9x9FT9MHR0efGrwf2iCp3vL0PgCxVo92sNpO166mJ92oOch238gb6hJfJxS8kAQKGrn2k0HdVzrJMA3Fw&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAD7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NemujaIQd2YQPhUEm HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:43 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 262

Server: GSE

Alternate-Protocol: 80:quic

..........%..N.0...W..&j`-.....u0.D.\...O..\........E6.E....k.:...d.Q...Gi..xpEpr........9..b.../.t.,0..Z\.L..J.2.yxt..#..I.F....O...t=..s[eo.X.t_uv.p>....#......:PW...H`.m..7.re.....XL.2u.>;.r@..!.cq^...6.gM.VSy.....IJ.mj^.F.#.....8..Q.......YE.........!.......HTTP/1.1 200 OK..Cache-Control: no-cache, no-store, max-age=0, must-revalidate..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Date: Sat, 02 Aug 2014 13:24:43 GMT..Content-Type: text/javascript..Content-Encoding: gzip..X-Content-Type-Options: nosniff..X-XSS-Protection: 1; mode=block..Content-Length: 262..Server: GSE..Alternate-Protocol: 80:quic............%..N.0...W..&j`-.....u0.D.\...O..\........E6.E....k.:...d.Q...Gi..xpEpr........9..b.../.t.,0..Z\.L..J.2.yxt..#..I.F....O...t=..s[eo.X.t_uv.p>....#......:PW...H`.m..7.re.....XL.2u.>;.r@..!.cq^...6.gM.VSy.....IJ.mj^.F.#.....8..Q.......YE.........!.........

GET /feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740 HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: q.addthis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache, s-maxage=3600

Last-Modified: Sat, 02 Aug 2014 13:16:44 GMT

Content-Type: application/javascript;charset=UTF-8

Transfer-Encoding: chunked

Date: Sat, 02 Aug 2014 13:24:41 GMT

Via: 1.1 varnish

Age: 476

Connection: keep-alive

X-Served-By: cache-fra1221-FRA

X-Cache: HIT

X-Cache-Hits: 230

X-Timer: S1406985881.334395,VS0,VE0

Vary: Accept-Encoding

20.._ate.cbs.fds_ra53993a6f0d2e8c740..8b..({"_default":{"widgets":{"tbx":{"elements":".addthis_sharing_toolbox","numPreferredServices":5,"services":"twitter,facebook,linkedin"}}}});..0..

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:02 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.adf.ly; HttpOnly

Vary: Accept-Encoding

X-Powered-By: PHP/5.5.8

Set-Cookie: FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; path=/; domain=.adf.ly

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

X-Frame-Options: SAMEORIGIN

Server: cloudflare-nginx

CF-RAY: 153a97e75c5f075b-AMS

Content-Encoding: gzip

<<< skipped >>>

GET /static/image/testimonials/andresatria_small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/jpeg

Content-Length: 1095

Connection: keep-alive

Etag: "a11-50fec6f1-6e97f3a5aa03044c"

Last-Modified: Tue, 22 Jan 2013 17:05:53 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a984f9d13075b-AMS

......JFIF.............C..............................................!........."$".$.......C.......................................................................-.$..".......................................0..........................!..1"A.2Qaq....BR.........................................................!1.A............?...W... f.N..-q....g..V.j..-...vGnB.l.......*...7bh.%>..i...8.......w.h.ase."s.r..9/..q~..{...g.......r...........G.......f.'...$...p...Qt..5......vv-.&.o...r.I....,.-..aHC...~.......b[....R7.F........iS...^.....su>..4..SPn\]Q..;..r.fBW.....p.@I.D..7.}=v.,.lO.,-h.u} V...R..#..r.\S..]1....p.l.-6..O..'.v....w.w."M.s..>..........@NS..T...G..v......C........%./HXm9s.e.8..p*....N....qq.o....Xq$.|..D:.r...{..i,.)."-'. pA ...{h-j-$.eG......HP'g>.b...)D..]..&b.Y..5...>,..M*...\~.....m.....'..G.J..052..:..7Q.;OK.6.u...@Js.B.I...j..l.o6.Y.....m,....y.R.Mf...lZ./...Am........y.j....Zu.V.w[Y.eD........m........4M..p.i.....<....1.m7....Y..{..p..JI.#..}.#..k..u..I^........g.9....3./........y.....q."...gS_.J.XX.;.g^-.....9)'....q.('..C..=|.j..-.......7....p......Sm5.1Y......

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98de50500761-AMS

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98ded05e0761-AMS

GET /static/image/ie6-warning/browser_safari.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 4834

Connection: keep-alive

Etag: "12e2-50feb3ff-92be58ed00a33337"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98df80730761-AMS

GIF89ad.d.......EEELm.4........,s.....n..[..........)))......M....................yyyZZZA..v...........s.........{_F..?Z.U..m..B.. m.Q..d..3..9.....S...w6.N.t..,G|g.........K.H..I...../~........jbe...........8a.w......=...........4v@.....q..s......................."f.....A..............V/............ ^.......|..............W..Hz.iiib.............qvm|...V........ppq...vE=......Yx................!.......,....d.d............................................C.>..n....n.....Cn.......R...>]..C....._.].....>M........|]...sMJn....>X]JJ........C.X.>_...0.......b.....s.0..@.....i....C.S...P'..9x..P..#.709v.....<.. .x@....l1.E...].fBz...?.....D.jU6..<..lJ....*m$.../F.8X....?.....PO...c....@..?n..m.D..l.....e.......[.c......S........=......`Q..N.9....L.....5..S...d......x......"eH.!..HU0$B....*........P X2@....\X/.xq.yp...`*.......O.\......R\`.q.I@A.>4..g_H1......fp..G.X.../...U....@I.`....`.....!c...0...@C!...&E6_.....|............S.j.....H...e....Zj....|a....HP..IT..,.."c.HA.Zn.p..)J)..at....,.D......?.!..........@.....6...d...FA......Ll...mLph.8..C.@....]V0..*.P...2.e.M..PV.}'..u.....L.e.8....?,`A......8.......@..b.\..5.F...3.K.D0...u.F......LL.*..r@...Z....'.0.?h)...D`..j\0..cup.........dxo......?....,,`..@L`...L...8.:A.H..EC.W...y..O..<......C....A.={qh...0..?.....hPm.7W.C.dh9...L...R...BFj...u.P..].a ....D......4.....,q........8...l...........[7&.L...A.P..<.a3......c.@..cD~..d....QX...?....ML.w.f.'.X.[.......4..1..H..........c. .....>.dl.@.,l`..#P.....q..._.t&..._.d.!p..1.......,A.8`..

<<< skipped >>>

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98dff07b0761-AMS

GET /static/image/ie6-warning/browser_chrome.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 4949

Connection: keep-alive

Etag: "1355-50feb3ff-ddf5500540a2733d"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98e090850761-AMS

GIF89ad.d....C..f..*%$r..')$)( a."...O$...... .. .....".. Y%*)2;03,R*-....56..!730J.....B43.."E77*A0:<8@;9>;?J90<>/G=..BO.,/9BC(GL9FK*N7"Q3.T .Qm(MaKER.*/\BB9N;DGb.(0.UyNJ:KJG.#7THILJM.0(aK(.` .;4.^..61.<?fNX^UT2fAE`IE^i.k.dZ;.S.*l=[\L.j..;C_[e.p..E6Y`W.u2.[..s.:ju.EIJn</w:#|7ica.LGTh.(~2.{.9x=.Q;6r..aXAxM.XR/v.-.8.XI&.:sn[.\hvmo?.F7.C#..osm$..[}\}vV3.;=..I.NQ.\.kg.eV8.A.e^8.=.xI.n[..UI.NB..@....2R.XH..^.Z9...tg>.BW....GL..d.f~...ydt.kn.lF.C.}z?.C..s..Um..R....wz.|.}o..YJ.Ie.gT.S..._.....o.u..w_.].........\.X..|.....-q....#n.gw.s.....j...........R..c..E........6..y.....s.....'........v...........M.....D..$........d..%........Y...........N..=..............I.....4...........i.....&...........M..............D.................;..U..E.....O.....g..z...........................!.......,....d.d........H......*\......#J.H.....3j...... C..I....(S.\.........wO.M.2...)S..f.~..E..._@....S....HI......U....l.=.M%>m&....h..U[...bJ..].O^.[....k....^.....o....q]:..L.u....%....3k.....,{..j..1Ay..t^......c...[s......j...b<r..\.....` X...s..d..<..._....7.X).2\.d.........W0......._.[...Y ...o..7B....T.e........6.@|.........=.......A.......$...s.M..)..$.0.D.B....I.....z.....@..c.#>.^.u4..I/...-...B(.....B..e.'F..5K..b .<........@6...p....2,A..K,!.....@.[.8.....bIc..J4..`A............$...x.r.,..zJ..&p).@.(....!OI.....'..c.0oD..7..........v|..,.... ...........iP.=<Qc.(..c.5.(..".4....bp...& ..?. ..?.Q...bB...f.'.>....J........5.D...m..J..8.....B...<..............2....N....Ar.G..".).x.0.o...-

<<< skipped >>>

GET /live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0&lt=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener HTTP/1.1

Accept: */*

Referer: hXXp://s7.addthis.com/static/r07/sh168.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: m.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Cache-Control: max-age=0, no-cache, no-store

Pragma: no-cache

Set-Cookie: bt2=53dce699001s70001;Path=/;Domain=.addthis.com;Expires=Wed, 15-Apr-2015 13:24:41 GMT

Set-Cookie: di2=N9OL95.UYM;Path=/;Domain=.addthis.com;Expires=Mon, 01-Aug-2016 13:24:41 GMT

Set-Cookie: bt=;Path=/;Domain=.addthis.com;Expires=Thu, 01-Jan-1970 00:00:00 GMT

Set-Cookie: dt=X;Path=/;Domain=.addthis.com;Expires=Mon, 01-Sep-2014 13:24:41 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"

Content-Type: application/javascript;charset=UTF-8

Content-Encoding: gzip

Connection: close

..........5OMk.0../:m..0.%...t.@..K......k.YY...........IO.d,....!......=G(...&r.vVPB.... .....s...W.4....o......{7f.N.3.7.|o.....{99.|..`>.@....>2@!....6...7-....#...#.......*L...^x...2#.^*.B...~Dm=..z]...b\.......

GET /static/image/ie6-warning/browser_ie.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 3621

Connection: keep-alive

Etag: "e25-50feb3ff-74bc5aa87252c7d"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98de63740761-AMS

GIF89ad.d..../................2....s...LS^e.M..............X..LzQ..Vm~6.....U.......O...1....Qj...... T..m......g....w...........H..>....8i.................i...3m..^.l}...M..K.f.v.........}............5.r....(v...N.......~....#0@.......Pq...w...._dV....A...e.~..s.UV..6DQ.............|...!......?........d........2..;bw..g.....:.c...6.n."......Z..A}......>~...$......R......A`............)..&.....!.......,....d.d................................................XC.%.....*\.._.M.[[...@.@tV_...`".[<..[..FyyF.s.>...X.M.0=<<>Vyw.w*t@>...#.M.0p==.y#...SA..=q.......#.@...t...8 .:.....D..$q....$9.....G.. 4l.dE..AIv.IP...4G.T.y.F.r0V 0rI.....T!@...%;(...#O...p$......u*.y.....?..,q...].\W...t...h..M2).G\...$p..........,.....H.b...hf8..b..;K.7...$.... .."...._#..zF.G*$.r..........;...,j...B.u..$...... ..P....y.;.(.`.........9.u=...@...v..,2....r...I`...H..~..g....P.|.PP.}........]..%......C.T.1...,q.. >(..{..AK.a.a......3...P.$.\.).....PBY............."..~..8e.al....l..!..(J.-R1..tV...7.....]...`.9$.E.ih.vTP..j.2.<.......ii......C...|f.J..eFi.....h.i.A.*DP.F... ....J..5..B.8x.........".j.P4;....QEZ..0^.e......QC.......*z...BaG..:;A.r.....0...J`...B|....~.........N0A..f.p..j...h.Y...-*....s.....,...\...n..f......}..p.P<ls.]t.G.Z.....80...w,.....i.....OU.........].|3.8.l..}.....-Q...../.n@0..&.....(........h@...9..x._[.E.n...(.....J@.v.& ....LE...$.G.m.>x..#N6.fG*...C@....12.,......a...........'I..2..W^....Kr.S.!.$.t.....^.........JU...'_y. .%..4tp.....A.:.......r..%...p.Z..@..U.........4.A..

<<< skipped >>>

GET /static/image/ie6-warning/browser_firefox.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 4204

Connection: keep-alive

Etag: "106c-50feb3ff-6fa54936e724cc72"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98dee38b0761-AMS

GIF89ad.d......QBx..y.i...I.............H...h ...M...................o..c..0.q..7h.'.U....)..X.s.;k.nnn..L..N.9...4..&.m`.......m*t..............)O.......UTTuL,..*.i.G......C}3d...@.q.)...a..T...O..L..j..9..............:.~!..y",|...kTN}...................a6]...X..i.../Hi.y:....!...>`.........dC}$.............V`.....X....i......b...1..-....O.........$..".....v.{...3W@<._....?D..............t....!.......,....d.d..........................................................x.`cyGGyy,.yc``x...b.ymmi8.99.J9..88ii5.`b..%.cGm...ZZ.[[@J.Z....imGc.{.....A..`..&...{....-9....._.....l...Bw.86..._...KX$d..5..6.d.....8.p.Q....y..,.....ZfrTX..G7(.@."eB.*?.......Cb\^.!S)....r\0...#s.4x.A....fZ...G. <G..t1....'. .........I..C..r..8@.N...Pd........]..X.......M....Z$..`.F.*0...."..T.z.. .............KP|q..Bm....>.`..:1Z..r%...).H9f*..8u.,Ac.Yt...............w.*.....s..1.q..7..G........Q._..PA...q.O.8.C....F~.|.@..0p........&x...u0...H.....>.A.4.h..sp...&. @..TpG.5..Bo..........Dd1Ao.`..mZ0..<0&.....f..7. ...<...4HQ..s....;..G......SL..^s.`D.Cd.F.<.`C..)...g.....*a.......BhV...z...K.qC.$r...;..C.>|....n........c.aP..@........,.....(p.f.H B.)....F..O'O.@..e,....,...=......0D..~.....s'..)....,........p...B.s.@...<q..:d.C.E....[f.....@G.6...l....u.$P... .q. o....H....b...*. ..El...^g...d..s.v..3.l..!.X.a....7.p.= E.Vj.G......`..u.d.l6.*t...?G...A&....0.......................2.nv....3.X. ...G....&.;e6. .{..!..O..2&..Q..:.`...'>.. ....&.......`...k.;o5t........S..7&<p.}.8W.{..........g.....|...e0V...`t4

<<< skipped >>>

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98df83a30761-AMS

GET /static/image/ie6-warning/browser_opera.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 3275

Connection: keep-alive

Etag: "ccb-50feb3ff-4800cd42c7246c77"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98e023c10761-AMS

GIF89ad.d........!.aai.xy.78..........V[.fj.............BF.77.$...........FK....}~......................$!.sv....=?...., ....JK.Za.......KP.22.......*&.......B@....($....QVl...wx.MO....% .............>?.lu....}}7' k%&.0/.........G.....oq.................lo....*(......VHK.......1/.......ko.*&.ab.$..MR.PL....uw....Z`.57..../..............X]...B:B................rs.............ed.9:...._b.`f......!.......,....d.d.............................................................uQka~.b. q3F....Lvy!-..-X..>`.Z3w....y#^\.#RR2..2.X>.$.u..v%.g.....9.9...<.....DWJ@...!.|......B.,-.<... !./.......r.<.Yy.C... ^."&.......@ .H..U.<.....H."..."..YR....Y.=RBh..T...[. .RE@..HN...6..-Z..X.s....>I6.....) .qP#$-L..-r..D...zTP.`...3[V.. .!.U........ri....K....J.....E...xZ.....g.....k.w.j.R...Ej.....K. .aM...D........I.FnvSo.`..X...........X.....F..F.zYlAB......t$P.w..E..g.`.#....@.p.C..\@....A.}.9.......#.....O.@....b.T ...........p.$...^.E^....eh.G. hA..}@h@.'.....m...q....l..@..P........^.p.$o.....qa....p..F..D.{T.c...H.s.T......Av..P..N....m....=$p@..(!#uk.0CU..0F..v........_x..$..PZL/..!...1.......3.....<....L!..1..E.f.....b`...z...S=....HrA..u.N..8.))S|...3.`...F;.....In.(..?......h...........jn.^..b$o.....D,C...bC.Z..B..o,p..B.2..T..S..,....z..?....$.Ls..;!..^..o.....>R ..).....P.1..M.l..j.......u..q]..{.r....`B.}$P..i....R.A..x....R.$..Ad........~.>..0...%<........I>@q..z...._|.9..'..........p.=..qJ.zP6.........p.....y....=.&......`..../....O.A.'m.OPA..............*` ..C8...H.....;......%x

<<< skipped >>>

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98e093d70761-AMS

GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~...,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\..@.....s........soq......S.G........."}......Gn.:w..%M.pZ<l..X76@......08. ...j.4........G...D....<..n..6....0.@... ....F...v... .(..$.h..."p@..HP...0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:41 GMT..Content-Type: image/gif..Content-Length: 753..Connection: keep-alive..Etag: "2f1-50feb3ff-b51bdc9920a39332"..Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:41 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a98e093d70761-AMS..GIF89ax.z....................................................................................................!.......,....x.z......<P..h..l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'......(....q......a.(.....................|...r...e...`...[......(..............................(......................6..Xi .I..6J.......B.

<<< skipped >>>

GET /recaptcha/api/js/recaptcha.js?_=1406985884566 HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Wed, 16 Jul 2014 09:49:49 GMT

Date: Sat, 02 Aug 2014 13:24:41 GMT

Expires: Sat, 02 Aug 2014 14:14:41 GMT

Cache-Control: public, max-age=3000

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33075

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

<<< skipped >>>

GET /recaptcha/api/image?c=03AHJ_VuvQ4uJ4qM31rPIFRzobiKbttAeij3-nDLd0xPrOkjPg_n04ludVfZyQPpLmJbJ8JPq1mp1Jh4G9NG2Fg99XxRLyu0QsSna39R5LBxIWK5bohVXPMcejwRn4L491t5edXxP86s3jUJab1qsdxqZpctDMgD9d3Eknjr3eHjA0zYxWuhNmMiqQFqh785r_SAGBAld_exGD8QknpQCZF1frm7YY25XS4w&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAF7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NfvyjaIQa8hG5G7nX HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS

HTTP/1.1 200 OK

Expires: Sat, 02 Aug 2014 13:34:43 GMT

Date: Sat, 02 Aug 2014 13:24:43 GMT

Cache-Control: public, max-age=600

Content-Type: image/jpeg

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 2792

Server: GSE

Alternate-Protocol: 80:quic

......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342......9.,.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?...(.../._.....dv.E,.2..q..FF=..^....OH..Q...d..#5._....x .v....Vh.@........m.............u8....d..nr= N...`......0.5-.QE.QE.QE.QE.QE.QE.QE.W...".m.#jqj..v.Z[p...1(>..{......u.W.....R[/........8..^{.Hi..sJ../.m..w.....~..7....Ei.K..K..;P."X.d.;.....x.W.l.;mN..R........~..r?.<iy.|D...R.K.-e..B.O ....1Y^/...7z..._...J...JX8.. ..J._.Z....t.Ne.-..7..@.....J(..(..(..(..(..(..(.. .o....P.q....C......O...<?wi.......i.X....GQ^..HjQ...i...../.1.\W}.j.|?..i...ts....c#o.&.....(...\";.eb'....\.......R>....{2..9.v.}{..>!i..4..4v0E..(.nm[/....^..th....u*....V. .K...(..(..(...U.3..d.x..k..^...[I.K.y.q..8...!.. .....-.... ......S...>9...#x~...u2...r..@n...A... .......N........_d....m.E_..(..(..(.../.K..6P .. ...w.?0`. .Fzz.U.....!...{..j.^O..I..E..P.....(.[...jk.j..<....9P.s....>.:*i!/...e......}z...... .}^=SM..nP..I..}....].K.!.jv..H.tK.m.L........f.-.....].E.. c..]p.@.`.....(....>...Z...>....?7..M.....>...:......h.!c.....;d...)8..x.=z.{....qx........n.d.Bg.M../.l..u.&.k@..O._>....b.Ds$..Jl .....c8'.....P.alu9/...F.....g.:7<...z..:..<Em.jVF.M7...E.0..U..8..{.....O...\.c..CM..L....8.U...9...Gj.>(.z.....Wk...lH.L.m.l7JN.$...G8..;.|8.L.".&.|5..m|W.....>V.;~o

<<< skipped >>>

GET /static/r07/widgetIE67006.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 14 Apr 2014 12:52:34 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 1503

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:24 GMT

Via: 1.1 varnish

Age: 572230

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 236590

X-Timer: S1406985864.391919,VS0,VE0

Vary: Host,Accept-Encoding

#at15s{background:url(//s7.addthis.com/static/t00/atbkg.png);}.atPinBox{background:url(//s7.addthis.com/static/t00/atbkg.png);}.addthis_textshare{background:url(//s7.addthis.com/static/t00/atsh00.png) no-repeat 0 0;}#at16p{background:url(//s7.addthis.com/static/t00/atbkg.png);}a#at16pit{background:url(//s7.addthis.com/static/t00/tab00.gif) no-repeat;}#at15pf .ac-logo,#at16pf .ac-logo{background:url(//s7.addthis.com/static/t00/ac12.gif) no-repeat left;}#at15pf a.at-logo,#at16pf a.at-logo{background:url(//s7.addthis.com/static/t00/logo88.gif) no-repeat left;}#at16psf{background:#f2f2f2 url(//s7.addthis.com/static/t00/atf02.gif) no-repeat center center;}#at16ep a.at_gmail{background:url(//s7.addthis.com/static/t00/gmail.gif) no-repeat left;}#at16ep a.at_hotmail{background:url(//s7.addthis.com/static/t00/hotmail.gif) no-repeat left;}#at16ep a.at_yahoo{background:url(//s7.addthis.com/static/t00/yahoo.gif) no-repeat left;}.at3lblight{background:url(//s7.addthis.com/static/t00/bg-at3lb-light.png);}.at3lbdark{background:url(//s7.addthis.com/static/t00/bg-at3lb-black.png);}.at3lbnone{background:none;}#at3winheaderclose{background-image:url(//s7.addthis.com/static/t00/at3-x.png) no-repeat center!important;}#at3winfooter{position:relative!important;}.at3winssi-profile{margin-right:-1px;border-left:1px solid #DEDEDE;cursor:pointer;}.at3winssi-profile a{font-size:12px;height:50px;line-height:50px;padding:0 20px;color:#000;text-decoration:none;}.at3winssi-profile a:hover{background:#dedede;}...

<<< skipped >>>

GET /js/300/addthis_widget.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 29 Jul 2014 16:24:33 GMT

ETag: "57e52b7-1ae0-4ff5779877240"

Content-Type: text/javascript

Content-Length: 6880

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:23 GMT

Via: 1.1 varnish

Age: 3227

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 4085

X-Timer: S1406985863.370505,VS0,VE0

Vary: Host,Accept-Encoding

/* (c) 2008-2014 AddThis, Inc */.var addthis_conf={ver:300};if(!((window._atc||{}).ver)){var _atd="VVV.addthis.com/",_atr=window.addthis_cdn||"//s7.addthis.com/",_euc=encodeURIComponent,_duc=decodeURIComponent,_atc={dbg:0,rrev:1406650926,dr:0,ver:250,loc:0,enote:"",cwait:500,bamp:0.25,camp:1,csmp:0.0001,damp:1,famp:1,pamp:0.1,abmp:0.5,sfmp:-1,tamp:1,plmp:1,stmp:0,vamp:1,cscs:1,dtt:0.01,ohmp:0,ltj:1,xamp:1,abf:!!window.addthis_do_ab,qs:0,cdn:0,rsrcs:{bookmark:_atr "static/r07/bookmark043.html",atimg:_atr "static/r07/atimg043.html",countercss:_atr "static/r07/counter015.css",counterIE67css:_atr "static/r07/counterIE67004.css",counter:_atr "static/r07/counter018.js",core:_atr "static/r07/core145.js",wombat:_atr "static/r07/bar026.js",wombatcss:_atr "static/r07/bar012.css",qbarcss:_atr "bannerQuirks.css",fltcss:_atr "static/r07/floating010.css",barcss:_atr "static/r07/banner006.css",barjs:_atr "static/r07/banner004.js",contentcss:_atr "static/r07/content009.css",contentjs:_atr "static/r07/content023.js",layersjs:_atr "static/r07/layers063.js",layerscss:_atr "static/r07/layers052.css",layersiecss:_atr "static/r07/layersIE6007.css",layersdroidcss:_atr "static/r07/layersdroid004.css",warning:_atr "static/r07/warning000.html",ssojs:_atr "static/r07/ssi005.js",ssocss:_atr "static/r07/ssi004.css",peekaboocss:_atr "static/r07/peekaboo002.css",overlayjs:_atr "static/r07/overlay005.js",widget32css:_atr "static/r07/widgetbig060.css",widget32whitecss:_atr "static/r07/widgetbigwhite016_32x32.css",widget20css:_atr "static/r07/w

<<< skipped >>>

GET /static/r07/core145.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 28 Jul 2014 21:23:54 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/javascript

Content-Length: 215747

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:23 GMT

Via: 1.1 varnish

Age: 403019

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 667550

X-Timer: S1406985863.722895,VS0,VE0

Vary: Host,Accept-Encoding

/* (c) 2008-2014 AddThis, Inc */.if(!window._ate){(function(){var _1,w=window,d=document;var l;try{l=window.location;if(l.protocol.indexOf("file")===0||l.protocol.indexOf("safari-extension")===0||l.protocol.indexOf("chrome-extension")===0){_atr="http:" _atr;}if(l.hostname.indexOf("localhost")!=-1){_atc.loc=1;}}catch(e){}var ua=navigator.userAgent.toLowerCase(),d=document,w=window,_6=window.addthis||{},A=_6,dl=d.location,b={win:/windows/.test(ua),xp:(/windows nt 5.1/.test(ua))||(/windows nt 5.2/.test(ua)),osx:/os x/.test(ua),chb:/chrome/.test(ua)&&parseInt((/chrome\/(. ?)\./.exec(ua)).pop(),10)>13,chr:/chrome/.test(ua)&&!(/rockmelt/.test(ua)),cho:/chrome\/(1[2345678]|2\d)/.test(ua),iph:/iphone/.test(ua)||(/ipod/.test(ua)),dro:/android/.test(ua),wph:/windows phone/.test(ua),ipa:/ipad/.test(ua),saf:/safari/.test(ua)&&!(/chrome/.test(ua)),opr:/opera/.test(ua),ffx:/firefox/.test(ua),ff2:/firefox\/2/.test(ua),ffn:/firefox\/((3.[6789][0-9a-z]*)|(4.[0-9a-z]*))/.test(ua),ie6:/msie 6.0/.test(ua),ie7:/msie 7.0/.test(ua),ie8:/msie 8.0/.test(ua),ie9:/msie 9.0/.test(ua),ie10:/msie 10.0/.test(ua),ie11:/trident\/7.0/.test(ua),msi:(/msie/.test(ua))&&!(/opera/.test(ua)),mob:/(iphone|ipod|ipad|android|mobi|blackberry|opera mini|silk)/.test(ua),mod:-1},_a={rev:"1406582527",bro:b,wlp:(l||{}).protocol,dl:dl,unj:w.JSON&&typeof w.JSON.parse=="function"&&typeof w.JSON.stringify=="function",upm:!!w.postMessage&&("" w.postMessage).toLowerCase().indexOf("[native code]")!==-1,uls:(function(){try{var _b="addthis-test",_c=window.localStor

<<< skipped >>>

GET /static/r07/widget120.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 29 Apr 2014 11:58:30 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 83107

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:24 GMT

Via: 1.1 varnish

Age: 1406133

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 589045

X-Timer: S1406985864.287595,VS0,VE0

Vary: Host,Accept-Encoding

#at16lb{display:none;position:absolute;top:0;left:0;width:100%;height:100%;z-index:1001;background-color:black;opacity:.001;}#at20mc,#at_email,#at16pib,#at16pc,#at16pi,#at_share,#at_complete,#at_success,#at_error{position:static!important;}#at20mc{position:absolute;left:0;top:0;float:none;}#at20mc a{color:#36B;}#at20mc div{float:none;}.at15dn{display:none;}.at15a{border:0;height:0;margin:0;padding:0;width:100%;width:230px;}.atnt{text-align:center!important;padding:6px 0 0 0!important;height:24px!important;}.atnt a{text-decoration:none;color:#36b;}.atnt a:hover{text-decoration:underline;}#at16recap,#at_msg,#at16p label,#at16nms,#at16sas,#at_share .at_item,#at16p,#at15s,#at16p form input,#at16p textarea{font-family:arial,helvetica,tahoma,verdana,sans-serif!important;font-size:12px!important;outline-style:none;outline-width:0;line-height:1em;}* html #at15s.mmborder{position:absolute!important;}#at15s.mmborder{position:fixed!important;}/*\*/ #at15s.mmborder{width:250px!important;}/**/ #at20mc div.at15sie6{color:#4c4c4c!important;width:256px!important;}#at15s{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs 9AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAABtJREFUeNpiZGBgaGAgAjAxEAlGFVJHIUCAAQDcngCUgqGMqwAAAABJRU5ErkJggg==);float:none;line-height:1em;margin:0;overflow:visible;padding:5px;text-align:left;position:absolute;}#at15s a,#at15s span{outline:0;direction:ltr;}html>body #at15s{width:250px!important;}#at20mc .atm.at15satmie6{background:none!important;padding:0!important;wi

<<< skipped >>>

GET /static/r07/sh168.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 28 Jul 2014 21:24:46 GMT

Cache-Control: public, no-check, max-age=86313600

P3P: CP="NON ADM OUR DEV IND COM STA"

Content-Type: text/html; charset=UTF-8

Content-Length: 63802

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:33 GMT

Via: 1.1 varnish

Age: 403027

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 886558

X-Timer: S1406985873.314992,VS0,VE0

Vary: Host,Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>AddThis utility frame</title></head><body style="background-color:transparent" onload="run();"><script type="text/javascript">/* <![CDATA[ */.if(!((window._atc||{}).ver)){var _atd="VVV.addthis.com/",_atr=window.addthis_cdn||"//s7.addthis.com/",_euc=encodeURIComponent,_duc=decodeURIComponent,_atc={dbg:0,rrev:1406582527,dr:0,ver:250,loc:0,enote:"",cwait:500,bamp:0.25,camp:1,csmp:0.0001,damp:1,famp:1,pamp:0.1,abmp:0.5,sfmp:-1,tamp:1,plmp:1,stmp:0,vamp:1,cscs:1,dtt:0.01,ohmp:0,ltj:1,xamp:1,abf:!!window.addthis_do_ab,qs:0,cdn:0,rsrcs:{bookmark:_atr "static/r07/bookmark043.html",atimg:_atr "static/r07/atimg043.html",countercss:_atr "static/r07/counter015.css",counterIE67css:_atr "static/r07/counterIE67004.css",counter:_atr "static/r07/counter018.js",core:_atr "static/r07/core145.js",wombat:_atr "static/r07/bar026.js",wombatcss:_atr "static/r07/bar012.css",qbarcss:_atr "bannerQuirks.css",fltcss:_atr "static/r07/floating010.css",barcss:_atr "static/r07/banner006.css",barjs:_atr "static/r07/banner004.js",contentcss:_atr "static/r07/content009.css",contentjs:_atr "static/r07/content023.js",layersjs:_atr "static/r07/layers063.js",layerscss:_atr "static/r07/layers052.css",layersiecss:_atr "static/r07/layersIE6007.css",layersdroidcss:_atr "static/r07/layersdroid004.css",warnin

<<< skipped >>>

GET /static/r07/layers063.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 21 Jul 2014 20:22:03 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/javascript

Content-Length: 162945

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:41 GMT

Via: 1.1 varnish

Age: 1011311

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 62609

X-Timer: S1406985881.721824,VS0,VE0

Vary: Host,Accept-Encoding

<<< skipped >>>

GET /static/r07/json2.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 04 Apr 2014 15:06:38 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: application/javascript

Content-Length: 3353

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:42 GMT

Via: 1.1 varnish

Age: 573946

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 80873

X-Timer: S1406985882.908518,VS0,VE0

Vary: Host,Accept-Encoding

if(!this.JSON){this.JSON={}}(function(){function f(n){return n<10?"0" n:n}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear() "-" f(this.getUTCMonth() 1) "-" f(this.getUTCDate()) "T" f(this.getUTCHours()) ":" f(this.getUTCMinutes()) ":" f(this.getUTCSeconds()) "Z":null};String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(key){return this.valueOf()}}var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,escapable=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,gap,indent,meta={"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"},rep;function quote(string){escapable.lastIndex=0;return escapable.test(string)?'"' string.replace(escapable,function(a){var c=meta[a];return typeof c==="string"?c:"\\u" ("0000" a.charCodeAt(0).toString(16)).slice(-4)}) '"':'"' string '"'}function str(key,holder){var i,k,v,length,mind=gap,partial,value=holder[key];if(value&&typeof value==="object"&&typeof value.toJSON==="function"){value=value.toJSON(key)}if(typeof rep==="function"){value=rep.call(holder,key,value)}switch(typeof value){case"string":return quote(value);case"number":return isFinite(value)?String(value):"null";case"boolean":case"null":return String(value);case"object":if(!value){return"null"}gap =indent;partial=[];if(Object.prototype.toString.apply(value

<<< skipped >>>

GET /static/r07/layersIE6007.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X; loc=MDAwMDBFVVVBMDAyMzAwMjE2MzAwMDAwMDAwVg==

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 22 May 2014 15:35:37 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 2211

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:43 GMT

Via: 1.1 varnish

Age: 573956

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 25755

X-Timer: S1406985883.470858,VS0,VE0

Vary: Host,Accept-Encoding

.at4-follow,.at4-follow-inner,.at4-follow-container{position:static!important;display:inline;}.at4-follow-outer{position:absolute!important;display:block!important;top:0;right:0;}.at4-follow-inner{display:block!important;padding-left:30px!important;}#at4-foc{position:absolute!important;display:block;}.at4-follow-close-control{height:44px;}.at4-share-outer{position:absolute!important;background:none;top:20%;left:0;}.at4-share-outer-right{position:absolute!important;background:none;top:20%;left:auto;right:0;}#at4-share{position:static!important;}.at4-share-btn{position:static!im..

GET /static/css/jquery.loadmask.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:07 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Wed, 17 Apr 2013 11:51:19 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:07 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a980d85410761-AMS

Content-Encoding: gzip

16f...............j.0.._%..mPgNJ.....$Jl'b.el7.5....-..;8........-..!..7.N..h8.."&$'..d.I.D^pi.I.b3..y.0}.........m.A...<~..u.I.0....N..,..;.N..*M....4.Sz.oD.h.[..cs.?5.....*{.*.i...aT...;..........QzP..(Z...g.pY.p.Y...8m6..L_Nu......q.Q?.V.e.W.h..*G,h.!....E..6.K.~.....Q~l.m[i.%.(.`..d&.h.=.....]t....\dQ.4r8.../.).Y$i.....t..*.....B.. %...p.......e.s..#.h...J..o}7.x.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:07 GMT..Content-Type: text/css..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Wed, 17 Apr 2013 11:51:19 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:07 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a980d85410761-AMS..Content-Encoding: gzip..16f...............j.0.._%..mPgNJ.....$Jl'b.el7.5....-..;8........-..!..7.N..h8.."&$'..d.I.D^pi.I.b3..y.0}.........m.A...<~..u.I.0....N..,..;.N..*M....4.Sz.oD.h.[..cs.?5.....*{.*.i...aT...;..........QzP..(Z...g.pY.p.Y...8m6..L_Nu......q.Q?.V.e.W.h..*G,h.!....E..6.K.~.....Q~l.m[i.%.(.`..d&.h.=.....]t....\dQ.4r8.../.).Y$i.....t..*.....B.. %...p.......e.s..#.h...J..o}7.x.....0......

GET /static/css/core30.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:08 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Tue, 13 May 2014 14:12:47 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:08 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9811d6410761-AMS

Content-Encoding: gzip

606d...................0......p.t...(QGu...io..p.g......"...)Q............x.j...[...H ........l..'r....O...g/..\d%..."'.....<...]...Eu._/5.l..L....9.sWW......N$.r.yq:....MYe.^~I/yQ...p.....v.J...8.!/..|.../U.........._..p..........e..uW.99..z.;...-.4<.....x....=..e.q....Q`...G..P..g.............O./_6U..a..w..v...3=~z...#......../?.\.g:...x9.1 ....~Z....M.EI.K.......eV.U}{..../...}............C~{.%."......%G}...G1(....M......../N....m.L...>.`.U.9 ........ahn.......VW...mJ..'...~.l....sI....jJu.....q.. l.'J..;>....o..>.}..B.VN......N..|{..r.\.....EF....XN$..q...d...ar..".n.,{)..t.._..</.w...E. ../..._..........1...dU...... >X...../wl.tEg.]..6.........Cu:...p:\...f...H....o..(^.d.Zx...T2d.o../........#.N.......C.....?..;.>..vC..E......H.p&....g/....i..x./..bO.J'.#z....R..UQ..Q.I..1...IycZ.. ..n7)]@.k......G.......I_.....T%&<D..<..s.I.[.W#....@..$'..Q.=,...x.....b.....8ZA..>V%.'.Prr.).......r...z....mM7......r......4;.B.i..,H...G..C.L7.|....R..bh.....r]...:,..|;\..B ........)~..........uZ.|...X....S.O$*.?xu]6.. .._.....g...../kB..zG)p_.....=.=.IZ....8L.=.z.#..M..n).[.3`..`.`..'6..@.6..h-O.0.. ^...............H.]S..o.7...Y..!..........X..{M.hH....l..."/.|.a./.#T...erE...b.C.i.s.#HMn..[..O.V."7..............[U.......V.d....z.3y.....|.].....O.....%t..I..M..#.o...{.g.....>.i.X....dA...z.S...o...............`............N..;....t.E.FK.)%U...Z.r...}^.AH4]@?0....f.....Jk.y...A..JV..LD......r.T.N..6Q;...`.....LlX...._-...).sS..*`."_....f......L.M.*\4.....0*..w...{......U....D.g .:.y.y...

<<< skipped >>>

GET /static/js/common.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:13 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98321ccc0761-AMS

Content-Encoding: gzip

b25..............ks.6.3. P....L.V....VI..S7.YN.z...HHbB....q..... .R...3...../..74%C.......;.......o.GW.=b.......%.. .[................._...NO...V...?N...F.8.1...^.]...{......$.`r..G.%.`.v.'.<.......w....]....6;.?v........,..Q.^.."N..]....<.<.....-..UB.Et.;B..m=....|...#......g.|q.nX.#.T.....8..z..9........>...H..|......F.......Ky....`.R..D.O9..M...N....k./.J}...Gm{.l."..8......7Ln...I....Bp.u..7..i...74.@<p..M...M...r)..m.....2.GKF}....@.....>.X..bYF..h..U.V_Z.m..?*vj9n.V.....F0'vc.F...I."...,H.M(...........&,....1..A4N.....U.nSc.M.'.2&.......P.viF..)C..J...e@.^.O.4. .Y...-.h.".).....~..$......x.n.s2..MG.O......PM......9.L~~:5A .v.......O..;f..%.[r..'w.-.h..<.......1..."?.u...fq3FSoY.WI...0T!.2...1.f....yP.._...WI........j...6..IL....z.. .X...J.J. ...(Nx.".......#L.k.e.A.2........_....p....[.N.......a..XO...U...1(N.n...4....S.,)..v@.>.....:..~.. 0..?O`....../v......[e........%..$..,^..i|...(..X}...$....F.|!..jt..d@^H...*....l.z....F~....[6{7..\,!......._^..?.diz.. .3.Is.,(.....p.&p..U...8.ra.#?.....$xEC.l........I.D.E y.1..x....A....r.....f.c...qZ..........6.;..V..l.q.[h...w...>..h..A8.........k..5..). .W.g.k..Hn.....Lz....{..Q.j._..Ip...o.Q}.Cb...b.j_nh..p..*..AA.......!.}...B.e.X..?|...%..q..WVV.|t.Hb.....c..g.e_.YW.kM5...Z..4.......%dK.....zL.........X.. sAg).<.|#[.W......4W.S;..Q..0Q0.m.v..%9?e.z.....5.Q......D.j...8..P...$..~.yy.|.hTXC.w.....Q2x...O...,.TW.=j'..K....i.'.,yXzlM.4.8X.z.,...^).._...E...P.n..5U...@?..,..?..1.$...n...3...K.Q.......o..b.E. .....G...dR...1'{..#X....

<<< skipped >>>

GET /static/js/jquery.loadmask.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98338d1e0761-AMS

Content-Encoding: gzip

321.............TQ..8.~G.?.?...:{ t'........w.w......G..nU....d... x.n......f.\\<}......V..GDPt}u..}...-.h.\...C.....\...\i&LI....m.5.J@.@...`./..~..H.}.:I6..3u.0......>.%.........y%...~.)...G..d.k.:....f....#.).2......PB.Y....H.uw.....5%zw....>y..c..Zp...........O...D.&..8[U-.b...,.._(G.pQ...N.H.l..}\..........."...R.$...o...W%.........#.6}_%.3A.....vpb........{S.....{..4:@)w.. .`.|c .=Y......\.~...A..c..W.;A...;.....LD..Z(....3..\.....Z.....6NE......Q...$.R.U8...q.!.c .i..../.H.F"Z.X....^.I....MC...U.......W.g..Of..&.:.L....^.x.B...7..V@\......5..>...j...:so...Isf.7e..)......... . .#..m..._/....)Y..I...".=..PRB..P..F.h.*.')..M.1/]...[..,..5...L..H....G.%....3.8..1..m.b.g.....@d$Sr='.p......6i>..\.K\..!u .q.^..u..........3..lHx~...:.~.=......1...?.g..e...0L]49...........|...FtO.....[....TD.......0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:14 GMT..Content-Type: application/x-javascript..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:14 GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a98338d1e0761-AMS..Content-Encoding: gzip..321.............TQ..8.~G.?.?...:{ t'........w.w......G..nU....d... x.n......f.\\<}......V..GDPt}u..}...-.h.\...C.....\...\i&LI....m.5.J@.@...`./..~..H.}.:I6..3u.0......>.%.........y%...~.)...G..d.k.:....f....#.).2......PB.Y....H.uw.....5%zw....>y..c..Zp...........O...D.&..8[U-.b...,.._(G.pQ...N.H.l..}\..........."...R.$...o...

<<< skipped >>>

GET /static/js/jquery.form.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9834cd5f0761-AMS

Content-Encoding: gzip

1340.............[ms.8..._A...`......2.*.dvr..s...l.4[ ..H.)..mE...n.|....M]U..xi........m..N...t.>[..t. J ...E-<...[..mV.*...k...4D8..nj.e>.....X...[...$...I...kQ..f1....Fd..P.v ....f[..Z...t.......U...U...<p2..uBKYo...xp7[.p......z.x..Z"v.w.9...".......(.d......|.....u%.........".|'.M.9.a...t.K....\.0.......@q]l.K...F..S.../..z...e..I....j....VD.............W..~ .P..X......~ .....za....R..$..@]8."..@d..}...N*f..=.yX<:A.WE....;Y...........Rt....)..]Y...r..P.P..W.n.}b.Tvf....(....W6u.4..:XPy.....#..-....x.q1...,|.."..s.h....3O.l.....4r.f#...wr..b-.zz..V*...|.K..h 7....V...DT......R.HL...n........i.W....c-6.....|.^Y.i.WL.=...._@.........P..."HT9...?.~.b.p..& D...Kh...8OI..F.........G.........>:E.1.{I~.;3..5..X....m..|#.J..k...'....b.k.........'M|..e.-.(.O#...c0P'..p..%l...j../.9...C.3.V..J.S.|....m....7Vv..I2x..R.;....v...].......@9..U.5%.g%..mN.R.p.....6.......>..tjo.4.e.,.*C.MT...Q.oD...N..%...K.......>..A...EY....f[.~.....,&O.=L.A&E.Jz."......rD]...a.:.]...N....y.e...e........v-...m.-..t.Cg[f..qK3.S....N.J7......oa.e..]N`.kD....1.E..!.y.....k..).p}.p|.6c3...w...."tj.....t...d......5.?@.&.n..M. .'.)C@.V...).e%.f[%.'/..l'i....p....2.|a.zA.^)LDM...-.A./.YR.....4*A.....^........`."...=h .......m.S.v....CZ..H...d..q....{eG.....98.n..$R...9......[.....x}.PS....A.X>I..4...b.Uc.=..B...."........@s.q]Z.htc...:``.....R3_X..$.....n.4jR.Pa..~:....s.M8I)#tHm....i*..9.......\ ...{..U[.Pp..7*Z'e.....,.~Zg....1t6.......>...>...=E4..u...H..hLw..1.....4.....'.a.?}........j_J.....*......./.....~

<<< skipped >>>

GET /static/js/modernizr.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9835cd930761-AMS

Content-Encoding: gzip

35dd.............}.z.7...?......l.b."YI.[Fg|...wVV.&...5..FS.m.|.5...I..........c.%......B..P(....%..W.P.i.%....fx..M.b...-..pj^..l.....l.......AGlon>.nonm..Q>?...T.x...q..j...D^.cyQd)V.6..n..d..P.Sh@..)..?.Y.^.......5.z.].@.n...)w../.XL..D.Q..K...xGD.P......b$.b.K%.\..<....H..n..`..2-..C.5...0..J....JE&.....b..E.T{.%Rb.g3..1T.R..q....C4....E@M@.A.)...)..xRL...L......I...Q.O._.4I.."...hp..*.q..2.D.....\..1._...q..t.D.H$...H....3.z..B^.......t.....R.....S;..@l...r.AX.X.......I.Au.3..a.-.._.;..G......Y....W..... ....".eb,..F..'C.6.......B&..x.e*N...9.......b...:...E. {....b..J...X?.<w..q.^p._.@.c9...'2...(e....Sh6t.?...<. q....b....!.M.Q...;...[..9.2..B~9.-......p.^.........`6`%`u....N!..@.>L.!.;.....~{ .|.u[..sfdxn0....*0E.&.._n..//..`.]G=Y......l..X.s.y.....C...9.z)p*l...0...h!..1.Tad...,.5.....HL...............@G.=.. >.L.P...h#..t6/,.800.q6W..... .T..2.T}=z-*..h4.4&.[{..1Ev........_...x...@.h.....93....@)...=`.....w.[.c..._...Dw!.gq...i.........P2vE T.$.....px..XD$.L.DL..8.....S&...x...Q.....o.#..<0....I........2.P|...l..l.b..#6.`%...0.u...7'.....D...%,7.... 1A........0.. ..<...W. .T6"..q&.#2.z..j..@.=....h6.Q.TsX....k..T}.,T.....VM........G.?..i1...3...V.y.$..C..X)......1..o=..4.......G.h`..K.m..qkO.<.f..f.....f..^.&.9.D"...AT...M..V.....g"...)0.......L.d.....Q......L3o.G.f*..2#.y"... ......\AL.:...Zv...,....*.....r../.,.`...l......k...mu...x$..w.J..K...f..s ...f.2...1jm.(.N.i.............M.^...IU......A..V.!." ....Z..".4Q.....j3......!,..F.N........~B...=Zc..&.|..A..!..t..0.R.R.

<<< skipped >>>

GET /static/js/spin.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:15 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:15 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a983e1f510761-AMS

Content-Encoding: gzip

d48..............k..6....`.....lo.;..N.....IsH..... K...,.......73|...{.F.......T....)..W.[o.y)7c..&....N.....t.m.N.&..M%.....v..n..M....U.>...OOO.){)..%V...e..&.).......ObW.DVt.....@.c..F.W.....QV.[s.....f. .''......N.....Ur..7.K.,y-..k........O.o...P..!R4bS.lH......5..5.....[< 3B......V..Z{.}.....H.k'j.=0.A.IV*^t.....u...... V...l%ny34$....o.h....i.TQ.. .l...pY..[p..f..p.G..A..N..!!......5....;X......,..m..{..D...J.&..&..W.5..Ux2x;..x.U.@...R....S.4kQW.7`...kr..P...|....D...th...,....c.8f). ........[..Yu.s&.k..`..c.-...H5.hW.:;".A9....Yu`...1.=...9..7...H........x... ........{.....6O..g=T....w.....e....M.5/.$..\...E.f...........I.fq..$. ..&...`...Q.E....h0..w.)9.H.......).5[...ub#......Qw..z........;..Os0.>..G..E..D......q/ ...zZ.....N...21$d.Z......=...>....d.....{).4.....B..'.d..L...1{.G..]t.|S.....#....;M.xDt26df.G6y.(.g.\o..S..t2<..r...,...%Y.w.....e.y..B..... .2....<R.IlJ.K.>.S......Er?8...-./...%?$. <i...g.."..V?...~...k.Y2x.$.p...pB .<\.`S......ez....}.V./.'...=.....&V......?=..p.0G]*.)`6!...W>...R(.L.m[..D...`.(. C ..a..5..@..r......,.........c.O..(...9.Ppr..wL....W..5{.....%t.3h.dk[^....K'...By..O~...[.tj...R.'Xa.6..........3..w.~....76.;.)s..;.B.%..=.td.....A....2z...._..n.......gQ..O.1.`.lVo.Z...p..)...B..e..#.>.:..1.cX...c...G4..GS..[.."..............XhYo;l.V|$.K.uX.i..F.V..N 5.R.o...~..2.^.%......lm8.A.........jp.^.2...#r.~.!......K/.5.Z.r.AQ...)ts.g<f. |..,`\.U...R.*.."Yz..r..l"./.F`Q!....G.(..(o.,md(*.E.&!..7..P.i..R..6g).A'2c.}.i.mg.F........d2I...S.Z`..T..j

<<< skipped >>>

GET /static/js/jquery.ulightbox.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a984e42e30761-AMS

Content-Encoding: gzip

500.............W.r.6.]._qEg.*.)9...g.w.v..5...L. ...a.%A........(R...B....8./.^M...../X...._'..z0{...b6.l6A..,V:.L..'.....1.v..mf......1.......=.....9...1.@'...~...,.J.. , 0.z.4..s.kvpO..HX......2.... .1.../....g..[.r..l..<Oq..J2."A.|....O......'4V..*.Pi...%."D. ..g#........K%5.z....t.z...u>....i..u...'..%..X.2.H..R.O ...8..W.R.:k /|..xK..MS&c.s.b}.....]...W...uuW...(.....Q.u.....m..D..=..... ..i.$.N.^. P.2..S1}..iw.As-...OfM..._......7.r-...d..|B.g...$..|...%...3.~H...La..d...../....@6...............O.y...~B.......~CzN>9 &r....!.O_ ..5B)..L....r..@\m..d..!~.$ Q...L.".Uc.~.....XeY.Tn....i..<_a..;.*c..$.)...e..U.3B&]....d...A.l.u........:F..#.I.. G..2.....>.H.m*ae!....-5.u..u......&.[nD.gq.2.M..K.@....Z''.g./.s.<9.....#......e%.B\.4uy-..L.(......#.tD..........<.2....k...`..x.U.u.M..c.........9F....h.Y........I.7....1.T...d...qM...P.4.......exDJ.......Ll...@..|.q(/...5...h...q.f..r.;....\.!..Mif.vCi.......&...)5.K3......O..."*.......y....~%m.4.....d..b...:b.FiC..T.,...y.P......E..g]..`4..8..........U..-RZ1........|.@<.f .l..C[]..,....(.G...6...i.c.......K....Z.cFd.o....m..a....]E.$U.;|..m....22/.....l.l..3g.}......Zg.....eT...Nv..:..W.'.EX.......I.9@.......}s...=......6b>I....2..)'..)..sB......].....".:{.S8........\3..s...7W._...7.*..#.v.1.u...[.Z[......:x..R0X.M.....0......

<<< skipped >>>

GET /static/image/header_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/png

Content-Length: 230

Connection: keep-alive

Etag: "481-50f9295f-7f4e3286a18fa4ed"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a984f93270761-AMS

.PNG........IHDR.............=.#.....IDATH...1..0.E.....@....^...,TB....*..-....8?......p,f.........G.-c.5.>...>y..@W...?..>......w.q..^*5..hy<./n4[Uk.......[?$.^~..}..>.....<oG....y....................#.].M.....|....i....IEND.B`.....

GET /static/image/quote_photo_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/png

Content-Length: 169

Connection: keep-alive

Etag: "430-50f9295f-5c8366b15e404e47"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9851b3ac0761-AMS

.PNG........IHDR...0...1......<.u...pIDATX......@.D.....0r...&[......9G.?.....Y...M...|@....X>m......6...}J....... @....... @...z...1r.....%HRf..e...,...........IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:18 GMT..Content-Type: image/png..Content-Length: 169..Connection: keep-alive..Etag: "430-50f9295f-5c8366b15e404e47"..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:18 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a9851b3ac0761-AMS...PNG........IHDR...0...1......<.u...pIDATX......@.D.....0r...&[......9G.?.....Y...M...|@....X>m......6...}J....... @....... @...z...1r.....%HRf..e...,...........IEND.B`.....

GET /static/image/links_clicked_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 433

Connection: keep-alive

Etag: "525-50f9295f-70456e5279c4711c"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985374140761-AMS

.PNG........IHDR.......1............xIDATx...=..Q......&.... V~k.E...(j>....!...t....S.ps.S./.....^...t>..%...|.........v...f........d.N....uN..`2.$...v.._...K.I8..4..9.....b:.......r5..K...O".sZ,.&.%.Q..r.4.(....r.9A.s._.o...)BN '.....wN.....HDr.9....9.f._@.D$'......S.G...$"9..@N.......P...LN '...8..x..(....r.9....7...@N '.....F..W.@"......r.>...|..OI>..V..n.3.xN.IDuNUU....v{:....K2.'.$.:......~~.....K.ID.9..y..['aB.....IEND.B`.....

GET /static/js/index/index.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 07 Jun 2013 11:34:38 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9853d4260761-AMS

Content-Encoding: gzip

701.............Xmo.6..l..6.*9.d....M.4k.`]S..X...c...ZTI.........))Y?T@b.|.x/..G..$3.dC..$M...}..I......7.."......K)..&..~..Y.b..D..x...t......o....#...O..dN.....Ft..X.7Rl...}.....8....2.b..L..T-/.,.R......6.H8..I. &RL..i|.K%d.e.....Yx....._St:...oo.P.(..U...`H*7a....*...#.#.S..Cj.;.{...F.,c2......o.].. ....@. ..]..0...I.......,........f....n.h....cl..3..B.I*.... .........AL..F'.&x~...."I.rtD6I..M...b..%..9..k..<..0X(.qT........t&bv}qv...).*,.X.v.F.l.....[..#.'MP....?{.mri...*&.R2...3.p.I..[.R.}.... Z.s...V..F..<..4....'Z...D.;...Ws".....:.u<v..X....;K.6.T....W.a.......1.0.R...,.,.S=......42.....F6..3.I1cJ...V..\_|..'..bdE..Q...A8..`..]1I...%1h.....i<... ?...X.......a]..6c.H....a5.K..#..j.`....HL5}....4..:M.WEA8.t6=.x...............C...,.>.m....... `....LVa.0.A].j#..\Hv.R.."....._.....pc.t.h..@..hD.'1d..iQ-3..R........TPq..C.....".qg.......V..T.jh!WK8.R.L........2...)....=.X".Sbn....J....#4 ....Dfu.q......j....z.<..YC.aw.........GV.R......7....|..0.....S..AGY....7.m..`..{....s.V...^$p.......;.8T.n..Kv%\........-...O.&.{-...8..v.~....h.~HC....&M...uX.`l*jme.x.;.)w:D.o.{u..1.YS..ex....N^..]t....wT....S....\.dN.g.Q.....G9..q...p.`T.X..oS...,.)i0.Gf.a......dT*f..d..1.t;$y.c....P...@5..al..C..{.....RG{.......'......xo..B..^..0...:.0.y.r..#[yT....S.p.pU0A..z.Q.L...L.n...[9.,M*.Y....Fq..M...G...a.w.7.........D..!jGL.gTM..~....;.Q...ya.(..X-_.....O<..>..V...K.2.6.....KM..>..../...6\.|......~V..-r.....R)...-...d*....."........V......'.=dPu1i........iN.......t..8v....x4..........c..?._..f..8!.

<<< skipped >>>

GET /static/image/footer_home_lr_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 126

Connection: keep-alive

Etag: "415-50f9295f-1e5347f3b5265ffa"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986d995b0761-AMS

.PNG........IHDR.......3........x...EIDAT.[}....0..O..St..?U ....N .%...y...7..0..,..&..V..l..y..|f........A.....^....IEND.B`.....

GET /static/image/ft_paypal.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 1121

Connection: keep-alive

Etag: "489-5131339a-c928e4b38120432b"

Last-Modified: Fri, 01 Mar 2013 23:02:50 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986df9700761-AMS

.PNG........IHDR...Q.........3......GPLTE....U.......W..........................-`....Iu.......s........;j......................e.......................................................................................................................................................................................................................................................IDATH..UW..@....... ..v..{.u{........^.}...=g.....7_2a.R...`....A^...w..B....as..m.0....0?.........*I.".....d..*...1.y%v0..zM..I. (.f%.......'].g.....s.tO.u....u..c.....h...g...%...2....v.^..C.............V..y....0..(0.....&.....,......|c_...1Z.c.~~.....jR$....W......z.`.H..($...0.2..WQ...$&2 ...H.L...6....C.Z...$.\..b$.....T[.....1....G..y.*.%.$...F.^0!.3.....a ..aN.(.....a...u.......Y7"/.....;...|.Q...>j.|....N.".......kEB.. .k..Z.1.ok....N..r..J.8.R6.....F..mJB2h...z...IQ.(.wz^..q.e...y.l...XL.....J.^.#...:IF...R.......S..2...Mh......z.....d:*...0...<.|....x........U....?...XZ...)7.A.q.[=..|.Z......I.P..M...w.."...>..._.63Ch.uGN\..F....T.*4m..g...r.l.-.U.............Z......m".L0.a......7.......x...'w..%|......../.8>W..u.....IEND.B`.....

<<< skipped >>>

GET /static/image/ft_alertpay.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b

HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 2058

Connection: keep-alive

Etag: "996-5367718a-98fe83db70031711"

Last-Modified: Mon, 05 May 2014 11:10:02 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986e798d0761-AMS

.PNG........IHDR...Q..........Lc<....IDATh....S.......w..O.c.....X....B..K.<B..[^.b........2;...K......(. ..@.......y.O...]....b...zgz.....s..G....#;.;D;..K.333....l5.4e..jV.OI...{...j}...'_.r.E.=L.o...|.g.|....\t...C|....q.6..EQ...@....).Fp.F..J......H.W.......l1...[....<.S........V^...#Z..H.V..:..........w.:==...)X,.i|......1..3.>B... ..p\....;.q..k.S..l.D...........w.....0......|.2..?.s......HOO..;w0<<l........D....Bu...@.6.....L).,.....O...R....A.b...a....31.>|.nnn...B@@........???......_.V..........L&..!~.Q.X....|.t[.O.~....X&-.....a\...#.~.B.....jE'R....<Xg..p....B..@.....K...@bb..yxx....2....mmmx......q..=455.....AKK.Z[[....aav.ss3^.~...~y...s[..../%.LLL...S....B.....Z.(...()).....!.[..\.....(....'..|.7.70....8..f4t.!D....Q...y!.g............<}.7-. ...ds..\..m..../c.........T.......o..c...E.a......'.k..!22.6.-66.'N.......!:\.....b..]x..).>|(!g........ Y..AJ...#V........1......F...].]H....|we..1.`|............./}.F.l...2.`...;wb..=......h=.........`hh....b.qqqbM'O.........[..!H....>....O..>.9t..zzz099)m..[_?C.bQ.<.hoy@.....x<h CC_=...DE............7.......T...9!.8p........,qgZ........;fs..........W....A.N..#G.=.\.x.555..s1..U.y...$......._.y......W[[ ....$........V....@....&..nY......\-<.....Gx ......R........6<m...iI*<...q ....._....w...*.....P...K0.N.B^^.@...[5).&.s.-[..A...B.&t.f.:..8.\.DJ..,8.i.@.d;K..v.5...._:...F\..=LV.;...{..)s.|n..Q.....f).>.".M.6I<d......@........IKK..3g.....$$U./i....Yf.r..]9@ggg.<)).!!!X.~...EC.R.E.B....T`...!..W. ..6}

<<< skipped >>>

Map

The Backdoor connects to the servers at the folowing location(s):

Strings from Dumps

abcww.exe_1864_rwx_009D0000_00006000:

x{^%x

adf.exe_1684:

.text

`.rdata

@.data

.rsrc

s%j.Zf

8crtsu

:crts

crts

GetProcessWindowStation

operator

This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.

uxtheme.dll

kernel32.dll

operand of unlimited repeat could match the empty string

POSIX named classes are supported only within a class

erroffset passed as NULL

POSIX collating elements are not supported

this version of PCRE is not compiled with PCRE_UTF8 support

PCRE does not support \L, \l, \N{name}, \U, or \u

support for \P, \p, and \X has not been compiled

this version of PCRE is not compiled with PCRE_UCP support

ICMP.DLL

advapi32.dll

RegDeleteKeyExW

Error text not found (please report)

WSOCK32.dll

VERSION.dll

WINMM.dll

COMCTL32.dll

MPR.dll

InternetCrackUrlW

HttpQueryInfoW

HttpOpenRequestW

HttpSendRequestW

FtpOpenFileW

FtpGetFileSize

InternetOpenUrlW

WININET.dll

PSAPI.DLL

USERENV.dll

GetProcessHeap

CreatePipe

GetWindowsDirectoryW

KERNEL32.dll

OpenWindowStationW

SetProcessWindowStation

CloseWindowStation

MapVirtualKeyW

EnumChildWindows

EnumWindows

VkKeyScanW

GetKeyState

GetKeyboardState

SetKeyboardState

GetAsyncKeyState

keybd_event

EnumThreadWindows

ExitWindowsEx

UnregisterHotKey

RegisterHotKey

GetKeyboardLayoutNameW

USER32.dll

SetViewportOrgEx

GDI32.dll

COMDLG32.dll

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

RegEnumKeyExW

RegDeleteKeyW

ADVAPI32.dll

ShellExecuteW

SHFileOperationW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

GetCPInfo

zcÁ

mscoree.dll

nKERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

>>>AUTOIT NO CMDEXECUTE<<<</pre><pre>CMDLINERAW</pre><pre>CMDLINE</pre><pre>/AutoIt3ExecuteLine</pre><pre>/AutoIt3ExecuteScript</pre><pre>%s (%d) : ==> %s.:</pre><pre>Line %d:</pre><pre>Line %d (File "%s"):</pre><pre>%s (%d) : ==> %s:</pre><pre>AutoIt script files (*.au3, *.a3x)</pre><pre>*.au3;*.a3x</pre><pre>All files (*.*)</pre><pre>#NoAutoIt3Execute</pre><pre>APPSKEY</pre><pre>04090000</pre><pre>%u.%u.%u.%u</pre><pre>0.0.0.0</pre><pre>Mddddd</pre><pre>%s (%d) : ==> %s:</pre><pre>UDPSTARTUP</pre><pre>UDPSHUTDOWN</pre><pre>UDPSEND</pre><pre>UDPRECV</pre><pre>UDPOPEN</pre><pre>UDPCLOSESOCKET</pre><pre>UDPBIND</pre><pre>TRAYGETMSG</pre><pre>TCPSTARTUP</pre><pre>TCPSHUTDOWN</pre><pre>TCPSEND</pre><pre>TCPRECV</pre><pre>TCPNAMETOIP</pre><pre>TCPLISTEN</pre><pre>TCPCONNECT</pre><pre>TCPCLOSESOCKET</pre><pre>TCPACCEPT</pre><pre>SHELLEXECUTEWAIT</pre><pre>SHELLEXECUTE</pre><pre>REGENUMKEY</pre><pre>MSGBOX</pre><pre>ISKEYWORD</pre><pre>HTTPSETUSERAGENT</pre><pre>HTTPSETPROXY</pre><pre>HOTKEYSET</pre><pre>GUIREGISTERMSG</pre><pre>GUIGETMSG</pre><pre>GUICTRLSENDMSG</pre><pre>GUICTRLRECVMSG</pre><pre>FTPSETPROXY</pre><pre>\??\%s</pre><pre>GUI_RUNDEFMSG</pre><pre>SendKeyDelay</pre><pre>SendKeyDownDelay</pre><pre>TCPTimeout</pre><pre>AUTOITCALLVARIABLE%d</pre><pre>255.255.255.255</pre><pre>Keyword</pre><pre>AutoIt.Error</pre><pre>Null Object assignment in FOR..IN loop</pre><pre>Incorrect Object type in FOR..IN loop</pre><pre>HOTKEYPRESSED</pre><pre>AUTOITEXE</pre><pre>WINDOWSDIR</pre><pre>3, 3, 8, 1</pre><pre>HKEY_LOCAL_MACHINE</pre><pre>HKEY_CLASSES_ROOT</pre><pre>HKEY_CURRENT_CONFIG</pre><pre>HKEY_CURRENT_USER</pre><pre>HKEY_USERS</pre><pre>%d/d/d</pre><pre>%Documents and Settings%\%current user%\Application Data\adf.exe</pre><pre>:%Documents and Settings%\%current user%\Application Data\adf.exe</pre><pre>AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.</pre><pre>Missing operator in expression."Unbalanced brackets in expression.</pre><pre>Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.</pre><pre>Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.</pre><pre>Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.</pre><pre>3This keyword cannot be used after a "Then" keyword.</pre><pre>>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.</pre><pre>HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.</pre><pre>String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.</pre>abcww.exe_856_rwx_009D0000_00006000:<pre>x{^%x</pre>adf.exe_1256:<pre>.text</pre><pre>`.itext</pre><pre>`.data</pre><pre>.idata</pre><pre>.rdata</pre><pre>@.reloc</pre><pre>B.rsrc</pre><pre>kernel32.dll</pre><pre>Windows</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>oleaut32.dll</pre><pre>EVariantBadIndexError</pre><pre>ssShift</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>%s_%d</pre><pre>EInvalidGraphicOperation</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre><pre>%s, ClassID: %s</pre><pre>%s, ProgID: "%s"</pre><pre>ole32.dll</pre><pre>USER32.DLL</pre><pre>uxtheme.dll</pre><pre>DWMAPI.DLL</pre><pre>clWebSnow</pre><pre>clWebFloralWhite</pre><pre>clWebLavenderBlush</pre><pre>clWebOldLace</pre><pre>clWebIvory</pre><pre>clWebCornSilk</pre><pre>clWebBeige</pre><pre>clWebAntiqueWhite</pre><pre>clWebWheat</pre><pre>clWebAliceBlue</pre><pre>clWebGhostWhite</pre><pre>clWebLavender</pre><pre>clWebSeashell</pre><pre>clWebLightYellow</pre><pre>clWebPapayaWhip</pre><pre>clWebNavajoWhite</pre><pre>clWebMoccasin</pre><pre>clWebBurlywood</pre><pre>clWebAzure</pre><pre>clWebMintcream</pre><pre>clWebHoneydew</pre><pre>clWebLinen</pre><pre>clWebLemonChiffon</pre><pre>clWebBlanchedAlmond</pre><pre>clWebBisque</pre><pre>clWebPeachPuff</pre><pre>clWebTan</pre><pre>clWebYellow</pre><pre>clWebDarkOrange</pre><pre>clWebRed</pre><pre>clWebDarkRed</pre><pre>clWebMaroon</pre><pre>clWebIndianRed</pre><pre>clWebSalmon</pre><pre>clWebCoral</pre><pre>clWebGold</pre><pre>clWebTomato</pre><pre>clWebCrimson</pre><pre>clWebBrown</pre><pre>clWebChocolate</pre><pre>clWebSandyBrown</pre><pre>clWebLightSalmon</pre><pre>clWebLightCoral</pre><pre>clWebOrange</pre><pre>clWebOrangeRed</pre><pre>clWebFirebrick</pre><pre>clWebSaddleBrown</pre><pre>clWebSienna</pre><pre>clWebPeru</pre><pre>clWebDarkSalmon</pre><pre>clWebRosyBrown</pre><pre>clWebPaleGoldenrod</pre><pre>clWebLightGoldenrodYellow</pre><pre>clWebOlive</pre><pre>clWebForestGreen</pre><pre>clWebGreenYellow</pre><pre>clWebChartreuse</pre><pre>clWebLightGreen</pre><pre>clWebAquamarine</pre><pre>clWebSeaGreen</pre><pre>clWebGoldenRod</pre><pre>clWebKhaki</pre><pre>clWebOliveDrab</pre><pre>clWebGreen</pre><pre>clWebYellowGreen</pre><pre>clWebLawnGreen</pre><pre>clWebPaleGreen</pre><pre>clWebMediumAquamarine</pre><pre>clWebMediumSeaGreen</pre><pre>clWebDarkGoldenRod</pre><pre>clWebDarkKhaki</pre><pre>clWebDarkOliveGreen</pre><pre>clWebDarkgreen</pre><pre>clWebLimeGreen</pre><pre>clWebLime</pre><pre>clWebSpringGreen</pre><pre>clWebMediumSpringGreen</pre><pre>clWebDarkSeaGreen</pre><pre>clWebLightSeaGreen</pre><pre>clWebPaleTurquoise</pre><pre>clWebLightCyan</pre><pre>clWebLightBlue</pre><pre>clWebLightSkyBlue</pre><pre>clWebCornFlowerBlue</pre><pre>clWebDarkBlue</pre><pre>clWebIndigo</pre><pre>clWebMediumTurquoise</pre><pre>clWebTurquoise</pre><pre>clWebCyan</pre><pre>clWebPowderBlue</pre><pre>clWebSkyBlue</pre><pre>clWebRoyalBlue</pre><pre>clWebMediumBlue</pre><pre>clWebMidnightBlue</pre><pre>clWebDarkTurquoise</pre><pre>clWebCadetBlue</pre><pre>clWebDarkCyan</pre><pre>clWebTeal</pre><pre>clWebDeepskyBlue</pre><pre>clWebDodgerBlue</pre><pre>clWebBlue</pre><pre>clWebNavy</pre><pre>clWebDarkViolet</pre><pre>clWebDarkOrchid</pre><pre>clWebMagenta</pre><pre>clWebDarkMagenta</pre><pre>clWebMediumVioletRed</pre><pre>clWebPaleVioletRed</pre><pre>clWebBlueViolet</pre><pre>clWebMediumOrchid</pre><pre>clWebMediumPurple</pre><pre>clWebPurple</pre><pre>clWebDeepPink</pre><pre>clWebLightPink</pre><pre>clWebViolet</pre><pre>clWebOrchid</pre><pre>clWebPlum</pre><pre>clWebThistle</pre><pre>clWebHotPink</pre><pre>clWebPink</pre><pre>clWebLightSteelBlue</pre><pre>clWebMediumSlateBlue</pre><pre>clWebLightSlateGray</pre><pre>clWebWhite</pre><pre>clWebLightgrey</pre><pre>clWebGray</pre><pre>clWebSteelBlue</pre><pre>clWebSlateBlue</pre><pre>clWebSlateGray</pre><pre>clWebWhiteSmoke</pre><pre>clWebSilver</pre><pre>clWebDimGray</pre><pre>clWebMistyRose</pre><pre>clWebDarkSlateBlue</pre><pre>clWebDarkSlategray</pre><pre>clWebGainsboro</pre><pre>clWebDarkGray</pre><pre>clWebBlack</pre><pre>comctl32.dll</pre><pre>AutoHotkeysd-</pre><pre>AutoHotkeys</pre><pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview</pre><pre>WindowState</pre><pre>OnKeyDownL</pre><pre>OnKeyPress</pre><pre>OnKeyUpH</pre><pre>GlassFrame.Bottom</pre><pre>GlassFrame.Enabled</pre><pre>GlassFrame.Left</pre><pre>GlassFrame.Right</pre><pre>GlassFrame.SheetOfGlass</pre><pre>GlassFrame.Top</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>User32.dll</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword n</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>imm32.dll</pre><pre>TSocketPort</pre><pre>%d.%d.%d.%d</pre><pre>0.0.0.0</pre><pre>PSAPI.dll</pre><pre>TDCWebCam</pre><pre>127.0.0.1</pre><pre>BuildImportTable: can't load library:</pre><pre>BuildImportTable: ReallocMemory failed</pre><pre>BuildImportTable: GetProcAddress failed</pre><pre>BTMemoryLoadLibary: BuildImportTable failed</pre><pre>BTMemoryGetProcAddress: no export table found</pre><pre>BTMemoryGetProcAddress: DLL doesn't export anything</pre><pre>BTMemoryGetProcAddress: exported symbol not found</pre><pre>1.2.3</pre><pre>127.0.0.1:1604</pre><pre>#KCMDDC51#-</pre><pre>5.3.0</pre><pre>cmd.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</pre><pre>hkey</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>*.torrent</pre><pre>\Internet Explorer\iexplore.exe</pre><pre>explorer.exe</pre><pre>wlanapi.dll</pre><pre>80211_SHARED_KEY</pre><pre>user32.dll</pre><pre>TUploadFTP</pre><pre>notepad.exe</pre><pre>KEYNAME</pre><pre>%ShortCut#</pre><pre>RELATEDCMD</pre><pre>ping 127.0.0.1 -n 4 > NUL && "</pre><pre>DRKey</pre><pre>CRKey</pre><pre>DelMSKey</pre><pre>InstallHKEY</pre><pre>ActiveOnlineKeylogger</pre><pre>UnActiveOnlineKeylogger</pre><pre>KeylogOn</pre><pre>ActiveOfflineKeylogger</pre><pre>UnActiveOfflineKeylogger</pre><pre>ActiveOnlineKeyStrokes</pre><pre>UnActiveOnlineKeyStrokes</pre><pre>OpenWebPage</pre><pre>tmpprint.txt</pre><pre>URLUpdate</pre><pre>MSGBOX</pre><pre>#BOT#VisitUrl</pre><pre>#BOT#OpenUrl</pre><pre>HTTP://</pre><pre>http://</pre><pre>BTRESULTOpen URL|</pre><pre>Command successfully executed!|</pre><pre>#BOT#URLUpdate</pre><pre>BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|</pre><pre>BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|</pre><pre>#BOT#URLDownload</pre><pre>GetActivePorts</pre><pre>out.txt</pre><pre>tmp.txt</pre><pre>DDOSHTTPFLOOD</pre><pre>DDOSUDPFLOOD</pre><pre>%IPPORTSCAN</pre><pre>SAPI.SpVoice</pre><pre>WEBCAMLIVE</pre><pre>WEBCAMSTOP</pre><pre>PASSWORD</pre><pre>FTPFILEUPLOAD</pre><pre>URLDOWNLOADTOFILE</pre><pre>UPLOADEXEC</pre><pre>UPANDEXEC</pre><pre>FTPPORT</pre><pre>FTPPASS</pre><pre>FTPUSER</pre><pre>FTPHOST</pre><pre>FTPROOT</pre><pre>FTPUPLOADK</pre><pre>FTPSIZE</pre><pre>BTRESULTUDP Flood|UDP Flood task finished!|</pre><pre>PortScanAdd</pre><pre>BTRESULTVisit URL|finished to visit</pre><pre>BTERRORVisit URL|An exception occured in the thread|</pre><pre>POST /index.php/1.0</pre><pre>BTRESULTHTTP Flood|Http Flood task finished!|</pre><pre>Mozilla</pre><pre>BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|</pre><pre>BTERRORDownload File| Error on downloading file check if you type the correct url...|</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</pre><pre>ERR|Cannot listen to port, try another one..|</pre><pre>TCaptureWebcam</pre><pre>taskmgr.exe</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>DC3_FEXEC</pre><pre>Windows NT 4.0</pre><pre>Windows 2000</pre><pre>Windows XP</pre><pre>Windows Server 2003</pre><pre>Windows Vista</pre><pre>Windows 7</pre><pre>Windows 95</pre><pre>Windows 98</pre><pre>Windows Me</pre><pre>S-%u-</pre><pre>FAKEMSG</pre><pre>MSGICON</pre><pre>MSGTITLE</pre><pre>MSGCORE</pre><pre>deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</pre><pre>inflate 1.2.3 Copyright 1995-2005 Mark Adler</pre><pre>%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-02-7.dc</pre><pre>advapi32.dll</pre><pre>RegOpenKeyExA</pre><pre>RegCloseKey</pre><pre>GetKeyboardType</pre><pre>keybd_event</pre><pre>VkKeyScanA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>MsgWaitForMultipleObjects</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutNameA</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>ExitWindowsEx</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>gdi32.dll</pre><pre>SetViewportOrgEx</pre><pre>version.dll</pre><pre>WinExec</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryA</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>CreatePipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExA</pre><pre>RegCreateKeyA</pre><pre>wsock32.dll</pre><pre>shell32.dll</pre><pre>ShellExecuteExA</pre><pre>ShellExecuteA</pre><pre>SHFileOperationA</pre><pre>URLMON.DLL</pre><pre>URLDownloadToFileA</pre><pre>wininet.dll</pre><pre>InternetOpenUrlA</pre><pre>HttpQueryInfoA</pre><pre>FtpPutFileA</pre><pre>winmm.dll</pre><pre>netapi32.dll</pre><pre>gdiplus.dll</pre><pre>GdiplusShutdown</pre><pre>msacm32.dll</pre><pre>ntdll.dll</pre><pre>WS2_32.DLL</pre><pre>SHFolder.dll</pre><pre>SHELL32.DLL</pre><pre>AVICAP32.DLL</pre><pre>1!1,1=1|1</pre><pre>6 6$6(6,606</pre><pre>=!=%=)=-=1=</pre><pre>01m1</pre><pre>0 0$0(0,0004080<0@0</pre><pre><!><pre>;"<?<_><pre>; ;$;(;,;0;4;8;<;@;</pre><pre>7 8$888<8</pre><pre>= =$=(=,=0=4=8=</pre><pre>UntKeylogger</pre><pre>KWindows</pre><pre>UntActivePorts</pre><pre>UntControlKey</pre><pre>UntCaptureWebcam</pre><pre>UntWebCam</pre><pre>UrlMon</pre><pre>(UntUploadFTPThread</pre><pre>UntFTP</pre><pre>_UntUDPFlood</pre><pre>YUntScanPorts</pre><pre>0UntPasswordAndData</pre><pre>XUntHTTPFlood</pre><pre>UntCPU</pre><pre>66006666</pre><pre>No help found for %s#No context-sensitive help installed</pre><pre>No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Invalid clipboard format Clipboard does not support Icons</pre><pre>Cannot open clipboard/Menu '%s' is already being used by another form</pre><pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window</pre><pre>Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Thread creation error: %s</pre><pre>Thread Error: %s (%d)</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to create key %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list</pre><pre>Ancestor for '%s' not found</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file "%s". %s</pre><pre>Cannot open file "%s". %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre><pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre><pre>1, 0, 0, 1</pre><pre>MSRSAAP.EXE</pre><pre>4, 0, 0, 0</pre>adf.exe_1256_rwx_00050000_000B2000:<pre>.text</pre><pre>`.itext</pre><pre>`.data</pre><pre>.idata</pre><pre>.rdata</pre><pre>@.reloc</pre><pre>B.rsrc</pre><pre>kernel32.dll</pre><pre>Windows</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>oleaut32.dll</pre><pre>EVariantBadIndexError</pre><pre>ssShift</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>%s_%d</pre><pre>EInvalidGraphicOperation</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre><pre>%s, ClassID: %s</pre><pre>%s, ProgID: "%s"</pre><pre>ole32.dll</pre><pre>USER32.DLL</pre><pre>uxtheme.dll</pre><pre>DWMAPI.DLL</pre><pre>clWebSnow</pre><pre>clWebFloralWhite</pre><pre>clWebLavenderBlush</pre><pre>clWebOldLace</pre><pre>clWebIvory</pre><pre>clWebCornSilk</pre><pre>clWebBeige</pre><pre>clWebAntiqueWhite</pre><pre>clWebWheat</pre><pre>clWebAliceBlue</pre><pre>clWebGhostWhite</pre><pre>clWebLavender</pre><pre>clWebSeashell</pre><pre>clWebLightYellow</pre><pre>clWebPapayaWhip</pre><pre>clWebNavajoWhite</pre><pre>clWebMoccasin</pre><pre>clWebBurlywood</pre><pre>clWebAzure</pre><pre>clWebMintcream</pre><pre>clWebHoneydew</pre><pre>clWebLinen</pre><pre>clWebLemonChiffon</pre><pre>clWebBlanchedAlmond</pre><pre>clWebBisque</pre><pre>clWebPeachPuff</pre><pre>clWebTan</pre><pre>clWebYellow</pre><pre>clWebDarkOrange</pre><pre>clWebRed</pre><pre>clWebDarkRed</pre><pre>clWebMaroon</pre><pre>clWebIndianRed</pre><pre>clWebSalmon</pre><pre>clWebCoral</pre><pre>clWebGold</pre><pre>clWebTomato</pre><pre>clWebCrimson</pre><pre>clWebBrown</pre><pre>clWebChocolate</pre><pre>clWebSandyBrown</pre><pre>clWebLightSalmon</pre><pre>clWebLightCoral</pre><pre>clWebOrange</pre><pre>clWebOrangeRed</pre><pre>clWebFirebrick</pre><pre>clWebSaddleBrown</pre><pre>clWebSienna</pre><pre>clWebPeru</pre><pre>clWebDarkSalmon</pre><pre>clWebRosyBrown</pre><pre>clWebPaleGoldenrod</pre><pre>clWebLightGoldenrodYellow</pre><pre>clWebOlive</pre><pre>clWebForestGreen</pre><pre>clWebGreenYellow</pre><pre>clWebChartreuse</pre><pre>clWebLightGreen</pre><pre>clWebAquamarine</pre><pre>clWebSeaGreen</pre><pre>clWebGoldenRod</pre><pre>clWebKhaki</pre><pre>clWebOliveDrab</pre><pre>clWebGreen</pre><pre>clWebYellowGreen</pre><pre>clWebLawnGreen</pre><pre>clWebPaleGreen</pre><pre>clWebMediumAquamarine</pre><pre>clWebMediumSeaGreen</pre><pre>clWebDarkGoldenRod</pre><pre>clWebDarkKhaki</pre><pre>clWebDarkOliveGreen</pre><pre>clWebDarkgreen</pre><pre>clWebLimeGreen</pre><pre>clWebLime</pre><pre>clWebSpringGreen</pre><pre>clWebMediumSpringGreen</pre><pre>clWebDarkSeaGreen</pre><pre>clWebLightSeaGreen</pre><pre>clWebPaleTurquoise</pre><pre>clWebLightCyan</pre><pre>clWebLightBlue</pre><pre>clWebLightSkyBlue</pre><pre>clWebCornFlowerBlue</pre><pre>clWebDarkBlue</pre><pre>clWebIndigo</pre><pre>clWebMediumTurquoise</pre><pre>clWebTurquoise</pre><pre>clWebCyan</pre><pre>clWebPowderBlue</pre><pre>clWebSkyBlue</pre><pre>clWebRoyalBlue</pre><pre>clWebMediumBlue</pre><pre>clWebMidnightBlue</pre><pre>clWebDarkTurquoise</pre><pre>clWebCadetBlue</pre><pre>clWebDarkCyan</pre><pre>clWebTeal</pre><pre>clWebDeepskyBlue</pre><pre>clWebDodgerBlue</pre><pre>clWebBlue</pre><pre>clWebNavy</pre><pre>clWebDarkViolet</pre><pre>clWebDarkOrchid</pre><pre>clWebMagenta</pre><pre>clWebDarkMagenta</pre><pre>clWebMediumVioletRed</pre><pre>clWebPaleVioletRed</pre><pre>clWebBlueViolet</pre><pre>clWebMediumOrchid</pre><pre>clWebMediumPurple</pre><pre>clWebPurple</pre><pre>clWebDeepPink</pre><pre>clWebLightPink</pre><pre>clWebViolet</pre><pre>clWebOrchid</pre><pre>clWebPlum</pre><pre>clWebThistle</pre><pre>clWebHotPink</pre><pre>clWebPink</pre><pre>clWebLightSteelBlue</pre><pre>clWebMediumSlateBlue</pre><pre>clWebLightSlateGray</pre><pre>clWebWhite</pre><pre>clWebLightgrey</pre><pre>clWebGray</pre><pre>clWebSteelBlue</pre><pre>clWebSlateBlue</pre><pre>clWebSlateGray</pre><pre>clWebWhiteSmoke</pre><pre>clWebSilver</pre><pre>clWebDimGray</pre><pre>clWebMistyRose</pre><pre>clWebDarkSlateBlue</pre><pre>clWebDarkSlategray</pre><pre>clWebGainsboro</pre><pre>clWebDarkGray</pre><pre>clWebBlack</pre><pre>comctl32.dll</pre><pre>AutoHotkeysd-</pre><pre>AutoHotkeys</pre><pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview</pre><pre>WindowState</pre><pre>OnKeyDownL</pre><pre>OnKeyPress</pre><pre>OnKeyUpH</pre><pre>GlassFrame.Bottom</pre><pre>GlassFrame.Enabled</pre><pre>GlassFrame.Left</pre><pre>GlassFrame.Right</pre><pre>GlassFrame.SheetOfGlass</pre><pre>GlassFrame.Top</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>User32.dll</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword n</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>imm32.dll</pre><pre>TSocketPort</pre><pre>%d.%d.%d.%d</pre><pre>0.0.0.0</pre><pre>PSAPI.dll</pre><pre>TDCWebCam</pre><pre>127.0.0.1</pre><pre>BuildImportTable: can't load library:</pre><pre>BuildImportTable: ReallocMemory failed</pre><pre>BuildImportTable: GetProcAddress failed</pre><pre>BTMemoryLoadLibary: BuildImportTable failed</pre><pre>BTMemoryGetProcAddress: no export table found</pre><pre>BTMemoryGetProcAddress: DLL doesn't export anything</pre><pre>BTMemoryGetProcAddress: exported symbol not found</pre><pre>1.2.3</pre><pre>127.0.0.1:1604</pre><pre>#KCMDDC51#-</pre><pre>5.3.0</pre><pre>cmd.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</pre><pre>hkey</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>*.torrent</pre><pre>\Internet Explorer\iexplore.exe</pre><pre>explorer.exe</pre><pre>wlanapi.dll</pre><pre>80211_SHARED_KEY</pre><pre>user32.dll</pre><pre>TUploadFTP</pre><pre>notepad.exe</pre><pre>KEYNAME</pre><pre>%ShortCut#</pre><pre>RELATEDCMD</pre><pre>ping 127.0.0.1 -n 4 > NUL && "</pre><pre>DRKey</pre><pre>CRKey</pre><pre>DelMSKey</pre><pre>InstallHKEY</pre><pre>ActiveOnlineKeylogger</pre><pre>UnActiveOnlineKeylogger</pre><pre>KeylogOn</pre><pre>ActiveOfflineKeylogger</pre><pre>UnActiveOfflineKeylogger</pre><pre>ActiveOnlineKeyStrokes</pre><pre>UnActiveOnlineKeyStrokes</pre><pre>OpenWebPage</pre><pre>tmpprint.txt</pre><pre>URLUpdate</pre><pre>MSGBOX</pre><pre>#BOT#VisitUrl</pre><pre>#BOT#OpenUrl</pre><pre>HTTP://</pre><pre>http://</pre><pre>BTRESULTOpen URL|</pre><pre>Command successfully executed!|</pre><pre>#BOT#URLUpdate</pre><pre>BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|</pre><pre>BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|</pre><pre>#BOT#URLDownload</pre><pre>GetActivePorts</pre><pre>out.txt</pre><pre>tmp.txt</pre><pre>DDOSHTTPFLOOD</pre><pre>DDOSUDPFLOOD</pre><pre>%IPPORTSCAN</pre><pre>SAPI.SpVoice</pre><pre>WEBCAMLIVE</pre><pre>WEBCAMSTOP</pre><pre>PASSWORD</pre><pre>FTPFILEUPLOAD</pre><pre>URLDOWNLOADTOFILE</pre><pre>UPLOADEXEC</pre><pre>UPANDEXEC</pre><pre>FTPPORT</pre><pre>FTPPASS</pre><pre>FTPUSER</pre><pre>FTPHOST</pre><pre>FTPROOT</pre><pre>FTPUPLOADK</pre><pre>FTPSIZE</pre><pre>BTRESULTUDP Flood|UDP Flood task finished!|</pre><pre>PortScanAdd</pre><pre>BTRESULTVisit URL|finished to visit</pre><pre>BTERRORVisit URL|An exception occured in the thread|</pre><pre>POST /index.php/1.0</pre><pre>BTRESULTHTTP Flood|Http Flood task finished!|</pre><pre>Mozilla</pre><pre>BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|</pre><pre>BTERRORDownload File| Error on downloading file check if you type the correct url...|</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</pre><pre>ERR|Cannot listen to port, try another one..|</pre><pre>TCaptureWebcam</pre><pre>taskmgr.exe</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>DC3_FEXEC</pre><pre>Windows NT 4.0</pre><pre>Windows 2000</pre><pre>Windows XP</pre><pre>Windows Server 2003</pre><pre>Windows Vista</pre><pre>Windows 7</pre><pre>Windows 95</pre><pre>Windows 98</pre><pre>Windows Me</pre><pre>S-%u-</pre><pre>FAKEMSG</pre><pre>MSGICON</pre><pre>MSGTITLE</pre><pre>MSGCORE</pre><pre>deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</pre><pre>inflate 1.2.3 Copyright 1995-2005 Mark Adler</pre><pre>%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-02-7.dc</pre><pre>advapi32.dll</pre><pre>RegOpenKeyExA</pre><pre>RegCloseKey</pre><pre>GetKeyboardType</pre><pre>keybd_event</pre><pre>VkKeyScanA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>MsgWaitForMultipleObjects</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutNameA</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>ExitWindowsEx</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>gdi32.dll</pre><pre>SetViewportOrgEx</pre><pre>version.dll</pre><pre>WinExec</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryA</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>CreatePipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExA</pre><pre>RegCreateKeyA</pre><pre>wsock32.dll</pre><pre>shell32.dll</pre><pre>ShellExecuteExA</pre><pre>ShellExecuteA</pre><pre>SHFileOperationA</pre><pre>URLMON.DLL</pre><pre>URLDownloadToFileA</pre><pre>wininet.dll</pre><pre>InternetOpenUrlA</pre><pre>HttpQueryInfoA</pre><pre>FtpPutFileA</pre><pre>winmm.dll</pre><pre>netapi32.dll</pre><pre>gdiplus.dll</pre><pre>GdiplusShutdown</pre><pre>msacm32.dll</pre><pre>ntdll.dll</pre><pre>WS2_32.DLL</pre><pre>SHFolder.dll</pre><pre>SHELL32.DLL</pre><pre>AVICAP32.DLL</pre><pre>1!1,1=1|1</pre><pre>6 6$6(6,606</pre><pre>=!=%=)=-=1=</pre><pre>01m1</pre><pre>0 0$0(0,0004080<0@0</pre><pre><!><pre>;"<?<_><pre>; ;$;(;,;0;4;8;<;@;</pre><pre>7 8$888<8</pre><pre>= =$=(=,=0=4=8=</pre><pre>UntKeylogger</pre><pre>KWindows</pre><pre>UntActivePorts</pre><pre>UntControlKey</pre><pre>UntCaptureWebcam</pre><pre>UntWebCam</pre><pre>UrlMon</pre><pre>(UntUploadFTPThread</pre><pre>UntFTP</pre><pre>_UntUDPFlood</pre><pre>YUntScanPorts</pre><pre>0UntPasswordAndData</pre><pre>XUntHTTPFlood</pre><pre>UntCPU</pre><pre>66006666</pre><pre>No help found for %s#No context-sensitive help installed</pre><pre>No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Invalid clipboard format Clipboard does not support Icons</pre><pre>Cannot open clipboard/Menu '%s' is already being used by another form</pre><pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window</pre><pre>Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Thread creation error: %s</pre><pre>Thread Error: %s (%d)</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to create key %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list</pre><pre>Ancestor for '%s' not found</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file "%s". %s</pre><pre>Cannot open file "%s". %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre><pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre><pre>1, 0, 0, 1</pre><pre>MSRSAAP.EXE</pre><pre>4, 0, 0, 0</pre></_></pre></!></pre></_></pre></!></pre>