HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.FAkeAlert.105 (B) (Emsisoft), Gen:Variant.FAkeAlert.105 (AdAware), SpyTool.Win32.Ardamax.FD, GenericEmailWorm.YR, TrojanVobfusVB.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm, SpyTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 01c662dc797f1cf3c8980dec263750e8
SHA1: 159a2ce368e585b9040dd47143ff10712c407c48
SHA256: e736b03710889365fdd08e59b53dc20662a74d7083e5c63cf1f1c9b4174f3b89
SSDeep: 49152:pdM2rwh0RykDFqK9W6qruPitkUpymA1H/J9Gc:pRwh0tdW iWmn
Size: 2090496 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-12-12 22:56:10
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
hotrolb.exe:444
H_LOADER.EXE:324
hotromaster.exe:372
%original file name%.exe:588
The Trojan injects its code into the following process(es):
ATG.exe:1700
hotro.exe:1692
File activity
The process hotrolb.exe:444 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[2].txt (167 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[1].txt (0 bytes)
The process ATG.exe:1700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\NLA\ATG.004 (1170 bytes)
The process hotro.exe:1692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redir[1].htm (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\VUcWb[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ca-pub-5320542445719254[1].js (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[2].js (3354 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[2].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\zrt_lookup[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\authorization[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[2].js (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ga[1].js (1681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ru[1].png (728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\yahoo-dom-event[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\icon18_wrench_allbkg[1].png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\whos_online[1].gif (839 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo[1].gif (3568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[1].css (593 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14660 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forum_new_lock[1].gif (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\adfly_2[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\x_button_blue2[1].png (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\logo_fb2[1].png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6[1].gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1 (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\view40[1].js (3252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\iframe[1].html (1262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1].htm (1944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (2752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\d_bottom_bg[1].png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1market[1].php (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAYHDVPK.htm (1108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\redir[1].html (175 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rambler[1].txt (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon[1].png (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\yahoo-dom-event[1].js (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[1].txt (3280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAMNWV6B.htm (3338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b64[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\-WzdRTzRa5k6HlJK6-dK9Q[1].eot (970 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4562 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (1842 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[2].js (9 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forcar.org[1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\headarka[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zrt_lookup[1].html (495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1] (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\thead[1].gif (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\home[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (1168 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forcar.org[2].txt (308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\collapse_tcat[1].gif (594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\subforum_old[1].gif (541 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\redirecting[1].htm (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[2].js (1545 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yourjavascript[1].txt (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon4[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[2].css (2466 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-WzdRTzRa5k6HlJK6-dK9Q[1].eot (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[2].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\forum_new[1].gif (934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\collapse_thead[1].gif (594 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_body[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\s[1].htm (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ahl6532[1].gif (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[1].css (2271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\navbits_start[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\google-logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\LOGO_9HACK[1].png (2227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tombolcari[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ca-pub-5320542445719254[1].js (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nav[1].gif (325 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[3].txt (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\iframe[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (1075 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[1].txt (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\css[1].css (466 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[2].txt (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\powered-fps-online-gaming-outside[1].htm (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\en_tran[1].png (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\d_top_bg[1].png (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1] (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\favicon[1].jpg (422 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[2].txt (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stats[1].gif (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\6253827461219388746[1].jpg (12616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[1].js (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (4065 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\1255108524618159298[1].jpg (21024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redirecting[1].ua (108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cat[1].gif (123 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\forum_old[1].gif (361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAIV696X.htm (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\lastpost[1].gif (964 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[2].js (3 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ca-pub-5320542445719254[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redirecting[1].ua (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rambler[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1market[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zrt_lookup[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\si[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1] (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\iframe[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forcar.org[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\redir[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\yahoo-dom-event[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (0 bytes)
The process H_LOADER.EXE:324 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\hotro.exe (32 bytes)
%System%\hotrolb.exe (32 bytes)
%System%\hotromaster.exe (24 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~DF2C90.tmp (0 bytes)
The process %original file name%.exe:588 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\H_LOADER.EXE (28 bytes)
%WinDir%\DFBBYA\ATG.00 (1 bytes)
%WinDir%\DFBBYA\ATG.exe (15021 bytes)
%WinDir%\DFBBYA\ATG.02 (56 bytes)
%WinDir%\DFBBYA\ATG.01 (81 bytes)
Registry activity
The process hotrolb.exe:444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED FA D5 48 DB 9D D2 D5 5A F2 86 74 EC B6 A0 5C"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process ATG.exe:1700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 B1 58 33 B3 DF 38 13 80 05 5F 87 69 EE 52 77"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATG Start" = "%WinDir%\DFBBYA\ATG.exe"
The process hotro.exe:1692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "hotro.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1398452974"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 A3 5F 22 54 0D 6B FA 3D 51 42 A7 65 81 34 59"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 63 66 4B 08"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"2796BAE63F1801E277261BA0D77770028F20EEE4"
The process H_LOADER.EXE:324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 31 CA E5 23 52 99 00 1B 3E 10 8C 69 7D 03 19"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"hotro" = "C:\Windows\System32\hotro.exe"
"hotromaster" = "C:\Windows\System32\hotromaster.exe"
The process hotromaster.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 8B CC 94 59 28 2D DF 5D 9E CC BA 10 DD 5A 24"
The process %original file name%.exe:588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 3C 3B 3D 10 63 5F 60 BF 47 EF F2 6B 27 43 73"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%WinDir%\DFBBYA]
"ATG.exe" = "ATG"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:]
"H_LOADER.exe" = "H_LOADER"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
MD5 | File path |
---|---|
321891610422cee235717f05965c37ee | c:\H_LOADER.EXE |
01e52cc38f3fe324a9e26ddb36dc89e5 | c:\WINDOWS\DFBBYA\ATG.01 |
d2953694651198b4e9031578bf52a939 | c:\WINDOWS\DFBBYA\ATG.02 |
9dd994d5ee6dd09ab083d20d6c887db9 | c:\WINDOWS\DFBBYA\ATG.exe |
d6b2bff6198642950f1bcf491131a38f | c:\WINDOWS\system32\hotro.exe |
e30b602e465fac39a59485dee86db375 | c:\WINDOWS\system32\hotrolb.exe |
bcf7e6fd8b994f3f9a6e23324a4bec6b | c:\WINDOWS\system32\hotromaster.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 40340 | 40448 | 4.81966 | 2d733d29919d8bc133e77c2de5eec471 |
.rdata | 45056 | 9232 | 9728 | 3.72958 | 88e41e43a2075dc0bf713901dd97f9a1 |
.data | 57344 | 8032 | 3584 | 1.58991 | d4668da877d58af66239b78e3837253f |
.rsrc | 65536 | 2030512 | 2030592 | 5.3123 | 8d4cf3faa9c2fef4c3a90cf3a31d987e |
.reloc | 2097152 | 4752 | 5120 | 2.51898 | 8d3f6fb3c0a2cc24688e73c583565978 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://adf.ly/VUcWb | 69.65.52.64 |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.1/jquery.min.js | |
hxxp://cdn.adf.ly/static/css/adfly_2.css | |
hxxp://cdn.adf.ly/static/js/b64.js | |
hxxp://cdn.adf.ly/static/js/view40.js | |
hxxp://cdn.adf.ly/static/image/logo_fb2.png | |
hxxp://cdn.adf.ly/static/image/ahl6532.gif | |
hxxp://www-google-analytics.l.google.com/ga.js | |
hxxp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei= | 69.65.52.64 |
hxxp://cdn.adf.ly/static/image/skip_ad/en_tran.png | |
hxxp://cdn.adf.ly/static/image/d_top_bg.png | |
hxxp://cdn.adf.ly/static/image/d_bottom_bg.png | |
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
hxxp://c.global-ssl.fastly.net/nr-411.min.js | |
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=14&fe=16968&dc=16968&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&f=[]&jsonp=NREUM.setToken | |
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=19&fe=2000&dc=2000&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&f=[] | |
hxxp://forcar.org.ua/ | 91.200.40.25 |
hxxp://forcar.org.ua/clientscript/vbulletin_important.css?v=381 | 91.200.40.25 |
hxxp://forcar.org.ua/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=381 | 91.200.40.25 |
hxxp://forcar.org.ua/clientscript/vbulletin_css/style-b09cab93-00002.css | 91.200.40.25 |
hxxp://forcar.org.ua/clientscript/yui/connection/connection-min.js?v=381 | 91.200.40.25 |
hxxp://adf.ly/callback/0e237ea9065e220e5889ff7139d91ba8 | 69.65.52.64 |
hxxp://forcar.org.ua/clientscript/vbulletin_global.js?v=381 | 91.200.40.25 |
hxxp://forcar.org.ua/clientscript/vbulletin_menu.js?v=381 | 91.200.40.25 |
hxxp://forcar.org.ua/cb/cb/headarka.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/cb/logo.gif | 91.200.40.25 |
hxxp://pagead46.l.doubleclick.net/pagead/js/adsbygoogle.js | |
hxxp://pagead46.l.doubleclick.net/pagead/js/r20140527/r20140417/show_ads_impl.js | |
hxxp://forcar.org.ua/cb/cb/nav.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/misc/navbits_start.gif | 91.200.40.25 |
hxxp://forcar.org.ua/clientscript/vbulletin_md5.js?v=381 | 91.200.40.25 |
hxxp://www-google-analytics.l.google.com/pub-config/ca-pub-5320542445719254.js | |
hxxp://pagead46.l.doubleclick.net/pagead/html/r20140527/r20140417/zrt_lookup.html | |
hxxp://pagead46.l.doubleclick.net/pagead/osd.js | |
hxxp://forcar.org.ua/cb/buttons/collapse_tcat.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/statusicon/forum_old.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/cb/cat.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/cb/thead.gif | 91.200.40.25 |
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078 | |
hxxp://pagead46.l.doubleclick.net/simgad/6253827461219388746 | |
hxxp://pagead46.l.doubleclick.net/pagead/js/r20140527/r20110914/abg.js | |
hxxp://pagead46.l.doubleclick.net/pagead/images/abg/icon.png | |
hxxp://pagead46.l.doubleclick.net/pagead/images/abg/ru.png | |
hxxp://pagead46.l.doubleclick.net/pagead/drt/s?v=r20120211 | |
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47 | |
hxxp://forcar.org.ua/images/icons/icon1.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/buttons/lastpost.gif | 91.200.40.25 |
hxxp://forcar.org.ua/images/icons/icon4.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/statusicon/subforum_old.gif | 91.200.40.25 |
hxxp://forcar.org.ua/clientscript/vbulletin_read_marker.js?v=381 | 91.200.40.25 |
hxxp://forcar.org.ua/cb/buttons/collapse_thead.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/misc/whos_online.gif | 91.200.40.25 |
hxxp://pagead46.l.doubleclick.net/pagead/images/google-logo.png | |
hxxp://forcar.org.ua/cb/misc/stats.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/statusicon/forum_new.gif | 91.200.40.25 |
hxxp://forcar.org.ua/cb/statusicon/forum_new_lock.gif | 91.200.40.25 |
hxxp://pagead46.l.doubleclick.net/pagead/images/x_button_blue2.png | |
hxxp://www-google-analytics.l.google.com/v6exp3/redir.html | |
hxxp://www-google-analytics.l.google.com/v6exp3/iframe.html | |
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47 | |
hxxp://www-google-analytics.l.google.com/favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A | |
hxxp://counter.yadro.ru/hit?t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 | |
hxxp://counter.yadro.ru/hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 | |
hxxp://counter.rambler.ru/top100.jcn?2169552 | |
hxxp://pagead46.l.doubleclick.net/simgad/1255108524618159298 | |
hxxp://counter.rambler.ru/top100.scn?2169552&rn=445673780&v=0.3i&bs=797x382&ce=1&rf=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&en=windows-1251&pt=ÃÂòтþüþñøûьýыù фþруü ForCar.org.ua&cd=32-bit&sr=1276x846&la=en-us&ja=1&acn=Mozilla&an=Microsoft Internet Explorer&pl=Win32&tz=-180&fv=11.6 r602&sv&le=1 | |
hxxp://www-google-analytics.l.google.com/bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js | |
hxxp://www-google-analytics.l.google.com/v6exp3/6.gif | |
hxxp://www.gstatic.com/pub-config/ca-pub-5320542445719254.js | |
hxxp://pagead2.googlesyndication.com/pagead/js/r20140527/r20140417/show_ads_impl.js | |
hxxp://googleads.g.doubleclick.net/pagead/html/r20140527/r20140417/zrt_lookup.html | 173.194.43.122 |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | |
hxxp://pagead2.googlesyndication.com/pagead/js/r20140527/r20110914/abg.js | |
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47 | 173.194.43.122 |
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47 | 173.194.43.122 |
hxxp://pagead2.googlesyndication.com/simgad/6253827461219388746 | |
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt | 72.247.8.51 |
hxxp://pagead2.googlesyndication.com/pagead/images/google-logo.png | |
hxxp://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211 | 173.194.43.122 |
hxxp://pagead2.googlesyndication.com/pagead/images/abg/icon.png | |
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i1-v6exp3-ds.metric.gstatic.com/v6exp3/6.gif | |
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078 | 173.194.43.122 |
hxxp://js-agent.newrelic.com/nr-411.min.js | 199.27.74.175 |
hxxp://t1.gstatic.com/favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A | |
hxxp://pagead2.googlesyndication.com/simgad/1255108524618159298 | |
hxxp://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | |
hxxp://pagead2.googlesyndication.com/pagead/images/abg/ru.png | |
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html | |
hxxp://www.gstatic.com/bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js | |
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i2-v6exp3-v4.metric.gstatic.com/v6exp3/6.gif | |
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html | |
hxxp://pagead2.googlesyndication.com/pagead/images/x_button_blue2.png | |
hxxp://pagead2.googlesyndication.com/pagead/osd.js | |
hxxp://www.google-analytics.com/ga.js |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /static/image/ahl6532.gif HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 06:28:21 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "c9d-51b1c54e-616cf7bbbb5ed14c"
Last-Modified: Fri, 07 Jun 2013 11:34:38 GMT
Content-Type: image/gif
Content-Length: 3229
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:21 GMT
GIF89a..:....GPL......rp3..$...{...1U2JJ-Qp.;a...........,..1...7h..y4.....-..qOQ7..3.......5Z.................4....=Q...p..Hg..Eh.*M......[..'%'..BUr...G............fm>.....F.....E..n......779...M]C..X...[e=>@Fq.....ijm.6[a}._x...Q........p.3O..8Pl......\.3W.>a.....Z......m.... ..6.#.......Fy...U......#.!..>=6) .8l`;.....!;/.B`|J@..,A0- .6W...7\{..R.0T./S.8^.7].;b.:a.... M.,O..Q.-P.*L.9`.)K...!.......,......:.....u..uR...2./...2*.....**..............o..W....W]/............*./...(..........&.]....../............2....................v.....W...TG..%~..*\......#J.....C(....Q....(..I..I.......eG..L..I..M~}r..i.b.!.\...1...H.*].....P.JmZ..P..........`...A.G...L8..`..#...8.b`...^....2...WCx.@!...&.*n:...;g.&......9&.......r..}..C..(.{.2...0k........;...|..e7..w^p.Fh.9.(_..y..U..8r...2g.....I....../..............M..l......la.`...$..ZK....v....~.6..y.5..{J(...v.'_qR8.!xE....:...[U<...(.`..."...4..!z...Ao...F.-.`ao.h8....(...L6.$.Z.0..V.....0.@..x...1n...m<i..h....76.....P..NJ....q.....G.......g.....@`..Vh...e....c8....f.)..A..........yY.|.i...>.F.l,.@...`F.#8Z..."... .A..".j..m.!.g.}@..i.P\.O......Y...rKh..4.........P..v.R......D...k....[...F{..R.K..?@.........3.....p...L.C..me........."1..#P...(.|/.E...e.0,..R(........k$...>,A...o.%......jP0.._\6.... ..@ ...38pu..J........Z..).E.q..;..a.i.pb.-.k..wcpD....x......P....8pY.....F.....a.g...m..E.0...........N..@$.F...@..@..................f&.....[f.....D............*...M..D..a.|...$...w..z.........;...`........7...s.@o..;).....^..e8..`z....|../.a...
<<
<<< skipped >>>
GET /static/image/d_bottom_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 06:28:22 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "a7-51d450e3-500e6ae194574ff5"
Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT
Content-Type: image/png
Content-Length: 167
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:22 GMT
.PNG........IHDR..............i.N....tEXtSoftware.Adobe ImageReadyq.e<...IIDATx.bx....................3<|.......w^.f...?....L...1......,.......@...or-y.y.y....IEND.B`.HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:22 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "a7-51d450e3-500e6ae194574ff5"..Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT..Content-Type: image/png..Content-Length: 167..Cache-Control: public, max-age=604800..Expires: Mon, 09 Jun 2014 06:28:22 GMT...PNG........IHDR..............i.N....tEXtSoftware.Adobe ImageReadyq.e<...IIDATx.bx....................3<|.......w^.f...?....L...1......,.......@...or-y.y.y....IEND.B`...
GET /static/css/adfly_2.css HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 02 Jun 2014 06:28:10 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "97f-51dd3f45-1ed891dab493e028"
Last-Modified: Wed, 10 Jul 2013 11:02:29 GMT
Content-Type: text/css
Content-Length: 787
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:10 GMT
.............n.0...#...F..).@ ...Z....J....jld.4i.w..l ....w.c..7...:..)eI.#.u.?...(..2...G....mm..p^..i.Y...X......Q...b.j.A...p..%B.B..3.....R.OT.=.v...F#.....V...r.{..a")...xT%=)...d.&..9..1....2...D.. .^r."4Yx...C...a..s..ll,Y0...p\H~.....#.....fW.......K........*DW. 0.....z....Cg.>ji..T....3T.H.].7.....G:lmC.......k.s..U..K..B..G.n.E.>C.../.....9VI....\...L.92.{.!Kw...6...........<.O....;..._S..n...B........... ...Z..y.F,.....@*,.z.YU..d~...2../../=..=..~..S...R..6=".e.hmA..lH...T..RI.....y.`.....c..X......`.:g;U ......lj0..h<...eG.m.,......O...s..Lv..]..s.<Lo&.Ag>T]..z(./..\O..".oQ...._v).....1...!lE.....4.......r.V..X!l7....B. .Z{F.._O.:.......K...a...K.e.y\o..q.M.}..*.....%.G......j......<w0g..2.2...E9..d.._...1bY....[...':.^..........<.v;....`a..A.`..!....3.....|.....HTTP/1.1 200 OK..Content-Encoding: gzip..Vary: Accept-Encoding..Date: Mon, 02 Jun 2014 06:28:10 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "97f-51dd3f45-1ed891dab493e028"..Last-Modified: Wed, 10 Jul 2013 11:02:29 GMT..Content-Type: text/css..Content-Length: 787..Cache-Control: public, max-age=604800..Expires: Mon, 09 Jun 2014 06:28:10 GMT...............n.0...#...F..).@ ...Z....J....jld.4i.w..l ....w.c..7...:..)eI.#.u.?...(..2...G....mm..p^..i.Y...X......Q...b.j.A...p..%B.B..3.....R.OT.=.v...F#.....V...r.{..a")...xT%=)...d.&..9..1....2...D.. .^r."4Yx...C...a..s..ll,Y0...p\H~.....#.....fW.......K........*DW. 0.....z....Cg.>ji..T....3T.H.].7.....G:lmC.
<<
<<< skipped >>>
GET /static/js/b64.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 02 Jun 2014 06:28:11 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "dc0-533ef451-73228b2e988dd6e8"
Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT
Content-Type: application/x-javascript
Content-Length: 1103
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:11 GMT
............]r.6...s..L[R#..$Fu% ...].u.. ..L."A...0 (.... ....K...I...LI..&.L4.1.../.X.G/..b.....k.....5].H.~}..k6.\.;I..Q=...z.f.G..%.....qsA.YD......F.=8.......1...LB|.......FRL...l.K.K.M..HR.r.'.... .{t.8L..3.9....'.h.....dq....P:..#...{..\..v..OXQ0..%c....g4.(W4~.P.'..... .@g$.........K7j..HIU"qO0.8j....{..;.p'...'....g.........TJ....y.DgE..?~.....@...z.d....p.`<.......l...S_...um.......w;......q...g....ON_.......zc..O......U2..]^.....I.........K.V.D..:..q....c..#...0L..H...8....zM.....7DJ.}...-.y`~V>.0.q...zn2g=.....C"jf5<9.n.0...&;...].4...q&.|I).GQ...J.'..>....[.0......m...LV...........e..K.^.pc.Z]...8\..N...KJ..>..:|.k..w..o...U{.d.....\X..Kb....b...YV<l......"..$..@i.ls\..d|.....S...).vZ.....A}a..<.Y...r........6....1V~Q.......`.4....].[....P.?.FS.7Z....Ps..!......z]...|n.p}...#l]o.=.}..d"...O.,...Q.R...hNF.T..p........H.=..sVH..s..@....?.K......|...~f...*(..."..X..f...p.F%......?m.......k.~5...B.....^.Z...._...t.....K..M..<s...P.e...o.?....]...QR..O)....Yq..........x.......j........T....vy[K-0..Q.?.."..?.L.*...h.tM5.........J.\..........E......s.-..Q@..._...7.x.j..n..............
<<
<<< skipped >>>
GET /static/js/view40.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 02 Jun 2014 06:28:13 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "112ea-5372285f-283eef96a4a92c18"
Last-Modified: Tue, 13 May 2014 14:12:47 GMT
Content-Type: application/x-javascript
Content-Length: 32888
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:13 GMT
............w_...>.V&..1C.....4.i*(.x$@h..I....?......s..z..>1!.].^....v.X<..=.^.n.wQl.8..._.}.(. 33....:..:.3.>..............T...W. Y...}.......v..;.T.E...xu^... .....Y.x~.'K..8....~.;...-fZ..(kZ.@.....r..!#......].....G.c..Y.b.;.<~....~`.g.X.....l..K."G.....d0...F....2.pd....y..9....J... .X2......{.....,.$y.........b...$..n...@ .G..J.R,.A.mz.W...o/W......l......W..P.....{.Rt..a....^I.~.......r.. c..3..Y9.d....vkf...e...5.....V1q..b.9..f/..^.O.D.!...........4..........x.I.:.. .e..P....|..VZsg.9...6m..*.....{._..f^9.h..<.~M3G~.pF....~]{./{Q._).eY........T..r".s|YM.....xN..q.....R...(..^9..f.D2e...8,..A..s.2......o.q.}....B6 .z~....?..W.QRv<...C.%^...R.O...:...N.!=B..3 ,.Z&...6.s%....I....%..^..c...{Y........6p.u@@P..9".5..5#.xa....r$.H.....er". .?wC..4.#..e\`...Q..].(BY...:>P\........r..`.D..^..|n..({~..e.,...1 \....P.! ...C.......Z.b.v.....,.H...r..NB.W.8..-)..Z...c9^.%...i..5".*.[...].&m_.5'..' (^....L.:L......LW..`X.h..X.....).t.T.c...R.?...ck..^.<B.@P....[..{1..wc!.A..d......g.V)...@..p.7..0]HCx....N..p.V...R]..)..p.9......).uy...........X..^..u}.........D%T........-8,....=.. ........8 {X.JkN.. ..s..{dz.gM...5#.....7IPv.....3..d...I....(.......5l=(....|%i..4..K...|....1....hT9......@.i3X"...........&.?..U.[v]A.`...)....X.)0la}.C.......e...r.4}.sR'..8.p...!.J .ZN3=CO..5w..."'..ul...H8....Yx...).P...&..G.v...~.N...D..p...b.P.B..!z$...9.C.8....,..!q....."....t5.I...K..........c9.e.9v.K)..`g../l.%..r..8.P./x.........|n].........b.U(B....%..M9A.......X.&By~....4...F.Z../.H..@XLs......`
<<
<<< skipped >>>
GET /static/image/logo_fb2.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 06:28:21 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "188b-5116a59d-2f8f7edb8dce95ec"
Last-Modified: Sat, 09 Feb 2013 19:38:05 GMT
Content-Type: image/png
Content-Length: 6283
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:21 GMT
.PNG........IHDR.......b.......G.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.V.s.o*p.-**.........*r.....R.l....,........;,v.-x..h."\......Rw..'Ns.....C%d.GIO...aT2..0}.....T..#r..c...(...$`..Y.(j.Jy..........b....h..6..th..#^......."s.#j.!l.......E|.-z.'n.:v.%b. t...%.y?..3......m..&f.,w.8{.].......K......'h.K..R..F.......I...(l.........C$b......p Z.............(k.6:B*i....$_.4j.........X......t.."\... -z.Rv~.[.z..#u......9..@.........'f.-y.... n.rto&i....#^...;)o.%`....uf;..W s...7.n.'t...X T.^....A...;r.-f...:...%p.'i...9...Q...g.-x....,c.:j.!..*w...1^.......B e.&e...^# !'v.>....T!`..V.B:,&g....$a..b.!a...!......l....Y.....T.....M#\.w...n."c....&w...1"d....._.%f..O.#)44p.,p.1b..X.)m....#]..].)x.VWZ.x.'r. o..y. q.#h.'_..[.!X."Z."[."Z."Z.!Y.)n.#^.'h.-{...y#_....D.....e_T(\./j.`..&b....%\.a.y.."......$[.,|.-|.!Z. y..z.0t. s.3z........v.d...!IDATx....\T...7.8.... B....QS..AA..d.x......0..a..<>....&......D.@M3Q,<.I...z.q...[..oz....^k?...s.....0{.~.........\s7vK.Z[[o.v.[..h. .?......~..xk...e.Hh.{...w.]A...f....:..]~ .]]6...#.!.s...m.....g. .j.j.,. .......of.K.S..I~.[..D.....g........e.%..$.....$ 2.....?..~o.wK"_A.D8...X..1...H@....S...q...O7.....W....w..;......!..y.S.....=....?.......tW.m,K.O".H(......m..c....qj...*....&.d..*,....!Rp..Ax.r.>|........B..QC.KT'U)J.6i..u.D.`.1.0....F..~..........t..........cH......H ..:.* .w....FGG/z...|......$k.Km5.Y5..!.....:......U..zc.........K.l...1...R.VT..h,M.....(x.N..[...9!.@/.]...h..<|U....xE..6.".H.b...B..... ..g.......=.^C`.....S....X.R.......F_..H
<<
<<< skipped >>>
GET /static/image/skip_ad/en_tran.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 06:28:21 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "13d4-51e829a4-3949693a3ed59e6e"
Last-Modified: Thu, 18 Jul 2013 17:45:08 GMT
Content-Type: image/png
Content-Length: 5076
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:21 GMT
.PNG........IHDR.......)....."c[.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<
<<< skipped >>>
GET /static/image/d_top_bg.png HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 06:28:22 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "9c-51d450e3-8ab0ff4e53d010b5"
Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT
Content-Type: image/png
Content-Length: 156
Cache-Control: public, max-age=604800
Expires: Mon, 09 Jun 2014 06:28:22 GMT
.PNG........IHDR.......;.....5.w.....tEXtSoftware.Adobe ImageReadyq.e<...>IDATx.b..Ifb.........4..a......j...!.E.......z.......O...u.....k/.........IEND.B`.HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:22 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "9c-51d450e3-8ab0ff4e53d010b5"..Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT..Content-Type: image/png..Content-Length: 156..Cache-Control: public, max-age=604800..Expires: Mon, 09 Jun 2014 06:28:22 GMT...PNG........IHDR.......;.....5.w.....tEXtSoftware.Adobe ImageReadyq.e<...>IDATx.b..Ifb.........4..a......j...!.E.......z.......O...u.....k/.........IEND.B`...
GET /1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Connection: Keep-Alive
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 02 Jun 2014 06:28:24 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.5.8
P3P: policyref="hXXp://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"
Cache-Control: max-age=0, no-store, no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 02 Jun 2014 06:28:24 GMT
Cache-Control: post-check=0, pre-check=0
Set-Cookie: adfly_421124=1480940; expires=Tue, 03-Jun-2014 06:28:24 GMT; Max-Age=86400; path=/
Set-Cookie: market_421124=1480940; expires=Mon, 02-Jun-2014 06:29:24 GMT; Max-Age=60; path=/
Content-Type: text/html
Content-Length: 1299
...........Vmo.6..>`..%.TBhYN.!...M....nh...g..DYleR%.......$.d.2l.!....sw...ev.....(.,.7..h.-C..E..-.-....\..xUp..vF...l.9..8c.pKo...c...#.kQXd.....nY ..K!.....}~....k...}.......Ws..2.BI..I._..H{0...HN...n.F..1...Bik.....$.p..,.=.tKd.V.M...t".C.m....LE...".K..V.Vka.8..%..E.R..........^.{8T#..\.m6T..>.7QS......'......nJv.........M.....(..g3a@'..,C...N.>.U"An.... )~..h..Q...u....|-y..U0..Lr...5..)i....5..n..~kpu.gx.?.U...y d.h..f8....=..9p..r.si./|..!f.3...bo.._0S.......*.........e..a..rwg.c.K._..Y.......nD...L..d....K0a..%sp%-.Xsf.../...;...K.c.a........e.,.y.e.............r...d...&{{....0.v.%j.....V..UK.O.%.._~0.v,........- .II.sK.Z...K..1..$y~..W..N\c...Z.g....z....-....Y.q..-I*...J"@G..s!.....Rs.M...........__w...*p.."....Ym ...._Lb.).....A..s..v..bg...5N.6v...w9$U..5...........c.{..N....[..c..!.....V.N#^.o= ..]....R....l!.hYf.....W....p.^2..'.!.Da.?t.z...B...=...U.w/...|....P..<.....OC..t|B...[..\-#..$.r..`...f..Z8....s.....`...3.....m.....{|t0...=..r..J.}W.....~w;.\P.v...F".l..xPy.Q.. ...u.M..<...9.<X.....E.3.(=.JH.H(...F....@...p....L..y...u..h2E.R$6..DwYwc|:...:.....p..i.g.e.:r;.....4...@...oo.P:9`G..,>8..{7.,..O..G!98<<:>..4..Ys...n....y7....}x}y.%..........Y|.6.~..z.6.^.qs=......f.lp...U).p....?V_.l......Z.J.'..q..>.D......Y.A...X.lz..^....2D.,..>.\oh6.wt.................
<<
<<< skipped >>>
GET /1/92a411bc23?a=4058140,2334836&ap=14&fe=16968&dc=16968&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&f=[]&jsonp=NREUM.setToken HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon-3.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=5f58b1292c8fd66a;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 21
NREUM.setToken(null).HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=5f58b1292c8fd66a;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: text/javascript;charset=ISO-8859-1..Content-Length: 21..NREUM.setToken(null)...
GET /v6exp3/6.gif HTTP/1.1
Accept: */*
Referer: hXXp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i2-v6exp3-v4.metric.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 14 Aug 2012 10:47:46 GMT
Date: Mon, 02 Jun 2014 06:28:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 35
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
GIF89a.............,...........D..;..
POST /callback/0e237ea9065e220e5889ff7139d91ba8 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://adf.ly/VUcWb
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Content-Length: 538
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b; adfly_421124=1480940; market_421124=1480940; __utma=255621336.1513332806.1401690508.1401690508.1401690508.1; __utmb=255621336.0.10.1401690508; __utmc=255621336; __utmz=255621336.1401690508.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
hithere=TAkyVOUyNICD4MwxQIyjkLi1L4CyJMygZIWFZTlDcBiCIV6FI5ikILsgIsmDlOk0ZYWj5L02IAjToNw0LACjJLmwb4GyFMzgaICFIT6DMBCCwViFc52kNLygZsXzNN3yIcjDoMx1M4jCcM2uLICDJIzSYx30JQlgcQ2VgRiOO5jCgI07NEijwViTdB2yJOyxZ4XSNN3gIQjloT4gMMT3cdsvIRnmdbipcdmFVIz7aACjIL62NADSgRxJLNCVJTtgbs2TJZpsbJGWUai0OFjGAcstI9m21YvoYAmClMsuZQVz9LvhcxyGIb6pIpk35bvNIJiiwOiiYQWnNb0ladWW9YuyIVj2oc51LJCCJL6iIgjToYiiMFCT4OykMlTzkM3xMcDjEZ5mOlTDYO34NUTTUZ3wIIijwMilaVGjFNzwakCTIY6lIdjzNMhyOUTGgMziNoTjAIxkNlj2BXinO9DGkb0iZwTiQI11ZcGDIM2xNIDiIO4iZImXVZj2YJ2CNLiwZoDjIIy4IJny0eu=
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 02 Jun 2014 06:28:33 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.5.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 20
......................
GET /nr-411.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js-agent.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: 6CeMIe04eHDxYl3UIzhPH6N4C4xCWtKapRrJ2b0qJUFkcKTFXHK0lHXHhy/AummG
x-amz-request-id: EA9C911887CF8508
Cache-Control: public, max-age=315360000
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Thu, 01 May 2014 23:15:58 GMT
ETag: "9050946217be03f42647b3f708ef10d3"
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 14831
Accept-Ranges: bytes
Date: Mon, 02 Jun 2014 06:28:27 GMT
Via: 1.1 varnish
Age: 247262
Connection: keep-alive
X-Served-By: cache-d98-DAL
X-Cache: HIT
X-Cache-Hits: 5380
X-Timer: S1401690507.845602036,VS0,VE0
Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});var i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.exports={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){function t(n){return c[n]}function r(n){return null===n||void 0===n
<<
<<< skipped >>>
GET /pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Jun 2014 06:28:42 GMT
Server: cafe
Cache-Control: private
Content-Length: 21706
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
..............#Kv ...@..y.Fd".&..J...;...y...[D`.L3.i&....dz.%........d.....9.. .dU.......BF.z......?..._r.a%.d}.|.`.....A........._..2Y.\_\.RY....h....%..m....<y....9..'[.F.........[...J7`.....Z.<./..._..5.q$.%...o.Yn.T.|*.(.b)..._&.G....y..n..s3n..M..&.Z.c.S<...Ca..=.7I...qM..&<.....a!.2.9.Am..R,C.`.g..mXMW'..CC...9.8o....M....p.s......v9.].....2..H.I0..J.oI.7.tt....10......%A.).~L.J<.{...."......Jn.....w.*0/4....(.Yl.%i7.x>....D.........q...M...n....~........p.,..... `..YB....JI.c.<..1..;y..........!.).>..]_......&OD."...=...y..."........*vj(...!/..pp......q.S.9...5E....\.!p..y..D@0d7i.......I>t.R..}aJ<.....0....%U!.3I.&.K...0...Evl.....).;_a.5*k.....?_'.u__...*....I.2..W.{..$P..&......Dx.Hr.......o^.?..W.........2.f.j...1..).8v.\`.V.3.p.i.\..Y.z}..$`..T...D.Q.....f.F.>R6..2......b...t......]...5....\0...9...o.3H.....`Z../..)....z]. I\...g=.h... .....!..YM_...%.p.Ar..'..hi........LB....;.YXc..v..#..V..M..Gb.G..P........T....%E..B*4Y_....!w..8...e..U.......g."C.....A..u.f{.Y.'...^_W.W._.9....Z..........r./@0...............-2R......}...9(.@.....!...'.N.....]...".z.0>Y0n.....os......x...$.$.....E.LR.....U.....].?...k.3ni.....d.$.3$.U..#*.]B....H.VK.y`...jKe......i..0..:..g...".v...J...........n'..=r....."..8e..!.z.&L&..;.........q.k.g.e!..\l.........,..>.#.] ....5m....U%........8:.W.t.*.?..N*&.S.YfK........2. .R.Tn-.'.x6.............S..@..R..[^..Ma7..w..S.._ilOz.....3G.~......|...>............s.N`_.<.z...5..|8..5'..l.X.{.u{.k.W.RZ*Hi..JG....._l.L...$G..Cx=....J..5..~
<<
<<< skipped >>>
GET /pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Jun 2014 06:28:44 GMT
Server: cafe
Cache-Control: private
Content-Length: 24103
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
............Y.#Mr..>.......P.L.G..p.....m.'....L.]e&.f........].}...,G.I.._..G....].=..LK.;..........q.{.i.._.........y...g.{...>....._R.. .0......y?'m.k./K.......RK.q.*&)...A.B....=X..:R.%.y.L..j>.H..}..1.....!.o......`.lyI....E.^..,.....-...a..........]\..Kj ...}4..1.A.&q..M:.}@...../...t.g..@....=..Y.y... .d.3$WJ.<v..ax.....U..g.V...7.....p...........6....~..<....v{q..{.......1V~ ......ln?.Q....'.h.........}..<J.&o!R.B.`!..y.yU4gO(....^..o..U...5...=..=...>z.f......k'A8..".}.z./.-z..2..........fI..bZ.a.2....{j..4UH./G6ae..e<.y~..g0../a..y..~.....^...0....Z#.6.}..}n.....-......G.....{.9Y...p> ..V?{.9..9...p...^s........U....YAx.....8.P...C(F<\.......^du..j.....~7M._. ..@..~.#.......p.L.....a.*..}.j...hk...U..X....f_.....(g\.......m.....,b.g.4..63.......w.......1.<2k..T.....1..........t..B8...8:jG....cCA"f.{...G.....%...:6..'..=1.4..X......|...\.#.......4.s.U..\j.[..31F..1I.....b/%l......s..O.QV...74...&bg........T ....$4........).>?y?.......~..*Z..``.....8..2....I..2...u@....9..l.FO.....:.B..IZ...Z6..#<XEX..H^...Ps..mw.S..0=..uYu....d....\...g.........r,l..[v....(^.....z.^..Q.gD..........{.<Kf...t.U........".c1......OEJ.0.....!.=.U.2....e|.F..i...Lfh...v..:.#..a....~.....J..fZ.l).~,...q<I. u..p*.T..3........Q..gP...6fP...D.<...#.t.=?/._..z..1.5.rH....l'Z..m(....v.......Y..........L.6<..QZx........o.Q6m.$.....D.#..KY......].....GIu..h.G~..=R.......s.}..DK.=.[Lq.>../.9k..&Ky...gK...i..O....O.O......e^..V..mF...h..:....:..d.f^]$.3...Q W.`0J8...y\...#Z......s.
<<
<<< skipped >>>
GET /pagead/html/r20140527/r20140417/zrt_lookup.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
ETag: 17039503424336669516
Date: Thu, 29 May 2014 00:33:36 GMT
Expires: Thu, 12 Jun 2014 00:33:36 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 4660
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 366904
Alternate-Protocol: 80:quic
...........Z.{......".....j ..)...m....6.g/...m.(..........d.C...9..... i...........~.....8.EO.....v4V2xz.2.^...g.M...I.:J.E.t.T..\.*...$.....|....$U....r..{G..N...=;\.~>Ib..^.t.$..$..E5/..'...J.}.NB.J.O..-!<.!`...I..2...8M..KU.HcK..r.a..C..}.%<.0..<M..p:yr...x..2..K..7...:...j.J..[A...&GC-.V..y*......x......T.$V.u.^....W.....J..W...V.."...^.-s....."...}I.N.....It...R..JE../f..`.==E.VPP..2.&..B)...iM..g...ZP5.g..B...4.y.;.<gK}=...6s=g............j.,...{l..... .5$.....=..Eny...{....^..m.#.6^.U.........k.D.z..zcg...[.vx...x.>.}A"9.P.......*diW.....&.s}q.v.T..~...?....tg.v.*..5U.........Ijk*...%..\.2{...(4....Y......e..r.Kf.|.. ...&.....O..t-%|.......y$......N,g..G.!".RT..C....;j...o5....T....-....r.$1v`....5.....4.t^X.G|.C.7.Al5C.........l&B.bC....".l{...............Z.... h.......!......c17.o....[#N.J...m...b.......I..i~...r......#..w.hj...L.o..j..A/.Y..n......@........x..%U/...}.'q....E...:.......l.}Y........&..c ..`..q.\...R...?..X.:.n..0J..s....$m.]..q5..`..X...8q..sbE7....i..._>..=...K.W..J...\O..8....^..W.x....oe>v...df.#.[..N..J;j...O..F*.8l.....S..Ij5}...D..>...K.{mM.....ge....w[....(IF..n.`R......P..Z.'........._...Bey.\...,...h.b..4......I.hd[.....8Y...!.^.&o..............k,.....P.}9.bq..N...`7.A2m!.T.<....... &.\f."U.'.....g.l...T....vU....7....j.=.~.....=....J."E?......g!.6..@..7.C..-..-...N...d.<A.r...`.....O..>..i.C.......bG.:..........Y...&.......[!T..dk.F......vea..#.m.Q>...E.d....1.....d..t..#.W.....8.c.i...=....N.p.}.0....2..{.9i..r{..G.....?...B......:..7.;
<<
<<< skipped >>>
GET /pagead/drt/s?v=r20120211 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e
HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Jun 2014 05:37:23 GMT
Server: safe
Content-Length: 145
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 3080
Alternate-Protocol: 80:quic
..........%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./6PzR....HTTP/1.1 200 OK..X-Frame-Options: ALLOWALL..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Date: Mon, 02 Jun 2014 05:37:23 GMT..Server: safe..Content-Length: 145..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=3600..Age: 3080..Alternate-Protocol: 80:quic............%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./6PzR........
GET /pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Jun 2014 06:28:45 GMT
Server: cafe
Cache-Control: private
Content-Length: 19387
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
...............J. .._.dU.%.. ...d.q...ys..;H...p....n..L=..L.jIoz.)uM.......?.q,$.D......Z.*...........;F......c-}...e....n.$...w.....$Q^...hER.'....?. z...h...<A.....D.......=<|..q..iMT....g.PK....[.......N..e....S..lEd|..\...>?.?......Y\.....5 ..<k.%.?..u.*.).VV..N....._........v..O0.J:...l. .....rV/t.=B........u....... .C!;)D....t(......4........nR...2. =D..I\...D..(.-.>P.. .........k0..^cU. 2..`.0...`........c.....!?.....t0K|d.qM:D=..P.v...W.d.q.W.d..I_.....j.aj..b.'B...k<.;y<4.Xp........F. . ....Z.a?...~..... ..D..a.s....$eO.#.)o..%.. ....of..k..Y.X..O....|.~...Zt...r.l......sJ......S$e..,..z.."-<..>.........H........G].9........\:.E8.I.42.$..&.RcQ..P....G.....?......h....{& ..._L.....B.L.L.......,.....*....... }./.....^_..0....wT..g..y..M.....#1T.0.-X...8.....H..@...`..H .wd..OO..P.x....{.....o.0T.%.^y..O.`. RD..*w....g..K.Y...3.....|..S5 ..r.........v...L...z~zG:.........}v....-..B@\>........ .. .....`Z...>.U../...l@..<.(N.Lh........M#.7......B#.e......A..Dd...Z.E..(.x..........a.2.Vs~.X..x.....f... XH......Z....i.dGaX ..\5..\.F..BP..8...gI...t.k....(....g8Uq............3..fB-.c.....E$.V._..../....Z9......m....xjP.....5.M@.'.`.!...g_..Gl..R..Ob9..........~...z...!x..V...J.....B....Sf......P....F..D&....../.....H<U.6.').'Ad.V..T.,D....tE2.......@;..E.9......0.. ZZ=.(.z..\.Ai y.n....}.V./F-.. .m....Qs...~.X..lq./..\.p.....Ip..._~Z.........~S..j.|.\...q...k.~....4;....S.J.p2(.;...z...8...[.....5]...........1....,I....f Fn.c......Vc........6.......E....SF....5../..|..j
<<
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=7809
Date: Mon, 02 Jun 2014 06:28:26 GMT
Connection: keep-alive
X-CCC: CA
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=7809..Date: Mon, 02 Jun 2014 06:28:26 GMT..Connection: keep-alive..X-CCC: CA..X-CID: 2..1401CF3DB40B609892..
GET /pub-config/ca-pub-5320542445719254.js HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 06:28:40 GMT
Expires: Mon, 02 Jun 2014 18:28:40 GMT
Cache-Control: public, max-age=43200
Content-Type: text/javascript
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
Content-Length: 75
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
...........H..O.I.O,..K.O..K.LW.U(..K./..&YS.P].......X.S...T^]k......?J...HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:40 GMT..Expires: Mon, 02 Jun 2014 18:28:40 GMT..Cache-Control: public, max-age=43200..Content-Type: text/javascript..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: sffe..Content-Length: 75..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic.............H..O.I.O,..K.O..K.LW.U(..K./..&YS.P].......X.S...T^]k......?J.......
GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Thu, 22 May 2014 16:48:47 GMT
Date: Fri, 30 May 2014 20:20:46 GMT
Expires: Sat, 30 May 2015 20:20:46 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 5861
X-XSS-Protection: 1; mode=block
Age: 209280
Cache-Control: public, max-age=31536000
Alternate-Protocol: 80:quic
...........;.w........V....m0.........G...1...4.....$.........z.F...hf...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b...........w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$..u$.T.F..d.N.\3.Pc.f.|....G@.....BT9.$EB....f.......X....H.Fu......z......'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... ...{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;...-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G....M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..5....)."..C....X......."t........8..|......#..j..;.............[#.rD.....'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r........x...............z`.....E8....x.......h..vgo.............<FO..t.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....
<<
<<< skipped >>>
GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Thu, 22 May 2014 16:48:47 GMT
Date: Fri, 30 May 2014 20:20:46 GMT
Expires: Sat, 30 May 2015 20:20:46 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 5861
X-XSS-Protection: 1; mode=block
Age: 209282
Cache-Control: public, max-age=31536000
Alternate-Protocol: 80:quic
...........;.w........V....m0.........G...1...4.....$.........z.F...hf...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b...........w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$..u$.T.F..d.N.\3.Pc.f.|....G@.....BT9.$EB....f.......X....H.Fu......z......'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... ...{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;...-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G....M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..5....)."..C....X......."t........8..|......#..j..;.............[#.rD.....'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r........x...............z`.....E8....x.......h..vgo.............<FO..t.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....
<<
<<< skipped >>>
GET /top100.jcn?2169552 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: counter.rambler.ru
Connection: Keep-Alive
Cookie: ruid=RMH4BY4FHlERLgEAARsEgw==
HTTP/1.1 200 OK
Server: nginx/1.4.4
Date: Mon, 02 Jun 2014 06:28:45 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Cache-Control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"
Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT
1ac5..(function(window){var f=!0,i=!1,j,k=this;Math.floor(2147483648*Math.random()).toString(36);function l(a,b){this.width=a;this.height=b}l.prototype.toString=function(){return this.width "x" this.height};var aa=/^[a-zA-Z0-9\-_.!~*'()]*$/;function m(a){a="" a;return!aa.test(a)?encodeURIComponent(a):a};function o(){this.e={};this.i=[]}j=o.prototype;j.a=0;j.j=function(){return this.a};j.c=function(a){return Object.prototype.hasOwnProperty.call(this.e,a)};j.set=function(a,b){Object.prototype.hasOwnProperty.call(this.e,a)||(this.a ,this.i.push(a));this.e[a]=b};j.get=function(a,b){return Object.prototype.hasOwnProperty.call(this.e,a)?this.e[a]:b};j.h=function(){return this.i.concat()};j.d=function(){for(var a=[],b=0;b<this.i.length;b )a.push(this.e[this.i[b]]);return a};var p=Array.prototype;function q(a){return p.concat.apply(p,arguments)};function r(a){this.b=new o;this.q=!!a}j=r.prototype;j.a=0;j.j=function(){return this.a};j.c=function(a){a=s(this,a);return this.b.c(a)};j.h=function(){for(var a=this.b.d(),b=this.b.h(),c=[],e=0;e<b.length;e )for(var g=a[e],d=0;d<g.length;d )c.push(b[e]);return c};j.d=function(a){var b=[];if(a)this.c(a)&&(b=q(b,this.b.get(s(this,a))));else for(var a=this.b.d(),c=0;c<a.length;c )b=q(b,a[c]);return b};.j.set=function(a,b){a=s(this,a);this.c(a)&&(this.a-=this.b.get(a).length);this.b.set(a,[b]);this.a ;return this};j.get=function(a,b){var c=a?this.d(a):[];return 0<c.length?c[0]:b};function s(a,b){var c="" b;a.q&&(c=c.toLowerCase());return c}j.toString=function()
<<
<<< skipped >>>
GET /top100.scn?2169552&rn=445673780&v=0.3i&bs=797x382&ce=1&rf=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&en=windows-1251&pt=ÃÂòтþüþñøûьýыù фþруü ForCar.org.ua&cd=32-bit&sr=1276x846&la=en-us&ja=1&acn=Mozilla&an=Microsoft Internet Explorer&pl=Win32&tz=-180&fv=11.6 r602&sv&le=1 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: counter.rambler.ru
Connection: Keep-Alive
Cookie: ruid=RMH4BY4FHlERLgEAARsEgw==; top100rb=MQ==
HTTP/1.1 200 OK
Server: nginx/1.4.4
Date: Mon, 02 Jun 2014 06:28:45 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Cache-Control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"
Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT
31..GIF89a...................!.......,...........T..;..0..HTTP/1.1 200 OK..Server: nginx/1.4.4..Date: Mon, 02 Jun 2014 06:28:45 GMT..Content-Type: image/gif..Transfer-Encoding: chunked..Connection: keep-alive..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Pragma: no-cache..Cache-Control: no-cache..P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"..Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT..31..GIF89a...................!.......,...........T..;..0..
GET /pagead/js/adsbygoogle.js HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 8993832363057935277
Date: Mon, 02 Jun 2014 05:43:47 GMT
Expires: Mon, 02 Jun 2014 06:43:47 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 8335
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 2694
Alternate-Protocol: 80:quic
...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny".....@...y:...!F.e...U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%.....-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#..3.@HR9n..........b.L.i..t>M........x...k f..u.(..<..V......jD3....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*....0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z..8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X...l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E ".w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/.....W..b .Ga.i{.2|j.sd@K.fQ....8..ap..O.......5....v.....jc|.........vg.~.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m......<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..
<<
<<< skipped >>>
GET /pagead/js/r20140527/r20110914/abg.js HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 6552112912997271778
Date: Wed, 28 May 2014 22:46:58 GMT
Expires: Wed, 11 Jun 2014 22:46:58 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 2366
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 373304
Alternate-Protocol: 80:quic
.............r.H.._a..* T...:.Z..W..{f<./...Q....P.,.....Bj$...=O..FIeV.Uy..d..,.RE}^....l.<.b_}.)......n.h.l...O..4.n...4e.......D9.T.....*..\Q.X3..n....,..)9.sw....el5.Z..>.b...l.N.......W.}.yZD......n.x...f..K..U...I.!...W*..#[..qr......q.*......DA....=...".l2z....P:O......eTK...K..vJ....v. ....>y.I.P...s..j.l.q.hJ......>1....s.H`[..W.e)j....O5.8.S.........;......!.......^}fQ\h1...D..._.......I ..2.@A>H.=.(.......X...V.......g.........6..........#...6Q..w...S.;...<..m.U........BU....I.....~...1..7.s.....p(...h~..TQ.q.g...r.>...P"..dNPB'.....Tj..~J..;r..B....|.w".....o..:..m.8....|.......A.4.5f....8..Qt....2...`.3EF..c....yJ..bY.pf..#RU.....#..F..K...\.]......7.......GH.K....@..[.Y.&T....R3.X......L-Q.3eN....m.6W..uz..|.Iz5...Jk.|..N.......'..'..M.k.Jy<...p..|..Ge.\.b~x...l-mJ.r%*e........~=j.D.........8...%\.....P.U...1F.l^.lAsy......)..Jp[%`....... .A.:W..k....4i..0..0=T..T..y%.....C7IA.c....r...]-..SS...b."..Su\....A....*h..,.....n@G4.#.....,.......C.rw".%.....Qw......hYN}.D..i.....5u.?....J8U........v.........[D...*q..A..j..3%h..c...h.e..8..(A....l..B..K...XG........@.".2..d.o(P.'j ~.R..x...3H.a.5;B._.....Bj.........../.....F....3~....[.3...e....... ...{..L5I.%l_.E.AY..AE.e...V.{.P...%z.|....$...R....8...<....U.?Qy.J=..`.7...(.e0.5>.......K.).Uh.|-.."..@v..:.9.....@_..i.r7- .Myla....{..Q.$Z..'Zh.....s....l..M....=...........g....3.k=..}.....Z.0...........gk.E......=.qW3...w@.^....5..............Z.7.uc0...-.... 6YF.....[.i.}.......r^.......6.:.`.l....Q}..os.z..........q...g
<<
<<< skipped >>>
GET /pagead/images/abg/ru.png HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 12244217470317852716
Date: Sun, 01 Jun 2014 23:18:09 GMT
Expires: Mon, 02 Jun 2014 23:18:09 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 728
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 25834
Alternate-Protocol: 80:quic
.PNG........IHDR...m...........A.....gAMA......a.....IDATH....J$A..'.......t.s.........^.....X0..P8..\..;...wgw..|.C....._.-...ap.g..........k..x..Y,..'..\.....(|......h....DX......~.|.....l.b..e^.|....v...I:.N=. ....*...{.6#(F.y..y..z....B.v...B...Du.V..pU.!......Q.~..~l...-......."...@.^Ab..(.."T}.g..?....w.R..].....h.q.U.....h..1t..I..q].G.g.=...:.....(."...t:.@.V..:W}H..{Ql..R..m..................b....i|.. 4:..BOhz...s.....X..;<....y..AX ^..;..6T... ......G.Q..9.<.i4O....f..Ox.........6-=.......i)h..D....s...[..N..9LE..:....*D..u.G...7.e...2....\.5(....l.X'S.A.ta.. .5=.C..i....D.......J!..w..H...8f.T.w..[..O..RaJ.e...8.8F.....&*L@;l._.3B....t.p.....k'..h.G.)..ZQ.kQ...o/..Pl.JD.;.J._..)v.b..8o.....%3........IEND.B`.....
GET /pagead/js/adsbygoogle.js HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 8993832363057935277
Date: Mon, 02 Jun 2014 05:43:47 GMT
Expires: Mon, 02 Jun 2014 06:43:47 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 8335
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 2696
Alternate-Protocol: 80:quic
...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny".....@...y:...!F.e...U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%.....-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#..3.@HR9n..........b.L.i..t>M........x...k f..u.(..<..V......jD3....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*....0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z..8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X...l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E ".w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/.....W..b .Ga.i{.2|j.sd@K.fQ....8..ap..O.......5....v.....jc|.........vg.~.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m......<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..
<<
<<< skipped >>>
GET /hit?t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: counter.yadro.ru
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Jun 2014 06:28:45 GMT
Server: 0W/0.8c
Content-Type: text/html
Location: hXXp://counter.yadro.ru/hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284
Content-Length: 32
Expires: Sat, 01 Jun 2013 20:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: FTID=1JZ1cT0ZFRrE1JZ1cT; path=/; expires=Mon, 01 Jun 2015 20:00:00 GMT; domain=.yadro.ru
<html><body>Moved</body></html>.....
GET /hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: counter.yadro.ru
Connection: Keep-Alive
Cookie: FTID=1JZ1cT0ZFRrE1JZ1cT
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 06:28:45 GMT
Server: 0W/0.8c
Connection: Close
Content-Type: image/gif
Content-Length: 145
Expires: Sat, 01 Jun 2013 20:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: VID=1kHag50MM1bE1JZ1cT; path=/; expires=Mon, 01 Jun 2015 20:00:00 GMT; domain=.yadro.ru
GIF89aX......fff...!.......,....X.....h......_.......g...Hr`..d3...cl.R....~..N..j-[."..^. .yl&....DT".[..*.9............a.........k=...!8HX.Q..;..
GET /favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: t1.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 17 Mar 2014 08:25:46 GMT
Date: Mon, 02 Jun 2014 06:28:45 GMT
Expires: Tue, 02 Jun 2015 06:28:45 GMT
Cache-Control: public, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 422
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
......JFIF......................................... ."" ...$(4,$.1'..-=-157.::# ?D3,C49:7........... ... ..........."...................................,.......................!....Aa..$..."13QR.........................................................?..y.W4^.....a..2...O.......e!S.=..w..]...Z...f.]..I.[....QJ.]..D..,.m1w.6!....3[4...d.>..Wc.!......X..'......:....WZ.8...HTTP/1.1 200 OK..Content-Type: image/jpeg..Last-Modified: Mon, 17 Mar 2014 08:25:46 GMT..Date: Mon, 02 Jun 2014 06:28:45 GMT..Expires: Tue, 02 Jun 2015 06:28:45 GMT..Cache-Control: public, max-age=31536000..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 422..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic........JFIF......................................... ."" ...$(4,$.1'..-=-157.::# ?D3,C49:7........... ... ..........."...................................,.......................!....Aa..$..."13QR.........................................................?..y.W4^.....a..2...O.......e!S.=..w..]...Z...f.]..I.[....QJ.]..D..,.m1w.6!....3[4...d.>..Wc.!......X..'......:....WZ.8.....
GET /VUcWb HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: adf.ly
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
Date: Mon, 02 Jun 2014 06:28:10 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.5.8
Set-Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; path=/; domain=.adf.ly
Set-Cookie: adf1=244bd98b1d9d5c84dea3f2c4c65771e3; expires=Tue, 03-Jun-2014 06:28:10 GMT; Max-Age=86400; path=/; domain=.adf.ly
Set-Cookie: adf2=99fd33e8b8190f39bff84ea07c6fdc1b; expires=Tue, 03-Jun-2014 06:28:10 GMT; Max-Age=86400; path=/; domain=.adf.ly
P3P: policyref="hXXp://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"
Cache-Control: max-age=0, no-store, no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 02 Jun 2014 06:28:10 GMT
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html
ee7.............:.V.....WT....bk.1.6".0$..IN.p...U.J.@V....C.e......{.$[.b....XF5...\%.....vO.Cr.....zR.m.......s.5.V.e.......Q..G.i........n.d....}fD.K.;.....$C.$.dKf......g.=F=..l..$Ukk..Apgk{<.,...Q.4..=[..^..Z..=*.&......F.....A,...l.......3."...._..O~.(.....R.....@.... re....FUVy..D.......%..<.QA....#....I.q<.H..4.t..a...Tu.6.A.B..2...&..)....U.U^.@V..,.........l.w.}R.H%. .u|..)u....... {...u..w..*.^........s..(..@X.G|...r.....4..QY........A......T.x..... ..P*c.#@.U.?.(....L.{..,.9<.h..L$..W..W..?...\..t.Z%.x.z0..?.U.%i.z...Vv..; u....i.l....eQ..`#5.{.\.h.._...Ow.7.<.z,....%.0...X.........RO.......m.....3...AY.Sq.U/5...zZ.. .2d7.c...Jv..>.W.2...,......3..)o.4...^.z....`..G...8d.!........".^.re..:...<...7cq.......#6$....w.<.. ye...,U.V....o..=.=..ps....wp...A.......JI......]...!OUR.%.VI...S#y.......U...A...>Hs X....w....m....>.d.;.-0......U5.j....~|...............@.t2..T.:...Hg...dX}.l=7h0f.d.....{f.....1..m#5...$ki(.[...#[...6r.x.(.h.....l4....c.]...C..N..Y.X.7....p./@........p...d..'8.?..=....".......TA.<G.....w\/..=...FuzK.4.yz........}c.m4.k....V.z.enX...i..-.y=7~]7....i.M=..3[..:..MX.x..g.[)&W..`...^...i.F.B.{.[i.$Z...1Ga*.0.n.`!. DAV.|..j...H..Mt...3..;....j..M6<...Q...%.........j;............y....`]g.&..;3RK...^(..../h.].=.....4LX..&.I9a.O V....y..,D3.; .c.F.,v...y..MV:..f.......=.a...X..g.-.......-...]...v..q..p.........|.\.~Q...Y...4......r\........9e...F.@..tr.....G.`.A.,I.........S.T.c..!k.(...E$..G0..>....$..6...F...A..e...T.:l.d6.f.9..I...^E7u!....,xXp.>
<<
<<< skipped >>>
GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Thu, 22 May 2014 16:48:47 GMT
Date: Fri, 30 May 2014 20:20:46 GMT
Expires: Sat, 30 May 2015 20:20:46 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 5861
X-XSS-Protection: 1; mode=block
Age: 209281
Cache-Control: public, max-age=31536000
Alternate-Protocol: 80:quic
...........;.w........V....m0.........G...1...4.....$.........z.F...hf...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b...........w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$..u$.T.F..d.N.\3.Pc.f.|....G@.....BT9.$EB....f.......X....H.Fu......z......'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... ...{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;...-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G....M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..5....)."..C....X......."t........8..|......#..j..;.............[#.rD.....'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r........x...............z`.....E8....x.......h..vgo.............<FO..t.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....
<<
<<< skipped >>>
GET /pagead/js/adsbygoogle.js HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 8993832363057935277
Date: Mon, 02 Jun 2014 05:43:47 GMT
Expires: Mon, 02 Jun 2014 06:43:47 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 8335
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 2691
Alternate-Protocol: 80:quic
...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny".....@...y:...!F.e...U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%.....-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#..3.@HR9n..........b.L.i..t>M........x...k f..u.(..<..V......jD3....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*....0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z..8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X...l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E ".w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/.....W..b .Ga.i{.2|j.sd@K.fQ....8..ap..O.......5....v.....jc|.........vg.~.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m......<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..
<<
<<< skipped >>>
GET /pagead/js/r20140527/r20140417/show_ads_impl.js HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 8183703479083339399
Date: Thu, 29 May 2014 00:33:36 GMT
Expires: Thu, 12 Jun 2014 00:33:36 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 39485
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 366904
Alternate-Protocol: 80:quic
...........}g[....w~....n.....M[ @.....0...(.(Y-.l..}.9..:........g...N.tr..l.L{..i...&.}w..%..\..Y.&.t6....z.rm.u.9.u.......^5..{S........c...k...2|....>...Io<}|.C........x411.:^...;.....b..^<5-..V...3}..\...oC..A!..~..,..j...0.;......d...H.....wA......Fw....eK.....a...e....1..G..p].. ............`.j......9.B....`=..c...h:.:....t..v....C]..K.../.a8......6.6gI.......1...h...'5..l.Fqo...J..S.D.R...h2}.OZPp4..>...'../.......^..loi.8..MM......7.Q?..E.p.0..`S..,.L .l..."'{....(F.u#."..S..)..e.a...\.6-..9....."....[..B.s.{r.d....Gs.....@.......*.g......W.a.3o..I.N....bN.....v'....d.G....m.O..oq..&.v^. Ul;..m.._....o...<.lH...Z.BU.'..7.y.....6"s6,....[K...ruu...(Q.@.U.`t...`.M{..r0.a/7.{......h.Nrf...9.w........<..._......m.sCEW...4..=o.U.......V.J..9..F.....u..y._......Y..........~...5.E....@...#.V&.`:..K.$.^....,....wW.....Zn@.....kR:.co.D..#o..U....;2.......z.]..{}.F.u......E....(.b. 5{....3X...pp.=w.o...n..rU.^.._.ln.W.em..u.j<[g?.u.S"w.{..7...8m|..G........i......,.P.N..l.L.k<.V.y.....>...&..I<......W.[..n..'..5..T.....2?.j...S..3...x.1....j/7^.....?<w..-.se....>.b..1....L...R..c......m'^.~....0:.Q..yaR.T........Mu.M.......^..{...Q....a..<: ....E.OCY|..z...d......h....;.......a..s..O......D}....Q&. F.k......j.E.....<...V......._5,@.....Co...^..............z..e?/...I....V dH....k.......;..m.............~....7..r../......w...u..%k.8..#..t4.@q......O..)._z....cC.b.m..1.6...7....'...._.&..y.~.5.F..5,._.m(MO.X9l........]#... .C.......]o...5.Cw.#.6.$2*~5..p..u.7~.t..1;. ...h..
<<
<<< skipped >>>
GET /pagead/osd.js HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 4143958178504196695
Date: Mon, 02 Jun 2014 05:37:24 GMT
Expires: Mon, 02 Jun 2014 06:37:24 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 18066
X-XSS-Protection: 1; mode=block
Age: 3077
Cache-Control: public, max-age=3600
Alternate-Protocol: 80:quic
...........}iw.H.....D/'#..c'....'......&~8-.e.x.K..}....^...f....w.X...W......;.... 1....Nw...6A.X.%\.&.^w.{5/`)....z.;.L....&.er.....b..|.K{...D.p.cXFI.'..ig{..<.M:.l..A.....j.M7.......\...'.?..R..K...U....f$..........2.zPQ.A...7...T...v0...`,.........<o...i3......h<.....tx:.w..Z"z=h.:p.z...;H....$1.....Qw(.b..f.X.!`.d'...R.u.2...T\.D.........xr.....{.wc.<..Tm^.>9.................aUy...{K...M.;.A..b..6.l.B/x....b.{...M..\...@.0.....n[.%.....Lh.8...gY..j.,.e...c..L..f....$. p>......-YV..,1.......w..Z.;..q..q0.@...%a..D0........@....}[N...r...8go.{U.<S.....\.v..*.D..f..Vzh.Km.B..h...V..9..d.....l9..LnoW.[.%Z...5....p..b.....0....D.6..9...5f...u.......m..#.....qm4.tJ.cuF./.0K.v'.. .H.'.Yo(..y..N..7.^,...q..E...UAW...5ju.d?..^......<.@...B....Xf.........Z.)........S.....L.T.5...[..3....x*.4L.*$..... /.....@....r..0.S..m..E.$Ws....a...,....W..]../....s..s6,......1...=*.}q]......u.ofg..0..;m6..}......;._.~.../..._..>'.y.......Z;....7dK..@...%......_L..E.UY..;P.....$M.._..X)...1.....O5 d.@D....h.d{...E.JE....N...m...4.#.A...G.._\.w....n.1..;...Q:.j....x~...9.H.......A!..8t.)...z..U.....@R...r6L..Z:.......Q.....r..@...].O..A.......y.....b`.w.d....l...Ym..q.l..%;t.Y.;.....O..........V..\Zs. ...H.C1.0..P....g.|E#.M.......~pq~....4...\.g............;....p...x....>&^..M...o.-.....M....W.V..a.V.@.Q...f..@ rm......=.....r.;.r..N.*..Xx:.Q...0.[[..3..0..B;c....2...T..C.O|.......!g...-/!......O.. Iuc..aB.....(....8....B.`;6E..Zt...|.N...........U ...K..y..~........ Y......?......(.!..D.$....c....
<<
<<< skipped >>>
GET /simgad/6253827461219388746 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 22 May 2014 12:51:08 GMT
Date: Mon, 02 Jun 2014 06:28:42 GMT
Expires: Tue, 02 Jun 2015 06:28:42 GMT
Cache-Control: public, max-age=31536000
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 31224
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
......Exif..II*.................Ducky.......P......hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="xmp.did:F92FB1131E2068118C148986F5689C08" xmpMM:DocumentID="xmp.did:304BB6EED91C11E3BCDDD312383FBDD3" xmpMM:InstanceID="xmp.iid:304BB6EDD91C11E3BCDDD312383FBDD3" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:39C4BF2017206811808387219DA5F3ED" stRef:documentID="xmp.did:F92FB1131E2068118C148986F5689C08"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................Z................................................................................................!1A..Qa".q.2#..B...Rbr.3u6...Cs..$T...V.....Sc..4t.._7.....f.8.......................!1.AQa..q.".....2....RrBb..3S........#4..C5.c$............?........."(..,.~/#.|F.A~{..........U....q....Jh..x o....?...L.X=KC....H@..
<<
<<< skipped >>>
GET /pagead/images/abg/icon.png HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 6766994032117382215
Date: Sun, 01 Jun 2014 22:01:57 GMT
Expires: Mon, 02 Jun 2014 22:01:57 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 344
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 30406
Alternate-Protocol: 80:quic
.PNG........IHDR.............;..J....gAMA......a.....IDAT(..R1..@..Z........,l..;.....A....hPDD...`r..A....M..-.......UI...O.%.QB.[D......;.nA....:..^S..].....].B0..mH]..I..f.F./.4H... .g...*....C...Q..T..]..B...8..0.....#....(...N.80\.t../.SA...i..O.N~2.B.t.....6..#.6.(.......w..... ....`..3.Q......md.A._.O.mC.L........}O"...........IEND.B`.>....
GET /pagead/images/google-logo.png HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 13513653691308934734
Date: Sun, 01 Jun 2014 11:43:30 GMT
Expires: Mon, 02 Jun 2014 11:43:30 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 4114
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 67513
Alternate-Protocol: 80:quic
.PNG........IHDR...j...$......t......IDATh..[.\SG.......Q ...*`D.r..E.C.'...D..x"...Q.z..(...R.bD.r..T....e..6.Z/ /.w....~;.......Zw..g>$/.f.w}.........cI.'.....58...X..}Yq....t..Z.....<(5....u..F......./..g...........O.oHqL.a.E.6c..,......Z..M.U..>........".SE.I..H..n...)...w..O`...r...5..".H..u.$.:.P........\.8.L.Q..._....._..."fk..`?...........~|J n&.......@.7Ux,.?.0. RX.Q;SS%.....s....n. ..{.'p.....< .z"..g`xr..Qw..5s.~s[...........4.... .Z{....(b_u..._..9o.b..M.li!bya..-.p.L..m 7..j1..o.y..g6.J.......B7\Fs..zM..}B.H(...j.4-.<i......Bcn/....z..........x5C...@$......A..Xt...f`Z[.....g.......{`t.e...5_....=.D....J..{X*7.PG;.m.`..K..KW......$.x...- .?\[.....}.....#.{..p......\.E..g(!.I.wD........%.... x.~.-.Zj..\...r.%V.~.5......?q.. f...0[..o...I.@...Z.......%o.0...2kyc.Z.u..#.H[..j.t...c.....<C...N............G....xh*.%|~....... i..jp.Z...@.l.9.>.....W.......`GG.*X.1..d.#.....'b..Vq...D...k.$...C..ZU...@.l;..q.NY.r.5....r..=.=f..@...')6H..&....##.o:..@{A3-.;.#.......F..e......u.|.k.F.2.....V# ..Q....C.@.....'.......x....I.^o......p..g.W.>.......C.ps......XU....._b.........f.p.?Tk3l.4^...../.6q..l...VZ..<8...[...Q...,.f-..8r.7#..<7n_E<7.O.a..0...=Q*!B.."...s.......SJLI... ..v...X.^'b.E..........Q......PZ....s..&....M...ve....7...5.,...x.^.F$....T...e.........%.....Q..........j.%N."...sX.....=....0......7.Q....fK.[O..?....~..!..........V........LI.......2.P.... I.n..ymw_.. ..Q..zM.q...B%l.;..u..y..ta.L7..^h.e..{K%x...r}....#.A.l.'.`...xP..d..},.(.\]..B[M....p...&.....).L...i"..
<<
<<< skipped >>>
GET /pagead/images/x_button_blue2.png HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 291775052866240956
Date: Sun, 01 Jun 2014 21:58:27 GMT
Expires: Mon, 02 Jun 2014 21:58:27 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 145
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 30617
Alternate-Protocol: 80:quic
.PNG........IHDR.............b..x...XIDAT(.c.....3g.G........#.*."@q....9#..E.4...#.....S5v?@.d..............J..@..H.%..ap.%.V.2}\.......IEND.B`.HTTP/1.1 200 OK..P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Content-Type: image/png..ETag: 291775052866240956..Date: Sun, 01 Jun 2014 21:58:27 GMT..Expires: Mon, 02 Jun 2014 21:58:27 GMT..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 145..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=86400..Age: 30617..Alternate-Protocol: 80:quic...PNG........IHDR.............b..x...XIDAT(.c.....3g.G........#.*."@q....9#..E.4...#.....S5v?@.d..............J..@..H.%..ap.%.V.2}\.......IEND.B`.....
GET /simgad/1255108524618159298 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 28 May 2014 13:41:32 GMT
Date: Wed, 28 May 2014 23:47:44 GMT
Expires: Thu, 28 May 2015 23:47:44 GMT
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 47732
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 369661
Alternate-Protocol: 80:quic
.....fExif..II*...........................x...........................................................................(...........1...........2...........i...........,..............'.......'..Adobe Photoshop CS5.1 Windows.2014:05:27 15:06:17.............0220.........K..................................Z...............................z...............(.......................................H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?....P....c..P...CA&'._.c..~...v6wYu..K.Ux.<..<.YX...3n..Y......Y^?.k........2m.SS6a..e4.,..YVR.....[l.g..Z..)...'..>....k..EH.....7..bX...my.eO...;..\..G..<R1.K.............N3...O...Y..X.....,z.=..o..h.......A.n....'......._[....n.8.j...4.T.~......A..l......'.bd.f`..p2E%.:.)...G..[=....G.Mv....~..-..?.?6...}.......m..um.{v.....{.....?.EJ..q..cB.<.....g.1...2....do.s?.NnORu..2...,..r...\.q..n...E.......[.0..u...................-.W8{ .........u....u...H......f..m..{j.t.m....~.Y......Tl.......|....K.....{......w..^..E]?...2..%...U.]Q.#...q.r.]....C^}2.^5u..u.~..z..l.}..]}.....v5..b..[..
<<
<<< skipped >>>
GET /nr-411.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js-agent.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: 6CeMIe04eHDxYl3UIzhPH6N4C4xCWtKapRrJ2b0qJUFkcKTFXHK0lHXHhy/AummG
x-amz-request-id: EA9C911887CF8508
Cache-Control: public, max-age=315360000
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Thu, 01 May 2014 23:15:58 GMT
ETag: "9050946217be03f42647b3f708ef10d3"
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 14831
Accept-Ranges: bytes
Date: Mon, 02 Jun 2014 06:28:27 GMT
Via: 1.1 varnish
Age: 1406641
Connection: keep-alive
X-Served-By: cache-d64-DAL
X-Cache: HIT
X-Cache-Hits: 228114
X-Timer: S1401690507.845181704,VS0,VE0
Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});var i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.exports={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){function t(n){return c[n]}function r(n){return null===n||void 0===n
<<
<<< skipped >>>
GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT
Date: Wed, 28 May 2014 11:27:19 GMT
Expires: Thu, 28 May 2015 11:27:19 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33186
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 414051
Alternate-Protocol: 80:quic
.............~.F....?......!J......7.......Y...h....w.T*.".Y.Y...|.D.. (g..;.....b=q.8......?.....w.....>.......g{s.....2...........e. WK?VI.h....~.<n...fy6.....e.z...8.{.U......(.. .e.8....V...}.[..|../.......j-.~'...Q.....%Q.KV...Ec....q.{...x........*..^...^Vn........&_...~.....o.Z..~..^....{?.S..&.w.W.|A...r......t.../V.,.Dt.Pf...&yYLv.U......r.Q}.^']...*W.:H.........~_=.r..s.^..T..=l.]..)Vj.......^.ys...x...C_.h..&............`.^b<.^:_m1'Y....c.....e..1Oo....q...q.x......o...........?..q:..;.>.whu.....=.... . P..i...I..E.!..f.&v(.......m...r...w~.SW.......6p>...........,.........Lsj...L7..j.......y..'.F..h44..SY.V.......i.mw...4Yi.H{'.._..].9?...}..Jn................5Q%m.y.,v.5U.(.^..\-.R...?^m."...7e..vy...b...L..%....]..f...l5>...nw.rYx..|8..V.......0F..|4....<.q....d.(~...h....p.......q1.......y..ZF.p1..;.^..W.Y...(.....<x.F...iI.t..n..p.-......w.p:..I.\.:x\...H..T.j...../i..h....3....Y..w.......5...:..n.....U...]B..`.ZQ..nE}.....L..`..A..W....C.\'......e^./.j\[...6.v."..u...-..K.3Tb....24>,..hD.R..<.F..q5C..vR.iO)Z.(..&T..v.Z#.. .._ts..1.H..=....H1...6..@....9..v...=Q...RZ ..SIt.}.....J.me.....Yq`..5......5.....28L..~.-L.=...b)M'..Gd.....1..,.:H...f.....h..T. Q...~.|%#%....y....7....L......"QU.y0H...<.s....n....I'Z............A........K...k..2...P._..1Z...B..4~.&..h.o{.y..q.......Z..R...l......&.....>....P.......&.;W.3...L......@$...,....Q..U1..hC1.$ .;ByWj.M..... B=1....s_....:HP...&.7.&..>7.(=.....P.b8...Q..Nw,...E........t;.4..`..._ F.P.......t....hm..w...Q....
<<
<<< skipped >>>
GET /v6exp3/6.gif HTTP/1.1
Accept: */*
Referer: hXXp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i1-v6exp3-ds.metric.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 14 Aug 2012 10:47:46 GMT
Date: Mon, 02 Jun 2014 06:28:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-
GET /v6exp3/redir.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Last-Modified: Wed, 09 Jan 2013 10:49:06 GMT
Date: Mon, 02 Jun 2014 06:28:44 GMT
Expires: Mon, 02 Jun 2014 06:28:44 GMT
Cache-Control: public, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 175
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
..........M.... ....O..:X..]..Dctp<.5b. .6...P..?w..KN.v...v...9[....M.2d.."g!...K.k|.fT<b...p.}G.....z>(.FpX~5.Dj.,....)...&..)."|.x..yY7^..a........,h\..wUI17.?."?....B.....HTTP/1.1 200 OK..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Type: text/html..Last-Modified: Wed, 09 Jan 2013 10:49:06 GMT..Date: Mon, 02 Jun 2014 06:28:44 GMT..Expires: Mon, 02 Jun 2014 06:28:44 GMT..Cache-Control: public, max-age=0..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 175..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic............M.... ....O..:X..]..Dctp<.5b. .6...P..?w..KN.v...v...9[....M.2d.."g!...K.k|.fT<b...p.}G.....z>(.FpX~5.Dj.,....)...&..)."|.x..yY7^..a........,h\..wUI17.?."?....B.........
GET /v6exp3/iframe.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Last-Modified: Fri, 07 Jun 2013 05:23:08 GMT
Date: Mon, 02 Jun 2014 06:28:44 GMT
Expires: Mon, 02 Jun 2014 06:28:44 GMT
Cache-Control: public, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1262
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
...........VKo.8...W..6.k...4.Xf.b.C....^..QP$.H..DIn.........=H.p.!g...j...__...q..4....Aq...u..W3;.V......0T...=.........o.]..9A............X...O8.D..Y....."(.Bk..<..3.S....O..^z._..xn...`sW....,.. .S.iQW.....O.)'u.,=4.!.y>...!|.|..>.q..K.I.h....e..r....[*]...w$.....Q\...n?.....DG..4...X8@eu.LXpq.H.7...~.d....Z]..p.z....w.Y..$`F...........Jy..9.c..<Kr.....].Pe.........3..*`.> P....=....w...gx.sG=3z........;..rrB.>.X2t.`.....U..zvK.80k...G...8..I.....\674U.... .5."O.....duFHV.....to....%...{.......7A.@0........V........c...[_$T.f..82..4....SN.k. .`;.j....S...*...J.f..-..<L.Qr..&.9.D.`0/.S@.ry..U.3..n.< r...s.F.&.7(..c....B.....b..kH.se..X0..}....L.$...@-H2Pw..;.~.kR./..}.{.BP.E..0.JE.....cH....S;.6.....L@..KD.3....... ....=......-...>C..E.D..\...4M....2......c.9.UVx...^..T...Pq.}..0......8..D w...38[B->.8.......Ra...j.[Z=L'9[...y.p....x#.bO. .L.d.d.r1...Y..5,.G...{Su.^..!..,X"..........A.p.A .H?1~..\....*.....k..T.....T..oW.....S.ge...g*a.d{.=u.-.uGRP =...Z.6B..k...H..?;x......4;...[E..].jq...z..........i..}S.Ny.x.;..$....n.=.......l..m}r.>.8lc.....Q^.......O.s..R.........:..?.....&...:..$...K. @.b.z..>.4xz..{...Z.......%.......7.*c....j.R.6 .g...u.R.Q.K...k.(.......>P6nsH..kh...6.....k...TBV?...6...[...vv..... =...|.a._....j.{%....?.G.9k.....
<<
<<< skipped >>>
GET /clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=381 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:30 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 May 2014 21:33:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:30 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
2cb1.............}{s.I....)p.....H.=/p..xH......V..%..@.................F..]...GVVVfV>.w~..4.._L..W)..I....=H}.^...R..(.*N.)~.L-.e....sh4.R..(.-.q.n6....u....SGR...z.........t~.-r..mn..v..&;.yn.}...h...g........~..ir...o..e.K....C.F......^.......B..x,<ran6.....Q.^..F t.K.b8\\..D..2.....4(..A.p9_..p.Pz_.M.....P.K...C9,.Jg...t.....)TB.....~y.{.....|.......u/..>.R....gg...^....Ux|\D...,U)<.d...........`_..}....U.h~u.-.@.~:.O.2../..K..c4]F....?0..j.]M..ha. ...,...x..k.f>..FK..UmP<.<....Z.e~p.\.M.cz.b..T'8..9U-8.3W..N.S.a."(....E<.&.!..Ix`K........./U.....'..t.\..^(.E...X.*.....0..V*w\.tk.........2......=..j.d.g.La...).e...m...d...F;gP.B)a. ..'C......7..2.l.......(...ur7Ln.R.0....m.!.^E.....-..k.....b2...I..E~.. .:.~.\.W.E....x.....(.......N&... .4.P.I..^......F..N..v..D..'.?w....\.....P'.t.8..m.....2.N....o..N........&0.....Us.m......o..g5........T....ET.u6..V@.x.7.....<8.4...?....i.....L...Of.....@.D...wk.?....6.;.6..:w.8 ..:}&...Sy.5...3.m<i.1.G.O..R....|.k'.....&S..........Zl&.GB..CWz.........DUYN........p.....s.........$.Q.....XD...B.Q..........X.pv..........].nP...j.]-&. ..pz.5/..`..zY\,..y.E.,. ,.s.e..."Z.ZNe..PZ.....o..P.H..`......p.._UR./....R...mt.?j.a.V...m-..aq\.f...g\.K.....*.>.y....h..._N......sM..qLe2...bG..G.,e......?jd...;.U*.Tu.=.[!p7.M..G...."M..2._.}I..rX&..h.0,..g......sa...@...B.T.v1_.i.Q5.P..$...-.... ..i>.e.A-8`:|U..v.yX]/..R..[..X@Bc'S....,|......(5....f9\A.zC........h.-S.E...F..1.R..4.. ..hY...}..:.....S....:.. ......w..#V*.n0'.g......P.,..f5VF...r.cJ.W.
<<
<<< skipped >>>
GET /clientscript/yui/connection/connection-min.js?v=381 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:32 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 May 2014 21:33:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:32 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
fd2.............ZYs.F.~....@.!.Qr..%..xJ.....S\.."F"...........9...........\........~.xI..Y.0.Vc....n.....}c.M.Fw>o......%.,p0(`.y8eQ...2.X..f...2h.....Y.-:...{d.x.....u"...,.]9....w.,I.8.4...8.w?....{|q.,.p...(b..[.<.....E...Agb...$N....vvz|uui....|.......h4.........x.Y......;..2.f.......yv...L..d...u=..X.l~...>.<==......2..h...nc:...e......F1.....?....{.%...:.......g...3...1.C......#l....!.:.Eh....b...j......h9..7|...|.{.....Y........0........w~i. .....3o t..|...=.(..?_.Ep....0.X...y...P.Z.w.v....l..-...j....%.a.S../..g.Y.G?it....,....5{..%.N...........%}?e..yF.-...l.&{Y.fS.....5..n.N85...-..y....q...6...exF....^2.].-7a.2..t.....%..-....O2..N.......,~.]......b.s....P.....S....#.1.............7....:..o..9:'....`..L.}!..n.,.m.......E..E.k .yCt_.wh".O4...'..~.H......H....X..y`...Y0Iqt...^.m..K..1.^)Z.Ze.0uJ..YF.,..=...Q.aQ/aP....M..!M...a....*.j....u.5..%........Q>r.)..k}W.f.......{.....|i.Ea......,.*Z>...f..n.f.<U...P1.4a~.p...?.F.N.....]7K^V].....L..z.).p.kg..h.....3s`.`.M......A........j.`.Kta...7..ss..w]..-...Z.o. ..0.....4RC:-L...0....r.~....xb........../(*....u.{...w..o..a*......`.uk.Z...".S=F..../.T:iMbv....).......C.`..L.....mq..<s.l...0.......nrj.!{.s.. ..*....(K.....5ch..!.H7..@.*......B.$L...4....".2....?...m.~.hx...O.."....=..Q.<.....>_........g...c4..%........\........B.....ju..J.m.;"..W.:c..q_......$...I..{!.p....,p........!.w..G..<.7......,}/(*.....#...v~...q...a\.M".<[aL.....M.{..w...]-b.T.~.rv.=.{.v. . 2...'2*;....qM(..*6UM/$;`..zdT8....9.... ^....H..,.....ah.
<<
<<< skipped >>>
GET /clientscript/vbulletin_menu.js?v=381 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:36 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 May 2014 21:33:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:36 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
b3e.............Z{S.....>......W..RI.t[.1...Q.=.v.JHc[..F%.......L...4.%/[K... ......nq...,??|.f...}..k......*.).../...#.|..?@B...t.E.......p..~...'.s6..$.4K.(..u.C.r.....s...4..0.I]/...E1....J..n...0.y...8.-.......Yy4O.Y....R?...U.~./../.&..7...z...:..L...g................................(.IN.._.%.gR...2..o....0...Mx....4Y]-.=...Yq...V.VI.#...y.X.J.s?.c.u{..4j..&^.i.;G..rh.....qNq..2w...G.$..r.._w{.B1.$..m.`;..g|.R..s...... u.{..$...c6.w.....5...\E $.-..zC.....LiV.t:p.cu......y...k.....;?.F.{...[{...>eK{NA. p. .A...;.tjk..M..s.uG..^.@;Z..,p.._.N/....q...v<..E..G3..Z...9..Z. ...U.X....X.e...=.......Rs.fk nlA....I .4....;3l.V.Mn.M..n....<8K....H...q....~".G}.lE....#.Z0.k.R.c..H]...g,.D....5a...S...y,.3.WA?....o.n;O...o....M.xb!.=.U.....a.J..r.f.qO...R|K..Q.,<v.;.8.j.....b..&..[J.s4=9.R:.1.. o6...w9./.....~Mp..X.[.[..5.e.e7.(y.\.]...T.,W...!I.>....,.r>^Dq.....'m.....q....kHc..l..~........v.<....t..[.A...#.....N......AF..k...0p0bAP......Pr.-.Z..$..^..)...-B.a.0r.......y.c....~...^Z..P.m.>R.h.n.99...o..0A!....*.ZCF.VY.2'e..1...y.kY"..S..D.....r....H.%K.......H.. ".NLM. .g.....l..k#.(1o.9].. .}.......El..2r..``...9..G.....9.j.................,..,q.........q;a)...i.....C..4z`..@&..........T.*.pB....M.U.....~..5..a...U....(9...;..;.E.*......0.~N..rS..y'.z"<$..G...Z....`.?N..&s.89.....U@...Wt8...).........3...v.....b?.U|....R....z.t.NG.G7wH. vD....1N.$.t.ek..D.?...)H..-.o.RX.=..@`.%Z....,....n.d.8G.~...b..."6.\%.D....i.......p.|tUbA....Hg$...U..%8.....f......!:Xh.01.Dt.RB.\...G..4..W.^...D
<<
<<< skipped >>>
GET /cb/cb/logo.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:38 GMT
Content-Type: image/gif
Content-Length: 11690
Last-Modified: Tue, 27 May 2014 21:33:45 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:38 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a,.z....e~.o..f..b}.I\.h..s..\v.K^.H[.m..M`.G[.d..e..GZ}Uh.w........`q.Ob.|..FY|..._x._y....iy.......ev.Vl.Yq.j........{..GY}FY}m.....d|.j........u........q.................Y........Qd......6...Na..........g~...oP.._....2..T.....Ye....3........K...Ey.hy...f.....Fv..Oq....Qdye....... ..v8Ok..E...........\r~.bz.ny.FTjn....?..A.....{<g.fw.}.y^v.Dh.^p.cu....Zk...YL_.m..Zl.Re.J].c~.GZ~b}.M`.b|.!.......,....,.z.....{................................................}..............................................................................lu... @t...S.......@..PbC..)*...#...=v....C.%S*AI..K%.`...o@.t.i.......@........H..\.....P.J.8s...H........`....U...h..].....p...e'.A...........C..%....... ^lXAc... .Lyr....k.......C...t.V..S..i:k.../W.].r...s...{....a.'.....[..^..,r..5.PR`.a...3>.........O.......1...g......B...Y.....9....(....g...tg..... w.>.a...h!w..'...v(.Z......tS.._.... ....0.(c...h@.7..#...X#.<.X..D.i..1.....,...R(F..smqx..6....\v...`v.%.H.9#...e..l...[.)...a.i..x....G...|...Vkm...i zX...4.h..>....Fj...f......i.9.)#.m..&............. .....(G"................k)..RZ,..*...<.Z...V ....Z......... ......`.....~.i..]r*....k...:.........v4....L...'....q{.V.Y.!.\.{....g.1...y&..s4.......(....*. ....X...[`A.7.L...#;i.I.................t...:1....).7_...\w...`....8.\..8..3.Hn..G#....L....F.=..R..$.c.,o.b.n...'.8.eG.u....../....t....%.LV.S.(.....v.6..z..t.z....{...>.....8..VM...Z..^$s.9..$....7.....j..D.a.......W;.....^;...._...w.....~6....{....}..[O..*..........<U..z....(...%.}....'HA../|..
<<
<<< skipped >>>
GET /cb/misc/navbits_start.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:40 GMT
Content-Type: image/gif
Content-Length: 1004
Last-Modified: Tue, 27 May 2014 21:33:48 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:40 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a...................~.....}................................k.....k..bx................u.....Xi.w..y........z..............r...........by....o...........x........l.....fx.`q...................z..v.....~..........................{...........v..v.....l.................y..............v...........m.....}..q..t.....}.....g}.......~........Wh....@M.`q.............l........fw....z.................t.....o..x...........^s......................bx.............Vc..................................................................................................................................................................................................................................................................................................................................!.......,........@...-..H... u....`...x8.... .E...(....%<..9$...$j.,.....9R..)..Q..D.h..&..?.,....G #......... ....%...W].).....'...1....2.LB....Di*1...B..Z2..c.....^......I..Ph.....Y.lhScF..4..p.......M.D... 7.Hp.H.......;....
GET /cb/buttons/collapse_tcat.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:41 GMT
Content-Type: image/gif
Content-Length: 594
Last-Modified: Tue, 27 May 2014 21:33:44 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:41 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.....`.......3Jr............Ij....2Iq=X................r..~.....1J.u...I.2M...._|.&<m...Nn.... 7j"<wr..Fb..........@\.Hg.h..>Z.3Hz/Iz.........Qr.=U....1Iw8S.:S.5MvHa.(>h8P.Db....}..............f..Ii.|........ 3]...B^.a...........;T.6Nw_~.f..)?n F.a..8Q|c..Rq.Zz.w..5O.Ig.......}..q..Ba.4My......................................................................................................!.....`.,........@...`..^.....&-?7_..'...^`..H.F._ .S8..^.#.(.6U!GA..:<XZI/=..`^.@>...Q.14.`."W...]^_............_......B*9[_.PRY..^.D.L..$\,...MT%JK..Q0......H8p... O".x.`..'5RT.0...q^..`...8l...;....
GET /cb/cb/thead.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:41 GMT
Content-Type: image/gif
Content-Length: 204
Last-Modified: Tue, 27 May 2014 21:33:45 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:41 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a......._z.C\.D].F_.Kc.[w.Oh.C[.c..Mf.^y.G`.Ng.Yv.Ha.a}.E^.e..Pi.`{.b..]x.Le.BZ.Ib.b~.AY.d..............!.......,..........I`$.[i.H.R,...#.S].8..{...`.A$J.G.R.h6.P.e:%X..l.......X.)..ht`.>...x\C..C.;....
GET /cb/buttons/lastpost.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 964
Last-Modified: Tue, 27 May 2014 21:33:44 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a..........PY.MY....PX....JP{...............QY.............Va.fj....~.....}........{..Xb.......z.....ny.is................~..|.....x..x........IQxY[u...`q.........................|.......................FNv.........NV....{.....:Bq......}..dh.............>F..........N[}............w................................PY.Xd................z.....i|._h............................|..w..kr.r........................................................................................................................................................................................................................................................................................................................................................................................................!.......,........@...Q.y.E..@<.8`....-.^t.P......(1......Bl8`....1@j.C'.....\.sD..A.....C.....P@"...8n....g...N L.....7.@......,OF.abe...cn..se..3dt..#"N..)4P.i....;@.I.".."...` .M@.;....
GET /cb/statusicon/subforum_old.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 541
Last-Modified: Tue, 27 May 2014 21:33:51 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.....t.......mx.mz....,A......................u...................................v........^l....................................................q..............Wg.......|.........................................................................................................................................y...................................................................................!.....t.,........@.z.Y.T._[p. tt.6eE`V]>iSLB7@XQhr..*kW'J...bNPl1O<G=5A&,oq#/..\;...9..^n(gs2%.....Z.!U.R j.Fa..8m).0fCc?.K....4HI.:.D$"-d.3M..;....
GET /cb/buttons/collapse_thead.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 594
Last-Modified: Tue, 27 May 2014 21:33:44 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.....`.......3Jr............Ij....2Iq=X................r..~.....1J.u...I.2M...._|.&<m...Nn.... 7j"<wr..Fb..........@\.Hg.h..>Z.3Hz/Iz.........Qr.=U....1Iw8S.:S.5MvHa.(>h8P.Db....}..............f..Ii.|........ 3]...B^.a...........;T.6Nw_~.f..)?n F.a..8Q|c..Rq.Zz.w..5O.Ig.......}..q..Ba.4My......................................................................................................!.....`.,........@...`..^.....&-?7_..'...^`..H.F._ .S8..^.#.(.6U!GA..:<XZI/=..`^.@>...Q.14.`."W...]^_............_......B*9[_.PRY..^.D.L..$\,...MT%JK..Q0......H8p... O".x.`..'5RT.0...q^..`...8l...;....
GET /cb/statusicon/forum_new.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 934
Last-Modified: Tue, 27 May 2014 21:33:51 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.......d..............k........p..Tt.`{..........~........B^.8d.f..Ng....j.....z.....w..............Rm....;_.{.....r.....b|.<g._{..........b..^z.Aj.[x.^z.a|.[w._z.b~.b}.Gn.}..6_.?_.e.....`|.............Fn...................Oh.o.....`w.............Bk.n.....}.................c}.............c..h..p..l.....m..|..Kq.r........a|....v..a}....s..Dl....Fn.c~.d~.[w....\x.]y...................1_.2_.!.......,............;{......;|pu......b|| 2/.../......2.. t.t2........|mv.......mw......u.h0330.....-....3.....<..Y)CB%@.BCj...<...T1..il).F.E...F.F..|......i.h.@.A.5.*."%....*y......$:..8aA....x.3.L.* D..Isf.....a.r..-}.T.q....O.80zC...?xV..C...A.j..u...)5P.....'*.p.....%K..R.P)I...4.....V&..F.cb/.Jcr(.0...,?~..J..c%.L(.q......le`....(.l..:..J_p....I..... .{D.&..X...M%.....Z....6...........H.....~$p....x?...G........@..<........{%/..._....^|..7.z..G....g....._..mG`..N8`...aC.$.8..%....,.8E%=.!..4.h..|..E.<....@....z.i..H&.......;..
GET /1/92a411bc23?a=4058140,2334836&ap=19&fe=2000&dc=2000&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&f=[] HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon-3.newrelic.com
Connection: Keep-Alive
HTTP/1.1 204 No Content
Content-Type: image/gif
Set-Cookie: JSESSIONID=9603aa4a7a720f8;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
HTTP/1.1 204 No Content..Content-Type: image/gif..Set-Cookie: JSESSIONID=9603aa4a7a720f8;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: forcar.org.ua
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:29 GMT
Content-Type: text/html; charset=windows-1251
Content-Length: 11484
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
Content-Encoding: gzip
Set-Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; path=/; HttpOnly
Set-Cookie: bblastvisit=1401690509; expires=Tue, 02-Jun-2015 06:28:29 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Tue, 02-Jun-2015 06:28:29 GMT; path=/
...........}.s.....\......RL.....jts...QYrf3.)V.h.-.h..A...?.....U..Q.J..[.3S3/[.R.........)...s......&.E..A.........r.s.G.~~../o]g%.Rf.>.....,4...m.j$r..5._~v...,...;.V...0.Z9...a..J.S.F".....D...#w>....bt..8......bh.....'....v.O?.Ln...a.Be....V].....@.......MM....Z......-.MM.k....rNmJ.u.X..nY.bE...Yu....U.)~g.E..q.~..t.w.Tl`..4.....2..[z.Bc........x....t_..~...T..BI.l..-....lO..)9..|..ZE.....ni...t.`.J.\......tX..%..vO_Y6.....k;...jk.e..3..Nwwk....4..nc....E..;k....$.6V;;..i.y....j....>.Co.....K4.y.n..{Oh>..|.^mu.be.C/.v.2jD..w.d.....uU...#^..|...c.h.#x1....^...;..7...x.......\.}..vV..].uGP.E..`.($...Q..`F1.Z......@.......~.zV....y.Y6q..kUv.\....}.81 .....,...... .R3-.....P.l.H.|G.....M......$......h.....e..b...c.^......B{^.d...A..#.....i).H.4-./.w.qQ.......&..1.*.<t.nDV..iN.........=|W.a...I..s.'.c.z.(9.}....a.A..)....f...o.....?....c!;.L.2..-..3.3....LR L'b.h!.*N...a...W?...._....\...].........k7>..y..U.V.G*.]PW...E...e}^...G.....U.|(..d.(.F$".......b..k.a....{.V.j......|T.....j....T.V .....e..A'.........i.p]c.A.......,.}@....R....Z.....H...t. Z5l...".j.u1.......AM.]...;pp.#.!...^&.......#...J.Y..;4j..A.<.......e...r.L....z.\..E......vM .....X....u...c.....OE..c.....cR.e.&..1.. .-.....}.8...!..2.......(..<.....~./.........0B..#`...h....w..9...........C.. XCZ7z...{.iz.NOX.*.3_......|...jA.N$R..1....i.Bu.T......".F....h.WD#0.Q.'7I.AQ. .g|..p0..ZN..!9r.Jr!H.ZY[..Uh.}*_6..f..dg....YA..L.v_.Z..mJ N......j..T*.....d25...S...v....pe:..$....#&LJ~|:..)...na....-..._...v..?..........%(.K../.
<<
<<< skipped >>>
GET /clientscript/vbulletin_important.css?v=381 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:30 GMT
Content-Type: text/css
Last-Modified: Tue, 27 May 2014 21:33:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:30 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
251.............T.N.@.=...Qz.j;PU.F..5...)I.%.Z..x....^.A..._v.&4..P.{..3.o...o8:.d...f.o.X..tT.:k.DK.....a...s1...\W......G.....'......XY4...k..Y..)a..5L.F.B.n......D(.=(m!A0.Qm.%....F[hFh.5-....e....;.^....oWW.....gp}3..i....b.}2._...Uam..a...*y:. .%l.o.PR.......M5P[.C.[.y..>cN.,iUC....S.....)... .Y..`\.O.G.."A..icjm".0...]2P.....V.o.u;.n.p.!%I!.K.Z...C.......,......qX....~..6....9..WI... H.E....4.A.p.x.X....!...C....d.A.MY...&.9....D.....m..........'..Oi%.}.......1..b........8.....*..E.....3..z.S.Gg.2....q!,...'.....6....ou.......c..!....A....n...;..Ep0=..{..|.........G..`. ...G......`.....0..HTTP/1.1 200 OK..Server: nginx/1.2.1..Date: Mon, 02 Jun 2014 06:28:30 GMT..Content-Type: text/css..Last-Modified: Tue, 27 May 2014 21:33:55 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Expires: Tue, 03 Jun 2014 06:28:30 GMT..Cache-Control: max-age=86400..Content-Encoding: gzip..251.............T.N.@.=...Qz.j;PU.F..5...)I.%.Z..x....^.A..._v.&4..P.{..3.o...o8:.d...f.o.X..tT.:k.DK.....a...s1...\W......G.....'......XY4...k..Y..)a..5L.F.B.n......D(.=(m!A0.Qm.%....F[hFh.5-....e....;.^....oWW.....gp}3..i....b.}2._...Uam..a...*y:. .%l.o.PR.......M5P[.C.[.y..>cN.,iUC....S.....)... .Y..`\.O.G.."A..icjm".0...]2P.....V.o.u;.n.p.!%I!.K.Z...C.......,......qX....~..6....9..WI... H.E....4.A.p.x.X....!...C....d.A.MY...&.9....D.....m..........'..Oi%.}.......1..b........8.....*..E.....3..z.S.Gg.2....q!,...'.....6....ou.......c..!....A....n...;..Ep0=..{..|.........G..`. ...G......`.....0......
<<
<<< skipped >>>
GET /clientscript/vbulletin_css/style-b09cab93-00002.css HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:30 GMT
Content-Type: text/css
Last-Modified: Tue, 27 May 2014 21:33:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:30 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
5bd.............X.R.8.]..P..f(....1........-.V.X.[I.).}.../9....@.u.t.G.${.^....Oi%w...y.......,....c...Hd.Br_*.....B..V.(B2 ...0RR.D.....-.a... ......G.....;.....0...*!....7.....3.a.].......}.L.yuEhHc%.......Z?cX.&^.....%M..C.f..~...s|q.......W$.8.hu..*..HV ...g......!..%j..F..._.J.S..-....5.U.?..5......S6ME./.x...<.%K..Du$o...E$s... .4m....[>..{6......E.q.?..n...3Xh.....~..Zw..V...O......<...V..l.B...B;z......h.5@.M...X..}<b..F.v.......N..j..1.1...Q.... 6}....)..u.j.F...p.^-|.W.~.^i..........G.._s....7...ia.._.(.L.[...&.......=.....z........J.dp(Q...6.A. w.......8.%..v.v`.-..I-~s][mB.$t ......N)Y...Xu.<P...............]oi...;...t...jG.k......jf.4.L.D..........;&...!.....L~..=S...}\/:...s...*..._m..w...#R...C{.>.eY.T....5.l..4....bk4.......8.y..O......1.........l{v...M......<T.DE....e)E.x.U._h.v..~.mx....A..x.>..O..R.'...C.^.>..O@-P)K.Nzd.....}.hAM..8.....t.#....}...m.G%{#...!....~..w;..B..C.\2.C...8..{.>..BF.g!....5.^.:.....P.?.P.?....Y.c6}}I..!.z....DV."......*.........."\.S;.....H.g.....r...H.y..V..fb .B^.....B.._.-.b.........R.W...%......".{.e.V..\........,X<.b'....e.n.R.>k...X.H'.o...O...`-.9....Ug..Q.............W.y8.47...kk7..m6.%\..@m......[..u....4;...3.}....K.B....6IcoQ......8U"x......2.$p.mH..........xe.....m.b..@.4.:..*h....A.[......[...;!#....>&.&......x..U....!p..t..r.J.jG&x..j..C4."b....sw.......i....I.a5.R.F.D7..&.=...'.."t.Y.6.aC..nKx........Bb.........|.W.} ..7....{....M...E..X...:... ..B.S.....[.)....:o..\..:]..l..........`...a.....0......
<<
<<< skipped >>>
GET /clientscript/vbulletin_global.js?v=381 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:34 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 May 2014 21:33:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:34 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
22ac.............]kw....._A#1...%..R.u..l......GTx .........Q?....3.....d...E.......<3.....K..f......_._m.fR...j>..(.=o.....;... .....m.............O....,..k.8..e.eaV{.O.5.>.}..Y.C...u.....U....yX[...8.k.a-..Q....*..5t..*A.$.e.,...I...e..m..r.j..~y.fx..]..I.........v...._.........|......i__..lO.Em]..jw.M.8..W.b^....u.W-...E....(.&7.Q.a`..'.[.2J....qg...........0...y2sZ....3./.|..i..0M...A....XD?...b./.4Y-..0..k.-B.!.L.ULU.4...e...).Q....$u....;.....<.g..A...;q.....s.r.O.(......=.8....~....o<7.]..e.-.5<.Y...2...s.8]............9}...;.........]_,.. ....I.z....4.n.FW..$z..4...3.....$..X%y8.......Y....,..k..0..r.l......s..........<].....w...~.X.yt1....Qx.L.|L.........2X...)f?Y.^.;..~.....N...h.. m...'o..0.c...b3Y.i..nQ.K<....u...x..t....].!~....64.,....,...&........... ....\....,m.^...S......b..H.....EU.E...h..>...N......T....[PD.(...cG.k..e.==.Q...T.a..2{^...<..r,..gV....O4V....t5.1./....1..9..........$.....8..[.}....?T.2N...|.VY.,..7..hZ.B..{.kY.:...c.......<|[L.".Tv....-....x.J3.J1.G.U.!.u.[.qp.#7..1.yB2.}......i...X...s..m..F.l....!.u.....h...Z..iH.........$....[....p..;..}.w.}.q...(4N..x[^nvFT*..k..;4...o.....i..5Zt......`......{.?.....8}..X....]E.X..h...d.h.P.{{-.#>...[=.&9.....{..f.q.....`..9.7....Q...U...0.\.....I..A.&.....=...<.....S=.[....7.D0.o...3.|.0..v.fy.\W.....C^.J..2W......&i...y.fzFw...i0{...>K....k.@..N....&.4..#]^u.P...5..]tN......6...i2..q(g...^..B..!N....v...|.N{y.....'.... m......Rb<.v.'....*...8.}l.&$..<.X....v<[-.a..x.:.1.).q.&...[.A.<..
<<
<<< skipped >>>
GET /cb/cb/headarka.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:38 GMT
Content-Type: image/gif
Content-Length: 1753
Last-Modified: Tue, 27 May 2014 21:33:45 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:38 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a?.z....Od.a|.]v.]w.FY|Tk.b}.\u.[t.Qg.Ma.^x.Mb.H[.GZ}K_.Ul.Wn.Rh.Wo.`z.I\.J^.Xp.I].Yq.Si.H\.`z.L`.Uk.Zr.\v.Pe.^w.GY}Yq.Vn.Sj.c~.Pf.b|.Nc.Vm.b|.Oe.Qf.J].[t.Xp.Ri.J^.K_.Zs.Yr.K`.Tj.\u.G[.FY}^x.Vm._x.La.`{.Zr.[s.I].L`.Nc.Nb.Um.Rh.Pf.Nd.Pe.H[._y.b}.a{.GZ~c~...........................................................................................................................................!.......,....?.z.....Q..................'..........N..................................)..........,..........................O..................@........HP ....*\......#J.Hq!...3j...... C..Irc..(S.\.....0c..I....7}.......@........H.*].....P.J.J....X.j... U.`...K....h..X.....p....K....x............L.......X......#K..9....3k....g..B..M.....S.^......b..M.....s.......0...N...............K.N]z....k..........O.......G.........O..|.................h...&....6.....H...Vh...f........ .(..$.h"......,....0.(..4.hc......<....@.)..D.id..$....L6...PF)..TVie.%d...\v...`....d.i..h....l....p.)..t.i..u....|......*(...j...&....6....F*i..Tj...f....v.i...*....j.........J*...*....j....j......... ...j`...&....6....F ....`...f....v.-.H. ....k....{......... ....k.....o........,....l...'....7....G,...K.....g....w....'!..$.l..(..2.K....0.,..4.<s.8....<....@....D.m..H'...I....PG-..TWm..Xg...R ...`.-..d.m6.*....l....p..v.t.m..x....|.m.........n...3....7....G....Wn... ....w..........n...............;.D.n..........{.../....o...'....7O...G/...Wo...[....w...../.....o....O........./....`..........?......H......L......:../...'H..Z......1...z.. ...GH
<<
<<< skipped >>>
GET /cb/cb/nav.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:40 GMT
Content-Type: image/gif
Content-Length: 325
Last-Modified: Tue, 27 May 2014 21:33:45 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:40 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a..#....................................................................................................................................................................................................!.......,......#...b@.P.).'H.b.L8..h.B.F...V..v.`pc<....t..f_...\>...x.`......................[Z...... ..............A.;....
GET /clientscript/vbulletin_md5.js?v=381 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:40 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 May 2014 21:33:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:40 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
86a.............X.w....W..L..LF.%Y....|...m...#'.C..h.H.df'.......xaz.......{..,....&.....8a.W\.h.<.K....v.X~IL..ev...g.|.t....[.W/......Q..w;_...............a59.2...e.@.2.......e.._....<.nm. ;P.NH.......=Nu.~..s.q..E0..........pa:.....C../.=.nj.w....t....*..r.'<..2..aq.,i...B.......Bdqg.....|....f.;....y3.......y.T/9 .....N.a.<......yp......2o.. .Z.0..8.~{XF...GQ.*."h.&VZ*...2..Q ...E.f.3ex....(;.y..^...8.R......M..x.%7&..@S.4..c.Iq........!.%?........Mx..!h<.......Y.-k<&...(a/m.".8)...{I...`-..d..f. (.....4..A.~E.....\p.:.C...o..a!b....t.>.B.B...o.=<...e(..*....f.!..7...Ct....X....~#R.....D.w.!.j8. .....Q..s5h..."........H.8..p1..~`.J...LF&.U.Z...%d.).FF....H*P.H.R.........@yRj/6.....B...5B..,.h.....#l..HG.J`3\j..5E.J.S.~C........ .d...X#..m<. 8.B...&...A.T...h..B.NC...-.o..58E....i.U...)j?....z..} B..B. ..a/2..4...]........."ab...8.MS:%..h..........2-..[..CT....1...5\...Z..T....5i.9...!B..GnU......H3.s.f..04.u.L..4.k5`..B&.7\..>..uM.Ku..".pnj.!#...8.Ze0i..N....4....:.$.QU..T.VB..K..!l.n.|.W..2fn.A`.o4..Tx7.Y..6b...z%.....j.H*. .K..u.$....'tLq%\.....U....8..Z#.-H... ..#......X4.....tSH.....Li..1M..P.Go!h-4 W\.C....*..d...:8Z..9....)....j...*.P....j....6'.Bh...............c..,..`.......]..._o6..b1..tm...0.>..A..Y..}.,7 ...tu..?z......8pW)....8.....'........^v4..z......[,.y....<....y?...P.....d........h.~|......Pl(.n.8.....^....^.......~..!. ..........Ao....2.............*...c..J.it...qt..0#L.z..;=...nG..f..V\4......9.........b....t....i..)...6.6{./..)........^.A..A.y..9.X...
<<
<<< skipped >>>
GET /cb/statusicon/forum_old.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:41 GMT
Content-Type: image/gif
Content-Length: 361
Last-Modified: Tue, 27 May 2014 21:33:51 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:41 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.......................................................................................................!.......,........... '.di."..l../.uOm.x.w3....P..@...r.,....t:-R...v.-....x<.N...z..f...|>w...wQ......E............E.......E............E.......E.......E.......E.......E.......E.......E.......E.......E.......E.......E0..-..........[..C....*\...B..8...;....
GET /cb/cb/cat.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:41 GMT
Content-Type: image/gif
Content-Length: 123
Last-Modified: Tue, 27 May 2014 21:33:45 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:41 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.......................................................!.......,..........(.H#......'J.4d....2H...1.Ca.A.8|....p....;....
GET /images/icons/icon1.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 1032
Last-Modified: Tue, 27 May 2014 21:34:03 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a...............................|....................kop}...................................255...VX]........................'))..."%%..................HLM.....................efm......8:<...............uyz............??D.................. ,/......ABG............oqx.........Z__.......................................BCG...............?AB....................................489............................... "...............* .............................................................................................................................................................................................................................................................................................................................................................!.......,............ .:d.J.!.FH...L..o.....L...1bxX....i.8i.'....8.H.....k 1j.q.G;....C"..@,..0...".@>..0.@.1..p.....AE.h`...... ..B...G.2N...@..V............0E..'e.P.................%.....4.t. ...F..y4. ...-/$d.....(.c.......G.<..'.T#A6..s..#&.....;....
GET /images/icons/icon4.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 1019
Last-Modified: Tue, 27 May 2014 21:34:04 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.........4..5..5..4..3|\...5..5}\...4..:..8..'..8..4..:..*.|$.}#Z[d..7gX...8...........5..6..8..6jny..7_[a........7?5...7.j?^`k..7..:..8`]].p<.q;.u7..1NQX........6..9..$..$VA.........>..)\S@~\.llv..7..%~^.K@.TK?bag..5or....1*......5..5..8}]...7.. ..7..6..9..:..8vc;..8.t"..9..&..6..6..-........6..6...qq}..:...VK.2,.ZL...-.|D..8..........p:..8..:.....8.....9z\...B....f }gBtbF...LB3..8|\...7..4YUV..(...cU4..2YX^.r!........7...............................................................................................................................................................................................................................................................................................................................................................!.......,.................M.2..*L."........ ......P..F...}\.!...;.@......,YL`$....=k8,.q....#..I... ..A..r E.3..P.1!!....(@"D....Z...d...cH...$..#0...q`..9\.A. @....V`...../e*.. `../....0 ..".".0. ..B7..xA......$......|..h...m.....Rg....;....
GET /clientscript/vbulletin_read_marker.js?v=381 HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 May 2014 21:33:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
4e6.............V.r.8.........Dv.?..L..w.n...N?&.2..Q...D\o..... .m..kg.....G...s.~........-....t{....W.).4Go.o.M...?..X..X1.t.H..~.....w..I..%.....SA.:..Fn.....hH......P.......,...I4!........$B..,a`.8.t....A.Q.p..^...}..NN...St<B..1.0...h.a........J.,....l..'u.q.2t...j.4$. 8.Y..z..^...........$.>...p.&f..|!.Y..../8....ck..e......wV.S&YNf ..t....T...U.h,.q....\..~r.5b0].F.....F...6...?.. 8..}....5.................b..C.WI.4.?...a....'...0b..R8..c....7..C"..^M.<.(..p......%'...s.mI3.Jy....8(S...%[....[...ht<8=....A..S9........;........O[....u.6....G...C..N .`%<U}.....C.P...].h...t`...D../..0{..Q0..o.O.......S..N....pJ..L.n.Ua.9..{.c...%4.p.".%HK...*.(..o..<....~}>...~.F.....67Z`Ic._..N...v..'2q...LxU...'.-]..v..<..T..B.S../..hD.....u.9.f........:.,.....7VY.*..<l.v.PUZh.F)=(...]..S.T..{..F...........7.qGo*y..,.y.q]..0.R..by.3..G?.....3wTQ..........W..*.7.....h6`.....>.h.a..$...n....&..L..~..u...Q#7...\~%....9.Y..O.s.........z.k..!1...c.2./..i..e...m...L.......80T..W..r"K..^c...Tu.......J5{, .I')Q...r Z.....S....J.V3...p7#73.Gl.S..<........7..MM..4..Z..:.8...j(...FD.t.}u.P...W........k.5O.*.B..&z.TZV"...0.6h6}9}y.......Z.... ....}.6...h_...{>...:...y..wg......_..7..M..n...n..MVW.c...~..}..\O...p}.X....6.....S.l...Qu...)R..G.T..<L......@.?.B.....0......
<<
<<< skipped >>>
GET /cb/misc/whos_online.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 839
Last-Modified: Tue, 27 May 2014 21:33:49 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.......E^.\z.Rq.Qp.Zy.Ts.Xw.Vu.E^.On.F_................Om.]{.....................................Pn....Nl.......Qp.E_.AY....Ga.AY....f..F`....F`.Wv.:Oyy..Xw.Ga.......m.....?V................y.....Tr....Ts.Fa....F`.8Mv...\y.............Vt.Zw................m........r........{.....9Nx......^{.F`.Xv.Ut.=T.Zw.[y.B[....?V....AX.......Yx.?V....=S.^|.D\.C\.D].`~.b........BZ.AY.c..d..C[.BZ.......!.......,............"......."~.{........z........u.....`^..u.t...t.Vk51...p....*T!Zc...p.....M*;!6Gd..........F9=.al.......AK...Q?.......#:...4#.............gT.0.a'..#F......8.@...... AB..A.I,. .\.).../A..r.&.. `.....O...T.@....?.vB..iS.i.L......X;.......]8.......h;.Y.... ..xt."...9.....w...j6.8..p.Nr. ^.....&..YLYN'>.3kV .A..f.h...2..q`d@.!....;..M.....n0!....>....!fK..oJ.........K..).....k........<.p.............v...O.................;....
GET /cb/misc/stats.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 899
Last-Modified: Tue, 27 May 2014 21:33:48 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a.......Ts.BZ.......s........9Nwl..D\.Je.Lh.......C\.Pn....Jf.Rq.......E^..........Nl.......@X....Lj.Id....G`.Po.\z.<S~Ts.AY.Fa.?V.Wv.BY.@W.\z.Vu.Zy.On.Qp.Xw.F_.E^.D]....Yx.Yw.Om..........n..|.....`|....Zx.......Mj.......m..Li.Vt.......Sr.Kg.Nl.Qp.Rp.Sq.C]....w........Ga.......Zw....[x....Gb.......Vt..........Je.i..Hc.Hc....Pm.\y.Lh.d..AZ....C[.>T.;Qz^|.......AY.c..`~.b..d..BZ.C[.BZ.......!.......,............:.......:~.z........w........y.......x.......s...s.66A,...,...)L.==T\-........IcS.9@FJ.Z)...1..1.`.flG .%@i?-...-..L.Vag.< DW!U.$.......%6.P....18.(@R@C...;I......H.HxpD@.."... .#.N0b.| ....0p...$....p.....Q.N...`....H.f.SD....dh......2.`..F.V/..,...S..o...ip....LL$x.....p.v.A.../](4ig...2....P.p'..3......=4B4i..B...3wJ....8#.lYr.../X.p@..w'...;X...............;..N}...$N4YP...8..W...z..r..'..<.N}...O.~}......i.....(....a...&.... .....Q..uTh...fx..5..C.t.(..$.8b.>....,.... ...;....
GET /cb/statusicon/forum_new_lock.gif HTTP/1.1
Accept: */*
Referer: hXXp://forcar.org.ua/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: forcar.org.ua
Connection: Keep-Alive
Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 02 Jun 2014 06:28:43 GMT
Content-Type: image/gif
Content-Length: 881
Last-Modified: Tue, 27 May 2014 21:33:51 GMT
Connection: keep-alive
Expires: Tue, 03 Jun 2014 06:28:43 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GIF89a..........Ib.?U.>T.:OyAX.AX.=S.F_.E^.E^.D].Qp.On.C\.Zy.Rq.Vu.Xw....Ts............................C[....8Mu............=S}F^.Lc.?U.Lf.......D\....Wv.\q.]r....Mh.Ok.......C\....>S~.........bv.|...........On....:Nw...r..Qp.............:Pz<QzKb....Qo.......Pg.Vk.ey....@V....Jd.m...........l.....Mk.Ol....AY.D^....y..?V.8Ms[p.Fa.......Li.Mj.E`.Vu.Qm.C[.D\.......AY.c..^|.`~.b..d..\z.BZ.BZ.......!.......,............~.......-.......-~.z........v........y.......x.......w.......{..........3.r.r2..2.r.p.......'.... )) ..a&......o.ZP..DT0B..5EX..JQ.H...."F....F..@..!8......,......:<v.......K1X.....d.l.I3..._Z.,.....A.....hQ/9N....g).P.B.`@...X.X.#5j..`..uPF...fy,......p..6......I...[j.....p.@.....{.....4f,.T.@...$./T9..q)..C{.a....&^.0m.....K..=.....qg!.dK..?.x..G6q>...(Qb...%..`......K....... ... ...!.A,1..{.................T....(........6...1.....F(!.1....$.....v.!.$..G .;..
GET /ga.js HTTP/1.1
Accept: */*
Referer: hXXp://adf.ly/VUcWb
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 01:20:56 GMT
Expires: Mon, 02 Jun 2014 13:20:56 GMT
Last-Modified: Thu, 08 May 2014 18:54:47 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15790
Age: 18448
Cache-Control: public, max-age=43200
Alternate-Protocol: 80:quic
...........}kw.:............Io@R..........l.,.iH.....$...3#......s.z7..<..e4....x2.Y/.....>^.<.C.D......j...0c!...qo.....A*....L&..x.K..w.*8..%.<..|..)d.X.......&..*... .Q...(.....8..q..\.!...a..0...$.tX..N&..a?!..zB:l.8c9.p.....;l..x.$c.]AP\..>..B...&..:pz.H........g...Ap..!.5..K......V;l.H.....V.a.....s.$p......39...a.a.P'9.b.;H>N.$..A..... ..^..{h.h...2l_..N...w9..d.@.`._.N..7..|....%.d.%......%.{.....&.@.I..:....F.{..c.nzP*..a..LzP.sl...V..y.U8*&.......}.BH@..ZC...Ty. u.Y...!..R.h.V..h./>3...*.P..(..:A.}..v.C ..M..Vk.......\..d....he.q..u.u..yE./J.Re..|:u..L...B..E..Tn/v \.<...8..MU.g.....{.`..}.;n.....x................4...kG..[q....0r7.....l.n?..@|.%W.g....V..../.a......P`....t W.VNq.#.......}.WL....,X.a....{..*..!<W.......e.{.$.e......[......S....(.).K..........>....X5o{i&.X..A.F.T"h.....KB...^]..f..z3.jyYcy......@..#Y*.z.Jl.#w...S...^..a..A..F....q.!...6~...1....P.......`..= .M.(.^.@.5.L...y..P.".v.........L...R.....[...fx....o...K...s..!..........oa.F..V......)..ym...;......a..r..N. ....Y.5o.u|..K...}l[i.....N.-%...4.I..(..'.....PR..gnAx...A.D.....w..5W..m. .....Zno........d<hpf...s.e#..v...p..g...[.G.k.2.c.6.....5..Lcc.fUm/.P!....!U.c.......d78!7.......V>&."..Q$.....&.sS..Kq....].UySz=..3..$.".;..".'.Kar\[...t\....;...h._.O..b...2....{=H9@...v0l)2!..xD7...T..Di.w.RC`.m.8.\....J....h..u{{.....p..)..O3.W.........k...y.`^ ....&1..f"..D.W.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m....fC....>..>d..Q..!....X1......7L...[.........;.w...[L.LB.
<<
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
ATG.exe_1700:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
udPh
udPh
PSSSSSSh
PSSSSSSh
PSSSSSSh!
PSSSSSSh!
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
.EKSWU
.EKSWU
FTPG
FTPG
FTPj
FTPj
FtPS
FtPS
=KNILw.tT=RCNEw
=KNILw.tT=RCNEw
_0 _8 _4;_,
_0 _8 _4;_,
SHA1 block transform for x86, CRYPTOGAMS by <appro></appro>
SHA1 block transform for x86, CRYPTOGAMS by <appro></appro>
SHA256 block transform for x86, CRYPTOGAMS by <appro></appro>
SHA256 block transform for x86, CRYPTOGAMS by <appro></appro>
DlSHA512 block transform for x86, CRYPTOGAMS by <appro></appro>
DlSHA512 block transform for x86, CRYPTOGAMS by <appro></appro>
Montgomery Multiplication for x86, CRYPTOGAMS by <appro></appro>
Montgomery Multiplication for x86, CRYPTOGAMS by <appro></appro>
6-9'6-9'
6-9'6-9'
$6.:$6.:
$6.:$6.:
*?#1*?#1
*?#1*?#1
>8$4,8$4,
>8$4,8$4,
AES for x86, CRYPTOGAMS by <appro></appro>
AES for x86, CRYPTOGAMS by <appro></appro>
Camellia for x86 by <appro></appro>
Camellia for x86 by <appro></appro>
RC4 for x86, CRYPTOGAMS by <appro></appro>
RC4 for x86, CRYPTOGAMS by <appro></appro>
FRegDeleteKeyExW
FRegDeleteKeyExW
MARGIN-BOTTOM: 11px; BORDER-STYLE: solid; BORDER-COLOR: #DFDFE5; BORDER-WIDTH: 2px; BACKGROUND-COLOR: #DFDFE5; }H2 { COLOR: black; BACKGROUND-COLOR: #FFFFF; FONT-SIZE: 12pt; FONT-WEIGHT: normal; MARGIN-BOTTOM: 0px; MARGIN-TOP: 10px;}