Trojan.Win32.VobfusVB_01c662dc79

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):

hotrolb.exe:444
H_LOADER.EXE:324
hotromaster.exe:372
%original file name%.exe:588

The Trojan injects its code into the following process(es):

ATG.exe:1700
hotro.exe:1692

File activity

The process hotrolb.exe:444 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[2].txt (167 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[1].txt (0 bytes)

The process ATG.exe:1700 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\NLA\ATG.004 (1170 bytes)

The process hotro.exe:1692 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redir[1].htm (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\VUcWb[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ca-pub-5320542445719254[1].js (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[2].js (3354 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[2].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\zrt_lookup[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\authorization[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[2].js (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ga[1].js (1681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ru[1].png (728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\yahoo-dom-event[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\icon18_wrench_allbkg[1].png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\whos_online[1].gif (839 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo[1].gif (3568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[1].css (593 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14660 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forum_new_lock[1].gif (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\adfly_2[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\x_button_blue2[1].png (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\logo_fb2[1].png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6[1].gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1 (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\view40[1].js (3252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\iframe[1].html (1262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1].htm (1944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (2752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\d_bottom_bg[1].png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1market[1].php (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAYHDVPK.htm (1108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\redir[1].html (175 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rambler[1].txt (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon[1].png (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\yahoo-dom-event[1].js (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[1].txt (3280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAMNWV6B.htm (3338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b64[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\-WzdRTzRa5k6HlJK6-dK9Q[1].eot (970 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4562 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (1842 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[2].js (9 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forcar.org[1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\headarka[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zrt_lookup[1].html (495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1] (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\thead[1].gif (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\home[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (1168 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forcar.org[2].txt (308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\collapse_tcat[1].gif (594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\subforum_old[1].gif (541 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\redirecting[1].htm (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[2].js (1545 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yourjavascript[1].txt (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon4[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[2].css (2466 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-WzdRTzRa5k6HlJK6-dK9Q[1].eot (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[2].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\forum_new[1].gif (934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\collapse_thead[1].gif (594 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_body[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\s[1].htm (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ahl6532[1].gif (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[1].css (2271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\navbits_start[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\google-logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\LOGO_9HACK[1].png (2227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tombolcari[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ca-pub-5320542445719254[1].js (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nav[1].gif (325 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[3].txt (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\iframe[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (1075 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[1].txt (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\css[1].css (466 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[2].txt (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\powered-fps-online-gaming-outside[1].htm (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\en_tran[1].png (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\d_top_bg[1].png (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1] (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\favicon[1].jpg (422 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[2].txt (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stats[1].gif (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\6253827461219388746[1].jpg (12616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[1].js (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (4065 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\1255108524618159298[1].jpg (21024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redirecting[1].ua (108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cat[1].gif (123 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\forum_old[1].gif (361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAIV696X.htm (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\lastpost[1].gif (964 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[2].js (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ca-pub-5320542445719254[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redirecting[1].ua (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rambler[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1market[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zrt_lookup[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\si[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1] (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\iframe[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forcar.org[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\redir[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\yahoo-dom-event[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (0 bytes)

The process H_LOADER.EXE:324 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%System%\hotro.exe (32 bytes)
%System%\hotrolb.exe (32 bytes)
%System%\hotromaster.exe (24 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DF2C90.tmp (0 bytes)

The process %original file name%.exe:588 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

C:\H_LOADER.EXE (28 bytes)
%WinDir%\DFBBYA\ATG.00 (1 bytes)
%WinDir%\DFBBYA\ATG.exe (15021 bytes)
%WinDir%\DFBBYA\ATG.02 (56 bytes)
%WinDir%\DFBBYA\ATG.01 (81 bytes)

Registry activity

The process hotrolb.exe:444 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED FA D5 48 DB 9D D2 D5 5A F2 86 74 EC B6 A0 5C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ATG.exe:1700 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 B1 58 33 B3 DF 38 13 80 05 5F 87 69 EE 52 77"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATG Start" = "%WinDir%\DFBBYA\ATG.exe"

The process hotro.exe:1692 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "hotro.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1398452974"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 A3 5F 22 54 0D 6B FA 3D 51 42 A7 65 81 34 59"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 63 66 4B 08"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"2796BAE63F1801E277261BA0D77770028F20EEE4"

The process H_LOADER.EXE:324 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 31 CA E5 23 52 99 00 1B 3E 10 8C 69 7D 03 19"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"hotro" = "C:\Windows\System32\hotro.exe"

"hotromaster" = "C:\Windows\System32\hotromaster.exe"

The process hotromaster.exe:372 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 8B CC 94 59 28 2D DF 5D 9E CC BA 10 DD 5A 24"

The process %original file name%.exe:588 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 3C 3B 3D 10 63 5F 60 BF 47 EF F2 6B 27 43 73"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%WinDir%\DFBBYA]
"ATG.exe" = "ATG"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:]
"H_LOADER.exe" = "H_LOADER"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Dropped PE files

MD5	File path
321891610422cee235717f05965c37ee	c:\H_LOADER.EXE
01e52cc38f3fe324a9e26ddb36dc89e5	c:\WINDOWS\DFBBYA\ATG.01
d2953694651198b4e9031578bf52a939	c:\WINDOWS\DFBBYA\ATG.02
9dd994d5ee6dd09ab083d20d6c887db9	c:\WINDOWS\DFBBYA\ATG.exe
d6b2bff6198642950f1bcf491131a38f	c:\WINDOWS\system32\hotro.exe
e30b602e465fac39a59485dee86db375	c:\WINDOWS\system32\hotrolb.exe
bcf7e6fd8b994f3f9a6e23324a4bec6b	c:\WINDOWS\system32\hotromaster.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	40340	40448	4.81966	2d733d29919d8bc133e77c2de5eec471
.rdata	45056	9232	9728	3.72958	88e41e43a2075dc0bf713901dd97f9a1
.data	57344	8032	3584	1.58991	d4668da877d58af66239b78e3837253f
.rsrc	65536	2030512	2030592	5.3123	8d4cf3faa9c2fef4c3a90cf3a31d987e
.reloc	2097152	4752	5120	2.51898	8d3f6fb3c0a2cc24688e73c583565978

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://adf.ly/VUcWb	69.65.52.64
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.1/jquery.min.js
hxxp://cdn.adf.ly/static/css/adfly_2.css
hxxp://cdn.adf.ly/static/js/b64.js
hxxp://cdn.adf.ly/static/js/view40.js
hxxp://cdn.adf.ly/static/image/logo_fb2.png
hxxp://cdn.adf.ly/static/image/ahl6532.gif
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=	69.65.52.64
hxxp://cdn.adf.ly/static/image/skip_ad/en_tran.png
hxxp://cdn.adf.ly/static/image/d_top_bg.png
hxxp://cdn.adf.ly/static/image/d_bottom_bg.png
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
hxxp://c.global-ssl.fastly.net/nr-411.min.js
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=14&fe=16968&dc=16968&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&f=[]&jsonp=NREUM.setToken
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=19&fe=2000&dc=2000&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&f=[]
hxxp://forcar.org.ua/	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_important.css?v=381	91.200.40.25
hxxp://forcar.org.ua/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=381	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_css/style-b09cab93-00002.css	91.200.40.25
hxxp://forcar.org.ua/clientscript/yui/connection/connection-min.js?v=381	91.200.40.25
hxxp://adf.ly/callback/0e237ea9065e220e5889ff7139d91ba8	69.65.52.64
hxxp://forcar.org.ua/clientscript/vbulletin_global.js?v=381	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_menu.js?v=381	91.200.40.25
hxxp://forcar.org.ua/cb/cb/headarka.gif	91.200.40.25
hxxp://forcar.org.ua/cb/cb/logo.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/js/adsbygoogle.js
hxxp://pagead46.l.doubleclick.net/pagead/js/r20140527/r20140417/show_ads_impl.js
hxxp://forcar.org.ua/cb/cb/nav.gif	91.200.40.25
hxxp://forcar.org.ua/cb/misc/navbits_start.gif	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_md5.js?v=381	91.200.40.25
hxxp://www-google-analytics.l.google.com/pub-config/ca-pub-5320542445719254.js
hxxp://pagead46.l.doubleclick.net/pagead/html/r20140527/r20140417/zrt_lookup.html
hxxp://pagead46.l.doubleclick.net/pagead/osd.js
hxxp://forcar.org.ua/cb/buttons/collapse_tcat.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/forum_old.gif	91.200.40.25
hxxp://forcar.org.ua/cb/cb/cat.gif	91.200.40.25
hxxp://forcar.org.ua/cb/cb/thead.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
hxxp://pagead46.l.doubleclick.net/simgad/6253827461219388746
hxxp://pagead46.l.doubleclick.net/pagead/js/r20140527/r20110914/abg.js
hxxp://pagead46.l.doubleclick.net/pagead/images/abg/icon.png
hxxp://pagead46.l.doubleclick.net/pagead/images/abg/ru.png
hxxp://pagead46.l.doubleclick.net/pagead/drt/s?v=r20120211
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47
hxxp://forcar.org.ua/images/icons/icon1.gif	91.200.40.25
hxxp://forcar.org.ua/cb/buttons/lastpost.gif	91.200.40.25
hxxp://forcar.org.ua/images/icons/icon4.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/subforum_old.gif	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_read_marker.js?v=381	91.200.40.25
hxxp://forcar.org.ua/cb/buttons/collapse_thead.gif	91.200.40.25
hxxp://forcar.org.ua/cb/misc/whos_online.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/images/google-logo.png
hxxp://forcar.org.ua/cb/misc/stats.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/forum_new.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/forum_new_lock.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/images/x_button_blue2.png
hxxp://www-google-analytics.l.google.com/v6exp3/redir.html
hxxp://www-google-analytics.l.google.com/v6exp3/iframe.html
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47
hxxp://www-google-analytics.l.google.com/favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A
hxxp://counter.yadro.ru/hit?t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284
hxxp://counter.yadro.ru/hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284
hxxp://counter.rambler.ru/top100.jcn?2169552
hxxp://pagead46.l.doubleclick.net/simgad/1255108524618159298
hxxp://counter.rambler.ru/top100.scn?2169552&rn=445673780&v=0.3i&bs=797x382&ce=1&rf=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&en=windows-1251&pt=Автомобильный форум ForCar.org.ua&cd=32-bit&sr=1276x846&la=en-us&ja=1&acn=Mozilla&an=Microsoft Internet Explorer&pl=Win32&tz=-180&fv=11.6 r602&sv&le=1
hxxp://www-google-analytics.l.google.com/bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js
hxxp://www-google-analytics.l.google.com/v6exp3/6.gif
hxxp://www.gstatic.com/pub-config/ca-pub-5320542445719254.js
hxxp://pagead2.googlesyndication.com/pagead/js/r20140527/r20140417/show_ads_impl.js
hxxp://googleads.g.doubleclick.net/pagead/html/r20140527/r20140417/zrt_lookup.html	173.194.43.122
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
hxxp://pagead2.googlesyndication.com/pagead/js/r20140527/r20110914/abg.js
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47	173.194.43.122
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47	173.194.43.122
hxxp://pagead2.googlesyndication.com/simgad/6253827461219388746
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt	72.247.8.51
hxxp://pagead2.googlesyndication.com/pagead/images/google-logo.png
hxxp://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211	173.194.43.122
hxxp://pagead2.googlesyndication.com/pagead/images/abg/icon.png
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i1-v6exp3-ds.metric.gstatic.com/v6exp3/6.gif
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078	173.194.43.122
hxxp://js-agent.newrelic.com/nr-411.min.js	199.27.74.175
hxxp://t1.gstatic.com/favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A
hxxp://pagead2.googlesyndication.com/simgad/1255108524618159298
hxxp://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
hxxp://pagead2.googlesyndication.com/pagead/images/abg/ru.png
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
hxxp://www.gstatic.com/bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i2-v6exp3-v4.metric.gstatic.com/v6exp3/6.gif
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
hxxp://pagead2.googlesyndication.com/pagead/images/x_button_blue2.png
hxxp://pagead2.googlesyndication.com/pagead/osd.js
hxxp://www.google-analytics.com/ga.js

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /static/image/ahl6532.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:21 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "c9d-51b1c54e-616cf7bbbb5ed14c"

Last-Modified: Fri, 07 Jun 2013 11:34:38 GMT

Content-Type: image/gif

Content-Length: 3229

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:21 GMT

GIF89a..:....GPL......rp3..$...{...1U2JJ-Qp.;a...........,..1...7h..y4.....-..qOQ7..3.......5Z.................4....=Q...p..Hg..Eh.*M......[..'%'..BUr...G............fm>.....F.....E..n......779...M]C..X...[e=>@Fq.....ijm.6[a}._x...Q........p.3O..8Pl......\.3W.>a.....Z......m.... ..6.#.......Fy...U......#.!..>=6) .8l`;.....!;/.B`|J@..,A0- .6W...7\{..R.0T./S.8^.7].;b.:a.... M.,O..Q.-P.*L.9`.)K...!.......,......:.....u..uR...2./...2*.....**..............o..W....W]/............*./...(..........&.]....../............2....................v.....W...TG..%~..*\......#J.....C(....Q....(..I..I.......eG..L..I..M~}r..i.b.!.\...1...H.*].....P.JmZ..P..........`...A.G...L8..`..#...8.b`...^....2...WCx.@!...&.*n:...;g.&......9&.......r..}..C..(.{.2...0k........;...|..e7..w^p.Fh.9.(_..y..U..8r...2g.....I....../..............M..l......la.`...$..ZK....v....~.6..y.5..{J(...v.'_qR8.!xE....:...[U<...(.`..."...4..!z...Ao...F.-.`ao.h8....(...L6.$.Z.0..V.....0.@..x...1n...m<i..h....76.....P..NJ....q.....G.......g.....@`..Vh...e....c8....f.)..A..........yY.|.i...>.F.l,.@...`F.#8Z..."... .A..".j..m.!.g.}@..i.P\.O......Y...rKh..4.........P..v.R......D...k....[...F{..R.K..?@.........3.....p...L.C..me........."1..#P...(.|/.E...e.0,..R(........k$...>,A...o.%......jP0.._\6.... ..@ ...38pu..J........Z..).E.q..;..a.i.pb.-.k..wcpD....x......P....8pY.....F.....a.g...m..E.0...........N..@$.F...@..@..................f&.....[f.....D............*...M..D..a.|...$...w..z.........;...`........7...s.@o..;).....^..e8..`z....|../.a...

<<

<<< skipped >>>

GET /static/image/d_bottom_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:22 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "a7-51d450e3-500e6ae194574ff5"

Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT

Content-Type: image/png

Content-Length: 167

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:22 GMT

.PNG........IHDR..............i.N....tEXtSoftware.Adobe ImageReadyq.e<...IIDATx.bx....................3<|.......w^.f...?....L...1......,.......@...or-y.y.y....IEND.B`.HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:22 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "a7-51d450e3-500e6ae194574ff5"..Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT..Content-Type: image/png..Content-Length: 167..Cache-Control: public, max-age=604800..Expires: Mon, 09 Jun 2014 06:28:22 GMT...PNG........IHDR..............i.N....tEXtSoftware.Adobe ImageReadyq.e<...IIDATx.bx....................3<|.......w^.f...?....L...1......,.......@...or-y.y.y....IEND.B`...

GET /static/css/adfly_2.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:10 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "97f-51dd3f45-1ed891dab493e028"

Last-Modified: Wed, 10 Jul 2013 11:02:29 GMT

Content-Type: text/css

Content-Length: 787

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:10 GMT

.............n.0...#...F..).@ ...Z....J....jld.4i.w..l ....w.c..7...:..)eI.#.u.?...(..2...G....mm..p^..i.Y...X......Q...b.j.A...p..%B.B..3.....R.OT.=.v...F#.....V...r.{..a")...xT%=)...d.&..9..1....2...D.. .^r."4Yx...C...a..s..ll,Y0...p\H~.....#.....fW.......K........*DW. 0.....z....Cg.>ji..T....3T.H.].7.....G:lmC.......k.s..U..K..B..G.n.E.>C.../.....9VI....\...L.92.{.!Kw...6...........<.O....;..._S..n...B........... ...Z..y.F,.....@*,.z.YU..d~...2../../=..=..~..S...R..6=".e.hmA..lH...T..RI.....y.`.....c..X......`.:g;U ......lj0..h<...eG.m.,......O...s..Lv..]..s.<Lo&.Ag>T]..z(./..\O..".oQ...._v).....1...!lE.....4.......r.V..X!l7....B. .Z{F.._O.:.......K...a...K.e.y\o..q.M.}..*.....%.G......j......<w0g..2.2...E9..d.._...1bY....[...':.^..........<.v;....`a..A.`..!....3.....|.....HTTP/1.1 200 OK..Content-Encoding: gzip..Vary: Accept-Encoding..Date: Mon, 02 Jun 2014 06:28:10 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "97f-51dd3f45-1ed891dab493e028"..Last-Modified: Wed, 10 Jul 2013 11:02:29 GMT..Content-Type: text/css..Content-Length: 787..Cache-Control: public, max-age=604800..Expires: Mon, 09 Jun 2014 06:28:10 GMT...............n.0...#...F..).@ ...Z....J....jld.4i.w..l ....w.c..7...:..)eI.#.u.?...(..2...G....mm..p^..i.Y...X......Q...b.j.A...p..%B.B..3.....R.OT.=.v...F#.....V...r.{..a")...xT%=)...d.&..9..1....2...D.. .^r."4Yx...C...a..s..ll,Y0...p\H~.....#.....fW.......K........*DW. 0.....z....Cg.>ji..T....3T.H.].7.....G:lmC.

<<

<<< skipped >>>

GET /static/js/b64.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:11 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "dc0-533ef451-73228b2e988dd6e8"

Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT

Content-Type: application/x-javascript

Content-Length: 1103

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:11 GMT

............]r.6...s..L[R#..$Fu% ...].u.. ..L."A...0 (.... ....K...I...LI..&.L4.1.../.X.G/..b.....k.....5].H.~}..k6.\.;I..Q=...z.f.G..%.....qsA.YD......F.=8.......1...LB|.......FRL...l.K.K.M..HR.r.'.... .{t.8L..3.9....'.h.....dq....P:..#...{..\..v..OXQ0..%c....g4.(W4~.P.'..... .@g$.........K7j..HIU"qO0.8j....{..;.p'...'....g.........TJ....y.DgE..?~.....@...z.d....p.`<.......l...S_...um.......w;......q...g....ON_.......zc..O......U2..]^.....I.........K.V.D..:..q....c..#...0L..H...8....zM.....7DJ.}...-.y`~V>.0.q...zn2g=.....C"jf5<9.n.0...&;...].4...q&.|I).GQ...J.'..>....[.0......m...LV...........e..K.^.pc.Z]...8\..N...KJ..>..:|.k..w..o...U{.d.....\X..Kb....b...YV<l......"..$..@i.ls\..d|.....S...).vZ.....A}a..<.Y...r........6....1V~Q.......`.4....].[....P.?.FS.7Z....Ps..!......z]...|n.p}...#l]o.=.}..d"...O.,...Q.R...hNF.T..p........H.=..sVH..s..@....?.K......|...~f...*(..."..X..f...p.F%......?m.......k.~5...B.....^.Z...._...t.....K..M..<s...P.e...o.?....]...QR..O)....Yq..........x.......j........T....vy[K-0..Q.?.."..?.L.*...h.tM5.........J.\..........E......s.-..Q@..._...7.x.j..n..............

<<

<<< skipped >>>

GET /static/js/view40.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:13 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "112ea-5372285f-283eef96a4a92c18"

Last-Modified: Tue, 13 May 2014 14:12:47 GMT

Content-Type: application/x-javascript

Content-Length: 32888

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:13 GMT

............w_...>.V&..1C.....4.i*(.x$@h..I....?......s..z..>1!.].^....v.X<..=.^.n.wQl.8..._.}.(. 33....:..:.3.>..............T...W. Y...}.......v..;.T.E...xu^... .....Y.x~.'K..8....~.;...-fZ..(kZ.@.....r..!#......].....G.c..Y.b.;.<~....~`.g.X.....l..K."G.....d0...F....2.pd....y..9....J... .X2......{.....,.$y.........b...$..n...@ .G..J.R,.A.mz.W...o/W......l......W..P.....{.Rt..a....^I.~.......r.. c..3..Y9.d....vkf...e...5.....V1q..b.9..f/..^.O.D.!...........4..........x.I.:.. .e..P....|..VZsg.9...6m..*.....{._..f^9.h..<.~M3G~.pF....~]{./{Q._).eY........T..r".s|YM.....xN..q.....R...(..^9..f.D2e...8,..A..s.2......o.q.}....B6 .z~....?..W.QRv<...C.%^...R.O...:...N.!=B..3 ,.Z&...6.s%....I....%..^..c...{Y........6p.u@@P..9".5..5#.xa....r$.H.....er". .?wC..4.#..e\`...Q..].(BY...:>P\........r..`.D..^..|n..({~..e.,...1 \....P.! ...C.......Z.b.v.....,.H...r..NB.W.8..-)..Z...c9^.%...i..5".*.[...].&m_.5'..' (^....L.:L......LW..`X.h..X.....).t.T.c...R.?...ck..^.<B.@P....[..{1..wc!.A..d......g.V)...@..p.7..0]HCx....N..p.V...R]..)..p.9......).uy...........X..^..u}.........D%T........-8,....=.. ........8 {X.JkN.. ..s..{dz.gM...5#.....7IPv.....3..d...I....(.......5l=(....|%i..4..K...|....1....hT9......@.i3X"...........&.?..U.[v]A.`...)....X.)0la}.C.......e...r.4}.sR'..8.p...!.J .ZN3=CO..5w..."'..ul...H8....Yx...).P...&..G.v...~.N...D..p...b.P.B..!z$...9.C.8....,..!q....."....t5.I...K..........c9.e.9v.K)..`g../l.%..r..8.P./x.........|n].........b.U(B....%..M9A.......X.&By~....4...F.Z../.H..@XLs......`

<<

<<< skipped >>>

GET /static/image/logo_fb2.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:21 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "188b-5116a59d-2f8f7edb8dce95ec"

Last-Modified: Sat, 09 Feb 2013 19:38:05 GMT

Content-Type: image/png

Content-Length: 6283

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:21 GMT

.PNG........IHDR.......b.......G.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.V.s.o*p.-**.........*r.....R.l....,........;,v.-x..h."\......Rw..'Ns.....C%d.GIO...aT2..0}.....T..#r..c...(...$`..Y.(j.Jy..........b....h..6..th..#^......."s.#j.!l.......E|.-z.'n.:v.%b. t...%.y?..3......m..&f.,w.8{.].......K......'h.K..R..F.......I...(l.........C$b......p Z.............(k.6:B*i....$_.4j.........X......t.."\... -z.Rv~.[.z..#u......9..@.........'f.-y.... n.rto&i....#^...;)o.%`....uf;..W s...7.n.'t...X T.^....A...;r.-f...:...%p.'i...9...Q...g.-x....,c.:j.!..*w...1^.......B e.&e...^# !'v.>....T!`..V.B:,&g....$a..b.!a...!......l....Y.....T.....M#\.w...n."c....&w...1"d....._.%f..O.#)44p.,p.1b..X.)m....#]..].)x.VWZ.x.'r. o..y. q.#h.'_..[.!X."Z."[."Z."Z.!Y.)n.#^.'h.-{...y#_....D.....e_T(\./j.`..&b....%\.a.y.."......$[.,|.-|.!Z. y..z.0t. s.3z........v.d...!IDATx....\T...7.8.... B....QS..AA..d.x......0..a..<>....&......D.@M3Q,<.I...z.q...[..oz....^k?...s.....0{.~.........\s7vK.Z[[o.v.[..h. .?......~..xk...e.Hh.{...w.]A...f....:..]~ .]]6...#.!.s...m.....g. .j.j.,. .......of.K.S..I~.[..D.....g........e.%..$.....$ 2.....?..~o.wK"_A.D8...X..1...H@....S...q...O7.....W....w..;......!..y.S.....=....?.......tW.m,K.O".H(......m..c....qj...*....&.d..*,....!Rp..Ax.r.>|........B..QC.KT'U)J.6i..u.D.`.1.0....F..~..........t..........cH......H ..:.* .w....FGG/z...|......$k.Km5.Y5..!.....:......U..zc.........K.l...1...R.VT..h,M.....(x.N..[...9!.@/.]...h..<|U....xE..6.".H.b...B..... ..g.......=.^C`.....S....X.R.......F_..H

<<

<<< skipped >>>

GET /static/image/skip_ad/en_tran.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:21 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "13d4-51e829a4-3949693a3ed59e6e"

Last-Modified: Thu, 18 Jul 2013 17:45:08 GMT

Content-Type: image/png

Content-Length: 5076

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:21 GMT

.PNG........IHDR.......)....."c[.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<

<<< skipped >>>

GET /static/image/d_top_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:22 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "9c-51d450e3-8ab0ff4e53d010b5"

Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT

Content-Type: image/png

Content-Length: 156

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:22 GMT

.PNG........IHDR.......;.....5.w.....tEXtSoftware.Adobe ImageReadyq.e<...>IDATx.b..Ifb.........4..a......j...!.E.......z.......O...u.....k/.........IEND.B`.HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:22 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "9c-51d450e3-8ab0ff4e53d010b5"..Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT..Content-Type: image/png..Content-Length: 156..Cache-Control: public, max-age=604800..Expires: Mon, 09 Jun 2014 06:28:22 GMT...PNG........IHDR.......;.....5.w.....tEXtSoftware.Adobe ImageReadyq.e<...>IDATx.b..Ifb.........4..a......j...!.E.......z.......O...u.....k/.........IEND.B`...

GET /1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei= HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:24 GMT

Server: LiteSpeed

Connection: close

X-Powered-By: PHP/5.5.8

P3P: policyref="hXXp://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"

Cache-Control: max-age=0, no-store, no-cache, must-revalidate

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Last-Modified: Mon, 02 Jun 2014 06:28:24 GMT

Cache-Control: post-check=0, pre-check=0

Set-Cookie: adfly_421124=1480940; expires=Tue, 03-Jun-2014 06:28:24 GMT; Max-Age=86400; path=/

Set-Cookie: market_421124=1480940; expires=Mon, 02-Jun-2014 06:29:24 GMT; Max-Age=60; path=/

Content-Type: text/html

Content-Length: 1299

...........Vmo.6..>`..%.TBhYN.!...M....nh...g..DYleR%.......$.d.2l.!....sw...ev.....(.,.7..h.-C..E..-.-....\..xUp..vF...l.9..8c.pKo...c...#.kQXd.....nY ..K!.....}~....k...}.......Ws..2.BI..I._..H{0...HN...n.F..1...Bik.....$.p..,.=.tKd.V.M...t".C.m....LE...".K..V.Vka.8..%..E.R..........^.{8T#..\.m6T..>.7QS......'......nJv.........M.....(..g3a@'..,C...N.>.U"An.... )~..h..Q...u....|-y..U0..Lr...5..)i....5..n..~kpu.gx.?.U...y d.h..f8....=..9p..r.si./|..!f.3...bo.._0S.......*.........e..a..rwg.c.K._..Y.......nD...L..d....K0a..%sp%-.Xsf.../...;...K.c.a........e.,.y.e.............r...d...&{{....0.v.%j.....V..UK.O.%.._~0.v,........- .II.sK.Z...K..1..$y~..W..N\c...Z.g....z....-....Y.q..-I*...J"@G..s!.....Rs.M...........__w...*p.."....Ym ...._Lb.).....A..s..v..bg...5N.6v...w9$U..5...........c.{..N....[..c..!.....V.N#^.o= ..]....R....l!.hYf.....W....p.^2..'.!.Da.?t.z...B...=...U.w/...|....P..<.....OC..t|B...[..\-#..$.r..`...f..Z8....s.....`...3.....m.....{|t0...=..r..J.}W.....~w;.\P.v...F".l..xPy.Q.. ...u.M..<...9.<X.....E.3.(=.JH.H(...F....@...p....L..y...u..h2E.R$6..DwYwc|:...:.....p..i.g.e.:r;.....4...@...oo.P:9`G..,>8..{7.,..O..G!98<<:>..4..Ys...n....y7....}x}y.%..........Y|.6.~..z.6.^.qs=......f.lp...U).p....?V_.l......Z.J.'..q..>.D......Y.A...X.lz..^....2D.,..>.\oh6.wt.................

<<

<<< skipped >>>

GET /1/92a411bc23?a=4058140,2334836&ap=14&fe=16968&dc=16968&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&f=[]&jsonp=NREUM.setToken HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-3.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=5f58b1292c8fd66a;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/javascript;charset=ISO-8859-1

Content-Length: 21

NREUM.setToken(null).HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=5f58b1292c8fd66a;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: text/javascript;charset=ISO-8859-1..Content-Length: 21..NREUM.setToken(null)...

GET /v6exp3/6.gif HTTP/1.1

Accept: */*

Referer: hXXp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i2-v6exp3-v4.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 14 Aug 2012 10:47:46 GMT

Date: Mon, 02 Jun 2014 06:28:57 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 35

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

GIF89a.............,...........D..;..

POST /callback/0e237ea9065e220e5889ff7139d91ba8 HTTP/1.1

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://adf.ly/VUcWb

Accept: */*

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Content-Length: 538

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b; adfly_421124=1480940; market_421124=1480940; __utma=255621336.1513332806.1401690508.1401690508.1401690508.1; __utmb=255621336.0.10.1401690508; __utmc=255621336; __utmz=255621336.1401690508.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

hithere=TAkyVOUyNICD4MwxQIyjkLi1L4CyJMygZIWFZTlDcBiCIV6FI5ikILsgIsmDlOk0ZYWj5L02IAjToNw0LACjJLmwb4GyFMzgaICFIT6DMBCCwViFc52kNLygZsXzNN3yIcjDoMx1M4jCcM2uLICDJIzSYx30JQlgcQ2VgRiOO5jCgI07NEijwViTdB2yJOyxZ4XSNN3gIQjloT4gMMT3cdsvIRnmdbipcdmFVIz7aACjIL62NADSgRxJLNCVJTtgbs2TJZpsbJGWUai0OFjGAcstI9m21YvoYAmClMsuZQVz9LvhcxyGIb6pIpk35bvNIJiiwOiiYQWnNb0ladWW9YuyIVj2oc51LJCCJL6iIgjToYiiMFCT4OykMlTzkM3xMcDjEZ5mOlTDYO34NUTTUZ3wIIijwMilaVGjFNzwakCTIY6lIdjzNMhyOUTGgMziNoTjAIxkNlj2BXinO9DGkb0iZwTiQI11ZcGDIM2xNIDiIO4iZImXVZj2YJ2CNLiwZoDjIIy4IJny0eu=

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:33 GMT

Server: LiteSpeed

Connection: close

X-Powered-By: PHP/5.5.8

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Type: text/html

Content-Length: 20

......................

GET /nr-411.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: 6CeMIe04eHDxYl3UIzhPH6N4C4xCWtKapRrJ2b0qJUFkcKTFXHK0lHXHhy/AummG

x-amz-request-id: EA9C911887CF8508

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Last-Modified: Thu, 01 May 2014 23:15:58 GMT

ETag: "9050946217be03f42647b3f708ef10d3"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 14831

Accept-Ranges: bytes

Date: Mon, 02 Jun 2014 06:28:27 GMT

Via: 1.1 varnish

Age: 247262

Connection: keep-alive

X-Served-By: cache-d98-DAL

X-Cache: HIT

X-Cache-Hits: 5380

X-Timer: S1401690507.845602036,VS0,VE0

Vary: Accept-Encoding

!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});var i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.exports={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){function t(n){return c[n]}function r(n){return null===n||void 0===n

<<

<<< skipped >>>

GET /pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 06:28:42 GMT

Server: cafe

Cache-Control: private

Content-Length: 21706

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

..............#Kv ...@..y.Fd".&..J...;...y...[D`.L3.i&....dz.%........d.....9.. .dU.......BF.z......?..._r.a%.d}.|.`.....A........._..2Y.\_\.RY....h....%..m....<y....9..'[.F.........[...J7`.....Z.<./..._..5.q$.%...o.Yn.T.|*.(.b)..._&.G....y..n..s3n..M..&.Z.c.S<...Ca..=.7I...qM..&<.....a!.2.9.Am..R,C.`.g..mXMW'..CC...9.8o....M....p.s......v9.].....2..H.I0..J.oI.7.tt....10......%A.).~L.J<.{...."......Jn.....w.*0/4....(.Yl.%i7.x>....D.........q...M...n....~........p.,..... `..YB....JI.c.<..1..;y..........!.).>..]_......&OD."...=...y..."........*vj(...!/..pp......q.S.9...5E....\.!p..y..D@0d7i.......I>t.R..}aJ<.....0....%U!.3I.&.K...0...Evl.....).;_a.5*k.....?_'.u__...*....I.2..W.{..$P..&......Dx.Hr.......o^.?..W.........2.f.j...1..).8v.\`.V.3.p.i.\..Y.z}..$`..T...D.Q.....f.F.>R6..2......b...t......]...5....\0...9...o.3H.....`Z../..)....z]. I\...g=.h... .....!..YM_...%.p.Ar..'..hi........LB....;.YXc..v..#..V..M..Gb.G..P........T....%E..B*4Y_....!w..8...e..U.......g."C.....A..u.f{.Y.'...^_W.W._.9....Z..........r./@0...............-2R......}...9(.@.....!...'.N.....]...".z.0>Y0n.....os......x...$.$.....E.LR.....U.....].?...k.3ni.....d.$.3$.U..#*.]B....H.VK.y`...jKe......i..0..:..g...".v...J...........n'..=r....."..8e..!.z.&L&..;.........q.k.g.e!..\l.........,..>.#.] ....5m....U%........8:.W.t.*.?..N*&.S.YfK........2. .R.Tn-.'.x6.............S..@..R..[^..Ma7..w..S.._ilOz.....3G.~......|...>............s.N`_.<.z...5..|8..5'..l.X.{.u{.k.W.RZ*Hi..JG....._l.L...$G..Cx=....J..5..~

<<

<<< skipped >>>

GET /pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 06:28:44 GMT

Server: cafe

Cache-Control: private

Content-Length: 24103

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

............Y.#Mr..>.......P.L.G..p.....m.'....L.]e&.f........].}...,G.I.._..G....].=..LK.;..........q.{.i.._.........y...g.{...>....._R.. .0......y?'m.k./K.......RK.q.*&)...A.B....=X..:R.%.y.L..j>.H..}..1.....!.o......`.lyI....E.^..,.....-...a..........]\..Kj ...}4..1.A.&q..M:.}@...../...t.g..@....=..Y.y... .d.3$WJ.<v..ax.....U..g.V...7.....p...........6....~..<....v{q..{.......1V~ ......ln?.Q....'.h.........}..<J.&o!R.B.`!..y.yU4gO(....^..o..U...5...=..=...>z.f......k'A8..".}.z./.-z..2..........fI..bZ.a.2....{j..4UH./G6ae..e<.y~..g0../a..y..~.....^...0....Z#.6.}..}n.....-......G.....{.9Y...p> ..V?{.9..9...p...^s........U....YAx.....8.P...C(F<\.......^du..j.....~7M._. ..@..~.#.......p.L.....a.*..}.j...hk...U..X....f_.....(g\.......m.....,b.g.4..63.......w.......1.<2k..T.....1..........t..B8...8:jG....cCA"f.{...G.....%...:6..'..=1.4..X......|...\.#.......4.s.U..\j.[..31F..1I.....b/%l......s..O.QV...74...&bg........T ....$4........).>?y?.......~..*Z..``.....8..2....I..2...u@....9..l.FO.....:.B..IZ...Z6..#<XEX..H^...Ps..mw.S..0=..uYu....d....\...g.........r,l..[v....(^.....z.^..Q.gD..........{.<Kf...t.U........".c1......OEJ.0.....!.=.U.2....e|.F..i...Lfh...v..:.#..a....~.....J..fZ.l).~,...q<I. u..p*.T..3........Q..gP...6fP...D.<...#.t.=?/._..z..1.5.rH....l'Z..m(....v.......Y..........L.6<..QZx........o.Q6m.$.....D.#..KY......].....GIu..h.G~..=R.......s.}..DK.=.[Lq.>../.9k..&Ky...gK...i..O....O.O......e^..V..mF...h..:....:..d.f^]$.3...Q W.`0J8...y\...#Z......s.

<<

<<< skipped >>>

GET /pagead/html/r20140527/r20140417/zrt_lookup.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

ETag: 17039503424336669516

Date: Thu, 29 May 2014 00:33:36 GMT

Expires: Thu, 12 Jun 2014 00:33:36 GMT

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: cafe

Content-Length: 4660

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=1209600

Age: 366904

Alternate-Protocol: 80:quic

...........Z.{......".....j ..)...m....6.g/...m.(..........d.C...9..... i...........~.....8.EO.....v4V2xz.2.^...g.M...I.:J.E.t.T..\.*...$.....|....$U....r..{G..N...=;\.~>Ib..^.t.$..$..E5/..'...J.}.NB.J.O..-!<.!`...I..2...8M..KU.HcK..r.a..C..}.%<.0..<M..p:yr...x..2..K..7...:...j.J..[A...&GC-.V..y*......x......T.$V.u.^....W.....J..W...V.."...^.-s....."...}I.N.....It...R..JE../f..`.==E.VPP..2.&..B)...iM..g...ZP5.g..B...4.y.;.<gK}=...6s=g............j.,...{l..... .5$.....=..Eny...{....^..m.#.6^.U.........k.D.z..zcg...[.vx...x.>.}A"9.P.......*diW.....&.s}q.v.T..~...?....tg.v.*..5U.........Ijk*...%..\.2{...(4....Y......e..r.Kf.|.. ...&.....O..t-%|.......y$......N,g..G.!".RT..C....;j...o5....T....-....r.$1v`....5.....4.t^X.G|.C.7.Al5C.........l&B.bC....".l{...............Z.... h.......!......c17.o....[#N.J...m...b.......I..i~...r......#..w.hj...L.o..j..A/.Y..n......@........x..%U/...}.'q....E...:.......l.}Y........&..c ..`..q.\...R...?..X.:.n..0J..s....$m.]..q5..`..X...8q..sbE7....i..._>..=...K.W..J...\O..8....^..W.x....oe>v...df.#.[..N..J;j...O..F*.8l.....S..Ij5}...D..>...K.{mM.....ge....w[....(IF..n.`R......P..Z.'........._...Bey.\...,...h.b..4......I.hd[.....8Y...!.^.&o..............k,.....P.}9.bq..N...`7.A2m!.T.<....... &.\f."U.'.....g.l...T....vU....7....j.=.~.....=....J."E?......g!.6..@..7.C..-..-...N...d.<A.r...`.....O..>..i.C.......bG.:..........Y...&.......[!T..dk.F......vea..#.m.Q>...E.d....1.....d..t..#.W.....8.c.i...=....N.p.}.0....2..{.9i..r{..G.....?...B......:..7.;

<<

<<< skipped >>>

GET /pagead/drt/s?v=r20120211 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

X-Frame-Options: ALLOWALL

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 05:37:23 GMT

Server: safe

Content-Length: 145

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 3080

Alternate-Protocol: 80:quic

..........%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./6PzR....HTTP/1.1 200 OK..X-Frame-Options: ALLOWALL..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Date: Mon, 02 Jun 2014 05:37:23 GMT..Server: safe..Content-Length: 145..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=3600..Age: 3080..Alternate-Protocol: 80:quic............%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./6PzR........

GET /pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 06:28:45 GMT

Server: cafe

Cache-Control: private

Content-Length: 19387

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

...............J. .._.dU.%.. ...d.q...ys..;H...p....n..L=..L.jIoz.)uM.......?.q,$.D......Z.*...........;F......c-}...e....n.$...w.....$Q^...hER.'....?. z...h...<A.....D.......=<|..q..iMT....g.PK....[.......N..e....S..lEd|..\...>?.?......Y\.....5 ..<k.%.?..u.*.).VV..N....._........v..O0.J:...l. .....rV/t.=B........u....... .C!;)D....t(......4........nR...2. =D..I\...D..(.-.>P.. .........k0..^cU. 2..`.0...`........c.....!?.....t0K|d.qM:D=..P.v...W.d.q.W.d..I_.....j.aj..b.'B...k<.;y<4.Xp........F. . ....Z.a?...~..... ..D..a.s....$eO.#.)o..%.. ....of..k..Y.X..O....|.~...Zt...r.l......sJ......S$e..,..z.."-<..>.........H........G].9........\:.E8.I.42.$..&.RcQ..P....G.....?......h....{& ..._L.....B.L.L.......,.....*....... }./.....^_..0....wT..g..y..M.....#1T.0.-X...8.....H..@...`..H .wd..OO..P.x....{.....o.0T.%.^y..O.`. RD..*w....g..K.Y...3.....|..S5 ..r.........v...L...z~zG:.........}v....-..B@\>........ .. .....`Z...>.U../...l@..<.(N.Lh........M#.7......B#.e......A..Dd...Z.E..(.x..........a.2.Vs~.X..x.....f... XH......Z....i.dGaX ..\5..\.F..BP..8...gI...t.k....(....g8Uq............3..fB-.c.....E$.V._..../....Z9......m....xjP.....5.M@.'.`.!...g_..Gl..R..Ob9..........~...z...!x..V...J.....B....Sf......P....F..D&....../.....H<U.6.').'Ad.V..T.,D....tE2.......@;..E.9......0.. ZZ=.(.z..\.Ai y.n....}.V./F-.. .m....Qs...~.X..lq./..\.p.....Ip..._~Z.........~S..j.|.\...q...k.~....4;....S.J.p2(.;...z...8...[.....5]...........1....,I....f Fn.c......Vc........6.......E....SF....5../..|..j

<<

<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT

Accept-Ranges: bytes

ETag: "806f4cbb43dcf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 18

Cache-Control: max-age=7809

Date: Mon, 02 Jun 2014 06:28:26 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2

1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=7809..Date: Mon, 02 Jun 2014 06:28:26 GMT..Connection: keep-alive..X-CCC: CA..X-CID: 2..1401CF3DB40B609892..

GET /pub-config/ca-pub-5320542445719254.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:40 GMT

Expires: Mon, 02 Jun 2014 18:28:40 GMT

Cache-Control: public, max-age=43200

Content-Type: text/javascript

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: sffe

Content-Length: 75

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

...........H..O.I.O,..K.O..K.LW.U(..K./..&YS.P].......X.S...T^]k......?J...HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:40 GMT..Expires: Mon, 02 Jun 2014 18:28:40 GMT..Cache-Control: public, max-age=43200..Content-Type: text/javascript..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: sffe..Content-Length: 75..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic.............H..O.I.O,..K.O..K.LW.U(..K./..&YS.P].......X.S...T^]k......?J.......

GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 22 May 2014 16:48:47 GMT

Date: Fri, 30 May 2014 20:20:46 GMT

Expires: Sat, 30 May 2015 20:20:46 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5861

X-XSS-Protection: 1; mode=block

Age: 209280

Cache-Control: public, max-age=31536000

Alternate-Protocol: 80:quic

...........;.w........V....m0.........G...1...4.....$.........z.F...hf...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b...........w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$..u$.T.F..d.N.\3.Pc.f.|....G@.....BT9.$EB....f.......X....H.Fu......z......'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... ...{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;...-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G....M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..5....)."..C....X......."t........8..|......#..j..;.............[#.rD.....'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r........x...............z`.....E8....x.......h..vgo.............<FO..t.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....

<<

<<< skipped >>>

GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 22 May 2014 16:48:47 GMT

Date: Fri, 30 May 2014 20:20:46 GMT

Expires: Sat, 30 May 2015 20:20:46 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5861

X-XSS-Protection: 1; mode=block

Age: 209282

Cache-Control: public, max-age=31536000

Alternate-Protocol: 80:quic

...........;.w........V....m0.........G...1...4.....$.........z.F...hf...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b...........w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$..u$.T.F..d.N.\3.Pc.f.|....G@.....BT9.$EB....f.......X....H.Fu......z......'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... ...{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;...-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G....M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..5....)."..C....X......."t........8..|......#..j..;.............[#.rD.....'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r........x...............z`.....E8....x.......h..vgo.............<FO..t.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....

<<

<<< skipped >>>

GET /top100.jcn?2169552 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.rambler.ru

Connection: Keep-Alive

Cookie: ruid=RMH4BY4FHlERLgEAARsEgw==

HTTP/1.1 200 OK

Server: nginx/1.4.4

Date: Mon, 02 Jun 2014 06:28:45 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Pragma: no-cache

Cache-Control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"

Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT

1ac5..(function(window){var f=!0,i=!1,j,k=this;Math.floor(2147483648*Math.random()).toString(36);function l(a,b){this.width=a;this.height=b}l.prototype.toString=function(){return this.width "x" this.height};var aa=/^[a-zA-Z0-9\-_.!~*'()]*$/;function m(a){a="" a;return!aa.test(a)?encodeURIComponent(a):a};function o(){this.e={};this.i=[]}j=o.prototype;j.a=0;j.j=function(){return this.a};j.c=function(a){return Object.prototype.hasOwnProperty.call(this.e,a)};j.set=function(a,b){Object.prototype.hasOwnProperty.call(this.e,a)||(this.a ,this.i.push(a));this.e[a]=b};j.get=function(a,b){return Object.prototype.hasOwnProperty.call(this.e,a)?this.e[a]:b};j.h=function(){return this.i.concat()};j.d=function(){for(var a=[],b=0;b<this.i.length;b )a.push(this.e[this.i[b]]);return a};var p=Array.prototype;function q(a){return p.concat.apply(p,arguments)};function r(a){this.b=new o;this.q=!!a}j=r.prototype;j.a=0;j.j=function(){return this.a};j.c=function(a){a=s(this,a);return this.b.c(a)};j.h=function(){for(var a=this.b.d(),b=this.b.h(),c=[],e=0;e<b.length;e )for(var g=a[e],d=0;d<g.length;d )c.push(b[e]);return c};j.d=function(a){var b=[];if(a)this.c(a)&&(b=q(b,this.b.get(s(this,a))));else for(var a=this.b.d(),c=0;c<a.length;c )b=q(b,a[c]);return b};.j.set=function(a,b){a=s(this,a);this.c(a)&&(this.a-=this.b.get(a).length);this.b.set(a,[b]);this.a ;return this};j.get=function(a,b){var c=a?this.d(a):[];return 0<c.length?c[0]:b};function s(a,b){var c="" b;a.q&&(c=c.toLowerCase());return c}j.toString=function()

<<

<<< skipped >>>

GET /top100.scn?2169552&rn=445673780&v=0.3i&bs=797x382&ce=1&rf=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&en=windows-1251&pt=Автомобильный форум ForCar.org.ua&cd=32-bit&sr=1276x846&la=en-us&ja=1&acn=Mozilla&an=Microsoft Internet Explorer&pl=Win32&tz=-180&fv=11.6 r602&sv&le=1 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.rambler.ru

Connection: Keep-Alive

Cookie: ruid=RMH4BY4FHlERLgEAARsEgw==; top100rb=MQ==

HTTP/1.1 200 OK

Server: nginx/1.4.4

Date: Mon, 02 Jun 2014 06:28:45 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Pragma: no-cache

Cache-Control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"

Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT

31..GIF89a...................!.......,...........T..;..0..HTTP/1.1 200 OK..Server: nginx/1.4.4..Date: Mon, 02 Jun 2014 06:28:45 GMT..Content-Type: image/gif..Transfer-Encoding: chunked..Connection: keep-alive..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Pragma: no-cache..Cache-Control: no-cache..P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"..Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT..31..GIF89a...................!.......,...........T..;..0..

GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8993832363057935277

Date: Mon, 02 Jun 2014 05:43:47 GMT

Expires: Mon, 02 Jun 2014 06:43:47 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 8335

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2694

Alternate-Protocol: 80:quic

...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny".....@...y:...!F.e...U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%.....-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#..3.@HR9n..........b.L.i..t>M........x...k f..u.(..<..V......jD3....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*....0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z..8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X...l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E ".w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/.....W..b .Ga.i{.2|j.sd@K.fQ....8..ap..O.......5....v.....jc|.........vg.~.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m......<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..

<<

<<< skipped >>>

GET /pagead/js/r20140527/r20110914/abg.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 6552112912997271778

Date: Wed, 28 May 2014 22:46:58 GMT

Expires: Wed, 11 Jun 2014 22:46:58 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 2366

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=1209600

Age: 373304

Alternate-Protocol: 80:quic

.............r.H.._a..* T...:.Z..W..{f<./...Q....P.,.....Bj$...=O..FIeV.Uy..d..,.RE}^....l.<.b_}.)......n.h.l...O..4.n...4e.......D9.T.....*..\Q.X3..n....,..)9.sw....el5.Z..>.b...l.N.......W.}.yZD......n.x...f..K..U...I.!...W*..#[..qr......q.*......DA....=...".l2z....P:O......eTK...K..vJ....v. ....>y.I.P...s..j.l.q.hJ......>1....s.H`[..W.e)j....O5.8.S.........;......!.......^}fQ\h1...D..._.......I ..2.@A>H.=.(.......X...V.......g.........6..........#...6Q..w...S.;...<..m.U........BU....I.....~...1..7.s.....p(...h~..TQ.q.g...r.>...P"..dNPB'.....Tj..~J..;r..B....|.w".....o..:..m.8....|.......A.4.5f....8..Qt....2...`.3EF..c....yJ..bY.pf..#RU.....#..F..K...\.]......7.......GH.K....@..[.Y.&T....R3.X......L-Q.3eN....m.6W..uz..|.Iz5...Jk.|..N.......'..'..M.k.Jy<...p..|..Ge.\.b~x...l-mJ.r%*e........~=j.D.........8...%\.....P.U...1F.l^.lAsy......)..Jp[%`....... .A.:W..k....4i..0..0=T..T..y%.....C7IA.c....r...]-..SS...b."..Su\....A....*h..,.....n@G4.#.....,.......C.rw".%.....Qw......hYN}.D..i.....5u.?....J8U........v.........[D...*q..A..j..3%h..c...h.e..8..(A....l..B..K...XG........@.".2..d.o(P.'j ~.R..x...3H.a.5;B._.....Bj.........../.....F....3~....[.3...e....... ...{..L5I.%l_.E.AY..AE.e...V.{.P...%z.|....$...R....8...<....U.?Qy.J=..`.7...(.e0.5>.......K.).Uh.|-.."..@v..:.9.....@_..i.r7- .Myla....{..Q.$Z..'Zh.....s....l..M....=...........g....3.k=..}.....Z.0...........gk.E......=.qW3...w@.^....5..............Z.7.uc0...-.... 6YF.....[.i.}.......r^.......6.:.`.l....Q}..os.z..........q...g

<<

<<< skipped >>>

GET /pagead/images/abg/ru.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 12244217470317852716

Date: Sun, 01 Jun 2014 23:18:09 GMT

Expires: Mon, 02 Jun 2014 23:18:09 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 728

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 25834

Alternate-Protocol: 80:quic

.PNG........IHDR...m...........A.....gAMA......a.....IDATH....J$A..'.......t.s.........^.....X0..P8..\..;...wgw..|.C....._.-...ap.g..........k..x..Y,..'..\.....(|......h....DX......~.|.....l.b..e^.|....v...I:.N=. ....*...{.6#(F.y..y..z....B.v...B...Du.V..pU.!......Q.~..~l...-......."...@.^Ab..(.."T}.g..?....w.R..].....h.q.U.....h..1t..I..q].G.g.=...:.....(."...t:.@.V..:W}H..{Ql..R..m..................b....i|.. 4:..BOhz...s.....X..;<....y..AX ^..;..6T... ......G.Q..9.<.i4O....f..Ox.........6-=.......i)h..D....s...[..N..9LE..:....*D..u.G...7.e...2....\.5(....l.X'S.A.ta.. .5=.C..i....D.......J!..w..H...8f.T.w..[..O..RaJ.e...8.8F.....&*L@;l._.3B....t.p.....k'..h.G.)..ZQ.kQ...o/..Pl.JD.;.J._..)v.b..8o.....%3........IEND.B`.....

GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8993832363057935277

Date: Mon, 02 Jun 2014 05:43:47 GMT

Expires: Mon, 02 Jun 2014 06:43:47 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 8335

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2696

Alternate-Protocol: 80:quic

...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny".....@...y:...!F.e...U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%.....-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#..3.@HR9n..........b.L.i..t>M........x...k f..u.(..<..V......jD3....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*....0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z..8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X...l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E ".w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/.....W..b .Ga.i{.2|j.sd@K.fQ....8..ap..O.......5....v.....jc|.........vg.~.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m......<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..

<<

<<< skipped >>>

GET /hit?t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.yadro.ru

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Date: Mon, 02 Jun 2014 06:28:45 GMT

Server: 0W/0.8c

Content-Type: text/html

Location: hXXp://counter.yadro.ru/hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284

Content-Length: 32

Expires: Sat, 01 Jun 2013 20:00:00 GMT

Pragma: no-cache

Cache-control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="UNI"

Set-Cookie: FTID=1JZ1cT0ZFRrE1JZ1cT; path=/; expires=Mon, 01 Jun 2015 20:00:00 GMT; domain=.yadro.ru

<html><body>Moved</body></html>.....

GET /hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.yadro.ru

Connection: Keep-Alive

Cookie: FTID=1JZ1cT0ZFRrE1JZ1cT

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:45 GMT

Server: 0W/0.8c

Connection: Close

Content-Type: image/gif

Content-Length: 145

Expires: Sat, 01 Jun 2013 20:00:00 GMT

Pragma: no-cache

Cache-control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="UNI"

Set-Cookie: VID=1kHag50MM1bE1JZ1cT; path=/; expires=Mon, 01 Jun 2015 20:00:00 GMT; domain=.yadro.ru

GIF89aX......fff...!.......,....X.....h......_.......g...Hr`..d3...cl.R....~..N..j-[."..^. .yl&....DT".[..*.9............a.........k=...!8HX.Q..;..

GET /favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t1.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Mon, 17 Mar 2014 08:25:46 GMT

Date: Mon, 02 Jun 2014 06:28:45 GMT

Expires: Tue, 02 Jun 2015 06:28:45 GMT

Cache-Control: public, max-age=31536000

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 422

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

......JFIF......................................... ."" ...$(4,$.1'..-=-157.::# ?D3,C49:7........... ... ..........."...................................,.......................!....Aa..$..."13QR.........................................................?..y.W4^.....a..2...O.......e!S.=..w..]...Z...f.]..I.[....QJ.]..D..,.m1w.6!....3[4...d.>..Wc.!......X..'......:....WZ.8...HTTP/1.1 200 OK..Content-Type: image/jpeg..Last-Modified: Mon, 17 Mar 2014 08:25:46 GMT..Date: Mon, 02 Jun 2014 06:28:45 GMT..Expires: Tue, 02 Jun 2015 06:28:45 GMT..Cache-Control: public, max-age=31536000..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 422..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic........JFIF......................................... ."" ...$(4,$.1'..-=-157.::# ?D3,C49:7........... ... ..........."...................................,.......................!....Aa..$..."13QR.........................................................?..y.W4^.....a..2...O.......e!S.=..w..]...Z...f.]..I.[....QJ.]..D..,.m1w.6!....3[4...d.>..Wc.!......X..'......:....WZ.8.....

GET /VUcWb HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Transfer-Encoding: chunked

Date: Mon, 02 Jun 2014 06:28:10 GMT

Server: LiteSpeed

Connection: close

X-Powered-By: PHP/5.5.8

Set-Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; path=/; domain=.adf.ly

Set-Cookie: adf1=244bd98b1d9d5c84dea3f2c4c65771e3; expires=Tue, 03-Jun-2014 06:28:10 GMT; Max-Age=86400; path=/; domain=.adf.ly

Set-Cookie: adf2=99fd33e8b8190f39bff84ea07c6fdc1b; expires=Tue, 03-Jun-2014 06:28:10 GMT; Max-Age=86400; path=/; domain=.adf.ly

P3P: policyref="hXXp://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"

Cache-Control: max-age=0, no-store, no-cache, must-revalidate

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Last-Modified: Mon, 02 Jun 2014 06:28:10 GMT

Cache-Control: post-check=0, pre-check=0

Content-Type: text/html

ee7.............:.V.....WT....bk.1.6".0$..IN.p...U.J.@V....C.e......{.$[.b....XF5...\%.....vO.Cr.....zR.m.......s.5.V.e.......Q..G.i........n.d....}fD.K.;.....$C.$.dKf......g.=F=..l..$Ukk..Apgk{<.,...Q.4..=[..^..Z..=*.&......F.....A,...l.......3."...._..O~.(.....R.....@.... re....FUVy..D.......%..<.QA....#....I.q<.H..4.t..a...Tu.6.A.B..2...&..)....U.U^.@V..,.........l.w.}R.H%. .u|..)u....... {...u..w..*.^........s..(..@X.G|...r.....4..QY........A......T.x..... ..P*c.#@.U.?.(....L.{..,.9<.h..L$..W..W..?...\..t.Z%.x.z0..?.U.%i.z...Vv..; u....i.l....eQ..`#5.{.\.h.._...Ow.7.<.z,....%.0...X.........RO.......m.....3...AY.Sq.U/5...zZ.. .2d7.c...Jv..>.W.2...,......3..)o.4...^.z....`..G...8d.!........".^.re..:...<...7cq.......#6$....w.<.. ye...,U.V....o..=.=..ps....wp...A.......JI......]...!OUR.%.VI...S#y.......U...A...>Hs X....w....m....>.d.;.-0......U5.j....~|...............@.t2..T.:...Hg...dX}.l=7h0f.d.....{f.....1..m#5...$ki(.[...#[...6r.x.(.h.....l4....c.]...C..N..Y.X.7....p./@........p...d..'8.?..=....".......TA.<G.....w\/..=...FuzK.4.yz........}c.m4.k....V.z.enX...i..-.y=7~]7....i.M=..3[..:..MX.x..g.[)&W..`...^...i.F.B.{.[i.$Z...1Ga*.0.n.`!. DAV.|..j...H..Mt...3..;....j..M6<...Q...%.........j;............y....`]g.&..;3RK...^(..../h.].=.....4LX..&.I9a.O V....y..,D3.; .c.F.,v...y..MV:..f.......=.a...X..g.-.......-...]...v..q..p.........|.\.~Q...Y...4......r\........9e...F.@..tr.....G.`.A.,I.........S.T.c..!k.(...E$..G0..>....$..6...F...A..e...T.:l.d6.f.9..I...^E7u!....,xXp.&gt

<<

<<< skipped >>>

GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 22 May 2014 16:48:47 GMT

Date: Fri, 30 May 2014 20:20:46 GMT

Expires: Sat, 30 May 2015 20:20:46 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5861

X-XSS-Protection: 1; mode=block

Age: 209281

Cache-Control: public, max-age=31536000

Alternate-Protocol: 80:quic

...........;.w........V....m0.........G...1...4.....$.........z.F...hf...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b...........w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$..u$.T.F..d.N.\3.Pc.f.|....G@.....BT9.$EB....f.......X....H.Fu......z......'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... ...{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;...-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G....M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..5....)."..C....X......."t........8..|......#..j..;.............[#.rD.....'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r........x...............z`.....E8....x.......h..vgo.............<FO..t.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....

<<

<<< skipped >>>

GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8993832363057935277

Date: Mon, 02 Jun 2014 05:43:47 GMT

Expires: Mon, 02 Jun 2014 06:43:47 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 8335

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2691

Alternate-Protocol: 80:quic

...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny".....@...y:...!F.e...U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%.....-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#..3.@HR9n..........b.L.i..t>M........x...k f..u.(..<..V......jD3....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*....0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z..8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X...l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E ".w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/.....W..b .Ga.i{.2|j.sd@K.fQ....8..ap..O.......5....v.....jc|.........vg.~.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m......<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..

<<

<<< skipped >>>

GET /pagead/js/r20140527/r20140417/show_ads_impl.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8183703479083339399

Date: Thu, 29 May 2014 00:33:36 GMT

Expires: Thu, 12 Jun 2014 00:33:36 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 39485

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=1209600

Age: 366904

Alternate-Protocol: 80:quic

...........}g[....w~....n.....M[ @.....0...(.(Y-.l..}.9..:........g...N.tr..l.L{..i...&.}w..%..\..Y.&.t6....z.rm.u.9.u.......^5..{S........c...k...2|....>...Io<}|.C........x411.:^...;.....b..^<5-..V...3}..\...oC..A!..~..,..j...0.;......d...H.....wA......Fw....eK.....a...e....1..G..p].. ............`.j......9.B....`=..c...h:.:....t..v....C]..K.../.a8......6.6gI.......1...h...'5..l.Fqo...J..S.D.R...h2}.OZPp4..>...'../.......^..loi.8..MM......7.Q?..E.p.0..`S..,.L .l..."'{....(F.u#."..S..)..e.a...\.6-..9....."....[..B.s.{r.d....Gs.....@.......*.g......W.a.3o..I.N....bN.....v'....d.G....m.O..oq..&.v^. Ul;..m.._....o...<.lH...Z.BU.'..7.y.....6"s6,....[K...ruu...(Q.@.U.`t...`.M{..r0.a/7.{......h.Nrf...9.w........<..._......m.sCEW...4..=o.U.......V.J..9..F.....u..y._......Y..........~...5.E....@...#.V&.`:..K.$.^....,....wW.....Zn@.....kR:.co.D..#o..U....;2.......z.]..{}.F.u......E....(.b. 5{....3X...pp.=w.o...n..rU.^.._.ln.W.em..u.j<[g?.u.S"w.{..7...8m|..G........i......,.P.N..l.L.k<.V.y.....>...&..I<......W.[..n..'..5..T.....2?.j...S..3...x.1....j/7^.....?<w..-.se....>.b..1....L...R..c......m'^.~....0:.Q..yaR.T........Mu.M.......^..{...Q....a..<: ....E.OCY|..z...d......h....;.......a..s..O......D}....Q&. F.k......j.E.....<...V......._5,@.....Co...^..............z..e?/...I....V dH....k.......;..m.............~....7..r../......w...u..%k.8..#..t4.@q......O..)._z....cC.b.m..1.6...7....'...._.&..y.~.5.F..5,._.m(MO.X9l........]#... .C.......]o...5.Cw.#.6.$2*~5..p..u.7~.t..1;. ...h..

<<

<<< skipped >>>

GET /pagead/osd.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 4143958178504196695

Date: Mon, 02 Jun 2014 05:37:24 GMT

Expires: Mon, 02 Jun 2014 06:37:24 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 18066

X-XSS-Protection: 1; mode=block

Age: 3077

Cache-Control: public, max-age=3600

Alternate-Protocol: 80:quic

...........}iw.H.....D/'#..c'....'......&~8-.e.x.K..}....^...f....w.X...W......;.... 1....Nw...6A.X.%\.&.^w.{5/`)....z.;.L....&.er.....b..|.K{...D.p.cXFI.'..ig{..<.M:.l..A.....j.M7.......\...'.?..R..K...U....f$..........2.zPQ.A...7...T...v0...`,.........<o...i3......h<.....tx:.w..Z"z=h.:p.z...;H....$1.....Qw(.b..f.X.!`.d'...R.u.2...T\.D.........xr.....{.wc.<..Tm^.>9.................aUy...{K...M.;.A..b..6.l.B/x....b.{...M..\...@.0.....n[.%.....Lh.8...gY..j.,.e...c..L..f....$. p>......-YV..,1.......w..Z.;..q..q0.@...%a..D0........@....}[N...r...8go.{U.<S.....\.v..*.D..f..Vzh.Km.B..h...V..9..d.....l9..LnoW.[.%Z...5....p..b.....0....D.6..9...5f...u.......m..#.....qm4.tJ.cuF./.0K.v'.. .H.'.Yo(..y..N..7.^,...q..E...UAW...5ju.d?..^......<.@...B....Xf.........Z.)........S.....L.T.5...[..3....x*.4L.*$..... /.....@....r..0.S..m..E.$Ws....a...,....W..]../....s..s6,......1...=*.}q]......u.ofg..0..;m6..}......;._.~.../..._..>'.y.......Z;....7dK..@...%......_L..E.UY..;P.....$M.._..X)...1.....O5 d.@D....h.d{...E.JE....N...m...4.#.A...G.._\.w....n.1..;...Q:.j....x~...9.H.......A!..8t.)...z..U.....@R...r6L..Z:.......Q.....r..@...].O..A.......y.....b`.w.d....l...Ym..q.l..%;t.Y.;.....O..........V..\Zs. ...H.C1.0..P....g.|E#.M.......~pq~....4...\.g............;....p...x....>&^..M...o.-.....M....W.V..a.V.@.Q...f..@ rm......=.....r.;.r..N.*..Xx:.Q...0.[[..3..0..B;c....2...T..C.O|.......!g...-/!......O.. Iuc..aB.....(....8....B.`;6E..Zt...|.N...........U ...K..y..~........ Y......?......(.!..D.$....c....

<<

<<< skipped >>>

GET /simgad/6253827461219388746 HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 22 May 2014 12:51:08 GMT

Date: Mon, 02 Jun 2014 06:28:42 GMT

Expires: Tue, 02 Jun 2015 06:28:42 GMT

Cache-Control: public, max-age=31536000

Access-Control-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 31224

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

......Exif..II*.................Ducky.......P......hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="xmp.did:F92FB1131E2068118C148986F5689C08" xmpMM:DocumentID="xmp.did:304BB6EED91C11E3BCDDD312383FBDD3" xmpMM:InstanceID="xmp.iid:304BB6EDD91C11E3BCDDD312383FBDD3" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:39C4BF2017206811808387219DA5F3ED" stRef:documentID="xmp.did:F92FB1131E2068118C148986F5689C08"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................Z................................................................................................!1A..Qa".q.2#..B...Rbr.3u6...Cs..$T...V.....Sc..4t.._7.....f.8.......................!1.AQa..q.".....2....RrBb..3S........#4..C5.c$............?........."(..,.~/#.|F.A~{..........U....q....Jh..x o....?...L.X=KC....H@..

<<

<<< skipped >>>

GET /pagead/images/abg/icon.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 6766994032117382215

Date: Sun, 01 Jun 2014 22:01:57 GMT

Expires: Mon, 02 Jun 2014 22:01:57 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 344

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 30406

Alternate-Protocol: 80:quic

.PNG........IHDR.............;..J....gAMA......a.....IDAT(..R1..@..Z........,l..;.....A....hPDD...`r..A....M..-.......UI...O.%.QB.[D......;.nA....:..^S..].....].B0..mH]..I..f.F./.4H... .g...*....C...Q..T..]..B...8..0.....#....(...N.80\.t../.SA...i..O.N~2.B.t.....6..#.6.(.......w..... ....`..3.Q......md.A._.O.mC.L........}O"...........IEND.B`.>....

GET /pagead/images/google-logo.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 13513653691308934734

Date: Sun, 01 Jun 2014 11:43:30 GMT

Expires: Mon, 02 Jun 2014 11:43:30 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 4114

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 67513

Alternate-Protocol: 80:quic

.PNG........IHDR...j...$......t......IDATh..[.\SG.......Q ...*`D.r..E.C.'...D..x"...Q.z..(...R.bD.r..T....e..6.Z/ /.w....~;.......Zw..g>$/.f.w}.........cI.'.....58...X..}Yq....t..Z.....<(5....u..F......./..g...........O.oHqL.a.E.6c..,......Z..M.U..>........".SE.I..H..n...)...w..O`...r...5..".H..u.$.:.P........\.8.L.Q..._....._..."fk..`?...........~|J n&.......@.7Ux,.?.0. RX.Q;SS%.....s....n. ..{.'p.....< .z"..g`xr..Qw..5s.~s[...........4.... .Z{....(b_u..._..9o.b..M.li!bya..-.p.L..m 7..j1..o.y..g6.J.......B7\Fs..zM..}B.H(...j.4-.<i......Bcn/....z..........x5C...@$......A..Xt...f`Z[.....g.......{`t.e...5_....=.D....J..{X*7.PG;.m.`..K..KW......$.x...- .?\[.....}.....#.{..p......\.E..g(!.I.wD........%.... x.~.-.Zj..\...r.%V.~.5......?q.. f...0[..o...I.@...Z.......%o.0...2kyc.Z.u..#.H[..j.t...c.....<C...N............G....xh*.%|~....... i..jp.Z...@.l.9.>.....W.......`GG.*X.1..d.#.....'b..Vq...D...k.$...C..ZU...@.l;..q.NY.r.5....r..=.=f..@...')6H..&....##.o:..@{A3-.;.#.......F..e......u.|.k.F.2.....V# ..Q....C.@.....'.......x....I.^o......p..g.W.>.......C.ps......XU....._b.........f.p.?Tk3l.4^...../.6q..l...VZ..<8...[...Q...,.f-..8r.7#..<7n_E<7.O.a..0...=Q*!B.."...s.......SJLI... ..v...X.^'b.E..........Q......PZ....s..&....M...ve....7...5.,...x.^.F$....T...e.........%.....Q..........j.%N."...sX.....=....0......7.Q....fK.[O..?....~..!..........V........LI.......2.P.... I.n..ymw_.. ..Q..zM.q...B%l.;..u..y..ta.L7..^h.e..{K%x...r}....#.A.l.'.`...xP..d..},.(.\]..B[M....p...&.....).L...i"..

<<

<<< skipped >>>

GET /pagead/images/x_button_blue2.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 291775052866240956

Date: Sun, 01 Jun 2014 21:58:27 GMT

Expires: Mon, 02 Jun 2014 21:58:27 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 145

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 30617

Alternate-Protocol: 80:quic

.PNG........IHDR.............b..x...XIDAT(.c.....3g.G........#.*."@q....9#..E.4...#.....S5v?@.d..............J..@..H.%..ap.%.V.2}\.......IEND.B`.HTTP/1.1 200 OK..P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Content-Type: image/png..ETag: 291775052866240956..Date: Sun, 01 Jun 2014 21:58:27 GMT..Expires: Mon, 02 Jun 2014 21:58:27 GMT..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 145..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=86400..Age: 30617..Alternate-Protocol: 80:quic...PNG........IHDR.............b..x...XIDAT(.c.....3g.G........#.*."@q....9#..E.4...#.....S5v?@.d..............J..@..H.%..ap.%.V.2}\.......IEND.B`.....

GET /simgad/1255108524618159298 HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Wed, 28 May 2014 13:41:32 GMT

Date: Wed, 28 May 2014 23:47:44 GMT

Expires: Thu, 28 May 2015 23:47:44 GMT

Access-Control-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 47732

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 369661

Alternate-Protocol: 80:quic

.....fExif..II*...........................x...........................................................................(...........1...........2...........i...........,..............'.......'..Adobe Photoshop CS5.1 Windows.2014:05:27 15:06:17.............0220.........K..................................Z...............................z...............(.......................................H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?....P....c..P...CA&'._.c..~...v6wYu..K.Ux.<..<.YX...3n..Y......Y^?.k........2m.SS6a..e4.,..YVR.....[l.g..Z..)...'..>....k..EH.....7..bX...my.eO...;..\..G..<R1.K.............N3...O...Y..X.....,z.=..o..h.......A.n....'......._[....n.8.j...4.T.~......A..l......'.bd.f`..p2E%.:.)...G..[=....G.Mv....~..-..?.?6...}.......m..um.{v.....{.....?.EJ..q..cB.<.....g.1...2....do.s?.NnORu..2...,..r...\.q..n...E.......[.0..u...................-.W8{ .........u....u...H......f..m..{j.t.m....~.Y......Tl.......|....K.....{......w..^..E]?...2..%...U.]Q.#...q.r.]....C^}2.^5u..u.~..z..l.}..]}.....v5..b..[..

<<

<<< skipped >>>

GET /nr-411.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: 6CeMIe04eHDxYl3UIzhPH6N4C4xCWtKapRrJ2b0qJUFkcKTFXHK0lHXHhy/AummG

x-amz-request-id: EA9C911887CF8508

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Last-Modified: Thu, 01 May 2014 23:15:58 GMT

ETag: "9050946217be03f42647b3f708ef10d3"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 14831

Accept-Ranges: bytes

Date: Mon, 02 Jun 2014 06:28:27 GMT

Via: 1.1 varnish

Age: 1406641

Connection: keep-alive

X-Served-By: cache-d64-DAL

X-Cache: HIT

X-Cache-Hits: 228114

X-Timer: S1401690507.845181704,VS0,VE0

Vary: Accept-Encoding

!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"==typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exports:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});var i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.exports={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){function t(n){return c[n]}function r(n){return null===n||void 0===n

<<

<<< skipped >>>

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT

Date: Wed, 28 May 2014 11:27:19 GMT

Expires: Thu, 28 May 2015 11:27:19 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33186

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 414051

Alternate-Protocol: 80:quic

.............~.F....?......!J......7.......Y...h....w.T*.".Y.Y...|.D.. (g..;.....b=q.8......?.....w.....>.......g{s.....2...........e. WK?VI.h....~.<n...fy6.....e.z...8.{.U......(.. .e.8....V...}.[..|../.......j-.~'...Q.....%Q.KV...Ec....q.{...x........*..^...^Vn........&_...~.....o.Z..~..^....{?.S..&.w.W.|A...r......t.../V.,.Dt.Pf...&yYLv.U......r.Q}.^']...*W.:H.........~_=.r..s.^..T..=l.]..)Vj.......^.ys...x...C_.h..&............`.^b<.^:_m1'Y....c.....e..1Oo....q...q.x......o...........?..q:..;.>.whu.....=.... . P..i...I..E.!..f.&v(.......m...r...w~.SW.......6p>...........,.........Lsj...L7..j.......y..'.F..h44..SY.V.......i.mw...4Yi.H{'.._..].9?...}..Jn................5Q%m.y.,v.5U.(.^..\-.R...?^m."...7e..vy...b...L..%....]..f...l5>...nw.rYx..|8..V.......0F..|4....<.q....d.(~...h....p.......q1.......y..ZF.p1..;.^..W.Y...(.....<x.F...iI.t..n..p.-......w.p:..I.\.:x\...H..T.j...../i..h....3....Y..w.......5...:..n.....U...]B..`.ZQ..nE}.....L..`..A..W....C.\'......e^./.j\[...6.v."..u...-..K.3Tb....24>,..hD.R..<.F..q5C..vR.iO)Z.(..&T..v.Z#.. .._ts..1.H..=....H1...6..@....9..v...=Q...RZ ..SIt.}.....J.me.....Yq`..5......5.....28L..~.-L.=...b)M'..Gd.....1..,.:H...f.....h..T. Q...~.|%#%....y....7....L......"QU.y0H...<.s....n....I'Z............A........K...k..2...P._..1Z...B..4~.&..h.o{.y..q.......Z..R...l......&.....>....P.......&.;W.3...L......@$...,....Q..U1..hC1.$ .;ByWj.M..... B=1....s_....:HP...&.7.&..>7.(=.....P.b8...Q..Nw,...E........t;.4..`..._ F.P.......t....hm..w...Q....

<<

<<< skipped >>>

GET /v6exp3/6.gif HTTP/1.1

Accept: */*

Referer: hXXp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i1-v6exp3-ds.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 14 Aug 2012 10:47:46 GMT

Date: Mon, 02 Jun 2014 06:28:57 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-

GET /v6exp3/redir.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Last-Modified: Wed, 09 Jan 2013 10:49:06 GMT

Date: Mon, 02 Jun 2014 06:28:44 GMT

Expires: Mon, 02 Jun 2014 06:28:44 GMT

Cache-Control: public, max-age=0

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 175

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

..........M.... ....O..:X..]..Dctp<.5b. .6...P..?w..KN.v...v...9[....M.2d.."g!...K.k|.fT<b...p.}G.....z>(.FpX~5.Dj.,....)...&..)."|.x..yY7^..a........,h\..wUI17.?."?....B.....HTTP/1.1 200 OK..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Type: text/html..Last-Modified: Wed, 09 Jan 2013 10:49:06 GMT..Date: Mon, 02 Jun 2014 06:28:44 GMT..Expires: Mon, 02 Jun 2014 06:28:44 GMT..Cache-Control: public, max-age=0..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 175..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic............M.... ....O..:X..]..Dctp<.5b. .6...P..?w..KN.v...v...9[....M.2d.."g!...K.k|.fT<b...p.}G.....z>(.FpX~5.Dj.,....)...&..)."|.x..yY7^..a........,h\..wUI17.?."?....B.........

GET /v6exp3/iframe.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Last-Modified: Fri, 07 Jun 2013 05:23:08 GMT

Date: Mon, 02 Jun 2014 06:28:44 GMT

Expires: Mon, 02 Jun 2014 06:28:44 GMT

Cache-Control: public, max-age=0

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 1262

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

...........VKo.8...W..6.k...4.Xf.b.C....^..QP$.H..DIn.........=H.p.!g...j...__...q..4....Aq...u..W3;.V......0T...=.........o.]..9A............X...O8.D..Y....."(.Bk..<..3.S....O..^z._..xn...`sW....,.. .S.iQW.....O.)'u.,=4.!.y>...!|.|..>.q..K.I.h....e..r....[*]...w$.....Q\...n?.....DG..4...X8@eu.LXpq.H.7...~.d....Z]..p.z....w.Y..$`F...........Jy..9.c..<Kr.....].Pe.........3..*`.> P....=....w...gx.sG=3z........;..rrB.>.X2t.`.....U..zvK.80k...G...8..I.....\674U.... .5."O.....duFHV.....to....%...{.......7A.@0........V........c...[_$T.f..82..4....SN.k. .`;.j....S...*...J.f..-..<L.Qr..&.9.D.`0/.S@.ry..U.3..n.< r...s.F.&.7(..c....B.....b..kH.se..X0..}....L.$...@-H2Pw..;.~.kR./..}.{.BP.E..0.JE.....cH....S;.6.....L@..KD.3....... ....=......-...>C..E.D..\...4M....2......c.9.UVx...^..T...Pq.}..0......8..D w...38[B->.8.......Ra...j.[Z=L'9[...y.p....x#.bO. .L.d.d.r1...Y..5,.G...{Su.^..!..,X"..........A.p.A .H?1~..\....*.....k..T.....T..oW.....S.ge...g*a.d{.=u.-.uGRP =...Z.6B..k...H..?;x......4;...[E..].jq...z..........i..}S.Ny.x.;..$....n.=.......l..m}r.>.8lc.....Q^.......O.s..R.........:..?.....&...:..$...K. @.b.z..>.4xz..{...Z.......%.......7.*c....j.R.6 .g...u.R.Q.K...k.(.......>P6nsH..kh...6.....k...TBV?...6...[...vv..... =...|.a._....j.{%....?.G.9k.....

<<

<<< skipped >>>

GET /clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:30 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:57 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:30 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

2cb1.............}{s.I....)p.....H.=/p..xH......V..%..@.................F..]...GVVVfV>.w~..4.._L..W)..I....=H}.^...R..(.*N.)~.L-.e....sh4.R..(.-.q.n6....u....SGR...z.........t~.-r..mn..v..&;.yn.}...h...g........~..ir...o..e.K....C.F......^.......B..x,<ran6.....Q.^..F t.K.b8\\..D..2.....4(..A.p9_..p.Pz_.M.....P.K...C9,.Jg...t.....)TB.....~y.{.....|.......u/..>.R....gg...^....Ux|\D...,U)<.d...........`_..}....U.h~u.-.@.~:.O.2../..K..c4]F....?0..j.]M..ha. ...,...x..k.f>..FK..UmP<.<....Z.e~p.\.M.cz.b..T'8..9U-8.3W..N.S.a."(....E<.&.!..Ix`K........./U.....'..t.\..^(.E...X.*.....0..V*w\.tk.........2......=..j.d.g.La...).e...m...d...F;gP.B)a. ..'C......7..2.l.......(...ur7Ln.R.0....m.!.^E.....-..k.....b2...I..E~.. .:.~.\.W.E....x.....(.......N&... .4.P.I..^......F..N..v..D..'.?w....\.....P'.t.8..m.....2.N....o..N........&0.....Us.m......o..g5........T....ET.u6..V@.x.7.....<8.4...?....i.....L...Of.....@.D...wk.?....6.;.6..:w.8 ..:}&...Sy.5...3.m<i.1.G.O..R....|.k'.....&S..........Zl&.GB..CWz.........DUYN........p.....s.........$.Q.....XD...B.Q..........X.pv..........].nP...j.]-&. ..pz.5/..`..zY\,..y.E.,. ,.s.e..."Z.ZNe..PZ.....o..P.H..`......p.._UR./....R...mt.?j.a.V...m-..aq\.f...g\.K.....*.>.y....h..._N......sM..qLe2...bG..G.,e......?jd...;.U*.Tu.=.[!p7.M..G...."M..2._.}I..rX&..h.0,..g......sa...@...B.T.v1_.i.Q5.P..$...-.... ..i>.e.A-8`:|U..v.yX]/..R..[..X@Bc'S....,|......(5....f9\A.zC........h.-S.E...F..1.R..4.. ..hY...}..:.....S....:.. ......w..#V*.n0'.g......P.,..f5VF...r.cJ.W.

<<

<<< skipped >>>

GET /clientscript/yui/connection/connection-min.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:32 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:56 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:32 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

fd2.............ZYs.F.~....@.!.Qr..%..xJ.....S\.."F"...........9...........\........~.xI..Y.0.Vc....n.....}c.M.Fw>o......%.,p0(`.y8eQ...2.X..f...2h.....Y.-:...{d.x.....u"...,.]9....w.,I.8.4...8.w?....{|q.,.p...(b..[.<.....E...Agb...$N....vvz|uui....|.......h4.........x.Y......;..2.f.......yv...L..d...u=..X.l~...>.<==......2..h...nc:...e......F1.....?....{.%...:.......g...3...1.C......#l....!.:.Eh....b...j......h9..7|...|.{.....Y........0........w~i. .....3o t..|...=.(..?_.Ep....0.X...y...P.Z.w.v....l..-...j....%.a.S../..g.Y.G?it....,....5{..%.N...........%}?e..yF.-...l.&{Y.fS.....5..n.N85...-..y....q...6...exF....^2.].-7a.2..t.....%..-....O2..N.......,~.]......b.s....P.....S....#.1.............7....:..o..9:'....`..L.}!..n.,.m.......E..E.k .yCt_.wh".O4...'..~.H......H....X..y`...Y0Iqt...^.m..K..1.^)Z.Ze.0uJ..YF.,..=...Q.aQ/aP....M..!M...a....*.j....u.5..%........Q>r.)..k}W.f.......{.....|i.Ea......,.*Z>...f..n.f.<U...P1.4a~.p...?.F.N.....]7K^V].....L..z.).p.kg..h.....3s`.`.M......A........j.`.Kta...7..ss..w]..-...Z.o. ..0.....4RC:-L...0....r.~....xb........../(*....u.{...w..o..a*......`.uk.Z...".S=F..../.T:iMbv....).......C.`..L.....mq..<s.l...0.......nrj.!{.s.. ..*....(K.....5ch..!.H7..@.*......B.$L...4....".2....?...m.~.hx...O.."....=..Q.<.....>_........g...c4..%........\........B.....ju..J.m.;"..W.:c..q_......$...I..{!.p....,p........!.w..G..<.7......,}/(*.....#...v~...q...a\.M".<[aL.....M.{..w...]-b.T.~.rv.=.{.v. . 2...'2*;....qM(..*6UM/$;`..zdT8....9.... ^....H..,.....ah.

<<

<<< skipped >>>

GET /clientscript/vbulletin_menu.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:36 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:36 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

b3e.............Z{S.....>......W..RI.t[.1...Q.=.v.JHc[..F%.......L...4.%/[K... ......nq...,??|.f...}..k......*.).../...#.|..?@B...t.E.......p..~...'.s6..$.4K.(..u.C.r.....s...4..0.I]/...E1....J..n...0.y...8.-.......Yy4O.Y....R?...U.~./../.&..7...z...:..L...g................................(.IN.._.%.gR...2..o....0...Mx....4Y]-.=...Yq...V.VI.#...y.X.J.s?.c.u{..4j..&^.i.;G..rh.....qNq..2w...G.$..r.._w{.B1.$..m.`;..g|.R..s...... u.{..$...c6.w.....5...\E $.-..zC.....LiV.t:p.cu......y...k.....;?.F.{...[{...>eK{NA. p. .A...;.tjk..M..s.uG..^.@;Z..,p.._.N/....q...v<..E..G3..Z...9..Z. ...U.X....X.e...=.......Rs.fk nlA....I .4....;3l.V.Mn.M..n....<8K....H...q....~".G}.lE....#.Z0.k.R.c..H]...g,.D....5a...S...y,.3.WA?....o.n;O...o....M.xb!.=.U.....a.J..r.f.qO...R|K..Q.,<v.;.8.j.....b..&..[J.s4=9.R:.1.. o6...w9./.....~Mp..X.[.[..5.e.e7.(y.\.]...T.,W...!I.>....,.r>^Dq.....'m.....q....kHc..l..~........v.<....t..[.A...#.....N......AF..k...0p0bAP......Pr.-.Z..$..^..)...-B.a.0r.......y.c....~...^Z..P.m.>R.h.n.99...o..0A!....*.ZCF.VY.2'e..1...y.kY"..S..D.....r....H.%K.......H.. ".NLM. .g.....l..k#.(1o.9].. .}.......El..2r..``...9..G.....9.j.................,..,q.........q;a)...i.....C..4z`..@&..........T.*.pB....M.U.....~..5..a...U....(9...;..;.E.*......0.~N..rS..y'.z"<$..G...Z....`.?N..&s.89.....U@...Wt8...).........3...v.....b?.U|....R....z.t.NG.G7wH. vD....1N.$.t.ek..D.?...)H..-.o.RX.=..@`.%Z....,....n.d.8G.~...b..."6.\%.D....i.......p.|tUbA....Hg$...U..%8.....f......!:Xh.01.Dt.RB.\...G..4..W.^...D

<<

<<< skipped >>>

GET /cb/cb/logo.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:38 GMT

Content-Type: image/gif

Content-Length: 11690

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:38 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a,.z....e~.o..f..b}.I\.h..s..\v.K^.H[.m..M`.G[.d..e..GZ}Uh.w........`q.Ob.|..FY|..._x._y....iy.......ev.Vl.Yq.j........{..GY}FY}m.....d|.j........u........q.................Y........Qd......6...Na..........g~...oP.._....2..T.....Ye....3........K...Ey.hy...f.....Fv..Oq....Qdye....... ..v8Ok..E...........\r~.bz.ny.FTjn....?..A.....{<g.fw.}.y^v.Dh.^p.cu....Zk...YL_.m..Zl.Re.J].c~.GZ~b}.M`.b|.!.......,....,.z.....{................................................}..............................................................................lu... @t...S.......@..PbC..)*...#...=v....C.%S*AI..K%.`...o@.t.i.......@........H..\.....P.J.8s...H........`....U...h..].....p...e'.A...........C..%....... ^lXAc... .Lyr....k.......C...t.V..S..i:k.../W.].r...s...{....a.'.....[..^..,r..5.PR`.a...3>.........O.......1...g......B...Y.....9....(....g...tg..... w.>.a...h!w..'...v(.Z......tS.._.... ....0.(c...h@.7..#...X#.<.X..D.i..1.....,...R(F..smqx..6....\v...`v.%.H.9#...e..l...[.)...a.i..x....G...|...Vkm...i zX...4.h..>....Fj...f......i.9.)#.m..&............. .....(G"................k)..RZ,..*...<.Z...V ....Z......... ......`.....~.i..]r*....k...:.........v4....L...'....q{.V.Y.!.\.{....g.1...y&..s4.......(....*. ....X...[`A.7.L...#;i.I.................t...:1....).7_...\w...`....8.\..8..3.Hn..G#....L....F.=..R..$.c.,o.b.n...'.8.eG.u....../....t....%.LV.S.(.....v.6..z..t.z....{...>.....8..VM...Z..^$s.9..$....7.....j..D.a.......W;.....^;...._...w.....~6....{....}..[O..*..........<U..z....(...%.}....'HA../|..

<<

<<< skipped >>>

GET /cb/misc/navbits_start.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:40 GMT

Content-Type: image/gif

Content-Length: 1004

Last-Modified: Tue, 27 May 2014 21:33:48 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:40 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a...................~.....}................................k.....k..bx................u.....Xi.w..y........z..............r...........by....o...........x........l.....fx.`q...................z..v.....~..........................{...........v..v.....l.................y..............v...........m.....}..q..t.....}.....g}.......~........Wh....@M.`q.............l........fw....z.................t.....o..x...........^s......................bx.............Vc..................................................................................................................................................................................................................................................................................................................................!.......,........@...-..H... u....`...x8.... .E...(....%<..9$...$j.,.....9R..)..Q..D.h..&..?.,....G #......... ....%...W].).....'...1....2.LB....Di*1...B..Z2..c.....^......I..Ph.....Y.lhScF..4..p.......M.D... 7.Hp.H.......;....

GET /cb/buttons/collapse_tcat.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 594

Last-Modified: Tue, 27 May 2014 21:33:44 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.....`.......3Jr............Ij....2Iq=X................r..~.....1J.u...I.2M...._|.&<m...Nn.... 7j"<wr..Fb..........@\.Hg.h..>Z.3Hz/Iz.........Qr.=U....1Iw8S.:S.5MvHa.(>h8P.Db....}..............f..Ii.|........ 3]...B^.a...........;T.6Nw_~.f..)?n F.a..8Q|c..Rq.Zz.w..5O.Ig.......}..q..Ba.4My......................................................................................................!.....`.,........@...`..^.....&-?7_..'...^`..H.F._ .S8..^.#.(.6U!GA..:<XZI/=..`^.@>...Q.14.`."W...]^_............_......B*9[_.PRY..^.D.L..$\,...MT%JK..Q0......H8p... O".x.`..'5RT.0...q^..`...8l...;....

GET /cb/cb/thead.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 204

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a......._z.C\.D].F_.Kc.[w.Oh.C[.c..Mf.^y.G`.Ng.Yv.Ha.a}.E^.e..Pi.`{.b..]x.Le.BZ.Ib.b~.AY.d..............!.......,..........I`$.[i.H.R,...#.S].8..{...`.A$J.G.R.h6.P.e:%X..l.......X.)..ht`.>...x\C..C.;....

GET /cb/buttons/lastpost.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 964

Last-Modified: Tue, 27 May 2014 21:33:44 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a..........PY.MY....PX....JP{...............QY.............Va.fj....~.....}........{..Xb.......z.....ny.is................~..|.....x..x........IQxY[u...`q.........................|.......................FNv.........NV....{.....:Bq......}..dh.............>F..........N[}............w................................PY.Xd................z.....i|._h............................|..w..kr.r........................................................................................................................................................................................................................................................................................................................................................................................................!.......,........@...Q.y.E..@<.8`....-.^t.P......(1......Bl8`....1@j.C'.....\.sD..A.....C.....P@"...8n....g...N L.....7.@......,OF.abe...cn..se..3dt..#"N..)4P.i....;@.I.".."...` .M@.;....

GET /cb/statusicon/subforum_old.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 541

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.....t.......mx.mz....,A......................u...................................v........^l....................................................q..............Wg.......|.........................................................................................................................................y...................................................................................!.....t.,........@.z.Y.T._[p. tt.6eE`V]>iSLB7@XQhr..*kW'J...bNPl1O<G=5A&,oq#/..\;...9..^n(gs2%.....Z.!U.R j.Fa..8m).0fCc?.K....4HI.:.D$"-d.3M..;....

GET /cb/buttons/collapse_thead.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 594

Last-Modified: Tue, 27 May 2014 21:33:44 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.....`.......3Jr............Ij....2Iq=X................r..~.....1J.u...I.2M...._|.&<m...Nn.... 7j"<wr..Fb..........@\.Hg.h..>Z.3Hz/Iz.........Qr.=U....1Iw8S.:S.5MvHa.(>h8P.Db....}..............f..Ii.|........ 3]...B^.a...........;T.6Nw_~.f..)?n F.a..8Q|c..Rq.Zz.w..5O.Ig.......}..q..Ba.4My......................................................................................................!.....`.,........@...`..^.....&-?7_..'...^`..H.F._ .S8..^.#.(.6U!GA..:<XZI/=..`^.@>...Q.14.`."W...]^_............_......B*9[_.PRY..^.D.L..$\,...MT%JK..Q0......H8p... O".x.`..'5RT.0...q^..`...8l...;....

GET /cb/statusicon/forum_new.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 934

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.......d..............k........p..Tt.`{..........~........B^.8d.f..Ng....j.....z.....w..............Rm....;_.{.....r.....b|.<g._{..........b..^z.Aj.[x.^z.a|.[w._z.b~.b}.Gn.}..6_.?_.e.....`|.............Fn...................Oh.o.....`w.............Bk.n.....}.................c}.............c..h..p..l.....m..|..Kq.r........a|....v..a}....s..Dl....Fn.c~.d~.[w....\x.]y...................1_.2_.!.......,............;{......;|pu......b|| 2/.../......2.. t.t2........|mv.......mw......u.h0330.....-....3.....<..Y)CB%@.BCj...<...T1..il).F.E...F.F..|......i.h.@.A.5.*."%....*y......$:..8aA....x.3.L.* D..Isf.....a.r..-}.T.q....O.80zC...?xV..C...A.j..u...)5P.....'*.p.....%K..R.P)I...4.....V&..F.cb/.Jcr(.0...,?~..J..c%.L(.q......le`....(.l..:..J_p....I..... .{D.&..X...M%.....Z....6...........H.....~$p....x?...G........@..<........{%/..._....^|..7.z..G....g....._..mG`..N8`...aC.$.8..%....,.8E%=.!..4.h..|..E.<....@....z.i..H&.......;..

GET /1/92a411bc23?a=4058140,2334836&ap=19&fe=2000&dc=2000&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&f=[] HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-3.newrelic.com

Connection: Keep-Alive

HTTP/1.1 204 No Content

Content-Type: image/gif

Set-Cookie: JSESSIONID=9603aa4a7a720f8;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT

HTTP/1.1 204 No Content..Content-Type: image/gif..Set-Cookie: JSESSIONID=9603aa4a7a720f8;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..

GET / HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: forcar.org.ua

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:29 GMT

Content-Type: text/html; charset=windows-1251

Content-Length: 11484

Connection: keep-alive

X-Powered-By: PHP/5.2.17

Cache-Control: private

Pragma: private

X-UA-Compatible: IE=7

Content-Encoding: gzip

Set-Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; path=/; HttpOnly

Set-Cookie: bblastvisit=1401690509; expires=Tue, 02-Jun-2015 06:28:29 GMT; path=/

Set-Cookie: bblastactivity=0; expires=Tue, 02-Jun-2015 06:28:29 GMT; path=/

...........}.s.....\......RL.....jts...QYrf3.)V.h.-.h..A...?.....U..Q.J..[.3S3/[.R.........)...s......&.E..A.........r.s.G.~~../o]g%.Rf.>.....,4...m.j$r..5._~v...,...;.V...0.Z9...a..J.S.F".....D...#w>....bt..8......bh.....'....v.O?.Ln...a.Be....V].....@.......MM....Z......-.MM.k....rNmJ.u.X..nY.bE...Yu....U.)~g.E..q.~..t.w.Tl`..4.....2..[z.Bc........x....t_..~...T..BI.l..-....lO..)9..|..ZE.....ni...t.`.J.\......tX..%..vO_Y6.....k;...jk.e..3..Nwwk....4..nc....E..;k....$.6V;;..i.y....j....>.Co.....K4.y.n..{Oh>..|.^mu.be.C/.v.2jD..w.d.....uU...#^..|...c.h.#x1....^...;..7...x.......\.}..vV..].uGP.E..`.($...Q..`F1.Z......@.......~.zV....y.Y6q..kUv.\....}.81 .....,...... .R3-.....P.l.H.|G.....M......$......h.....e..b...c.^......B{^.d...A..#.....i).H.4-./.w.qQ.......&..1.*.<t.nDV..iN.........=|W.a...I..s.'.c.z.(9.}....a.A..)....f...o.....?....c!;.L.2..-..3.3....LR L'b.h!.*N...a...W?...._....\...].........k7>..y..U.V.G*.]PW...E...e}^...G.....U.|(..d.(.F$".......b..k.a....{.V.j......|T.....j....T.V .....e..A'.........i.p]c.A.......,.}@....R....Z.....H...t. Z5l...".j.u1.......AM.]...;pp.#.!...^&.......#...J.Y..;4j..A.<.......e...r.L....z.\..E......vM .....X....u...c.....OE..c.....cR.e.&..1.. .-.....}.8...!..2.......(..<.....~./.........0B..#`...h....w..9...........C.. XCZ7z...{.iz.NOX.*.3_......|...jA.N$R..1....i.Bu.T......".F....h.WD#0.Q.'7I.AQ. .g|..p0..ZN..!9r.Jr!H.ZY[..Uh.}*_6..f..dg....YA..L.v_.Z..mJ N......j..T*.....d25...S...v....pe:..$....#&LJ~|:..)...na....-..._...v..?..........%(.K../.

<<

<<< skipped >>>

GET /clientscript/vbulletin_important.css?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:30 GMT

Content-Type: text/css

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:30 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

251.............T.N.@.=...Qz.j;PU.F..5...)I.%.Z..x....^.A..._v.&4..P.{..3.o...o8:.d...f.o.X..tT.:k.DK.....a...s1...\W......G.....'......XY4...k..Y..)a..5L.F.B.n......D(.=(m!A0.Qm.%....F[hFh.5-....e....;.^....oWW.....gp}3..i....b.}2._...Uam..a...*y:. .%l.o.PR.......M5P[.C.[.y..>cN.,iUC....S.....)... .Y..`\.O.G.."A..icjm".0...]2P.....V.o.u;.n.p.!%I!.K.Z...C.......,......qX....~..6....9..WI... H.E....4.A.p.x.X....!...C....d.A.MY...&.9....D.....m..........'..Oi%.}.......1..b........8.....*..E.....3..z.S.Gg.2....q!,...'.....6....ou.......c..!....A....n...;..Ep0=..{..|.........G..`. ...G......`.....0..HTTP/1.1 200 OK..Server: nginx/1.2.1..Date: Mon, 02 Jun 2014 06:28:30 GMT..Content-Type: text/css..Last-Modified: Tue, 27 May 2014 21:33:55 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Expires: Tue, 03 Jun 2014 06:28:30 GMT..Cache-Control: max-age=86400..Content-Encoding: gzip..251.............T.N.@.=...Qz.j;PU.F..5...)I.%.Z..x....^.A..._v.&4..P.{..3.o...o8:.d...f.o.X..tT.:k.DK.....a...s1...\W......G.....'......XY4...k..Y..)a..5L.F.B.n......D(.=(m!A0.Qm.%....F[hFh.5-....e....;.^....oWW.....gp}3..i....b.}2._...Uam..a...*y:. .%l.o.PR.......M5P[.C.[.y..>cN.,iUC....S.....)... .Y..`\.O.G.."A..icjm".0...]2P.....V.o.u;.n.p.!%I!.K.Z...C.......,......qX....~..6....9..WI... H.E....4.A.p.x.X....!...C....d.A.MY...&.9....D.....m..........'..Oi%.}.......1..b........8.....*..E.....3..z.S.Gg.2....q!,...'.....6....ou.......c..!....A....n...;..Ep0=..{..|.........G..`. ...G......`.....0......

<<

<<< skipped >>>

GET /clientscript/vbulletin_css/style-b09cab93-00002.css HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:30 GMT

Content-Type: text/css

Last-Modified: Tue, 27 May 2014 21:33:56 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:30 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

5bd.............X.R.8.]..P..f(....1........-.V.X.[I.).}.../9....@.u.t.G.${.^....Oi%w...y.......,....c...Hd.Br_*.....B..V.(B2 ...0RR.D.....-.a... ......G.....;.....0...*!....7.....3.a.].......}.L.yuEhHc%.......Z?cX.&^.....%M..C.f..~...s|q.......W$.8.hu..*..HV ...g......!..%j..F..._.J.S..-....5.U.?..5......S6ME./.x...<.%K..Du$o...E$s... .4m....[>..{6......E.q.?..n...3Xh.....~..Zw..V...O......<...V..l.B...B;z......h.5@.M...X..}<b..F.v.......N..j..1.1...Q.... 6}....)..u.j.F...p.^-|.W.~.^i..........G.._s....7...ia.._.(.L.[...&.......=.....z........J.dp(Q...6.A. w.......8.%..v.v`.-..I-~s][mB.$t ......N)Y...Xu.<P...............]oi...;...t...jG.k......jf.4.L.D..........;&...!.....L~..=S...}\/:...s...*..._m..w...#R...C{.>.eY.T....5.l..4....bk4.......8.y..O......1.........l{v...M......<T.DE....e)E.x.U._h.v..~.mx....A..x.>..O..R.'...C.^.>..O@-P)K.Nzd.....}.hAM..8.....t.#....}...m.G%{#...!....~..w;..B..C.\2.C...8..{.>..BF.g!....5.^.:.....P.?.P.?....Y.c6}}I..!.z....DV."......*.........."\.S;.....H.g.....r...H.y..V..fb .B^.....B.._.-.b.........R.W...%......".{.e.V..\........,X<.b'....e.n.R.>k...X.H'.o...O...`-.9....Ug..Q.............W.y8.47...kk7..m6.%\..@m......[..u....4;...3.}....K.B....6IcoQ......8U"x......2.$p.mH..........xe.....m.b..@.4.:..*h....A.[......[...;!#....>&.&......x..U....!p..t..r.J.jG&x..j..C4."b....sw.......i....I.a5.R.F.D7..&.=...'.."t.Y.6.aC..nKx........Bb.........|.W.} ..7....{....M...E..X...:... ..B.S.....[.)....:o..\..:]..l..........`...a.....0......

<<

<<< skipped >>>

GET /clientscript/vbulletin_global.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:34 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:34 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

22ac.............]kw....._A#1...%..R.u..l......GTx .........Q?....3.....d...E.......<3.....K..f......_._m.fR...j>..(.=o.....;... .....m.............O....,..k.8..e.eaV{.O.5.>.}..Y.C...u.....U....yX[...8.k.a-..Q....*..5t..*A.$.e.,...I...e..m..r.j..~y.fx..]..I.........v...._.........|......i__..lO.Em]..jw.M.8..W.b^....u.W-...E....(.&7.Q.a`..'.[.2J....qg...........0...y2sZ....3./.|..i..0M...A....XD?...b./.4Y-..0..k.-B.!.L.ULU.4...e...).Q....$u....;.....<.g..A...;q.....s.r.O.(......=.8....~....o<7.]..e.-.5<.Y...2...s.8]............9}...;.........]_,.. ....I.z....4.n.FW..$z..4...3.....$..X%y8.......Y....,..k..0..r.l......s..........<].....w...~.X.yt1....Qx.L.|L.........2X...)f?Y.^.;..~.....N...h.. m...'o..0.c...b3Y.i..nQ.K<....u...x..t....].!~....64.,....,...&........... ....\....,m.^...S......b..H.....EU.E...h..>...N......T....[PD.(...cG.k..e.==.Q...T.a..2{^...<..r,..gV....O4V....t5.1./....1..9..........$.....8..[.}....?T.2N...|.VY.,..7..hZ.B..{.kY.:...c.......<|[L.".Tv....-....x.J3.J1.G.U.!.u.[.qp.#7..1.yB2.}......i...X...s..m..F.l....!.u.....h...Z..iH.........$....[....p..;..}.w.}.q...(4N..x[^nvFT*..k..;4...o.....i..5Zt......`......{.?.....8}..X....]E.X..h...d.h.P.{{-.#>...[=.&9.....{..f.q.....`..9.7....Q...U...0.\.....I..A.&.....=...<.....S=.[....7.D0.o...3.|.0..v.fy.\W.....C^.J..2W......&i...y.fzFw...i0{...>K....k.@..N....&.4..#]^u.P...5..]tN......6...i2..q(g...^..B..!N....v...|.N{y.....'.... m......Rb<.v.'....*...8.}l.&$..<.X....v<[-.a..x.:.1.).q.&...[.A.<..

<<

<<< skipped >>>

GET /cb/cb/headarka.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:38 GMT

Content-Type: image/gif

Content-Length: 1753

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:38 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a?.z....Od.a|.]v.]w.FY|Tk.b}.\u.[t.Qg.Ma.^x.Mb.H[.GZ}K_.Ul.Wn.Rh.Wo.`z.I\.J^.Xp.I].Yq.Si.H\.`z.L`.Uk.Zr.\v.Pe.^w.GY}Yq.Vn.Sj.c~.Pf.b|.Nc.Vm.b|.Oe.Qf.J].[t.Xp.Ri.J^.K_.Zs.Yr.K`.Tj.\u.G[.FY}^x.Vm._x.La.`{.Zr.[s.I].L`.Nc.Nb.Um.Rh.Pf.Nd.Pe.H[._y.b}.a{.GZ~c~...........................................................................................................................................!.......,....?.z.....Q..................'..........N..................................)..........,..........................O..................@........HP ....*\......#J.Hq!...3j...... C..Irc..(S.\.....0c..I....7}.......@........H.*].....P.J.J....X.j... U.`...K....h..X.....p....K....x............L.......X......#K..9....3k....g..B..M.....S.^......b..M.....s.......0...N...............K.N]z....k..........O.......G.........O..|.................h...&....6.....H...Vh...f........ .(..$.h"......,....0.(..4.hc......<....@.)..D.id..$....L6...PF)..TVie.%d...\v...`....d.i..h....l....p.)..t.i..u....|......*(...j...&....6....F*i..Tj...f....v.i...*....j.........J*...*....j....j......... ...j`...&....6....F ....`...f....v.-.H. ....k....{......... ....k.....o........,....l...'....7....G,...K.....g....w....'!..$.l..(..2.K....0.,..4.<s.8....<....@....D.m..H'...I....PG-..TWm..Xg...R ...`.-..d.m6.*....l....p..v.t.m..x....|.m.........n...3....7....G....Wn... ....w..........n...............;.D.n..........{.../....o...'....7O...G/...Wo...[....w...../.....o....O........./....`..........?......H......L......:../...'H..Z......1...z.. ...GH

<<

<<< skipped >>>

GET /cb/cb/nav.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:40 GMT

Content-Type: image/gif

Content-Length: 325

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:40 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a..#....................................................................................................................................................................................................!.......,......#...b@.P.).'H.b.L8..h.B.F...V..v.`pc<....t..f_...\>...x.`......................[Z...... ..............A.;....

GET /clientscript/vbulletin_md5.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:40 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:40 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

86a.............X.w....W..L..LF.%Y....|...m...#'.C..h.H.df'.......xaz.......{..,....&.....8a.W\.h.<.K....v.X~IL..ev...g.|.t....[.W/......Q..w;_...............a59.2...e.@.2.......e.._....<.nm. ;P.NH.......=Nu.~..s.q..E0..........pa:.....C../.=.nj.w....t....*..r.'<..2..aq.,i...B.......Bdqg.....|....f.;....y3.......y.T/9 .....N.a.<......yp......2o.. .Z.0..8.~{XF...GQ.*."h.&VZ*...2..Q ...E.f.3ex....(;.y..^...8.R......M..x.%7&..@S.4..c.Iq........!.%?........Mx..!h<.......Y.-k<&...(a/m.".8)...{I...`-..d..f. (.....4..A.~E.....\p.:.C...o..a!b....t.>.B.B...o.=<...e(..*....f.!..7...Ct....X....~#R.....D.w.!.j8. .....Q..s5h..."........H.8..p1..~`.J...LF&.U.Z...%d.).FF....H*P.H.R.........@yRj/6.....B...5B..,.h.....#l..HG.J`3\j..5E.J.S.~C........ .d...X#..m<. 8.B...&...A.T...h..B.NC...-.o..58E....i.U...)j?....z..} B..B. ..a/2..4...]........."ab...8.MS:%..h..........2-..[..CT....1...5\...Z..T....5i.9...!B..GnU......H3.s.f..04.u.L..4.k5`..B&.7\..>..uM.Ku..".pnj.!#...8.Ze0i..N....4....:.$.QU..T.VB..K..!l.n.|.W..2fn.A`.o4..Tx7.Y..6b...z%.....j.H*. .K..u.$....'tLq%\.....U....8..Z#.-H... ..#......X4.....tSH.....Li..1M..P.Go!h-4 W\.C....*..d...:8Z..9....)....j...*.P....j....6'.Bh...............c..,..`.......]..._o6..b1..tm...0.>..A..Y..}.,7 ...tu..?z......8pW)....8.....'........^v4..z......[,.y....<....y?...P.....d........h.~|......Pl(.n.8.....^....^.......~..!. ..........Ao....2.............*...c..J.it...qt..0#L.z..;=...nG..f..V\4......9.........b....t....i..)...6.6{./..)........^.A..A.y..9.X...

<<

<<< skipped >>>

GET /cb/statusicon/forum_old.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 361

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.......................................................................................................!.......,........... '.di."..l../.uOm.x.w3....P..@...r.,....t:-R...v.-....x<.N...z..f...|>w...wQ......E............E.......E............E.......E.......E.......E.......E.......E.......E.......E.......E.......E.......E0..-..........[..C....*\...B..8...;....

GET /cb/cb/cat.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 123

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.......................................................!.......,..........(.H#......'J.4d....2H...1.Ca.A.8|....p....;....

GET /images/icons/icon1.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 1032

Last-Modified: Tue, 27 May 2014 21:34:03 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a...............................|....................kop}...................................255...VX]........................'))..."%%..................HLM.....................efm......8:<...............uyz............??D.................. ,/......ABG............oqx.........Z__.......................................BCG...............?AB....................................489............................... "...............* .............................................................................................................................................................................................................................................................................................................................................................!.......,............ .:d.J.!.FH...L..o.....L...1bxX....i.8i.'....8.H.....k 1j.q.G;....C"..@,..0...".@>..0.@.1..p.....AE.h`...... ..B...G.2N...@..V............0E..'e.P.................%.....4.t. ...F..y4. ...-/$d.....(.c.......G.<..'.T#A6..s..#&.....;....

GET /images/icons/icon4.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 1019

Last-Modified: Tue, 27 May 2014 21:34:04 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.........4..5..5..4..3|\...5..5}\...4..:..8..'..8..4..:..*.|$.}#Z[d..7gX...8...........5..6..8..6jny..7_[a........7?5...7.j?^`k..7..:..8`]].p<.q;.u7..1NQX........6..9..$..$VA.........>..)\S@~\.llv..7..%~^.K@.TK?bag..5or....1*......5..5..8}]...7.. ..7..6..9..:..8vc;..8.t"..9..&..6..6..-........6..6...qq}..:...VK.2,.ZL...-.|D..8..........p:..8..:.....8.....9z\...B....f }gBtbF...LB3..8|\...7..4YUV..(...cU4..2YX^.r!........7...............................................................................................................................................................................................................................................................................................................................................................!.......,.................M.2..*L."........ ......P..F...}\.!...;.@......,YL`$....=k8,.q....#..I... ..A..r E.3..P.1!!....(@"D....Z...d...cH...$..#0...q`..9\.A. @....V`...../e*.. `../....0 ..".".0. ..B7..xA......$......|..h...m.....Rg....;....

GET /clientscript/vbulletin_read_marker.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:56 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip

4e6.............V.r.8.........Dv.?..L..w.n...N?&.2..Q...D\o..... .m..kg.....G...s.~........-....t{....W.).4Go.o.M...?..X..X1.t.H..~.....w..I..%.....SA.:..Fn.....hH......P.......,...I4!........$B..,a`.8.t....A.Q.p..^...}..NN...St<B..1.0...h.a........J.,....l..'u.q.2t...j.4$. 8.Y..z..^...........$.>...p.&f..|!.Y..../8....ck..e......wV.S&YNf ..t....T...U.h,.q....\..~r.5b0].F.....F...6...?.. 8..}....5.................b..C.WI.4.?...a....'...0b..R8..c....7..C"..^M.<.(..p......%'...s.mI3.Jy....8(S...%[....[...ht<8=....A..S9........;........O[....u.6....G...C..N .`%<U}.....C.P...].h...t`...D../..0{..Q0..o.O.......S..N....pJ..L.n.Ua.9..{.c...%4.p.".%HK...*.(..o..<....~}>...~.F.....67Z`Ic._..N...v..'2q...LxU...'.-]..v..<..T..B.S../..hD.....u.9.f........:.,.....7VY.*..<l.v.PUZh.F)=(...]..S.T..{..F...........7.qGo*y..,.y.q]..0.R..by.3..G?.....3wTQ..........W..*.7.....h6`.....>.h.a..$...n....&..L..~..u...Q#7...\~%....9.Y..O.s.........z.k..!1...c.2./..i..e...m...L.......80T..W..r"K..^c...Tu.......J5{, .I')Q...r Z.....S....J.V3...p7#73.Gl.S..<........7..MM..4..Z..:.8...j(...FD.t.}u.P...W........k.5O.*.B..&z.TZV"...0.6h6}9}y.......Z.... ....}.6...h_...{>...:...y..wg......_..7..M..n...n..MVW.c...~..}..\O...p}.X....6.....S.l...Qu...)R..G.T..<L......@.?.B.....0......

<<

<<< skipped >>>

GET /cb/misc/whos_online.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 839

Last-Modified: Tue, 27 May 2014 21:33:49 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.......E^.\z.Rq.Qp.Zy.Ts.Xw.Vu.E^.On.F_................Om.]{.....................................Pn....Nl.......Qp.E_.AY....Ga.AY....f..F`....F`.Wv.:Oyy..Xw.Ga.......m.....?V................y.....Tr....Ts.Fa....F`.8Mv...\y.............Vt.Zw................m........r........{.....9Nx......^{.F`.Xv.Ut.=T.Zw.[y.B[....?V....AX.......Yx.?V....=S.^|.D\.C\.D].`~.b........BZ.AY.c..d..C[.BZ.......!.......,............"......."~.{........z........u.....`^..u.t...t.Vk51...p....*T!Zc...p.....M*;!6Gd..........F9=.al.......AK...Q?.......#:...4#.............gT.0.a'..#F......8.@...... AB..A.I,. .\.).../A..r.&.. `.....O...T.@....?.vB..iS.i.L......X;.......]8.......h;.Y.... ..xt."...9.....w...j6.8..p.Nr. ^.....&..YLYN'>.3kV .A..f.h...2..q`d@.!....;..M.....n0!....>....!fK..oJ.........K..).....k........<.p.............v...O.................;....

GET /cb/misc/stats.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 899

Last-Modified: Tue, 27 May 2014 21:33:48 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a.......Ts.BZ.......s........9Nwl..D\.Je.Lh.......C\.Pn....Jf.Rq.......E^..........Nl.......@X....Lj.Id....G`.Po.\z.<S~Ts.AY.Fa.?V.Wv.BY.@W.\z.Vu.Zy.On.Qp.Xw.F_.E^.D]....Yx.Yw.Om..........n..|.....`|....Zx.......Mj.......m..Li.Vt.......Sr.Kg.Nl.Qp.Rp.Sq.C]....w........Ga.......Zw....[x....Gb.......Vt..........Je.i..Hc.Hc....Pm.\y.Lh.d..AZ....C[.>T.;Qz^|.......AY.c..`~.b..d..BZ.C[.BZ.......!.......,............:.......:~.z........w........y.......x.......s...s.66A,...,...)L.==T\-........IcS.9@FJ.Z)...1..1.`.flG .%@i?-...-..L.Vag.< DW!U.$.......%6.P....18.(@R@C...;I......H.HxpD@.."... .#.N0b.| ....0p...$....p.....Q.N...`....H.f.SD....dh......2.`..F.V/..,...S..o...ip....LL$x.....p.v.A.../](4ig...2....P.p'..3......=4B4i..B...3wJ....8#.lYr.../X.p@..w'...;X...............;..N}...$N4YP...8..W...z..r..'..<.N}...O.~}......i.....(....a...&.... .....Q..uTh...fx..5..C.t.(..$.8b.>....,.... ...;....

GET /cb/statusicon/forum_new_lock.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 881

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

GIF89a..........Ib.?U.>T.:OyAX.AX.=S.F_.E^.E^.D].Qp.On.C\.Zy.Rq.Vu.Xw....Ts............................C[....8Mu............=S}F^.Lc.?U.Lf.......D\....Wv.\q.]r....Mh.Ok.......C\....>S~.........bv.|...........On....:Nw...r..Qp.............:Pz<QzKb....Qo.......Pg.Vk.ey....@V....Jd.m...........l.....Mk.Ol....AY.D^....y..?V.8Ms[p.Fa.......Li.Mj.E`.Vu.Qm.C[.D\.......AY.c..^|.`~.b..d..\z.BZ.BZ.......!.......,............~.......-.......-~.z........v........y.......x.......w.......{..........3.r.r2..2.r.p.......'.... )) ..a&......o.ZP..DT0B..5EX..JQ.H...."F....F..@..!8......,......:<v.......K1X.....d.l.I3..._Z.,.....A.....hQ/9N....g).P.B.`@...X.X.#5j..`..uPF...fy,......p..6......I...[j.....p.@.....{.....4f,.T.@...$./T9..q)..C{.a....&^.0m.....K..=.....qg!.dK..?.x..G6q>...(Qb...%..`......K....... ... ...!.A,1..{.................T....(........6...1.....F(!.1....$.....v.!.$..G .;..

GET /ga.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 01:20:56 GMT

Expires: Mon, 02 Jun 2014 13:20:56 GMT

Last-Modified: Thu, 08 May 2014 18:54:47 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15790

Age: 18448

Cache-Control: public, max-age=43200

Alternate-Protocol: 80:quic

...........}kw.:............Io@R..........l.,.iH.....$...3#......s.z7..<..e4....x2.Y/.....>^.<.C.D......j...0c!...qo.....A*....L&..x.K..w.*8..%.<..|..)d.X.......&..*... .Q...(.....8..q..\.!...a..0...$.tX..N&..a?!..zB:l.8c9.p.....;l..x.$c.]AP\..>..B...&..:pz.H........g...Ap..!.5..K......V;l.H.....V.a.....s.$p......39...a.a.P'9.b.;H>N.$..A..... ..^..{h.h...2l_..N...w9..d.@.`._.N..7..|....%.d.%......%.{.....&.@.I..:....F.{..c.nzP*..a..LzP.sl...V..y.U8*&.......}.BH@..ZC...Ty. u.Y...!..R.h.V..h./>3...*.P..(..:A.}..v.C ..M..Vk.......\..d....he.q..u.u..yE./J.Re..|:u..L...B..E..Tn/v \.<...8..MU.g.....{.`..}.;n.....x................4...kG..[q....0r7.....l.n?..@|.%W.g....V..../.a......P`....t W.VNq.#.......}.WL....,X.a....{..*..!<W.......e.{.$.e......[......S....(.).K..........>....X5o{i&.X..A.F.T"h.....KB...^]..f..z3.jyYcy......@..#Y*.z.Jl.#w...S...^..a..A..F....q.!...6~...1....P.......`..= .M.(.^.@.5.L...y..P.".v.........L...R.....[...fx....o...K...s..!..........oa.F..V......)..ym...;......a..r..N. ....Y.5o.u|..K...}l[i.....N.-%...4.I..(..'.....PR..gnAx...A.D.....w..5W..m. .....Zno........d<hpf...s.e#..v...p..g...[.G.k.2.c.6.....5..Lcc.fUm/.P!....!U.c.......d78!7.......V>&."..Q$.....&.sS..Kq....].UySz=..3..$.".;..".'.Kar\[...t\....;...h._.O..b...2....{=H9@...v0l)2!..xD7...T..Di.w.RC`.m.8.\....J....h..u{{.....p..)..O3.W.........k...y.`^ ....&1..f"..D.W.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m....fC....>..>d..Q..!....X1......7L...[.........;.w...[L.LB.

<<

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

ATG.exe_1700:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

udPh

udPh

PSSSSSSh

PSSSSSSh

PSSSSSSh!

PSSSSSSh!

vSSSh

vSSSh

FTPjK

FTPjK

FtPj;

FtPj;

C.PjRV

C.PjRV

tGHt.Ht&

tGHt.Ht&

.EKSWU

.EKSWU

FTPG

FTPG

FTPj

FTPj

FtPS

FtPS

=KNILw.tT=RCNEw

=KNILw.tT=RCNEw

_0 _8 _4;_,

_0 _8 _4;_,

SHA1 block transform for x86, CRYPTOGAMS by <appro></appro>

SHA1 block transform for x86, CRYPTOGAMS by <appro></appro>

SHA256 block transform for x86, CRYPTOGAMS by <appro></appro>

SHA256 block transform for x86, CRYPTOGAMS by <appro></appro>

DlSHA512 block transform for x86, CRYPTOGAMS by <appro></appro>

DlSHA512 block transform for x86, CRYPTOGAMS by <appro></appro>

Montgomery Multiplication for x86, CRYPTOGAMS by <appro></appro>

Montgomery Multiplication for x86, CRYPTOGAMS by <appro></appro>

6-9'6-9'

6-9'6-9'

$6.:$6.:

$6.:$6.:

*?#1*?#1

*?#1*?#1

>8$4,8$4,

>8$4,8$4,

AES for x86, CRYPTOGAMS by <appro></appro>

AES for x86, CRYPTOGAMS by <appro></appro>

Camellia for x86 by <appro></appro>

Camellia for x86 by <appro></appro>

RC4 for x86, CRYPTOGAMS by <appro></appro>

RC4 for x86, CRYPTOGAMS by <appro></appro>

FRegDeleteKeyExW

FRegDeleteKeyExW

MARGIN-BOTTOM: 11px; BORDER-STYLE: solid; BORDER-COLOR: #DFDFE5; BORDER-WIDTH: 2px; BACKGROUND-COLOR: #DFDFE5; }H2 { COLOR: black; BACKGROUND-COLOR: #FFFFF; FONT-SIZE: 12pt; FONT-WEIGHT: normal; MARGIN-BOTTOM: 0px; MARGIN-TOP: 10px;}